CN105975846B - The authentication method and system of terminal - Google Patents
The authentication method and system of terminal Download PDFInfo
- Publication number
- CN105975846B CN105975846B CN201610280800.2A CN201610280800A CN105975846B CN 105975846 B CN105975846 B CN 105975846B CN 201610280800 A CN201610280800 A CN 201610280800A CN 105975846 B CN105975846 B CN 105975846B
- Authority
- CN
- China
- Prior art keywords
- terminal
- key
- user
- authentication
- registrar
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A kind of authentication method of terminal, for realizing two-way authentication between two terminals, the described method includes: first terminal receives the certification request of second terminal transmission, verification information is calculated according to the certification request, and judge whether according to the verification information to receive the certification of second terminal.The present invention also provides a kind of Verification Systems of terminal.The present invention can not need third party in certification, reduce the occupancy of Internet resources and computing resource, and be able to solve user terminal online transaction safety issue.
Description
Technical field
The present invention relates to technical field of network security, and in particular, to a kind of authentication method and system of terminal.
Background technique
In broad terms, M2M can represent Machine To Machine (Machine to Machine), Human-to-Machine (Man to
Machine), machine is to people (Machine to Man), mobile network to the connection between machine (Mobile to Machine)
With communication, it covers all technologies and means realized and establish communication connection between people, machine, system.M2M business is each
The client of kind industry provides a kind of total solution for collecting data acquisition, transmission, processing and service management.Currently, M2M
The wireless communication for focusing on Machine To Machine, there are following three kinds of modes: Machine To Machine, and machine is to mobile phone (as used
Family remotely monitors), mobile phone is to machine (such as user remotely controls).
Radio equipment is that M2M is whole in M2M business to realize to machine agreement (WMMP, Wireless M2M Protocol)
Between end and M2M platform, the data communication process between M2M terminal, between M2M platform and application platform and the application layer designed
Agreement is the agreement that China Mobile develops for M2M business, and the protocol provides for the communications of radio equipment end to end, terminal
The basic function of management and service security etc..It is provided according to WMMP, M2M terminal, which is only registered and passed through in M2M platform, recognizes
M2M business could be used after card.
The solution of authentication between existing machine and machine is based on public-key cryptosystem.The base
In public-key cryptosystem include: each M2M terminal all from believable third party's digital certificate authentication center (Certificate
Authority, abbreviation CA) at obtain corresponding letter of identity and corresponding private key, and CA certificate can be obtained for verifying
Corresponding letter of identity;When M2M accessing terminal to network, verifying both sides' identity is carried out by sending respective letter of identity;
Certification can just access network after passing through.
There is cryptographic calculation complexity for the public-key cryptosystem, and performance and efficiency all substantially reduce when encrypting big data
Disadvantage, when terminal node quantity is huge, a large number of users authenticates the Internet resources and computing resource that can consume Signalling exchange.
In addition, the public-key cryptosystem, which needs to rely on third party trusty, manages key, fished in virus, hacker, network
Under the deliberate threats such as fish and Phishing swindle, great challenge is brought to the safety of online transaction.
Summary of the invention
In view of the foregoing, it is necessary to which the authentication method for proposing a kind of terminal does not need third party in certification, reduces net
The occupancy of network resource and computing resource, and it is able to solve user terminal online transaction safety issue.
A kind of authentication method of terminal, comprising:
First terminal receives the first certification request for sending of second terminal, calculates the according to first certification request
One verification information, and the certification to the second terminal is executed according to first verification information;And
When the first terminal has authenticated the legal identity of the second terminal, the first terminal is whole to described second
The second certification request of end transmission, so that the second terminal calculates the second verification information, and root according to second certification request
The certification to the first terminal is executed according to second verification information.
In other preferred embodiments of the invention, the first certification request that the second terminal is sent includes described second
User name, authentication key and the timestamp of terminal;And first verification information include the first authentication secret, described first
Authentication secret is the user name and timestamp according to the received second terminal, utilizes the server of registrar
Key and Encryption Algorithm are calculated.
In other preferred embodiments of the invention, the certification packet to the second terminal is executed according to first verification information
It includes:
When the authentication key of the second terminal is identical as first authentication secret, the conjunction of the second terminal is authenticated
Method identity;And
When the authentication key of the second terminal and first authentication secret be not identical, terminate to the second terminal
Authentication operation.
In other preferred embodiments of the invention, the first verification information is calculated according to first certification request, and according to institute
Before the execution of the first verification information is stated to the certification of the second terminal, further includes:
What timestamp and the second terminal when receiving the first certification request of the second terminal transmission transmitted
When difference between timestamp is less than preset effective time interval, first verification information is calculated;And
What timestamp and the second terminal when receiving the first certification request of the second terminal transmission transmitted
When difference between timestamp is more than or equal to the preset effective time interval, terminate the certification to the second terminal
Operation.
In other preferred embodiments of the invention, the authentication method further includes executing registration to the first terminal, described
First terminal executes registration
The first terminal to registrar transmit the first terminal user name and encrypted user key;
It receives the user key of the secondary encryption of the registrar transmission, the login key of the first terminal, add
Encryption Algorithm used in server key and the registrar after close, wherein the user of the secondary encryption is close
Key is that the registrar carries out second obtained by encrypting the user key using the Encryption Algorithm, the registration
Key is that the registrar is close according to the user name of the first terminal, user key and the encrypted server
Key is calculated using the Encryption Algorithm;And
User key, login key, the encrypted server for storing the secondary encryption of the registrar transmission are close
Encryption Algorithm used in key and the registrar is in the secure storage section of the first terminal.
In other preferred embodiments of the invention, the user key is one of biometric keys of user or a variety of
Combination, including fingerprint key, iris key, sound key and face key.
In other preferred embodiments of the invention, the secure storage section is the embedded SIM card of the first terminal
Secure storage areas.
In other preferred embodiments of the invention, the identity of the entitled embedded SIM card offer of user.
In other preferred embodiments of the invention, the authentication method further includes the user key executed in the first terminal
Modification, the user key modification include:
When receiving the request of modification user key, user is prompted to input current user key;And
When the current user key for verifying user's input is correct, prompt the user defeated to the first terminal
Enter new user key.
In other preferred embodiments of the invention, the user key modification further include:
Secondary encryption, and the use according to the first terminal are carried out to the new user key using the Encryption Algorithm
Name in an account book, the new user key and encrypted server key calculate described first eventually using the Encryption Algorithm
The new login key at end, and the new user key for storing the secondary encryption and new login key are in first end
In the secure storage section at end, and the user key for prompting user new is arranged successfully.
In view of the foregoing, the Verification System that there is a need to propose a kind of terminal does not need third party in certification, reduces
The occupancy of Internet resources and computing resource, and it is able to solve user terminal online transaction safety issue.
A kind of Verification System of terminal, the Verification System include:
Authentication module is used for:
The first certification request that second terminal is sent is received, the first verifying is calculated according to first certification request and is believed
Breath, and the certification to the second terminal is executed according to first verification information;And
When having authenticated the legal identity of the second terminal, Xiang Suoshu second terminal transmits the second certification request, so that
The second terminal calculates the second verification information according to second certification request, and according to second verification information execution pair
The certification of first terminal.
In other preferred embodiments of the invention, the first certification request that the second terminal is sent includes described second
User name, authentication key and the timestamp of terminal;And first verification information include the first authentication secret, described first
Authentication secret is the user name and timestamp according to the received second terminal, utilizes the server of registrar
Key and Encryption Algorithm are calculated.
In other preferred embodiments of the invention, the certification packet to the second terminal is executed according to first verification information
It includes:
When the authentication key of the second terminal is identical as first authentication secret, the conjunction of the second terminal is authenticated
Method identity;And
When the authentication key of the second terminal and first authentication secret be not identical, terminate to the second terminal
Authentication operation.
In other preferred embodiments of the invention, the authentication module is also used to:
What timestamp and the second terminal when receiving the first certification request of the second terminal transmission transmitted
When difference between timestamp is less than preset effective time interval, first verification information is calculated;And
What timestamp and the second terminal when receiving the first certification request of the second terminal transmission transmitted
When difference between timestamp is more than or equal to the preset effective time interval, terminate the certification to the second terminal
Operation.
In other preferred embodiments of the invention, the two-way authentication system further include:
Registration module for proposing registration request to registrar, and receives the registrar according to the note
Volume requests the registration relevant information of transmission, and the registration relevant information is stored in the secure storage areas of the first terminal
In, in which:
The registration request include the first terminal user name and encrypted user key;And
After the registration relevant information includes the user key of secondary encryption, the login key of the first terminal, encryption
Server key and the registrar used in Encryption Algorithm, wherein the user key of the secondary encryption is
The registrar carries out second obtained by encrypting the user key using the Encryption Algorithm, the login key
It is the registrar according to the user name of the first terminal, user key and the encrypted server key,
It is calculated using the Encryption Algorithm.
In other preferred embodiments of the invention, the user key is one of biometric keys of user or a variety of
Combination, including fingerprint key, iris key, sound key and face key.
In other preferred embodiments of the invention, the secure storage section is the embedded SIM card of the first terminal
Secure storage areas.
In other preferred embodiments of the invention, the identity of the entitled embedded SIM card offer of user.
In other preferred embodiments of the invention, the Verification System further include:
Key modified module, for prompting user's input described first eventually when receiving the request of modification user key
Current user key is held, and when the current user key of user's input is correct, user is prompted to input new user
Key.
In other preferred embodiments of the invention, the key modified module is also used to:
Secondary encryption, and the use according to the first terminal are carried out to the new user key using the Encryption Algorithm
Name in an account book, the new user key and encrypted server key calculate described first eventually using the Encryption Algorithm
The new login key at end, and the new user key for storing the secondary encryption and new login key are in first end
In the secure storage section at end, and the user key for prompting user new is arranged successfully.
Compared to the prior art, in method used in the present invention, in terminal to registrar registration phase, terminal is sent out
It send user name and encrypted user key to registrar, rather than directly transmits user key to registrar.Institute
With when, there are can not also obtain user key when internal attacker, guaranteeing the safety of user key in registrar.In addition,
The method of the present invention has used timestamp mechanism, can prevent Replay Attack.Furthermore in method of the invention, even if registration service
The key of device is leaked, and the information of any user key is all safe, because registrar itself is any without storing
User key information.Further, the method for the present invention does not need registrar when carrying out the two-way authentication of M2M terminal
It participates in, releases the computing resource of registrar.
Detailed description of the invention
It is the method flow diagram of registration phase in the authentication method preferred embodiment of M2M terminal of the present invention shown in Fig. 1.
It is the exemplary diagram of the registration phase in the authentication method preferred embodiment of M2M terminal of the present invention shown in Fig. 2.
It is the method flow in two-way authentication stage in the authentication method preferred embodiment of terminal of the present invention shown in Fig. 3 and Fig. 4
Figure.
It is the exemplary diagram in two-way authentication stage in a kind of authentication method preferred embodiment of terminal of the present invention shown in Fig. 5.
It is the exemplary diagram in two-way authentication stage in another authentication method preferred embodiment of terminal of the present invention shown in Fig. 6.
It is the method flow diagram of key modification stage in the authentication method preferred embodiment of terminal of the present invention shown in Fig. 7.
It is the exemplary diagram of key modification stage in the authentication method preferred embodiment of terminal of the present invention shown in Fig. 8.
It is the application environment schematic diagram of the Verification System preferred embodiment of terminal of the present invention shown in Fig. 9.
It is the hardware architecture diagram of terminal of the present invention shown in Figure 10.
It is functional block diagram in the Verification System preferred embodiment of terminal of the present invention shown in Figure 11.
Main element symbol description
M2M terminal 1
Registrar 2
Verification System 10
Communication unit 11
Memory 12
Processor 13
ESIM card 14
Registration module 100
Authentication module 101
Key modified module 102
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention is purged, is complete
Site preparation description, it is clear that described embodiment is only a part of the embodiments of the present invention, instead of all the embodiments.
Based on the embodiments of the present invention, those of ordinary skill in the art institute without making creative work
The every other embodiment obtained, shall fall within the protection scope of the present invention.
In the embodiment of the present invention, described terminal is a M2M terminal.The M2M can represent Machine To Machine
(Machine to Machine), Human-to-Machine (Man to Machine), machine are to people (Machine to Man), mobile network
Network to the connection and communication between machine (Mobile to Machine), it cover it is all realize people, machine, system it
Between establish the technology and means of communication connection.One M2M terminal can be the connection between first terminal and second terminal and lead to
Letter, " first ", words (if present) such as " second " is used to indicate names, and is not indicated any particular order.
Referring to FIG. 1, being the method flow diagram of registration phase in the authentication method preferred embodiment of terminal of the present invention.According to
Different demands, the execution sequence in flow chart shown in the figure can change, certain to can be omitted.
S10, M2M terminal to registrar transmit the M2M terminal user name and encrypted user key.
In present pre-ferred embodiments, the user name can be embedded in the body that the eSIM card of the M2M terminal provides
Part mark, such as cell-phone number, or it is also possible to the customized user name of user, but the user name must be tied up first with the cell-phone number
It is fixed.The user key can be the combination of one or more of biometric keys of user, common biological characteristic
Key includes fingerprint key, iris key, sound key, face key etc..
S11, after the registrar receives user name and the user key of M2M terminal transmission, using adding
Close algorithm carries out second to the user key and encrypts.
In the present embodiment, the Encryption Algorithm can be a kind of hashing algorithm.
S12, the user name and user key that the registrar is transmitted according to the M2M terminal, and further utilize
The encrypted server key of the registrar, the registration for calculating the M2M terminal using the Encryption Algorithm are close
Key.
S13, the registrar by the user key for the secondary encryption calculated, the M2M terminal login key,
Encrypted server key and the above-mentioned Encryption Algorithm used send the M2M terminal to, and are stored in the M2M terminal
In secure storage section, for example, being stored in the secure storage areas for being embedded in the eSIM card of the M2M terminal.
By above-mentioned process it is found that in present pre-ferred embodiments, put down when M2M is added in user's first application of M2M terminal
When platform uses M2M business, lawful registration application can be proposed to registrar.User can oneself selection user name UID (User
ID) then the UID and the BK by encryption are sent out by safe lane with user key BK (Biosignature key)
It is sent to the registrar.Registrar response user's request, calculates the information such as the login key of M2M terminal.Most
Afterwards, the registrar is sent in the secure storage areas of M2M terminal by safe lane by information such as login keys.
In present pre-ferred embodiments, executed in the stage registered in the user of M2M terminal to registrar, Yong Hushi
The UID of user and the BK of encryption are sent to registrar, rather than directly transmits user key BK to registrar.So
When, there are when internal attacker, can not also obtaining user key BK in registrar, guarantee the safety of user key.
One example of the registration phase, please refers to following schematic diagrames shown in Fig. 2.
Some parameters that registration phase shown in Fig. 2 uses are stated as follows first:
UID indicates user name;BK indicates user biological feature key;Hash () indicates hash function;RSK indicates registration clothes
Business device key;※ indicates encryption and decryption operation (such as XOR operation).
As shown in fig.2, the registration of M2M terminal user UIDi includes:
1: user name UIDi and encrypted user key Hash (BKi) are sent to registrar.
2: registrar first passes through the user key cryptographic Hash that hash function calculates user UIDi: HHBKi=Hash
(Hash(BKi));
3: registrar reuses the user name UIDi of the hash function and user, encrypted user key
Hash (BKi), encrypted registrar key Hash (RSK), the login key that these parameters calculate user UIDi are breathed out
Uncommon value: HRSKi=Hash (UIDi ※ Hash (RSK)) ※ Hash (BKi);
4: registrar will add used in user key cryptographic Hash and user's registration keyed hash value process calculating
Relevant information is decrypted, is stored in the eSIM card of user UIDi including [HHBKi, HRSKi, UIDi, Hash (RSK), Hash ()]
Secure storage areas in.
Similarly, the registration of M2M terminal user UIDj includes:
1: user name UIDj and encrypted user key Hash (BKj) are sent to the registrar;
2: registrar calculates the user key cryptographic Hash HHBKj=Hash (Hash (BKj)) of user UIDj;
3: registrar calculates the user's registration keyed hash value of user UIDj: HRSKj=Hash (UIDj ※ Hash
(RSK))※Hash(BKj);
4: registrar will add used in user key cryptographic Hash and user's registration keyed hash value process calculating
Relevant information is decrypted, is stored in the eSIM card of user UIDj including [HHBKj, HRSKj, UIDj, Hash (RSK), Hash ()]
Secure storage areas in.
So far, the verification process of two M2M terminals is completed.
After M2M terminal user UIDi and user UIDj complete registration, the authentication for carrying out both sides is also needed, it just can be with
Realize connection and communication between the two.According to existing authentication mode, each M2M terminal need separately with registration
Server completes authentication and transmission data, then, registrar will face the office that can not be handled so huge user and request
Face, to seriously reduce the service quality of M2M service.
This case is in authentication phase, it is only necessary to authentication is carried out between two or more M2M terminals, verification process is simultaneously
The participation of registrar is not needed, detailed process please refers to the description of following Fig. 3 to Fig. 5.
Refering to shown in Fig. 3 and Fig. 4, be M2M terminal of the present invention authentication method preferred embodiment in authentication phase method
Flow chart.The execution sequence in flow chart shown in the figure can change according to different requirements, certain to can be omitted.
Refering to shown in Fig. 3:
S20, first terminal according to the login key stored in its secure storage areas, encrypted user key and work as
Preceding time stamp T ci calculates the authentication key SKi of the first terminal using the Encryption Algorithm stored in its secure storage areas.
In the present embodiment, the login key that is stored, Encryption Algorithm be in registration phase, registrar transmission.
S21, first terminal send its user name, the authentication key SKi and the time stamp T ci to second eventually
End.
S22, second terminal are receiving the user name of first terminal transmission, authentication key SKi and when time stamp T ci,
Obtain current time stamp Tcj.
S23, second terminal judge whether Tcj-Tci < Δ T.The Δ T is preset effective time interval.
As Tcj-Tci >=Δ T, second terminal judgement, which has been likely to occur, prevents Replay Attack, therefore terminates this time to recognize
Demonstrate,prove process.
As Tcj-Tci < Δ T,
S24, the second terminal user name of first terminal and time stamp T ci based on the received, and using being stored
Registrar server key, calculate an authentication secret SKij.
S25, second terminal judge whether SKij=SKi.
If SKij ≠ SKi, terminate this identifying procedure.
Otherwise, if SKij=SKi, S26, second terminal receives the certification of first terminal.
So far, certification of the second terminal to first terminal is completed, then, executes certification of the first terminal to second terminal,
Refering to shown in Fig. 4:
S30, second terminal according to the login key stored in its secure storage areas, encrypted user key and work as
Preceding time stamp T cj calculates the authentication key SKj of the second terminal using the Encryption Algorithm stored in its secure storage areas.
In the present embodiment, the login key that is stored, Encryption Algorithm be in registration phase, registrar transmission.
S31, second terminal send its user name, the authentication key SKj and the time stamp T cj to first eventually
End.
S32, first terminal is in user name, authentication key SKj and the time for receiving the second terminal transmission
When stabbing Tcj, current time stamp Tcji is obtained.
S33, first terminal judge whether Tcji-Tcj < Δ T.The Δ T is preset effective time interval.
As Tcji-Tcj >=Δ T, first terminal judgement, which has been likely to occur, prevents Replay Attack, therefore terminates this time to recognize
Demonstrate,prove process.
As Tcji-Tcj < Δ T,
S34, the first terminal user name of second terminal and time stamp T cj based on the received, and using being stored
Registrar server key, calculate an authentication secret SKji.
S35, first terminal judge whether SKji=SKj.
If SKji ≠ SKj, terminate this identifying procedure.
Otherwise, if SKji=SKj, S36, first terminal receives the certification of second terminal.
So far, verifying of the first terminal to second terminal is completed.
It is to be understood that the first, second terminal described in above-described embodiment is only the exemplary end of the M2M terminal
End, the role of the two can be interchanged, and be equally applicable to the first terminal and in institute in the process that the second terminal executes
The process for stating first terminal execution is equally applicable to the second terminal.
According to foregoing description as can be seen that can be held when user requires to be verified or need to authenticate other users
Row two-way authentication operation.As shown in Figure 5, which, which operates, includes:
S37, first terminal receives the first certification request that second terminal is sent, according to the first certification request meter
The first verification information is calculated, and the certification to the second terminal is executed according to first verification information;And
S38, when the first terminal has authenticated the legal identity of the second terminal, the first terminal is to described
Two terminals transmit the second certification request, so that the second terminal calculates the second verification information according to second certification request,
And the certification to the first terminal is executed according to second verification information.
In present pre-ferred embodiments, the two-way authentication operation, which only occurs in, carries out authentication between M2M terminal, and
The participation of registrar is not needed.
One example in the two-way authentication stage, please refers to following schematic diagrames shown in fig. 6.
Firstly, some parameters used the two-way authentication stage shown in fig. 6 are stated as follows:
Tci indicates the current timestamp of M2M terminal user UIDi;Tcj indicates the M2M terminal user UIDj current time
Stamp;Δ T indicates effective time interval.
1: calculating the authentication key cryptographic Hash of user UIDi: SKi=Hash (HRSKi ※ Hash (BKi) ※ Tci);
2: user UIDi all users into M2M operation system send authentication request message [UIDi, SKi, Tci];
After any online user in 3:M2M operation system receives request message, it is introduced into message authentication process.
Assuming that user UIDi sends request message to user UIDj, and user UIDj receives user UIDi transmission in Tcj and asks
Seek message.
4: user UIDj first verifies the legitimacy of request time, i.e. whether judgement (Tcj-Tci) is less than Δ T.If (Tcj-
Tci) < Δ T, user UIDj just receive certification request, otherwise refuse certification request.
5: after executing 4, it is assumed that user UIDj demonstrates the legitimacy of user's UIDi request time, receives user UIDi
Certification request.Then user UIDj can be calculated in the authentication secret cryptographic Hash at Tci moment: SKij=Hash (Hash
(UIDi ※ Hash (RSK)) ※ Tci), and judge SKi that current calculated SKij is sended over user UIDi whether phase
Together.If the two is identical, user UIDj, which just receives user UIDi, becomes its legitimate user, otherwise it is assumed that user UIDi
It is an illegal user.
6: after executing 5, if as soon as user UIDj receives user UIDi as after its legitimate user, accounting
The current authentication keyed hash value of user UIDj: SKj=Hash (HRSKj ※ Hash (BKj) ※ Tcj) is calculated, then user
UIDj sends request message [SKj, UIDj, Tcj] to user UIDi.
7: user UIDi first verifies the legitimacy of request time, and whether judgement (Tcji-Tcj) is less than Δ T.If (Tcji-
Tcj) < Δ T, user UIDi just receive certification request, otherwise refuse certification request.
8: after executing 7, it is assumed that user UIDi demonstrates the legitimacy of user's UIDj request time, receives user UIDj
Certification request, then can calculate user UIDi in the authentication secret cryptographic Hash at Tcj moment: SKji=Hash (Hash
(UIDj ※ Hash (RSK)) ※ Tcj), finally judge SKj that current calculated SKji is sended over user UIDj whether phase
Together.If the two is equal, user UIDi, which receives user UIDj, becomes its legitimate user.Otherwise it is assumed that user UIDj is
One illegal user.
After having executed 5, it is identical as the SKi that user UIDi is sended over to obtain SKij, and after having executed 8, obtains
SKji is identical as the SKj that user UIDj is sended over, that is, as SKij=SKi and SKji=SKj, with regard to realization user
Two-way authentication operation between UIDi and user UIDj.
Above-described embodiment is described using user biological feature as user key, executes the registration and certification of terminal.
It is to be understood that the biometric keys of user sometimes need to modify, for example, user wishes its user key from fingerprint
Key becomes iris key, alternatively, needing for user key to be revised as the biological characteristic of user B from the biological characteristic of user A.Under
The modification for how executing user key introduced in face.
As shown in fig.7, being the side of key modification stage in the mutual authentication method preferred embodiment of M2M terminal of the present invention
Method flow chart.The execution sequence in flow chart shown in the figure can change according to different requirements, certain to can be omitted.
S40, M2M terminal prompt user to input current user key when receiving the request of modification user key.Example
Such as, the M2M terminal can provide a key modification request icon in its user interface, when user selects the icon,
The M2M terminal judgement receives the request of modification user key.
S41, M2M terminal judge to carry out the current user key that user inputs the value and registration after cryptographic calculation twice
Whether the user key of the secondary encryption of server transmission is consistent.
If carrying out what value and registrar after cryptographic calculation twice transmitted to the current user key of user's input
The user key of secondary encryption is inconsistent, then terminates key modification process.
Otherwise, if value and registrar after carrying out cryptographic calculation twice to the current user key of user's input pass
The user key for the secondary encryption sent is consistent, then S42, and M2M terminal notifying user inputs new user key.
S43, M2M terminal carry out secondary encryption to the new user key using Encryption Algorithm, and according to the M2M terminal
User name, new user key and encrypted server key, calculate the new of the terminal using the Encryption Algorithm
Login key, and the new user key for storing the secondary encryption and new login key are in the secure storage areas of terminal
In domain.
The new user key of S44, M2M terminal notifying user is arranged successfully.
According to foregoing description it is found that modification the user key stage occur mainly in user need to modify user key when
It waits;After user inputs correct user biological key, the modification key process that can just execute.Due to the eSIM of M2M terminal
The secure storage areas of (Embedded SIM, embedded SIM) card, which is stored, encrypts relevant information, so the process of modification key
The participation of registrar is not needed.
One example of the key modification, please refers to schematic diagram shown in Fig. 8.
1: when needing to modify user key, user first inputs current user key BKi in M2M terminal;
2:M2M terminal is close using the user that the hash function Hash () being stored in the safety zone of eSIM card inputs user
Key carries out hash function operation Hash (Hash (BKi)), and judges whether it is equal to stored HHBKi, if the two is equal,
Illustrate that the user key BKi of user's input is legitimate secret, enters new key registration process;
3:M2M terminal using hash function by calculating the new user key cryptographic Hash of user UIDi: HHBKn twice
=Hash (Hash (BKn));
4:M2M terminal reuses UIDi, Hash (BKn) of hash function and user, Hash (RSK) these parameters calculate
The new user's registration keyed hash value of user UIDi out: HRSKn=Hash (UIDn ※ Hash (RSK)) ※ Hash (BKn);
New user key cryptographic Hash and user's registration keyed hash value [HHBKn, HRSKn] are stored in by 5:M2M terminal
In secure storage areas in the eSIM card of the M2M terminal of user UIDi;
6:M2M terminal notifying user UIDi, modification new key success.
Analysis to the safety of the method for the present invention:
In method of the invention, in user to registrar registration phase, be send the UID and Hash (BK) of user to
Registrar, rather than user key BK is directly transmitted to registrar, so when there are inside to attack in registrar
The person of hitting can not also obtain the key BK of user, guarantee the safety of user key information.In addition, the method for the present invention uses
Timestamp mechanism can prevent Replay Attack.Further, in method of the invention, if the key RSK quilt of registrar
Leakage, any user key information is also safe, because registrar itself is believed without storing any user key
Breath.
The above is only a specific embodiment of the invention, but scope of protection of the present invention is not limited thereto, for
For those skilled in the art, without departing from the concept of the premise of the invention, improvement, but these can also be made
It all belongs to the scope of protection of the present invention.
Above-mentioned Fig. 1 to Fig. 8 describes register method, authentication method and the key modification of M2M terminal of the invention in detail
Method, below with reference to the 9th~11 figure, the hardware system structure to the authentication method for realizing above-mentioned M2M terminal and realization respectively
The functional module of the software systems of the authentication method of the M2M terminal is introduced.
It should be appreciated that the embodiment is only purposes of discussion, do not limited by this structure in patent claim.
As shown in figure 9, realizing the hardware system structure of the authentication method preferred embodiment of the M2M terminal for the present invention
Figure.
In one of preferred embodiment of the invention, the realization of the authentication method of the M2M terminal is by two large divisions
It constitutes: more M2M terminals 1, registrar 2.
Wherein, the M2M terminal 1 is can to answer to include the request of data in some equipment or can automatically deliver
Equipment comprising data in such devices, apply electric power, traffic, Industry Control, retail, Administration of Public Affairs, medical treatment,
Multiple industries such as water conservancy, petroleum are used for vehicle anti-theft, safety monitoring, automatic vending, flight-line maintenance, mobile logistics management (M-
Logistic management), mobile payment (M-POS), mobile monitor (M-monitoring) etc..
As shown in Figure 10, the M2M terminal 1 include Verification System 10, communication unit 11, memory 12, processor 13 with
And eSIM card 14.It should be appreciated that the M2M terminal 1 also may include other hardware or software, for example, display screen, camera shooting
Head, control circuit etc., and it is not restricted to the above-mentioned component enumerated.
The communication unit 11 is used for the M2M terminal 1 and other equipment, as between other M2M terminals 1 or server
Information exchange.
The communication unit 11 can be wireless communication module, including Wi-Fi module, WiMax (World
Interoperability for Microwave Access, i.e. World Interoperability for Microwave Access, WiMax) module, GSM (Global
System for Mobile Communication, global system for mobile communications) module, CDMA (Code Division
Multiple Access, CDMA) module, including CDMA2000, CDMA, CDMA2000 1x evdo, WCDMA, TD-
SCDMA etc.), LTE (Long Term Evolution, long term evolution) module, HiperLAN (high-performance
Radio local area network, high performance radio local area network) module and short range wireless transmission module, as bluetooth,
Zigbee, RF etc..
The memory 12 is realized at a high speed, certainly for storing program and various data, and in 1 operational process of M2M terminal
The access of program or data is completed dynamicly.The memory 12 can be the external memory and/or storage inside of M2M terminal 1
Device.Further, the memory 12 can be the circuit with store function for not having physical form in integrated circuit, such as
RAM (Random-Access Memory, random access memory), FIFO (First In First Out) etc..Alternatively, institute
It states memory 12 and is also possible to the storage equipment with physical form, such as memory bar, TF card (Trans-flash Card).
The processor 13 is also known as central processing unit (CPU, Central Processing Unit), is one piece of super large rule
The integrated circuit of mould is the arithmetic core (Core) and control core (Control Unit) of M2M terminal 1.The function of processor 11
It can be mainly the data in interpreter directive and processing software.
The eSIM card 14, which refers to, is directly embedded into traditional SIM card in device chip, not as independent removable
Except components are added in equipment, to meet the requirement of convenience, trip, cost, safety etc..
The Verification System 10 may include multiple functional modules as composed by program segment (being detailed in Figure 11).The certification
The program code of each program segment in system 10 can store in the memory 12, and be held by the processor 13
Row operates (be detailed in Figure 11 and describe) to execute registration on M2M platform and with the certification of other M2M terminals 1 etc..
Wherein, in present pre-ferred embodiments, the registrar 2 can be a CA server, for number
The applicant of certificate provides, management, cancels etc..The effect of the CA is to check the legitimacy of certificate holder's identity, and sign and issue
Certificate (is mathematically signed on certificate), is forged or is distorted to prevent certificate.
In the present embodiment, the registrar 2 is used to receive the registration of each M2M terminal 1, so that M2M terminal 1 can be with
It is legal to use M2M business.
In present pre-ferred embodiments, the registrar 2 receives the registration request for the first time of M2M terminal 1, and responding should
Registration request, calculates the keyed hash value HHBK and login key cryptographic Hash HRSK of user, and the information such as HHBK, HRSK are led to
Safe lane is crossed to be sent in the secure storage areas of eSIM card 14 of M2M terminal 1.
In present pre-ferred embodiments, the registrar 2 is only involved in the operation of registration for the first time of M2M terminal 1, is registering
Authentication operation between each operation later, such as each M2M terminal 1 can be not involved in.
It is the functional block diagram of recommender system preferred embodiment in position of the present invention refering to fig. 1 shown in 1.In the present embodiment, institute
Function of the Verification System 10 according to performed by it is stated, multiple functional modules can be divided into.In the present embodiment, the function mould
Block includes: registration module 100, authentication module 101 and key modified module 102.
The registration module 100 is used to propose registration request to registrar 2, and receives registrar 2 according to institute
It states registration request and sends back the registration relevant information come, and the registration relevant information that this is received is stored in the peace of M2M terminal 1
In full storage region, for example, being stored in the secure storage areas for being embedded in the eSIM card 14 of the M2M terminal 1.
In the present embodiment, the registration module 100 transmits M2M terminal 1 when proposing registration request to registrar 2
User name and encrypted user key, receive registrar 2 calculate and the user key of the secondary encryption that transmits, should
Encryption Algorithm used in the login key of M2M terminal 1, encrypted server key and registrar 2 etc..
In a preferred embodiment of the present invention, the user name can be the identity that the eSIM card 14 provides, such as hand
Machine number etc., or it is also possible to the customized user name of user, but the user name must first be bound with the cell-phone number.The user
Key can be one of biometric keys of user, and common biometric keys include that fingerprint key, iris are close
Key, sound key, face key etc..
The authentication module 101 is used to receive the certification request of another M2M terminal 1 transmission, according to the certification request meter
A verification information is calculated, and judges whether the certification of reception another M2M terminal 1 according to the verification information.
In the present embodiment, the certification request includes user name, the authentication key and one of another M2M terminal 1
Time stamp T ci.The authentication key be another described M2M terminal 1 according to its login key, encrypted user key and
The time stamp T ci, utilizes stored Encryption Algorithm to be calculated.Wherein, the login key and the encryption are calculated
Method is that another described M2M terminal 1 is transmitted in registration phase by registrar 2.
In the present embodiment, the verification information includes an authentication secret, and the authentication secret is based on the received
The user name and time stamp T ci of another M2M terminal 1, and utilize the server key of stored registrar 2
And Encryption Algorithm is calculated.Wherein, the server key of the registrar 2 and the Encryption Algorithm are to infuse
It in the volume stage, is transmitted by registrar 2.
Further, the authentication module 101 is also used to judge to receive the certification of another M2M terminal 1 transmission
Whether the difference of time stamp T cj and the time stamp T ci when request are less than preset effective time interval delta T, i.e., whether Tcj-
Tci<ΔT.Only in Tcj-Tci < Δ T, the authentication module 101 just calculates the verification information.As Tcj-Tci >=Δ T
When, the authentication module 101 terminates authentication operation.
In present pre-ferred embodiments, judged whether to receive recognizing for another M2M terminal 1 according to the verification information
Card is by judging whether the authentication key is identical as the authentication secret.When the authentication key and the authentication secret phase
Meanwhile the authentication module 101 receives the certification of another M2M terminal 1.When the authentication key and the authentication secret
When not identical, the authentication module 101 terminates authentication operation.
The key modified module 102 is used to prompt working as user's input when receiving the request of modification user key
Preceding user key, and when the current user key for judging user's input is correct, prompt user to input new user key,
And when new key is arranged successfully, the user key for prompting user new is arranged successfully.
It is described judgement user input current user key correctly refer to user input current user key into
The value obtained after capable cryptographic calculation twice is consistent with the user key of secondary encryption that registrar 2 transmits.
In present pre-ferred embodiments, when the key modified module 102 is close to the new user using Encryption Algorithm
Key carries out secondary encryption, and according to the user name of the M2M terminal 1, new user key and encrypted server key, makes
The new login key of the terminal is calculated with the Encryption Algorithm, and store the secondary encryption new user key and
After new login key is in the secure storage section of M2M terminal 1, new key is arranged successfully.
In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the module
It divides, only a kind of logical function partition, there may be another division manner in actual implementation.
It, can also be in addition, each functional module in each embodiment of the present invention can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds software function module.
The above-mentioned integrated unit realized in the form of software function module, can store and computer-readable deposit at one
In storage media.Above-mentioned software function module is stored in a storage medium, including some instructions are used so that a computer
It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention
The part of embodiment the method.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included in the present invention.Any reference signs in the claims should not be construed as limiting the involved claims.This
Outside, it is clear that one word of " comprising " is not excluded for other units or, odd number is not excluded for plural number.The multiple units stated in system claims
Or device can also be implemented through software or hardware by a unit or device.
Finally it should be noted that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although reference
Preferred embodiment describes the invention in detail, those skilled in the art should understand that, it can be to of the invention
Technical solution is modified or equivalent replacement, without departing from the spirit and scope of the technical solution of the present invention.
Claims (18)
1. a kind of authentication method of terminal, which is characterized in that the authentication method includes:
First terminal receives the first certification request that second terminal is sent, and calculates first according to first certification request and tests
Information is demonstrate,proved, and the certification to the second terminal is executed according to first verification information;And
When the first terminal has authenticated the legal identity of the second terminal, the first terminal is passed to the second terminal
The second certification request is sent, so that the second terminal calculates the second verification information according to second certification request, and according to institute
State certification of the second verification information execution to the first terminal;
Registration is executed to the first terminal, comprising:
The first terminal to registrar transmit the first terminal user name and encrypted user key;
After the user key of secondary encryption, the login key of the first terminal, encryption that receive the registrar transmission
Server key and the registrar used in Encryption Algorithm, wherein the user key of the secondary encryption is
The registrar carries out second obtained by encrypting the user key using the Encryption Algorithm, the login key
It is the registrar according to the user name of the first terminal, user key and the encrypted server key,
It is calculated using the Encryption Algorithm;And
Store the user key of the secondary encryption of registrar transmission, login key, encrypted server key and
Encryption Algorithm used in the registrar is in the secure storage section of the first terminal.
2. the authentication method of terminal as described in claim 1, which is characterized in that the second terminal was sent first recognizes
Card request includes user name, authentication key and the timestamp of the second terminal;And first verification information includes the
One authentication secret, first authentication secret are the user name and timestamp according to the received second terminal, benefit
It is calculated with the server key of registrar and Encryption Algorithm.
3. the authentication method of terminal as claimed in claim 2, which is characterized in that described to be executed according to first verification information
Certification to the second terminal includes:
When the authentication key of the second terminal is identical as first authentication secret, the legal body of the second terminal is authenticated
Part;And
When the authentication key of the second terminal and first authentication secret be not identical, the second terminal is recognized in end
Card operation.
4. the authentication method of terminal as claimed in claim 2, which is characterized in that described to be calculated according to first certification request
First verification information, and according to first verification information execute to the certification of the second terminal before, further includes:
The time of timestamp and second terminal transmission when receiving the first certification request of the second terminal transmission
When difference between stamp is less than preset effective time interval, first verification information is calculated;And
The time of timestamp and second terminal transmission when receiving the first certification request of the second terminal transmission
When difference between stamp is more than or equal to the preset effective time interval, terminates the certification to the second terminal and grasp
Make.
5. the authentication method of terminal as described in claim 1, which is characterized in that the user key is the biological characteristic of user
One of key or a variety of combinations, including fingerprint key, iris key, sound key and face key.
6. the authentication method of terminal as described in claim 1, which is characterized in that the secure storage section is described first whole
The secure storage areas of the embedded SIM card at end.
7. the authentication method of terminal as claimed in claim 6, which is characterized in that the entitled embedded SIM card of user
The identity of offer.
8. the authentication method of terminal as described in claim 1, which is characterized in that the authentication method further includes described first
The user key modification that terminal executes, the user key modification include:
When receiving the request of modification user key, user is prompted to input current user key;And
When the current user key for verifying user's input is correct, prompt the user new to first terminal input
User key.
9. the authentication method of terminal as claimed in claim 8, which is characterized in that the user key modification further include:
Secondary encryption, and the user according to the first terminal are carried out to the new user key using the Encryption Algorithm
Name, the new user key and encrypted server key, calculate the first terminal using the Encryption Algorithm
New login key, and the new user key for storing the secondary encryption and new login key are in the first terminal
Secure storage section in, and the user key for prompting user new is arranged successfully.
10. a kind of Verification System of terminal, which is characterized in that the system comprises:
Authentication module is used for:
The first certification request that second terminal is sent is received, the first verification information is calculated according to first certification request,
And the certification to the second terminal is executed according to first verification information;And
When having authenticated the legal identity of the second terminal, Xiang Suoshu second terminal transmits the second certification request, so that described
Second terminal calculates the second verification information according to second certification request, and is executed according to second verification information to first
The certification of terminal;
Registration module for proposing registration request to registrar, and receives the registrar and is asked according to the registration
The registration relevant information of transmission is sought, and the registration relevant information is stored in the secure storage areas of the first terminal,
In:
The registration request include the first terminal user name and encrypted user key;And
The registration relevant information includes the user key of secondary encryption, the login key of the first terminal, encrypted clothes
Encryption Algorithm used in business device key and the registrar, wherein the user key of the secondary encryption is described
Registrar carries out second obtained by encrypting the user key using the Encryption Algorithm, and the login key is institute
Registrar is stated according to the user name of the first terminal, user key and the encrypted server key, is used
What the Encryption Algorithm was calculated.
11. the Verification System of terminal as claimed in claim 10, which is characterized in that the second terminal send first
Certification request includes the user name, authentication key and timestamp of the second terminal;And first verification information includes
First authentication secret, first authentication secret are the user name and timestamp according to the received second terminal,
It is calculated using the server key and Encryption Algorithm of registrar.
12. the Verification System of terminal as claimed in claim 11, which is characterized in that described to be held according to first verification information
Row includes: to the certification of the second terminal
When the authentication key of the second terminal is identical as first authentication secret, the legal body of the second terminal is authenticated
Part;And
When the authentication key of the second terminal and first authentication secret be not identical, the second terminal is recognized in end
Card operation.
13. the Verification System of terminal as claimed in claim 11, which is characterized in that the authentication module is also used to:
The time of timestamp and second terminal transmission when receiving the first certification request of the second terminal transmission
When difference between stamp is less than preset effective time interval, first verification information is calculated;And
The time of timestamp and second terminal transmission when receiving the first certification request of the second terminal transmission
When difference between stamp is more than or equal to the preset effective time interval, terminates the certification to the second terminal and grasp
Make.
14. the Verification System of terminal as claimed in claim 10, which is characterized in that the user key is that the biology of user is special
Levy one of key or a variety of combinations, including fingerprint key, iris key, sound key and face key.
15. the Verification System of terminal as claimed in claim 10, which is characterized in that the secure storage section is described first
The secure storage areas of the embedded SIM card of terminal.
16. the Verification System of terminal as claimed in claim 15, which is characterized in that the entitled embedded SIM of user
The identity provided is provided.
17. the Verification System of terminal as claimed in claim 10, which is characterized in that the Verification System further include:
Key modified module is worked as when receiving the request of modification user key, prompting user to input the first terminal
Preceding user key, and when the current user key of user's input is correct, prompt the user to input new user
Key.
18. the Verification System of terminal as claimed in claim 17, which is characterized in that the key modified module is also used to:
Secondary encryption, and the user according to the first terminal are carried out to the new user key using the Encryption Algorithm
Name, the new user key and encrypted server key, calculate the first terminal using the Encryption Algorithm
New login key, and the new user key for storing the secondary encryption and new login key are in the first terminal
Secure storage section in, and the user key for prompting user new is arranged successfully.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610280800.2A CN105975846B (en) | 2016-04-29 | 2016-04-29 | The authentication method and system of terminal |
PCT/CN2016/084058 WO2017185450A1 (en) | 2016-04-29 | 2016-05-31 | Method and system for authenticating terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610280800.2A CN105975846B (en) | 2016-04-29 | 2016-04-29 | The authentication method and system of terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105975846A CN105975846A (en) | 2016-09-28 |
CN105975846B true CN105975846B (en) | 2019-04-12 |
Family
ID=56993542
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610280800.2A Active CN105975846B (en) | 2016-04-29 | 2016-04-29 | The authentication method and system of terminal |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105975846B (en) |
WO (1) | WO2017185450A1 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108985046A (en) * | 2018-06-07 | 2018-12-11 | 国民技术股份有限公司 | A kind of safety stop control method, system and computer readable storage medium |
CN112204572A (en) * | 2019-01-04 | 2021-01-08 | 华为技术有限公司 | Data protection method, device and system for image recognition |
CN111741465B (en) * | 2019-03-25 | 2023-04-28 | 成都鼎桥通信技术有限公司 | Soft SIM protection method and equipment |
CN110213229B (en) * | 2019-04-25 | 2021-09-14 | 平安科技(深圳)有限公司 | Identity authentication method, system, computer equipment and storage medium |
CN110570261B (en) * | 2019-08-30 | 2022-05-24 | 天地融科技股份有限公司 | Method and system for acquiring non-stop toll collection invoice and vehicle-mounted unit |
CN111262889B (en) * | 2020-05-06 | 2020-09-04 | 腾讯科技(深圳)有限公司 | Authority authentication method, device, equipment and medium for cloud service |
CN113992416A (en) * | 2021-10-28 | 2022-01-28 | 上海辰锐信息科技公司 | Internet of things perception terminal authentication method and internet of things perception terminal |
CN114422145B (en) * | 2022-01-21 | 2024-05-28 | 上海交通大学 | End-to-end dynamic identity authentication method of Internet of things based on PUF and Hash |
CN115001822B (en) * | 2022-06-02 | 2023-11-10 | 广东电网有限责任公司 | Power distribution network security authentication method and gateway based on time delay judgment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150405A (en) * | 2006-09-22 | 2008-03-26 | 华为技术有限公司 | Method and system for multicast and broadcast service authentication and authorization |
CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
CN101873298A (en) * | 2009-04-21 | 2010-10-27 | 华为软件技术有限公司 | Registration method, terminal, server and system |
JP2011113157A (en) * | 2009-11-25 | 2011-06-09 | Kddi Corp | Authentication system, authentication method, and program |
CN102137103A (en) * | 2011-03-09 | 2011-07-27 | 北京交通大学 | Method for realizing trusted transmission of voice over internet phone (VoIP) media stream by expanding MIKEY protocol |
CN102413132A (en) * | 2011-11-16 | 2012-04-11 | 北京数码视讯软件技术发展有限公司 | Two-way-security-authentication-based data downloading method and system |
CN102685110A (en) * | 2012-04-17 | 2012-09-19 | 中国科学院计算技术研究所 | Universal method and system for user registration authentication based on fingerprint characteristics |
CN103152735A (en) * | 2013-03-27 | 2013-06-12 | 深圳市中兴移动通信有限公司 | Method and device for two-way signature in mobile terminal |
KR101568940B1 (en) * | 2014-10-01 | 2015-11-20 | 이화여자대학교 산학협력단 | Authentication method for device to device communication in mobile open iptv system and device to device communication method in mobile open iptv system |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1691578A (en) * | 2004-04-29 | 2005-11-02 | 华为技术有限公司 | A method of self validity verification for an equipment |
CN101409621B (en) * | 2008-11-13 | 2011-05-11 | ***通信集团北京有限公司 | Multipart identification authentication method and system base on equipment |
CN101442411A (en) * | 2008-12-23 | 2009-05-27 | 中国科学院计算技术研究所 | Identification authentication method between peer-to-peer user nodes in P2P network |
CN101902476B (en) * | 2010-07-27 | 2013-04-24 | 浙江大学 | Method for authenticating identity of mobile peer-to-peer user |
KR102124413B1 (en) * | 2013-12-30 | 2020-06-19 | 삼성에스디에스 주식회사 | System and method for identity based key management |
-
2016
- 2016-04-29 CN CN201610280800.2A patent/CN105975846B/en active Active
- 2016-05-31 WO PCT/CN2016/084058 patent/WO2017185450A1/en active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150405A (en) * | 2006-09-22 | 2008-03-26 | 华为技术有限公司 | Method and system for multicast and broadcast service authentication and authorization |
CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
CN101873298A (en) * | 2009-04-21 | 2010-10-27 | 华为软件技术有限公司 | Registration method, terminal, server and system |
JP2011113157A (en) * | 2009-11-25 | 2011-06-09 | Kddi Corp | Authentication system, authentication method, and program |
CN102137103A (en) * | 2011-03-09 | 2011-07-27 | 北京交通大学 | Method for realizing trusted transmission of voice over internet phone (VoIP) media stream by expanding MIKEY protocol |
CN102413132A (en) * | 2011-11-16 | 2012-04-11 | 北京数码视讯软件技术发展有限公司 | Two-way-security-authentication-based data downloading method and system |
CN102685110A (en) * | 2012-04-17 | 2012-09-19 | 中国科学院计算技术研究所 | Universal method and system for user registration authentication based on fingerprint characteristics |
CN103152735A (en) * | 2013-03-27 | 2013-06-12 | 深圳市中兴移动通信有限公司 | Method and device for two-way signature in mobile terminal |
KR101568940B1 (en) * | 2014-10-01 | 2015-11-20 | 이화여자대학교 산학협력단 | Authentication method for device to device communication in mobile open iptv system and device to device communication method in mobile open iptv system |
Also Published As
Publication number | Publication date |
---|---|
WO2017185450A1 (en) | 2017-11-02 |
CN105975846A (en) | 2016-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105975846B (en) | The authentication method and system of terminal | |
CN106101068B (en) | Terminal communicating method and system | |
KR101434769B1 (en) | Method and apparatus for trusted federated identity management and data access authorization | |
CN101873331B (en) | Safety authentication method and system | |
CN101340436B (en) | Method and apparatus implementing remote access control based on portable memory apparatus | |
CN105141636B (en) | Suitable for the HTTP safety communicating methods and system of CDN value-added service platforms | |
Li et al. | Providing privacy-aware incentives in mobile sensing systems | |
CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
US9635022B2 (en) | Method of allowing establishment of a secure session between a device and a server | |
CN101951321B (en) | Device, system and method for realizing identity authentication | |
CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
JP2013504832A (en) | Method and apparatus for reliable authentication and logon | |
CN107360125A (en) | Access authentication method, WAP and user terminal | |
CN104935441A (en) | Authentication method and relevant devices and systems | |
CN106817219A (en) | A kind of method and device of consulting session key | |
CN112968971A (en) | Method and device for establishing session connection, electronic equipment and readable storage medium | |
CN107911211B (en) | Two-dimensional code authentication system based on quantum communication network | |
CN109840766B (en) | Equipment control method and related equipment thereof | |
CN104767740A (en) | User platform credible authentication and access method | |
Kumar et al. | A conditional privacy-preserving and desynchronization-resistant authentication protocol for vehicular ad hoc network | |
KR102372503B1 (en) | Method for providing authentification service by using decentralized identity and server using the same | |
CN109740319A (en) | Digital identity verification method and server | |
CN105379176B (en) | System and method for verifying the request of SCEP certificate registration | |
CN101437228A (en) | Method, apparatus and system for implementing wireless business based on smart card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |