CN108809914A - Access control method, device, terminal and Internet of Things house system - Google Patents

Access control method, device, terminal and Internet of Things house system Download PDF

Info

Publication number
CN108809914A
CN108809914A CN201710313064.0A CN201710313064A CN108809914A CN 108809914 A CN108809914 A CN 108809914A CN 201710313064 A CN201710313064 A CN 201710313064A CN 108809914 A CN108809914 A CN 108809914A
Authority
CN
China
Prior art keywords
terminal
certification
access control
control apparatus
identification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710313064.0A
Other languages
Chinese (zh)
Inventor
李美祥
杨贤伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nationz Technologies Inc
Original Assignee
Nationz Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nationz Technologies Inc filed Critical Nationz Technologies Inc
Priority to CN201710313064.0A priority Critical patent/CN108809914A/en
Publication of CN108809914A publication Critical patent/CN108809914A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of access control method, device, terminal and Internet of Things house system, access control apparatus is communicated to connect with home equipment, and the access of terminal-pair home equipment needs the certification based on authentication key and authentication code by access control apparatus;Since authentication key in end side is to be associated with binding with device identification information and terminal identification information respectively with access control apparatus side, thus it is guaranteed that the uniqueness of certification both sides' key, and then ensure that by certification be exactly legal terminal.In addition, since final authentication result is carried out according to the comparison result between authentication code and certification plaintext, it requires terminal while possessing correct authentication key and preset rules, this double verification mode ensure that the safety of certification.And certification random number is generated at random in verification process every time, the Replay Attack to Internet of Things house system can be prevented, certification validity is further improved, ensure that the safety of Internet of Things house system.

Description

Access control method, device, terminal and Internet of Things house system
Technical field
The present invention relates to fields of communication technology, more specifically to a kind of access control method, device, terminal and object Networking house system.
Background technology
The appearance of Internet of things intelligent home system brings great convenience to the life of user, largely improves People's lives quality.Such as intelligent basket cot can track the sleep quality of child, avoid user and repeatedly get up at night The problem of checking;Intelligent flowerpot equipment can detect the moisture in soil and be sent out according to testing result from the terminal device of trend user The weather for sending prompt message user can be allowed to understand solitary parent at any time as plant watering, wired home camera using user Etc..
Internet of Things provide it is convenient behind but there is a large amount of security risks, as smart home device by illegal invasion, Sensitive data is stolen and leads to individual privacy leakage etc..Attack generally, for intelligent domestic system includes:Destroy production Product function damages electrical equipment, steals privacy of user etc..In fact, being arranged at present to the Remote Visit and Control of smart home device It applies and is less than position, because in existing Internet of things intelligent home system, all only take simple password to control mostly The remote access of terminal-pair smart home device processed.It, can in the better Internet of things intelligent home system of other security performances The mode of MAC (Media Access Control, physical address) address binding can be used to limit remote control terminal body The legitimacy of part.In this regard, hacker be easy for capable of decoding password either it is counterfeit it is enough to Internet of Things server or home equipment into Row remote control.One studies have shown that in past 3 years, the internet of things equipment more than 70% once met with safety and asked Topic, such as thermostat, intelligent door lock, the first-class smart home device of baby's monitoring camera, it is most common that hacker attacks is that it is faced Attack pattern, hacker carry out remote control, obtain user data etc. often through invasion internet of things equipment, this letter to user Breath safety causes the puzzlement that can not be ignored.
To sum up, now there is an urgent need for proposing a kind of new Internet of Things access control scheme, to solve existing Internet of Things intelligence man Occupy the problem of system remote access control measure weakness.
Invention content
The technical problem to be solved in the present invention is:Authentication for Internet of Things visitor and access control right Weak management so that there are prodigious security risks to provide a kind of access control for the technical problem for Internet of Things house system Method, apparatus, terminal and Internet of Things house system.
In order to solve the above technical problems, the present invention provides a kind of access control method, including:
Access control apparatus receives terminal and is sent out to access the home equipment communicated to connect with the access control apparatus After the access request sent, certification random number is generated, and extract the terminal identification information associated storage carried with the access request Authentication key random ciphertext is formed to the certification random number encryption;
The random ciphertext and the device identification information of itself are sent to the terminal by the access control apparatus;
The access control apparatus receives the certification ciphertext that the terminal is sent, and the certification ciphertext uses for the terminal The random ciphertext is decrypted to obtain certification random number with the authentication key of described device identification information associated storage, and to described Certification random number carries out default variation and obtains reusing the authentication key after authentication code to be encrypted to obtain to the authentication code;
The access control apparatus is decrypted to obtain corresponding certification using the authentication key to the certification ciphertext In plain text;And the certification is subjected to the certification that default variation identical with the terminal obtains with to the certification random number in plain text Code is compared, and control the terminal-pair according to comparison result connect permission with the access of the home equipment.
Further, further include before the access control apparatus generates certification random number:
It is legal that the access control apparatus determines that the terminal identification information in the access request is preserved at itself Exist in identification list.
Further, further include before the access control apparatus receives the access request that terminal is sent:
The access control apparatus receives the terminal identification information that the terminal is sent;
The access control apparatus generates key random number, is given birth to according to the key random number and the terminal identification information At authentication key corresponding with the terminal;And by the authentication key and the terminal identification information associated storage;
The authentication key and the device identification information of itself are sent to the terminal by the access control apparatus.
Further, the present invention provides a kind of access control method, the method includes:
Terminal sends the access request for carrying own terminal identification information to access control apparatus, and the access request is used The home equipment with access control apparatus communication connection is accessed in application;
The terminal receives the random ciphertext and device identification information that the access control apparatus is sent;
The terminal extracts close with the certification of described device identification information associated storage according to described device identification information Key is decrypted to obtain certification random number to the random ciphertext;And the certification random number is changed using preset rules Authentication code is obtained, the authentication code is encrypted using authentication key to obtain certification ciphertext;
The certification ciphertext is sent to the access control apparatus by the terminal, so that the access control apparatus makes Then the certification random number is changed after obtaining authentication code with identical described preset, is recognized with described based on the authentication code Card ciphertext controls the access connection permission of home equipment described in the terminal-pair.
Further, further include before terminal sends access request to access control apparatus:
The terminal sends the terminal identification information of itself to the access control apparatus;
The terminal receives the authentication key and device identification information that the access control apparatus is sent, and the certification is close Key is generated by the access control apparatus according to the key random number generated at random and the terminal identification information;
The authentication key is associated with preservation by the terminal with described device identification information.
Further, the present invention also provides a kind of access control apparatus, including:
Request receiving module, for receive terminal be access with the access control apparatus communication connection home equipment and The access request of transmission;
Ciphertext generation module for after receiving the access request, generating certification random number, and extracts and the visit Ask that the authentication key for the terminal identification information associated storage that request carries forms random ciphertext to the certification random number encryption;
Random ciphertext sending module, for the random ciphertext and the device identification information of itself to be sent to the end End;
Certification ciphertext receiving module, the certification ciphertext sent for receiving the terminal, the certification ciphertext are the end End decrypts the random ciphertext to obtain certification random number using the authentication key with described device identification information associated storage, and Default variation is carried out to the certification random number and obtains reusing the authentication key after authentication code to add the authentication code It is close to obtain;
Identification processing module, for after receiving the certification ciphertext that the terminal is sent, using the authentication key pair The certification ciphertext is decrypted to obtain corresponding certification in plain text;And the certification is carried out with to the certification random number in plain text The default obtained authentication code of changing identical with the terminal is compared, according to comparison result control the terminal-pair with it is described The access of home equipment connects permission.
Further, further include:
Receiving module is identified, the terminal identification information sent for receiving the terminal;
Cipher key configuration module, for generating key random number, according to the key random number and the terminal identification information Generate authentication key corresponding with the terminal;And by the authentication key and the terminal identification information associated storage;
Key sending module, for the authentication key and the device identification information of itself to be sent to the terminal.
Further, the present invention also provides a kind of terminals, including:
Request sending module, for sending the access request for carrying own terminal identification information to access control apparatus, The access request is used to apply to access the home equipment with access control apparatus communication connection;
Random ciphertext receiving module, for receiving the random ciphertext and device identification letter that the access control apparatus is sent Breath;
Ciphertext processing module, for being extracted and described device identification information associated storage according to described device identification information Authentication key the random ciphertext is decrypted to obtain certification random number;And using preset rules to the certification random number It is changed to obtain authentication code, the authentication code is encrypted using authentication key to obtain certification ciphertext;
Certification ciphertext sending module, for the certification ciphertext to be sent to the access control apparatus, for the visit Ask control device using it is identical it is described it is default then the certification random number is changed to obtain authentication code after, based on described Authentication code connect permission with the access that the certification ciphertext controls home equipment described in the terminal-pair.
Further, the terminal further includes:
Identify sending module, the terminal identification information for sending the terminal;
Key reception module, the authentication key and device identification information sent for receiving the access control apparatus, The authentication key is generated by the access control apparatus according to the key random number generated at random and the terminal identification information;
The authentication key is associated with preservation by cipher key storage block with described device identification information.
Further, the present invention also provides a kind of Internet of Things house system, including access control apparatus as described above with such as The upper terminal, and the home equipment with access control apparatus communication connection.
Advantageous effect
In access control method provided by the invention, device, terminal and Internet of Things house system, access control apparatus and family Occupy equipment communication connection, what the access of terminal-pair home equipment was needed through access control apparatus based on authentication key and authentication code Certification;Since authentication key is to be closed respectively with device identification information and terminal identification information in end side and access control apparatus side Connection binding, therefore ensure that the uniqueness of authentication key between access control apparatus and legal terminal, and then ensure that and can lead to Cross access control apparatus certification is legal terminal.On the other hand, since the final authentication result of access control apparatus is basis What the comparison result between authentication code and certification plaintext carried out, so not requiring nothing more than terminal possesses correct authentication key, also require Terminal grasps correct preset rules, and this double verification mode more can relative to the password that can be directly used after intercepting and capturing Ensure the safety of certification.And in each verification process, certification random number is all randomly generated, and can be prevented to Internet of Things The Replay Attack of net house system further improves the validity of the authentication to Internet of Things visitor, ensure that The safety of Internet of Things house system.
Description of the drawings
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is a kind of structural schematic diagram for the Internet of Things house system that the embodiment of the present invention one provides;
Fig. 2 is another structural schematic diagram for the Internet of Things house system that the embodiment of the present invention one provides;
Fig. 3 is a kind of a kind of flow chart for access control method that the embodiment of the present invention one provides;
Fig. 4 is a kind of flow chart that access control apparatus determines authentication key with terminal room in the embodiment of the present invention two;
Fig. 5 is a kind of flow chart that mobile phone carries out cipher key initialization with safe WiFi module in the embodiment of the present invention two;
Fig. 6 is a kind of flow chart that safe WiFi module is authenticated mobile phone in the embodiment of the present invention two;
Fig. 7 is a kind of structural schematic diagram that the embodiment of the present invention three provides access control apparatus;
Fig. 8 is another structural schematic diagram that the embodiment of the present invention three provides access control apparatus;
Fig. 9 is another structural schematic diagram that the embodiment of the present invention three provides access control apparatus;
Figure 10 is a kind of structural schematic diagram that the embodiment of the present invention four provides terminal;
Figure 11 is another structural schematic diagram that the embodiment of the present invention four provides terminal;
Figure 12 is a kind of hardware architecture diagram that the embodiment of the present invention five provides terminal;
Figure 13 is a kind of hardware architecture diagram that the embodiment of the present invention five provides access control apparatus.
Specific implementation mode
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Embodiment one:
The present embodiment provides a kind of access control method for Internet of Things home equipment, to the access control method into Row introduce before, first in conjunction with Fig. 1 to involved in the present embodiment to Internet of Things house system be introduced:
Internet of Things house system 1 includes home equipment 10, access control apparatus 20 and terminal 30, access control apparatus 20 It is communicated to connect with home equipment 10, for user to be authenticated and controlled by the access request of terminal 30.Home equipment 10 For any intelligent appliance equipment that home environment uses, including but not limited to monitoring probe, intelligent refrigerator, intelligent washing machine, intelligence Energy television set, intelligent electric cooker, intelligent air condition etc..Terminal 30 can be mobile phone, smart phone, the notebook electricity of user Brain, PDA (personal digital assistant), PAD (tablet computer), PMP (portable media player), is led at digit broadcasting receiver Navigate the mobile terminal of device etc. and the fixed terminal of such as number TV, desktop computer etc..User can be in terminal 30 On send out the access request for accessing home equipment 10, or send out corresponding control to home equipment 10 after authentication passes through The temperature etc. of intelligent refrigerator is opened, adjusted to instruction, such as control intelligent air condition.
It is understood that also can also include service platform in Internet of Things house system 1, as shown in Fig. 2, service is flat Platform 40 is as the intermediary between terminal 30 and access control apparatus 20, the access request and control instruction of the transmission of terminal 30 etc. It can be transmitted to access control apparatus 20 by service platform 40.Meanwhile the data of home equipment 10 can also be controlled by accessing Device 20 processed is sent to service platform, and terminal 30 can get the data of needs by service platform 40.
It should be understood that in one family, home equipment 10 may not only one, so, in an Internet of Things Can include one and more than one home equipment 10 in house system 1.For access control apparatus 20 and home equipment 10 Between relationship, can be such as the unique corresponding relation this example, can also an access control apparatus 20 correspond to it is more A home equipment 10.In the case of having multiple home equipments 10 under an access control apparatus 20, terminal 30 is set to household Standby 10 access control when, it may be necessary to the object-based device of oneself expectation management is carried in corresponding control instruction Identification information.
The advantages of in order to make those skilled in the art know more about the application and details, the present embodiment combination Fig. 3 are controlled to accessing Method processed is introduced:
S302, terminal send the access request for carrying own terminal identification information to access control apparatus.
According to the introduction of front, it is to be understood that, in the present embodiment, the access request of terminal can be transmitted directly to Access control apparatus can also be to be forwarded via service platform.If under home environment, access control apparatus can with terminal It is established and is connected by the modes such as WiFi (Wireless Fidelity, Wireless Fidelity), bluetooth, infrared and access control apparatus.? The identification information of terminal is carried in access request, the identification information of terminal can characterize the identity of terminal, for example, terminal is hand When machine, terminal identification information can be subscriber phone number, IMSI (the International Mobile of SIM card Subscriber IdentificationNumber, international mobile subscriber identity) number, mobile phone terminal IMEI (International MobileEquipment Identity, international mobile equipment identification number) number or mobile phone MAC Address, At least one of hardware sequence number.
S304, access control apparatus generate certification random number, and extract the terminal identification information carried with access request and close The authentication key of connection storage forms random ciphertext to certification random number encryption.
It is random can to generate a certification after the access request for receiving terminal transmission at random for access control apparatus Number.Then the certification random number is encrypted using authentication key, forms random ciphertext.Authentication key is filled by access control It sets and pre-saves, in access control apparatus side, authentication key is associated with preservation with the identification information of terminal, therefore, is controlled when accessing Device processed in the access request of terminal after extracting terminal identification information, so that it may with extracted from pre-stored information with The associated authentication key of terminal identification information, so that certification random number is encrypted.
It, can also first really before access control apparatus generates certification random number in a kind of example of the present embodiment The terminal identification information determined in access request whether there is in the legal identification list itself preserved.Only wait when present Subsequent process can be just carried out, it is the access request of legal terminal refusal respond terminal that otherwise can directly judge the terminal not.
Random ciphertext and the device identification information of itself are sent to terminal by S306, access control apparatus.
After access control apparatus generates random ciphertext, it will send random ciphertext and the device identification information of oneself To terminal.Device identification information can be that hardware sequence number either MAC Address of access control apparatus etc. can be with unique mark The information of the access control apparatus.
S308, terminal are extracted to be decrypted to obtain with the authentication key of device identification information associated storage to random ciphertext Certification random number;And certification random number is changed to obtain authentication code using preset rules, using authentication key to authentication code It is encrypted to obtain certification ciphertext.
Similar with access control apparatus side, end side also can advance associated storage access control apparatus and authentication key.Institute With, terminal receive access control apparatus transmission device identification information and random ciphertext after, can be according to device identification Information extraction goes out corresponding authentication key.Then random ciphertext is decrypted using the authentication key to obtain random plaintext.In the least No doubt, if the authentication key of terminal is correct, obtained random plaintext should be exactly certification random number.
After obtaining certification random number, terminal can be according to the preset rules in advance with access control apparatus agreement to certification Random number is changed, and authentication code can be obtained after variation, then terminal can be continuing with authentication key to authentication code into Row encryption.
Certification ciphertext is sent to access control apparatus by S310, terminal.
After completing to obtain certification ciphertext to the encryption of authentication code, certification ciphertext can be sent to access control dress It sets, so that access control apparatus completes subsequent verification process according to certification ciphertext.
S312, access control apparatus are decrypted to obtain corresponding certification in plain text using authentication key to certification ciphertext;And By certification in plain text with the default obtained authentication code of variation identical with terminal carried out to certification random number be compared, according to comparing The access of output control terminal-pair and home equipment connects permission.
After access control apparatus receives certification ciphertext, certification ciphertext is decrypted using authentication key, is recognized Prove text.On the other hand, it is random that the certification that the used preset rules in end side generate oneself may be used in access control apparatus Number is changed, and obtains authentication code.Then authentication code and the obtained certification of decryption are compared in plain text, both determine whether one It causes.Certainly, if terminal belongs to validated user, the certification ciphertext that terminal is sent to access control apparatus is close via certification The certification obtained after key decryption is also in plain text just authentication code accordingly.So if the comparison via access control apparatus determines Certification is identical as oneself obtained authentication code of transformation in plain text, so that it may to determine that terminal is that have to access connection to home equipment The legal terminal of permission can allow the terminal-pair home equipment to carry out subsequent access management.
Access control method provided in this embodiment, terminal and access control apparatus are respectively by the mark of authentication key and opposite end Know information and be associated storage, during subsequent access registrar, respectively using authentication key to being sent to the information of opposite end It is encrypted, and the information received from opposite end is decrypted using authentication key, this scheme and existing password access Mode is compared, and safety has prodigious improvement, because in existing access control scheme, access password is possible to be cut by third party It takes, but in the present embodiment, authentication key is only known and is stored by certification both sides, it is difficult to be trapped.In addition, access control fills Set can also carry out the certification based on authentication code using certification random number to terminal, further relate to carry out certification random number among these The preset rules of variation, preset rules are also that only access control apparatus understands with terminal, so further ensure that object Each home equipment can only be accessed management by really legal terminal in networking house system.
In addition, in the scheme that the present embodiment proposes, certification random number is carried in each terminal by access control apparatus Go out after access request and to generate at random, therefore, each time in verification process terminal be sent to access control apparatus certification it is close Text all differs, this can be good at preventing Replay Attack.
Embodiment two:
The present embodiment will carry out the access control method provided in embodiment one in conjunction with attached drawing and specific example detailed It introduces:
In the present embodiment, access control apparatus with authentication key of the terminal used in verification process is controlled by accessing Device setting processed, first combine Fig. 4 to determine that the process of authentication key is introduced between access control apparatus and terminal below:
S402, terminal send the terminal identification information of itself to access control apparatus.
As a kind of introduction of embodiment, the terminal identification information that terminal is sent to access control apparatus can be itself At least one of information such as MAC Address, hardware sequence number.
S404, access control apparatus generate key random number, are generated according to key random number and terminal identification information and whole Hold corresponding authentication key;And by authentication key and terminal identification information associated storage.
After access control apparatus receives terminal identification information, key random number, key random number can be generated at random For determining authentication key together with terminal identification information.After access control apparatus generates corresponding authentication key, it will Authentication key is associated together with terminal identification information storage, because the authentication key is only used for access control apparatus and is somebody's turn to do Communication between terminal.That is, when access control apparatus is communicated with other-end, the authentication key of use It is not just this, this improves the safety of authentication key, also ensures that the information security of Internet of Things house system.
Authentication key and the device identification information of itself are sent to terminal by S406, access control apparatus.
After access control apparatus generates authentication key, authentication key can be sent to terminal.It is risen with authentication key one That send also has the device identification information of access control apparatus.
Authentication key is associated with preservation with device identification information by S408, terminal.
After terminal receives the authentication key and device identification information of access control apparatus transmission, by authentication key and dress Set identification information association binding storage.
, will be using terminal as mobile phone in a kind of example of the present embodiment, access control apparatus is that safe WiFi module is Example describes to the access control method in the present embodiment in detail:
Theoretically, authentication key can be arranged when only in terminal maiden visit Internet of Things house system, it is contemplated that one The risk that authentication key is decrypted can increase with the increase of use time, therefore in real process, can also recognize in user To need the when of updating authentication key to be authenticated the setting of key.In order to promote the safety in authentication key setting up procedure Property, mobile phone can be allowed to establish WiFi with safe WiFi module and connect, in this example, mobile phone is with safe WiFi module with WiFi Direct (WiFi is direct-connected) mode establishes connection.
When authentication key is set, controls mobile phone and safe WiFi module respectively enters cipher key initialization pattern.Such as:Pass through Clicking the interfaces APP calls software function module that mobile phone is made to enter cipher key initialization state;Make safe WiFi moulds by key mode Block enters cipher key initialization state.
Below incorporated by reference to Fig. 5 and Fig. 6, summarised in interaction figure illustrated in fig. 5 close between mobile phone and safe WiFi module Key initialization procedure:
The UID of oneself is sent to safe WiFi module by S502, mobile phone by established WiFi connections.
The terminal identification information of UID i.e. mobile phone can be subscriber phone number, the IMSI number of SIM card, mobile phone end Hold at least one of hardware sequence number of international mobile equipment identity number or mobile phone MAC Address, mobile phone etc..
S504, safe WiFi module generate key random number R N1, and being generated according to the first preset rules based on RN1 and UID should The authentication key of mobile phone, and UID and authentication key association are preserved.
In the example, the first preset rules are:Using another random number different from RN1 as key pair (RN1, UID it) is encrypted to obtain authentication key.It is understood that in some other examples, directly key can also be used random Number RN1 is as authentication key.
MID and authentication key are sent to mobile phone by S506, safe WiFi module by established WiFi connections.
The device identification information of MID i.e. safe WiFi module, for example, safe WiFi module MAC Address or safety The hardware sequence number etc. of WiFi module.
S508, mobile phone preserve MID and authentication key association.
The safety chip of bluetooth SIM card is the secure storage section in mobile phone, therefore, in this example, it may be considered that will MID and authentication key association are saved in wherein.
After terminal storage complete authentication key, just illustrate that authentication key is provided with, therefore mobile phone and safe WiFi moulds Block can exit cipher key initialization pattern, such as mobile phone directly exits APP, safe WiFi module warm reset or re-power, double Terminate procedure for cipher key initialization in side.
Fig. 6 shows the process that safe WiFi module is authenticated the access connection permission of mobile phone:
S602, mobile phone send out access request by smart home service platform or directly to safe WiFi module.
The UID information of mobile phone is carried in the access request, it should be apparent that, the UID information carried herein should be with The consistent of safe WiFi module is sent in procedure for cipher key initialization.
S604, safe WiFi module judge that UID whether there is in legal identification list.
If it is not, then can directly judge that the mobile phone is disabled user, do not have intelligent family in accessing internet of things house system The permission in residence can forbid access of the mobile phone to Internet of Things house system, execute S622 and terminate verification process.If so, It needs further to execute subsequent authentication.
S606, safe WiFi module generate certification random number R N2, are encrypted to obtain to RN2 using authentication key random Random ciphertext and MID are simultaneously sent to mobile phone by ciphertext.
Here authentication key used in safe WiFi module is that certification corresponding with UID in the access request received is close Key.Since in procedure for cipher key initialization, safe WiFi module is protected the authentication key of the UID of mobile phone and mobile phone It deposits, therefore, after receiving access request, so that it may to extract corresponding authentication key according to the UID in access request.
Random ciphertext is decrypted in S608, mobile phone use authentication key corresponding with MID.
It is understood that if mobile phone possesses correct authentication key, what decryption obtained should be certification random number RN2。
Second random number R N2 is calculated or is converted according to the second preset rules to obtain authentication code AC by S610, mobile phone.
As an example, second preset rules are:1 is added to obtain authentication code AC, i.e. AC=certification random number R N2 RN2+1。
S612, mobile phone are encrypted to obtain certification ciphertext and certification ciphertext are sent to safety using authentication key to AC WiFi module.
S614, safe WiFi module are decrypted to obtain certification in plain text to the certification ciphertext received.
Beyond all doubt, safe WiFi module decryption institute is still the corresponding authentication keys of mobile phone UID using key.
S616, safe WiFi module calculate RN2 or are converted to obtain authentication code AC using the second preset rules.
Due to safe WiFi module to RN2 is calculated or change rule with mobile phone used in, work as hand Machine is changed in the case of having obtained authentication code certification random number R N2, and safe WiFi module also can be varied or be calculated Obtain authentication code AC.
Authentication code AC and certification are compared by S618, safe WiFi module in plain text, determine whether the two is consistent.
S620, certification pass through, and allow mobile phone access home equipment.
S622, refusal mobile phone access home equipment.
Authentication code AC is that safe WiFi module oneself transformation obtains, and essence is recognizing of converting of mobile phone in plain text for certification Code is demonstrate,proved, safe WiFi module compares whether the certification plaintext that authentication code AC is obtained with decryption identical can determine that mobile phone is simultaneously It is no that there are correct authentication key and the second preset rules.If mobile phone does not have correct authentication key either correct the Any one in two preset rules, comparison result will be inconsistent.Therefore, if comparison result is identical, it can be said that bright hair The mobile phone for playing access request is the legal mobile phone for having correct authentication key and correct second preset rules.
In the present embodiment, the authentication key used between mobile phone and safe WiFi module is to be in advance based on the terminal of mobile phone It is that identification information UID is generated and associated storage, thus it is guaranteed that between mobile phone and safe WiFi module authentication key it is unique Property and safety.On the basis of ensureing authentication key safety, the permission of mobile phone can be also authenticated in conjunction with authentication code, with The mode of " double authentication " increases the severe of authentication condition, also increases the safety of Internet of Things house system.Together When, whether safe WiFi module can first judge the UID of mobile phone in oneself pre-stored sequence when being authenticated to mobile phone In list, therefore, it is possible to the access of the illegal mobile phone of fast filtering, the efficiency of access registrar is improved.
Embodiment three:
The present embodiment provides a kind of access control apparatus, and the access control apparatus is as the composition in Internet of Things house system Member can coordinate with terminal and execute access control method in embodiment one and embodiment two, below it is shown in Figure 7 go out A kind of structural schematic diagram of access control apparatus:
Access control apparatus 20 includes request receiving module 202, ciphertext generation module 204, random ciphertext sending module 206, certification ciphertext receiving module 208 and identification processing module 210.
Request receiving module 202 is used to receive the access request of terminal transmission, is carried in the access request received Terminal identification information.For request receiving module 202 after the access request for receiving terminal transmission, ciphertext generation module 204 can To generate a certification random number at random.Then the certification random number is encrypted using authentication key, forms random ciphertext. Authentication key is pre-saved by access control apparatus 20, in 20 side of access control apparatus, the mark of authentication key and terminal Information association preserves, therefore, after request receiving module 202 extracts terminal identification information from the access request of terminal, just It can be extracted for the associated authentication key of terminal identification information, so as to ciphertext generation module 204 from pre-stored information Certification random number is encrypted.
In a kind of example of the present embodiment, as shown in figure 8, access control apparatus 20 further includes mark enquiry module 212, before ciphertext generation module 204 generates certification random number, mark enquiry module 212 can also be determined first in access request Terminal identification information whether there is in the legal identification list itself preserved, only wait when present can just carry out it is follow-up Process, it is the access request of legal terminal refusal respond terminal that otherwise can directly judge the terminal not.
After ciphertext generation module 204 generates random ciphertext, random ciphertext sending module 206 will by random ciphertext with The device identification information of oneself sends terminal.Device identification information can be the hardware sequence number of access control apparatus 20 either MAC Address etc. can be with the information of the unique mark access control apparatus 20.
After terminal receives the random ciphertext that random ciphertext sending module 206 is sent, by the solution to random ciphertext It is close, change and re-encrypt process after, it will obtain certification ciphertext, and certification ciphertext be sent to access control apparatus 20. And the certification ciphertext receiving module 208 in access control apparatus 20 is exactly the certification ciphertext for receiving terminal transmission.In certification After ciphertext receiving module 208 receives certification ciphertext, identification processing module 210 solves certification ciphertext using authentication key It is close, obtain certification in plain text.On the other hand, identification processing module 210 may be used with the used preset rules in end side to oneself The certification random number of generation is changed, and obtains authentication code.Then the certification that authentication code is obtained with decryption is compared in plain text, Determine whether the two is consistent.Certainly, if terminal belongs to validated user, terminal is sent to certification ciphertext receiving module The certification that 208 certification ciphertext obtains after being decrypted via authentication key is also in plain text just authentication code accordingly.So if via The comparison of identification processing module 210 determines that certification is identical as oneself obtained authentication code of transformation in plain text, so that it may to determine that terminal is Legal terminal with the connection permission that accesses to home equipment, can allow the terminal-pair home equipment to carry out subsequent visit Ask management.
In addition, in another example of the present embodiment, access control apparatus 20 is authenticated terminal used Authentication key is generated in advance by oneself, and the access control apparatus is introduced with reference to Fig. 9:Access control apparatus 20 Further include mark receiving module 214, cipher key configuration module 216 and key sending module 218.
Since authentication key is what the terminal identification information based on terminal generated in this example, in order to generate certification Key, mark receiving module 214 need to receive terminal identification information.After receiving terminal identification information, cipher key configuration module 216 can generate key random number at random, and key random number is used to determine authentication key together with terminal identification information.Work as key Configuration module 216 generates after corresponding authentication key, it will authentication key is associated together with terminal identification information and is deposited Storage, because the authentication key is only used for the communication between access control apparatus 20 and the terminal.That is, when access control fills When setting 20 and communicated with other-end, the authentication key of use is not just this, this improves authentication key Safety also ensures that the information security of Internet of Things house system.
After cipher key configuration module 216 generates authentication key, authentication key can be sent to end by key sending module 218 End.With the device identification information for also having access control apparatus sent together with authentication key.
Access control apparatus provided in this embodiment is visited based on the terminal identification information life paired terminal that terminal is sent The authentication key for asking certification can also be by authentication key while authentication key is associated storage in terminal identification information Terminal is sent jointly to the device identification information of itself, terminal is allowed also to be associated storage.In subsequent verification process, On the basis of authentication key, further whether there are correct preset rules to judge end side, using double authentication side Formula improves the safety of home equipment in Internet of Things house system, and the user experience is improved.
Example IV:
The present embodiment provides a kind of terminal, which can control as the part in Internet of Things house system with accessing Device processed cooperation executes embodiment one and access control method in embodiment two, below it is shown in Figure 10 go out a kind of terminal Structural schematic diagram:
Terminal 30 includes request sending module 302, random ciphertext receiving module 304, ciphertext processing module 306 and certification Ciphertext sending module 308.
Request sending module 302 is used to send the access for carrying own terminal identification information to access control apparatus and asks It asks.In the present embodiment, the access request of request sending module 302 can be transmitted directly to access control apparatus, can also be It is forwarded via service platform.If under home environment, access control apparatus and terminal 30 can be by WiFi, bluetooth, infrared Etc. modes and access control apparatus establish and connect.Carry terminal identification information in access request, terminal identification information can be with The identity of terminal 30 is characterized, for example, when terminal 30 is mobile phone, terminal identification information can be subscriber phone number, SIM card At least one of IMSI number, mobile phone terminal international mobile equipment identity number or mobile phone MAC Address, hardware sequence number.
After access request is sent to access control apparatus by request sending module 302, access control apparatus will generate Certification random number, and certification random number is encrypted in use authentication key corresponding with terminal identification information, is formed with secret Text is simultaneously sent to terminal 30.So the random ciphertext receiving module 304 of terminal 30 can be subsequently received access control apparatus The random ciphertext sent.Similar with access control apparatus side, end side also can associated storage access control apparatus and certification in advance Key, so, receive the device identification information of access control apparatus transmission and random ciphertext in random ciphertext receiving module 304 Later, ciphertext processing module 306 can extract corresponding authentication key according to device identification information, then use the certification close Key is decrypted random ciphertext to obtain random plaintext.It is beyond all doubt, if the authentication key of ciphertext processing module 306 is just Really, then the random plaintext obtained should be exactly certification random number.
After obtaining certification random number, ciphertext processing module 306 can be according to pre- with access control apparatus agreement in advance If rule is changed certification random number, authentication code can be obtained after variation, then ciphertext processing module 306 can continue Authentication code is encrypted using authentication key to obtain certification ciphertext.
After ciphertext processing module 306 is completed to obtain certification ciphertext to the encryption of authentication code, certification ciphertext sending module Certification ciphertext can be sent to access control apparatus by 308, so that access control apparatus is recognized according to the completion of certification ciphertext is subsequent Card process.
Access control apparatus, on the one hand can profit after the certification ciphertext for receiving the transmission of certification ciphertext sending module 308 Certification ciphertext is decrypted to obtain certification in plain text with authentication key, on the other hand can use preset rules used in terminal 30 Certification random number to being sent to terminal 30 converts, and obtains authentication code, then compare authentication code and certification in plain text whether phase Together, and then judge whether terminal 30 has the permission of accessing internet of things house system.
In addition, in a kind of example of the present embodiment, authentication key that terminal 30 stores is by oneself in advance from access It is obtained at control device, therefore, in the example, as shown in figure 11, terminal 30 further includes mark sending module 310, close Key receiving module 312 and cipher key storage block 314.
Wherein, mark sending module 310 is for sending the terminal identification information of itself to access control apparatus.
As previously described, the terminal identification information that is sent to access control apparatus of mark sending module 310 can be with It is at least one of information such as MAC Address, the hardware sequence number of itself.
After access control apparatus generates authentication key according to the terminal identification information of terminal 30, it will authentication key It is sent to terminal 30, the key reception module 312 in terminal 30 will receive authentication key, and transfer to cipher key storage block 314 Authentication key is associated with to binding storage with device identification information.
Terminal provided in this embodiment, by being that the authentication key oneself generated is filled with access control by access control apparatus The device identification information set is associated storage.In subsequent authentication procedure, the access control apparatus is sent out using authentication key The random ciphertext sent decrypts to obtain certification random number, and using in advance with the pre-defined rule of access control apparatus agreement to certification with Machine number is changed to obtain authentication code, is then encrypted to obtain certification ciphertext to authentication code and is sent to visit using authentication key It asks control device, access control apparatus is made to make with itself to the authentication key itself stored with certification random number based on certification ciphertext Preset rules are authenticated, to judge whether terminal has the permission of accessing internet of things house system.It is controlled by accessing The double authentication of device processed just may have access to home equipment, improve safety and the user experience of Internet of Things house system.
Embodiment five:
Hardware configurations of the present embodiment combination Figure 12 and Figure 13 to terminal in various embodiments of the present invention and access control apparatus It illustrates, the hardware architecture diagram of Figure 12 optional terminals of each embodiment one to realize the present invention.Terminal 100 can be with Including wireless communication unit 110, memory 120, controller 130 etc..
Wireless communication unit 110 generally includes one or more components, allows mobile terminal 100 and wireless communication system Or the radio communication between network.For example, wireless communication unit may include short range communication module 111, mobile communication module 112, at least one of wireless Internet module 113.
Short range communication module 111 is the module for supporting short range communication.Some examples of short-range communication technology include indigo plant Tooth (Bluetooth), radio frequency identification (RFID), Infrared Data Association (IrDA), ultra wide band (UWB), purple honeybee (ZigBee) etc.. Mobile communication module 112 is sent radio signals in base station (for example, access point etc.), exterior terminal and server It is at least one and/or receive from it radio signal.Such radio signal may include voice communication signal, video calling Signal or the various types of data for sending and/or receiving according to text and/or Multimedia Message.Wireless Internet module 113 support the Wi-Fi (Wireless Internet Access) of mobile terminal.The module can internally or externally be couple to terminal.Involved by the module Wi-Fi (Wireless Internet Access) technology may include WLAN (Wireless LAN) (Wi-Fi), Wibro (wireless broadband Internet access), Wimax (complete Ball microwave interconnecting accesses), HSDPA (high-speed downlink packet access) etc..
Memory 120 may include the storage medium of at least one type, and the storage medium includes flash memory, hard disk, more Media card, card-type memory (for example, SD or DX memories etc.), random access storage device (RAM), static random-access storage Device (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read only memory (PROM), magnetic storage, disk, CD etc..Moreover, terminal 100 can execute memory 120 with by network connection The network storage device of store function cooperates.
The overall operation of the usually control mobile terminal of controller 130.For example, controller 130 executes and voice communication, data Communication, video calling etc. relevant control and processing.
The mark sending module of terminal, key reception module, request sending module, random ciphertext receive mould in example IV Block and certification ciphertext sending module can be by the wireless communication units 110 in the present embodiment under the control of controller 130 It realizes, and memory 120 can then realize the function of cipher key storage block, ciphertext processing module under the control of controller 130 Function can be implemented separately by controller 130:In the cipher key initialization stage, wireless communication unit 110 is to access control apparatus The terminal identification information for sending terminal 100, after access control apparatus has configured authentication key, 110 meeting of wireless communication unit Receive, controller 130 after wireless communication unit 110 receives authentication key, control memory 120 by authentication key with Access control apparatus to device identification information be associated storage.Household in user needs accessing internet of things house system When equipment, the carrying of the terminal identification information of terminal 100 can be sent to visit by wireless communication unit 110 in access request again Ask control device.It then receives the random ciphertext that access control apparatus is sent and transfers to controller 130, controller 130 is receiving To after random ciphertext, according to the device identification information sent together with random ciphertext from the authentication key of advance associated storage Authentication key corresponding with device identification information is gone in proposition, and random ciphertext is decrypted, and obtains certification random number.Controller After 130 obtain certification random number, certification random number is changed using preset rules, obtains authentication code, and utilize certification Key pair authentication code is encrypted to obtain certification ciphertext, and wireless communication unit 110 is transferred to be sent to access control apparatus, so as to Access control apparatus completes subsequent authentication.
Access control apparatus in the present embodiment by chip microcontroller, can refer to the access control dress of Figure 13 offers The hardware architecture diagram set, access control apparatus 200 include communication device 210, processor 220 and memory 230.For The mark receiving module of access control apparatus, key sending module, request receiving module, random ciphertext send mould in embodiment three Block and certification ciphertext receiving module can be realized by communication device 210, and the function of cipher key configuration module then can be by Processor 220 and storage device 230 realize that the function of ciphertext generation module and identification processing module can be by processor jointly 220 are implemented separately.
In the cipher key initialization stage, communication device 210 receives the terminal identification information that terminal is sent, by 220 base of processor Authentication key is generated in terminal identification information.After processor 220 generates authentication key, by authentication key and terminal identification information It gives storage device 230 and is associated storage, while controlling device identification information and authentication key of the communication device 210 by oneself Send jointly to terminal.During access registrar, after communication device 210 receives terminal identification information, processor 22 is given birth to At certification random number, and authentication key is extracted to certification random number encryption from storage device 230, obtain random ciphertext.By Random ciphertext is sent to terminal by communication device 210.Then, communication device 210 receives the certification ciphertext of terminal transmission, processing Device 220 continues to decrypt certification ciphertext using authentication key, obtains certification in plain text, while according to preset rules to certification random number It is changed to obtain authentication code, compares authentication code and certification plaintext, determine whether the two is consistent.
The terminal that is there is provided in the present embodiment, access control apparatus can constitute Internet of Things household system together with home equipment etc. System.Access control apparatus is communicated to connect with home equipment, or can also the function of access control apparatus be integrated into household and set It is standby upper.
Terminal, access control apparatus and Internet of Things house system provided in this embodiment, since authentication key is in terminal Side is to be associated with binding with device identification information and terminal identification information respectively, therefore ensure that access with access control apparatus side The uniqueness of authentication key between control device and legal terminal, and then ensure that can be to close by access control apparatus certification Method terminal.On the other hand, since the final authentication result of access control apparatus is according to the comparison between authentication code and certification plaintext As a result it carries out, so not requiring nothing more than terminal possesses correct authentication key, terminal is also required to grasp correct preset rules, this Kind double verification mode can more ensure the safety of certification relative to the password that can be directly used after intercepting and capturing.And every In secondary verification process, certification random number is all randomly generated, and can prevent the Replay Attack to Internet of Things house system, more into The validity for improving to one step the authentication to Internet of Things visitor, ensure that the safety of Internet of Things house system.
It should be noted that herein, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that process, method, article or device including a series of elements include not only those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including this There is also other identical elements in the process of element, method, article or device.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical scheme of the present invention substantially in other words does the prior art Going out the part of contribution can be expressed in the form of software products, which is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment (can be mobile phone, computer, clothes Be engaged in device, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited in above-mentioned specific Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much Form, all of these belong to the protection of the present invention.

Claims (10)

1. a kind of access control method, which is characterized in that including:
Access control apparatus receives the home equipment that terminal is access and access control apparatus communication connection and sends After access request, certification random number is generated, and extract recognizing for the terminal identification information associated storage carried with the access request Certification random number encryption forms random ciphertext described in card key pair;
The random ciphertext and the device identification information of itself are sent to the terminal by the access control apparatus;
The access control apparatus receives the certification ciphertext that the terminal is sent, and the certification ciphertext uses and institute for the terminal The authentication key for stating device identification information associated storage decrypts the random ciphertext to obtain certification random number, and to the certification Random number carries out default variation and obtains reusing the authentication key after authentication code to be encrypted to obtain to the authentication code;
The access control apparatus is decrypted to obtain corresponding certification in plain text using the authentication key to the certification ciphertext; And by the certification in plain text with to the certification random number carry out the default obtained authentication code of variation identical with the terminal into Row compares, and controls the terminal-pair according to comparison result and connect permission with the access of the home equipment.
2. access control method as described in claim 1, which is characterized in that the access control apparatus generates certification random number Further include before:
The access control apparatus determines the terminal identification information in the access request in the legal mark itself preserved Exist in list.
3. access control method as claimed in claim 1 or 2, which is characterized in that the access control apparatus receives terminal hair Further include before the access request sent:
The access control apparatus receives the terminal identification information that the terminal is sent;
The access control apparatus generates key random number, according to the key random number and the terminal identification information generate with The corresponding authentication key of the terminal;And by the authentication key and the terminal identification information associated storage;
The authentication key and the device identification information of itself are sent to the terminal by the access control apparatus.
4. a kind of access control method, which is characterized in that including:
Terminal sends the access request for carrying own terminal identification information to access control apparatus, and the access request is used for Shen It please access the home equipment communicated to connect with the access control apparatus;
The terminal receives the random ciphertext and device identification information that the access control apparatus is sent;
The terminal extracts the authentication key pair with described device identification information associated storage according to described device identification information The random ciphertext is decrypted to obtain certification random number;And the certification random number is changed to obtain using preset rules Authentication code is encrypted the authentication code using authentication key to obtain certification ciphertext;
The certification ciphertext is sent to the access control apparatus by the terminal, so that the access control apparatus is using phase Same described preset then is changed after obtaining authentication code the certification random number, close based on the authentication code and the certification The access that text controls home equipment described in the terminal-pair connects permission.
5. access control method as claimed in claim 4, which is characterized in that terminal sends access request to access control apparatus Further include before:
The terminal sends the terminal identification information of itself to the access control apparatus;
The terminal receives the authentication key and device identification information that the access control apparatus is sent, the authentication key by The access control apparatus is generated according to the key random number generated at random and the terminal identification information;
The authentication key is associated with preservation by the terminal with described device identification information.
6. a kind of access control apparatus, which is characterized in that including:
Request receiving module is sent for receiving terminal to access the home equipment communicated to connect with the access control apparatus Access request;
Ciphertext generation module for after receiving the access request, generating certification random number, and is extracted and is asked with the access The authentication key of the terminal identification information associated storage of carrying is asked to form random ciphertext to the certification random number encryption;
Random ciphertext sending module, for the random ciphertext and the device identification information of itself to be sent to the terminal;
Certification ciphertext receiving module, the certification ciphertext sent for receiving the terminal, the certification ciphertext are that the terminal is adopted The random ciphertext is decrypted with the authentication key with described device identification information associated storage to obtain certification random number, and to institute Certification random number is stated to carry out default variation and obtain reusing the authentication key after authentication code that the authentication code is encrypted It arrives;
Identification processing module, for after receiving the certification ciphertext that the terminal is sent, using the authentication key to described Certification ciphertext is decrypted to obtain corresponding certification in plain text;And by the certification in plain text with to the certification random number carry out and institute It states the identical default obtained authentication code that changes of terminal to be compared, the terminal-pair and the household is controlled according to comparison result The access of equipment connects permission.
7. access control apparatus as claimed in claim 6, which is characterized in that further include:
Receiving module is identified, the terminal identification information sent for receiving the terminal;
Cipher key configuration module is generated for generating key random number according to the key random number and the terminal identification information Authentication key corresponding with the terminal;And by the authentication key and the terminal identification information associated storage;
Key sending module, for the authentication key and the device identification information of itself to be sent to the terminal.
8. a kind of terminal, which is characterized in that including:
Request sending module, it is described for sending the access request for carrying own terminal identification information to access control apparatus Access request is used to apply to access the home equipment with access control apparatus communication connection;
Random ciphertext receiving module, the random ciphertext and device identification information sent for receiving the access control apparatus;
Ciphertext processing module is recognized for being extracted according to described device identification information with described device identification information associated storage Random ciphertext described in card key pair is decrypted to obtain certification random number;And the certification random number is carried out using preset rules Variation obtains authentication code, and the authentication code is encrypted using authentication key to obtain certification ciphertext;
Certification ciphertext sending module, for the certification ciphertext to be sent to the access control apparatus, so that the access is controlled Device processed using it is identical it is described it is default then the certification random number is changed to obtain authentication code after, be based on the certification The access that code controls home equipment described in the terminal-pair with the certification ciphertext connect permission.
9. terminal as claimed in claim 8, which is characterized in that further include:
Identify sending module, the terminal identification information for sending the terminal;
Key reception module, the authentication key and device identification information sent for receiving the access control apparatus are described Authentication key is generated by the access control apparatus according to the key random number generated at random and the terminal identification information;
The authentication key is associated with preservation by cipher key storage block with described device identification information.
10. a kind of Internet of Things house system, which is characterized in that wanted with right including the access control apparatus of claim 6 or 7 Ask 8 or 9 terminals, and the home equipment with access control apparatus communication connection.
CN201710313064.0A 2017-05-05 2017-05-05 Access control method, device, terminal and Internet of Things house system Pending CN108809914A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710313064.0A CN108809914A (en) 2017-05-05 2017-05-05 Access control method, device, terminal and Internet of Things house system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710313064.0A CN108809914A (en) 2017-05-05 2017-05-05 Access control method, device, terminal and Internet of Things house system

Publications (1)

Publication Number Publication Date
CN108809914A true CN108809914A (en) 2018-11-13

Family

ID=64054898

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710313064.0A Pending CN108809914A (en) 2017-05-05 2017-05-05 Access control method, device, terminal and Internet of Things house system

Country Status (1)

Country Link
CN (1) CN108809914A (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110012468A (en) * 2019-06-06 2019-07-12 成都鼎桥通信技术有限公司 A kind of secure access authentication method and system
CN110266474A (en) * 2019-05-15 2019-09-20 亚信科技(成都)有限公司 Key sending method, apparatus and system
CN110781243A (en) * 2019-11-06 2020-02-11 杭州安恒信息技术股份有限公司 Incremental synchronization method and system for double main data of relational database
CN111385772A (en) * 2018-12-29 2020-07-07 深圳市广和通无线股份有限公司 Internet of things communication method and device, computer equipment and storage medium
CN111415506A (en) * 2020-04-28 2020-07-14 成都新潮传媒集团有限公司 Safety encryption method of multimedia control system and multimedia terminal
CN111835775A (en) * 2020-07-16 2020-10-27 华北电力科学研究院有限责任公司 Block chain-based Internet of things equipment safety calling method, device and equipment
CN112039674A (en) * 2020-08-06 2020-12-04 珠海格力电器股份有限公司 Central control system access and signature identification generation method and device and storage medium
CN112085874A (en) * 2020-09-03 2020-12-15 福州正城铅封有限公司 Safe passive sign lock dynamic system
CN112311533A (en) * 2019-07-29 2021-02-02 中国电信股份有限公司 Terminal identity authentication method, system and storage medium
CN112583607A (en) * 2020-12-22 2021-03-30 珠海格力电器股份有限公司 Equipment access management method, device, system and storage medium
CN112615829A (en) * 2020-12-08 2021-04-06 北京北信源软件股份有限公司 Terminal access authentication method and system
CN112615834A (en) * 2020-12-08 2021-04-06 北京北信源软件股份有限公司 Security authentication method and system
CN112637844A (en) * 2020-12-16 2021-04-09 珠海格力电器股份有限公司 Security authentication method, device, equipment and medium
CN112637184A (en) * 2020-12-18 2021-04-09 珠海格力电器股份有限公司 Security authentication system, method, apparatus, device, and computer-readable storage medium
CN112637145A (en) * 2020-12-08 2021-04-09 北京北信源软件股份有限公司 Network equipment interconnection authentication method and system
CN112822165A (en) * 2020-12-30 2021-05-18 支付宝(杭州)信息技术有限公司 Method, device, equipment and readable medium for communicating with Internet of things equipment
CN113065118A (en) * 2021-03-16 2021-07-02 青岛海尔科技有限公司 Method and device for determining authentication code, storage medium and electronic device
CN113840270A (en) * 2021-08-16 2021-12-24 百度在线网络技术(北京)有限公司 Method, device, equipment and storage medium for establishing Bluetooth connection
CN116248280A (en) * 2023-05-09 2023-06-09 北京智芯微电子科技有限公司 Anti-theft method for security module without key issue, security module and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030151493A1 (en) * 2002-02-13 2003-08-14 Swisscom Ag Access control system, access control method and devices suitable therefor
CN102769847A (en) * 2011-05-05 2012-11-07 国民技术股份有限公司 Safety communication method and equipment in wireless local area network
CN105101183A (en) * 2014-05-07 2015-11-25 中国电信股份有限公司 Method and system for protecting private contents at mobile terminal
CN106330442A (en) * 2015-06-17 2017-01-11 中兴通讯股份有限公司 Identity authentication method, device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030151493A1 (en) * 2002-02-13 2003-08-14 Swisscom Ag Access control system, access control method and devices suitable therefor
CN102769847A (en) * 2011-05-05 2012-11-07 国民技术股份有限公司 Safety communication method and equipment in wireless local area network
CN105101183A (en) * 2014-05-07 2015-11-25 中国电信股份有限公司 Method and system for protecting private contents at mobile terminal
CN106330442A (en) * 2015-06-17 2017-01-11 中兴通讯股份有限公司 Identity authentication method, device and system

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111385772A (en) * 2018-12-29 2020-07-07 深圳市广和通无线股份有限公司 Internet of things communication method and device, computer equipment and storage medium
CN111385772B (en) * 2018-12-29 2024-03-15 深圳市广和通无线股份有限公司 Internet of things communication method, device, computer equipment and storage medium
CN110266474A (en) * 2019-05-15 2019-09-20 亚信科技(成都)有限公司 Key sending method, apparatus and system
CN110012468A (en) * 2019-06-06 2019-07-12 成都鼎桥通信技术有限公司 A kind of secure access authentication method and system
CN112311533A (en) * 2019-07-29 2021-02-02 中国电信股份有限公司 Terminal identity authentication method, system and storage medium
CN110781243A (en) * 2019-11-06 2020-02-11 杭州安恒信息技术股份有限公司 Incremental synchronization method and system for double main data of relational database
CN111415506A (en) * 2020-04-28 2020-07-14 成都新潮传媒集团有限公司 Safety encryption method of multimedia control system and multimedia terminal
CN111835775A (en) * 2020-07-16 2020-10-27 华北电力科学研究院有限责任公司 Block chain-based Internet of things equipment safety calling method, device and equipment
CN112039674A (en) * 2020-08-06 2020-12-04 珠海格力电器股份有限公司 Central control system access and signature identification generation method and device and storage medium
CN112085874B (en) * 2020-09-03 2022-05-10 福州正城铅封有限公司 Safe passive sign lock dynamic system
CN112085874A (en) * 2020-09-03 2020-12-15 福州正城铅封有限公司 Safe passive sign lock dynamic system
CN112615834B (en) * 2020-12-08 2023-04-07 北京北信源软件股份有限公司 Security authentication method and system
CN112615834A (en) * 2020-12-08 2021-04-06 北京北信源软件股份有限公司 Security authentication method and system
CN112637145A (en) * 2020-12-08 2021-04-09 北京北信源软件股份有限公司 Network equipment interconnection authentication method and system
CN112615829A (en) * 2020-12-08 2021-04-06 北京北信源软件股份有限公司 Terminal access authentication method and system
CN112637145B (en) * 2020-12-08 2023-04-28 北京北信源软件股份有限公司 Network equipment interconnection authentication method and system
CN112637844A (en) * 2020-12-16 2021-04-09 珠海格力电器股份有限公司 Security authentication method, device, equipment and medium
CN112637184A (en) * 2020-12-18 2021-04-09 珠海格力电器股份有限公司 Security authentication system, method, apparatus, device, and computer-readable storage medium
CN112583607A (en) * 2020-12-22 2021-03-30 珠海格力电器股份有限公司 Equipment access management method, device, system and storage medium
CN112822165A (en) * 2020-12-30 2021-05-18 支付宝(杭州)信息技术有限公司 Method, device, equipment and readable medium for communicating with Internet of things equipment
CN113065118A (en) * 2021-03-16 2021-07-02 青岛海尔科技有限公司 Method and device for determining authentication code, storage medium and electronic device
CN113065118B (en) * 2021-03-16 2022-06-14 青岛海尔科技有限公司 Method and device for determining authentication code, storage medium and electronic device
CN113840270A (en) * 2021-08-16 2021-12-24 百度在线网络技术(北京)有限公司 Method, device, equipment and storage medium for establishing Bluetooth connection
CN116248280A (en) * 2023-05-09 2023-06-09 北京智芯微电子科技有限公司 Anti-theft method for security module without key issue, security module and device

Similar Documents

Publication Publication Date Title
CN108809914A (en) Access control method, device, terminal and Internet of Things house system
CN107959686B (en) A kind of Internet of Things security certification system and authentication method
CN105119939B (en) The cut-in method and device, providing method and device and system of wireless network
US8549658B2 (en) Provisioning credentials for embedded wireless devices
JP3585422B2 (en) Access point device and authentication processing method thereof
JP6129325B2 (en) Method, system, and terminal for encrypting and decrypting application program in communication terminal
CN105654580B (en) Access control method and system, electronic lock, management and visitor's terminal
CN106533861A (en) Security control system and authentication method of smart home Internet of Things
US20210243188A1 (en) Methods and apparatus for authenticating devices
JP2007528057A (en) Guest dongle and method of connecting guest device to wireless home network
CN110226339A (en) By equipment automatic matching to wireless network
CN103249045A (en) Identification method, device and system
CN101147362A (en) Connection parameter setting system, method thereof, access point, server, radio terminal, and parameter setting device
CN102090093A (en) Method and device for establishing security mechanism of air interface link
CN106330442A (en) Identity authentication method, device and system
CN108447154A (en) Safe unlocking method and device, encryption and decryption method and device, lock and server
CN105282179A (en) Family Internet of things security control method based on CPK
CN105516977B (en) Exempt from password WiFi authentication method based on two-channel wireless router or AP
EP3675541A1 (en) Authentication method and device
WO2016188053A1 (en) Wireless network access method, device, and computer storage medium
CN104144411B (en) Encryption, decryption terminal and the encryption and decryption approaches applied to terminal
CN104618346B (en) A kind of WIFI network connection method and system based on routing check
CN105451298A (en) Network-sharing method and system, network access method and system, and electronic device
CN101990201A (en) Method, system and device for generating general bootstrapping architecture (GBA) secret key
CN104579639B (en) The realization of multi-party collaborative authorization secret key and move the system of controlled in wireless with it

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181113