CN111049640B - Internet of things authentication method based on hardware fingerprint and AES encryption and decryption algorithm - Google Patents
Internet of things authentication method based on hardware fingerprint and AES encryption and decryption algorithm Download PDFInfo
- Publication number
- CN111049640B CN111049640B CN201911357929.9A CN201911357929A CN111049640B CN 111049640 B CN111049640 B CN 111049640B CN 201911357929 A CN201911357929 A CN 201911357929A CN 111049640 B CN111049640 B CN 111049640B
- Authority
- CN
- China
- Prior art keywords
- terminal
- platform
- hardware fingerprint
- hardware
- activation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an internet of things authentication method based on hardware fingerprints and an AES encryption and decryption algorithm, which comprises the following steps: the platform sends the self-declaration message and the challenge code of the platform server to the terminal, the terminal adopts an AES algorithm to obtain a random authentication key according to the challenge code, encrypts a hardware fingerprint of the terminal according to the random authentication key and sends the hardware fingerprint to the platform to request activation, and the platform decrypts the hardware fingerprint and checks activation information of the hardware fingerprint; if the terminal is not activated, the platform sends a unique activation code to the terminal to activate the terminal; for a terminal in an activated state, the terminal encrypts a corresponding activation code by using a random authentication key and transmits the activation code to a platform, applies authentication to the platform, decrypts the activation code by the platform, compares the activation code with a hardware fingerprint corresponding to the terminal to reversely derive the hardware fingerprint corresponding to the terminal, encrypts the hardware fingerprint and transmits the hardware fingerprint to the terminal, decrypts the encrypted hardware fingerprint to obtain a challenge code, compares the challenge code with the previously stored challenge code, passes authentication if the two are matched, and gives a reason for authentication failure if the two are not matched.
Description
Technical Field
The invention relates to the technical field of authentication and authorization between a platform and a terminal, in particular to an internet of things authentication and authorization method based on hardware fingerprints and an AES encryption and decryption algorithm.
Background
The Internet of things access authentication mechanism is an important component of a large-scale Internet of things operation support system, and the system must be designed with strict identity authentication, access control, key management and communication protocol synchronization mechanisms, so that malicious counterfeiting of a front-end platform or Internet of things terminal equipment is prevented, a secondary platform, the Internet or a wireless GPRS network is prevented from being used for attacking the platform, and SIM cards are prevented from being used for other purposes, and the situations of data leakage, high Internet surfing cost and the like are prevented; however, the existing internet of things system does not adopt an authentication scheme, or simply performs authentication through a static password, or does not perform hardware fingerprint identification on an access terminal, or does not perform authentication on a platform, and a safe and reliable method for performing authentication and authorization on a cloud platform and an internet of things terminal at the same time is lacked; in order to ensure the safe operation of the large-scale internet of things operation support system, a new method is necessary to be adopted for effective authentication and authorization, so that the effective and safe operation of the service is ensured.
Disclosure of Invention
The invention aims to provide an internet of things authentication method based on hardware fingerprints and an AES encryption and decryption algorithm, which not only ensures the existence of terminal uniqueness and prevents the terminal from being attacked by impersonation, but also improves the encryption and decryption efficiency on the premise of ensuring the safety.
The invention provides the following technical scheme:
the internet of things authentication method based on hardware fingerprints and an AES encryption and decryption algorithm comprises the following steps:
s1, the platform sends the self-declaration message and the platform server challenge code to the terminal;
s2, the terminal adopts an AES algorithm, and encrypts the platform server challenge code by using the manufacturer key to obtain a random authentication key;
s3, the terminal encrypts the hardware fingerprint of the terminal by using the random authentication key and sends the hardware fingerprint to the platform to request activation;
s4, the platform decrypts the hardware fingerprint and checks the activation information of the hardware fingerprint;
s5, if the terminal is not activated, the platform allocates an activation code for the terminal, encrypts the hardware fingerprint and sends the encrypted activation code to the terminal, and the terminal decrypts the activation code, persistently stores the activation code, sends confirmation information to the platform and confirms that the terminal is in an activation state;
s6, for the terminal in the activated state, the terminal encrypts the corresponding activation code by using the random authentication key and transmits the activation code to the platform, and applies for authentication to the platform;
s7, the platform decrypts the activation code, compares and reversely deduces the hardware fingerprint corresponding to the terminal, encrypts the hardware fingerprint and sends the hardware fingerprint to the terminal;
s8, the terminal decrypts the encrypted hardware fingerprint according to the authentication response message sent by the platform to obtain the challenge code and compares the challenge code with the previously stored challenge code, if the two are matched, the authentication is passed, and if the two are not matched, the reason of authentication failure is given.
Preferably, the self-declaration message of step S1 includes a plurality of identifiers.
Preferably, the AES algorithm of step S1 is AES-128-OFB encryption and decryption algorithm.
Preferably, the AES-128-OFB encryption and decryption algorithm is a grouped symmetric encryption algorithm, and the 128-bit data block is used as a group for encryption and decryption in an OFB mode of the AES algorithm.
Preferably, if the activate code in step S4 is lost, the activate code needs to be reactivated.
Preferably, all messages are transmitted in the link using ciphertext.
Preferably, the steps S3-S5 are used for verifying whether the terminal is in an activated state, and a corresponding activation method.
Preferably, the OFB mode is an input feedback mode.
The invention has the beneficial effects that: the hardware fingerprint is used for uniquely identifying the equipment characteristics of the terminal equipment, so that the terminal can be prevented from being falsely used or reformed by people; the invention adopts AES-128-OFB encryption and decryption algorithm to carry out authentication and authentication, thereby not only ensuring the uniqueness of the terminal and preventing the terminal from being falsely attacked, but also improving the encryption and decryption efficiency on the premise of ensuring the safety.
Detailed Description
The internet of things authentication method based on hardware fingerprints and an AES encryption and decryption algorithm comprises the following steps:
s1, the platform sends the self-declaration message and the platform server challenge code to the terminal;
s2, the terminal adopts an AES algorithm, and encrypts the platform server challenge code by the manufacturer key to obtain a random authentication key;
s3, the terminal encrypts its own hardware fingerprint by using the random authentication key and sends the hardware fingerprint to the platform to request activation;
s4, decrypting the hardware fingerprint and checking the activation information of the hardware fingerprint by the platform;
s5, if the terminal is not activated, the platform distributes an activation code for the terminal, encrypts the hardware fingerprint and sends the encrypted activation code to the terminal, the terminal decrypts the activation code, then persistently stores the activation code, and sends confirmation information to the platform to confirm that the terminal is in an activation state;
s6, for the terminal in the activated state, the terminal encrypts the corresponding activation code by using the random authentication key and transmits the activation code to the platform, and applies for authentication to the platform;
s7, the platform decrypts the activation code, compares the activation code with the hardware fingerprint corresponding to the terminal, and encrypts the hardware fingerprint and sends the hardware fingerprint to the terminal;
s8, the terminal decrypts the encrypted hardware fingerprint according to the authentication response message sent by the platform to obtain the challenge code and compares the challenge code with the challenge code stored before, if the two are matched, the authentication is passed, and if the two are not matched, the reason of authentication failure is given.
Specifically, the self-declaration message of step S1 contains some identifiers of the platform.
Specifically, the AES algorithm of step S1 is an AES-128-OFB encryption and decryption algorithm, wherein the AES-128-OFB encryption and decryption algorithm is a packet symmetric encryption algorithm, and the 128-bit data block is used as a group for encryption and decryption in the OFB mode of the AES algorithm.
Specifically, the terminal generally needs to be activated only once, and if the activation code of step S4 is lost, the terminal needs to be activated again.
Specifically, all messages are transmitted in a link by using ciphertext, such as security control related messages and commercial logs.
Specifically, steps S1-S5 are used to check whether the terminal is in an active state, and a corresponding activation method; steps S1, S2, and S6-S8 are internet of things authentication and certification methods.
Specifically, the AES encryption and decryption algorithm comprises CBC, CFB, ECB, OFB and PCBC modes, and the OFB mode is adopted as an input feedback mode in the invention.
Specifically, authentication is required to be performed each time the terminal device is started to access the internet of things.
The hardware fingerprint is used for uniquely identifying the equipment characteristics of the terminal equipment, so that the terminal can be prevented from being falsely used or reformed by people; the invention adopts AES-128-OFB encryption and decryption algorithm to carry out authentication and authentication, thereby not only ensuring the uniqueness of the terminal and preventing the terminal from being falsely attacked, but also improving the encryption and decryption efficiency on the premise of ensuring the safety.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. The internet of things authentication method based on hardware fingerprints and an AES encryption and decryption algorithm is characterized by comprising the following steps:
s1, the platform sends the self-declaration message and the platform server challenge code to the terminal;
s2, the terminal adopts an AES algorithm, and encrypts the platform server challenge code by using the manufacturer key to obtain a random authentication key;
s3, the terminal encrypts the hardware fingerprint of the terminal by using the random authentication key and sends the hardware fingerprint to the platform to request activation;
s4, the platform decrypts the hardware fingerprint and checks the activation information;
s5, if the terminal is not activated, the platform allocates an activation code for the terminal, encrypts the hardware fingerprint and sends the encrypted activation code to the terminal, and the terminal decrypts the activation code, persistently stores the activation code, sends confirmation information to the platform and confirms that the terminal is in an activation state;
s6, for the terminal in the activated state, the terminal encrypts the corresponding activation code by using the random authentication key and transmits the activation code to the platform, and applies for authentication to the platform;
s7, the platform decrypts the activation code, compares and reversely deduces the hardware fingerprint corresponding to the terminal, encrypts the hardware fingerprint and sends the hardware fingerprint to the terminal;
and S8, the terminal decrypts the encrypted hardware fingerprint according to the authentication response message sent by the platform to obtain a challenge code and compares the challenge code with the challenge code stored before, if the two are matched, the authentication is passed, and if the two are not matched, the reason of authentication failure is given.
2. The method for authenticating internet of things based on hardware fingerprint and AES encryption and decryption algorithm of claim 1, wherein the self-declaration message of step S1 includes a plurality of identifiers.
3. The internet of things authentication method based on hardware fingerprint and AES encryption and decryption algorithm of claim 1, wherein the AES algorithm in step S1 is AES-128-OFB encryption and decryption algorithm.
4. The internet of things authentication method based on hardware fingerprints and AES encryption and decryption algorithm of claim 3, wherein the AES-128-OFB encryption and decryption algorithm is a packet symmetric encryption algorithm, and a 128-bit data block is used as a group for encryption and decryption in an OFB mode of the AES algorithm.
5. The internet of things authentication method based on hardware fingerprint and AES encryption and decryption algorithm of claim 1, wherein if the activation code of step S4 is lost, the activation code needs to be reactivated.
6. The internet of things authentication method based on hardware fingerprints and the AES encryption and decryption algorithm as claimed in claim 1, wherein all messages are transmitted in a link by ciphertext.
7. The internet-of-things authentication method based on hardware fingerprint and AES encryption and decryption algorithm according to claim 1, wherein the steps S3-S5 are used to check whether the terminal is in an active state and a corresponding activation method.
8. The Internet of things authentication method based on hardware fingerprints and AES encryption and decryption algorithm of claim 4, wherein the OFB mode is an input feedback mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911357929.9A CN111049640B (en) | 2019-12-25 | 2019-12-25 | Internet of things authentication method based on hardware fingerprint and AES encryption and decryption algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911357929.9A CN111049640B (en) | 2019-12-25 | 2019-12-25 | Internet of things authentication method based on hardware fingerprint and AES encryption and decryption algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111049640A CN111049640A (en) | 2020-04-21 |
| CN111049640B true CN111049640B (en) | 2022-07-08 |
Family
ID=70239659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911357929.9A Active CN111049640B (en) | 2019-12-25 | 2019-12-25 | Internet of things authentication method based on hardware fingerprint and AES encryption and decryption algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111049640B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116668203B (en) * | 2023-08-02 | 2023-10-20 | 浙江大华技术股份有限公司 | Device authentication method, internet of things device, authentication platform and readable storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2009295193A1 (en) * | 2008-09-22 | 2010-03-25 | Tefaye, Joseph Elie Mr | Method and system for user authentication |
| CN106713222B (en) * | 2015-07-30 | 2020-10-09 | 华为技术有限公司 | Access authentication method, server and authentication system of wireless local area network |
| CN106169993A (en) * | 2016-06-28 | 2016-11-30 | 北京华大领创智能科技有限公司 | A kind of safety certifying method, equipment and server |
| CN106375444B (en) * | 2016-08-31 | 2019-10-25 | 北京华大智宝电子***有限公司 | A kind of data processing method and cloud platform server |
-
2019
- 2019-12-25 CN CN201911357929.9A patent/CN111049640B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111049640A (en) | 2020-04-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103051453B (en) | A kind of mobile terminal network affaris safety trade system based on digital certificate and method | |
| CN101272616B (en) | Safety access method of wireless metropolitan area network | |
| CN101136748B (en) | Identification authentication method and system | |
| CN101272301B (en) | Safety access method of wireless metropolitan area network | |
| EP2887576A1 (en) | Software key updating method and device | |
| CN106850207B (en) | CA-free identity authentication method and system | |
| CN104158653A (en) | Method of secure communication based on commercial cipher algorithm | |
| CN1937498A (en) | Dynamic cipher authentication method, system and device | |
| CN110035071A (en) | A kind of long-range double factor mutual authentication method, client and server-side towards industrial control system | |
| CN102026180A (en) | M2M transmission control method, device and system | |
| CN100421372C (en) | Method of safety transmitting key | |
| CN105827304A (en) | Gateway station-based satellite network anonymous authentication method | |
| CN107360175A (en) | Car networking control car safety method | |
| CN105743638A (en) | System client authorization authentication method based on B/S framework | |
| CN105450623B (en) | A kind of access authentication method of electric car | |
| CN109474419A (en) | A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system | |
| CN110020524A (en) | A kind of mutual authentication method based on smart card | |
| CN103916363A (en) | Communication security management method and system for encryption machine | |
| CN104901940A (en) | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication | |
| CN106789024A (en) | A kind of remote de-locking method, device and system | |
| CN101192927B (en) | Authorization based on identity confidentiality and multiple authentication method | |
| CN105610872B (en) | Internet-of-things terminal encryption method and internet-of-things terminal encryption device | |
| KR102219086B1 (en) | HMAC-based source authentication and secret key sharing method and system for Unnamed Aerial vehicle systems | |
| CN111049640B (en) | Internet of things authentication method based on hardware fingerprint and AES encryption and decryption algorithm | |
| CN105245338A (en) | Authentication method, authentication device and authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220531 Address after: 907, floor 9, building 7, yard 30, Shixing street, Shijingshan District, Beijing 100043 Applicant after: Aten Wangxin (Beijing) Technology Co.,Ltd. Address before: 210000 room 410, building 7, CEC environmental protection industrial park, No. 1800, Chengxin Avenue, Jiangning District, Nanjing City, Jiangsu Province Applicant before: Nanjing Schroder Network Technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |