CN114124394A - A method and device for generating authentication credential and device authentication - Google Patents

Abstract

The present application relates to an authentication credential generation, device authentication method and device, which can be applied to IoT devices. The first device includes n layers to be authenticated, and an initial verification value is determined when the authentication process is started; the initial verification value is The value is used to mark this authentication process; the following processing is performed for the i-th layer to be authenticated of the n layers to be authenticated, and the firmware password value of the n-th layer to be authenticated is obtained: according to the i-th layer to be authenticated The first check value of the layer, to determine the first check value of the i+1th layer to be authenticated; the first check value of the first layer to be authenticated is determined according to the initial check value ; According to the code of the i+1 layer to be authenticated and the first check value of the i layer to be authenticated, determine the firmware password value of the i+1 layer to be authenticated; According to the i+1 layer to be authenticated The firmware password values of the n layers to be authenticated are used to generate an initial authentication credential, which is used to authenticate the first device.

Description

A method and device for generating authentication credential and device authentication

technical field

The present application relates to the field of communication technologies, and in particular, to a method and apparatus for generating an authentication credential and device authentication.

Background technique

In the Internet environment, IoT devices are more vulnerable to hacker attacks than traditional user terminal devices. The main reasons are: 1) In order to maintain low power consumption or low cost, some IoT devices have limited device resources, and their own It is difficult to provide a robust security mechanism to defend against external network attacks; 2) IoT devices are widely distributed in insecure physical environments, and their operations lack authorization, which is easy to be accessed by unauthorized personnel through physical interfaces to implant malicious codes. The breach of IoT devices may lead to the leakage of confidential information, and may also make IoT devices themselves become part of bots, which brings threats to IoT devices and the network environment to which they belong. Network or device administrators need to identify the compromised IoT devices in time, and then limit the network traffic behavior of the compromised IoT devices in time to reduce the potential network security threats.

One of the measures currently being taken is that IoT devices can be authenticated. For example, IoT devices send authenticators the firmware version of the IoT device along with the firmware hash. By verifying the integrity of the firmware hash value, the authenticator can determine whether the firmware code of the IoT device has been unauthorizedly tampered with. However, the current authentication method is less secure.

SUMMARY OF THE INVENTION

Embodiments of the present application provide a method and apparatus for generating an authentication credential and device authentication, which are used to improve the security of a first device of an Internet of Things device.

A first aspect provides a method for generating an authentication credential, the method of the first aspect can be performed by a first communication device, and the first communication device can be a communication device or a device capable of supporting the communication device to implement the functions required by the method, for example chip system. Illustratively, the communication device is an Internet of Things device. In the following description, it is taken as an example that the first communication apparatus is the first device.

Wherein, the first device includes n layers to be authenticated, and n is a positive integer. When starting the authentication process, the first device determines an initial verification value; the initial verification value is used to mark the current authentication process; the first device sequentially executes the next step for the i-th layer to be authenticated of the n layers to be authenticated. The above process obtains the firmware password value of the n-th layer to be authenticated: according to the first check value of the i-th layer to be authenticated, determine the first check value of the i+1-th layer to be authenticated; The first check value of the first layer to be authenticated is determined according to the initial check value; the i is a positive integer greater than or equal to 1 and less than or equal to n-1; The code of the authentication layer and the first check value of the i-th layer to be authenticated determine the firmware password value of the i+1-th layer to be authenticated; the firmware password value of the first layer to be authenticated is based on Determined by the code of the first layer to be authenticated; the first device generates an initial authentication credential according to the firmware password value of the nth layer to be authenticated; the initial authentication credential is used to authenticate the first device .

Through the above method, the current authentication process is marked with the initial verification value, so that the first verification value is generated based on the initial verification value, and then the firmware password value of the nth layer to be authenticated is generated through the first verification value, so as to obtain The initial authentication credential of the device can generate different initial authentication credential in each startup process, so as to avoid that the initial authentication credential stored in the first device may be stolen by hackers, resulting in the possibility that the target authentication credential sent to the second device may be It is an authentication credential that has been stolen in history, thereby improving the security of the first device. In addition, since the firmware password value of the i+1th layer to be authenticated is determined according to the code of the i+1th layer to be authenticated and the first check value of the ith layer to be authenticated, thus , the firmware password values of each to-be-authenticated layer can be made independent of each other, which provides the possibility for each to-be-authenticated layer to perform separate authentication, and improves the security of the first device and the granularity of authentication.

A possible implementation manner, the first device hashes the code of the i+1th layer to be authenticated to obtain the hash value of the i+1th layer to be authenticated; the first device hashes the code of the i+1th layer to be authenticated; The hash value of one layer to be authenticated and the first check value of the i-th layer to be authenticated are encrypted to obtain the firmware password value of the i+1-th layer to be authenticated.

Through the above method, the firmware password values generated by each layer to be authenticated can be independent of each other, so that the firmware password value of each layer to be authenticated can be authenticated separately, and the accuracy of authentication can be improved.

In a possible implementation manner, the first device hashes the first check value of the i-th layer to be authenticated to obtain the first check value of the i+1-th layer to be authenticated.

Through the above method, a corresponding first check value can be generated for each layer to be authenticated, so as to improve the security of generating a firmware password value based on the first check value.

A possible implementation manner, after the first device determines the firmware password value of the i-th layer to be authenticated, it can also output the first device of the i+1-th layer to be authenticated to the i+1-th layer to be authenticated. The verification value, the firmware password value of the i+1 th layer to be authenticated, and the initial verification value.

Through the above method, based on the first check value of the next layer to be authenticated, the firmware password value and the initial check value generated by the previous layer to be authenticated, the next layer to be authenticated can generate the next layer to be authenticated The first verification value, the firmware password value and the initial verification value of the device complete the process of generating the authentication credential step by step, and are independent of each other.

In a possible implementation manner, the first device may also delete the first check value of the i-th layer to be authenticated and the firmware password value of the i-th layer to be authenticated.

Through the above method, the leakage of the first check value of the i-th layer to be authenticated and the firmware password value of the i-th layer to be authenticated can be avoided, thereby improving security.

In a possible implementation manner, the initial check value is any one of the following: a timestamp, a counter or a random number.

Through the above method, the initial verification value can be any of the following: timestamp, counter or random number, and a dynamic initial authentication credential can be generated, so that the authenticator has the ability to authenticate the initial verification value, thereby reducing the attacker's ability to authenticate. Risk of impersonating the identity of other devices in the process.

In a second aspect, a device authentication method based on the authentication credential generated by the first aspect is provided, and the method can be executed by the first device. It includes: sending a first authentication request message to an authenticating party; the first authentication request message includes: the initial verification value and a target authentication credential; the target authentication credential is determined according to the initial authentication credential; the first authentication credential An authentication request message is used to request authentication for the first device; receive a first authentication response from the authenticator; and the first authentication response is used to indicate the authentication result of the first device.

Through the above method, since the initial verification value only marks this authentication process, the target authentication credential sent to the authenticator can only be used in this authentication process, which can avoid the possibility that the initial authentication credential stored in the first device may be stolen by hackers , to improve the security of the target authentication credentials. In addition, by sending the initial verification value, the authenticator can authenticate the initial verification value, which further improves the validity of the authentication.

A possible implementation manner, when the authentication result of the first device is an authentication failure, the first device may also send a second authentication request message to the authenticator; the second authentication request message includes: the i-th The encrypted firmware password value of the layer to be authenticated; the encrypted firmware password value is determined according to the firmware password value of the i-th layer to be authenticated; the second authentication request message is used to The i-th layer to be authenticated requests authentication; a second authentication response from the authenticator is received; the second authentication response is used to indicate the authentication result of the i-th layer to be authenticated.

Through the above method, when it is determined that the authentication of the first device fails, a second authentication request message can be sent to the authenticating party, so that the authenticating party can authenticate the encrypted firmware password value of the i-th layer to be authenticated to obtain the i-th layer to be authenticated. The authentication result of the authentication layer to obtain more fine-grained authentication.

A possible implementation manner, before sending the second authentication request message to the authenticating party, a third authentication request message from the authenticating party may also be received; the third authentication request message is used to request to obtain the The encrypted firmware password value of the i-th layer to be authenticated.

Through the above method, after receiving the third authentication request message from the authenticating party, the encrypted firmware password value of the i-th layer to be authenticated can be sent to the authenticating party, so that the encrypted firmware password value of the i-th layer to be authenticated can be sent separately based on the authentication needs of the authenticating party to avoid sending Unnecessary authentication information reduces the possibility of being stolen during transmission and improves the security of the authentication process.

A possible implementation manner, the first authentication request message further includes: n encrypted firmware password values of the n layers to be authenticated; the encrypted firmware of the i-th layer to be authenticated in the n layers to be authenticated The password value is determined after encryption according to the firmware password value of the i-th layer to be authenticated; the first authentication response is further used to indicate a layer to be authenticated that fails to be authenticated among the n layers to be authenticated.

Through the above method, n encrypted firmware password values of n layers to be authenticated can be sent in the first authentication request, so that the first device does not need to send the second authentication request again after determining that the authentication fails, so as to reduce the first The power consumption of the device.

In a possible implementation manner, the first device may also receive a first random number from the authenticator; generate the encrypted initial authentication credential according to the first random number and the initial authentication credential; or, The encrypted initial authentication credential is generated according to the first random number, the second random number and the initial authentication credential; the second random number is determined by the first device; the target authentication credential is It is determined according to the encrypted initial authentication credential.

Through the above method, the first device can encrypt the initial authentication credential by using the received first random number of the second device (authentication party), or, based on the first random number and the second random data, encrypt the initial authentication credential Encryption, which can improve the security of target authentication credentials during transmission.

In a possible implementation manner, the first device may also generate the encrypted firmware password value of the i-th layer to be authenticated according to the first random number and the firmware password value of the i-th layer to be authenticated; or, The first device may also generate the encrypted firmware password value of the i-th layer to be authenticated according to the first random number, the second random number, and the firmware password value of the i-th layer to be authenticated.

Through the above method, the first device can encrypt the firmware password value of the i-th layer to be authenticated through the received first random number of the second device (authentication party), or, based on the first random number and the second random number data, encrypt the firmware password value of the i-th layer to be authenticated, so that the security of the firmware password value of the i-th layer to be authenticated during transmission can be improved.

A possible implementation manner, the first authentication response includes at least one of the following: the initial verification value authentication fails, the target authentication credential authentication fails; the second authentication response includes at least one of the following: The authentication of the initial check value fails, the authentication of the target authentication credential fails, and the authentication of the i-th layer to be authenticated fails.

Through the above method, the first authentication response may be sent when the authentication of the initial check value or the target authentication credential fails, and the second authentication response may be sent after confirming that the i-th layer to be authenticated fails. The sending method of the initial verification value authentication failure, the target authentication credential authentication failure, and the authentication failure of the i-th layer to be authenticated is not limited, and can be sent based on the needs of specific scenarios to improve the flexibility of authentication and the efficiency of authentication. efficiency.

A third aspect provides a device authentication method based on the authentication credential generated in the first aspect, the method may be executed by a second communication device, and the second communication device may be a communication device or capable of supporting the communication device required to implement the method A functional device, such as a system-on-a-chip. Illustratively, the communication device is the authenticator's server. In the following description, it is taken as an example that the first communication device is the second device. Including: the second device receives a first authentication request message from the first device; the first authentication request message includes: the initial verification value and the target authentication credential; the target authentication credential is determined according to the initial authentication credential The first authentication request message is used to request authentication for the first device; the second device authenticates the first authentication request message; The first device sends a first authentication response; the first authentication response is used to indicate an authentication result of the first device.

Through the above method, the second device can perform authentication based on the initial verification value of the first device in the current authentication process, and can also perform authentication based on the target authentication credential generated based on the initial verification value. The authentication credential may be stolen by a hacker, so that the target authentication credential sent to the second device may be an authentication credential that has been stolen in history, thereby improving the security of the first device.

A possible implementation manner, if the initial check value is a timestamp, the second device authenticates the initial check value according to the current time; or, if the first check value is a counter, then the second device authenticates the initial check value according to the current time The device compares the initial verification value with the second verification value, and authenticates the initial verification value; the second verification value is the initial verification value sent by the first device last time; the If the first check value is a random number, the second device authenticates the first check value according to the comparison between the initial check value and all historical initial check values sent by the first device.

Through the above method, the second device can compare the initial verification value sent by the first device with the historical initial verification value, thereby authenticating the initial verification value, so that the authenticator can specify the corresponding initial verification value through the initial verification value. This reduces the risk of an attacker imitating the identity of the first device during the authentication process and improves the security of the first device.

In a possible implementation manner, the second device generates n standard firmware password values according to the n standard hash values of the n layers to be authenticated and the first check value of the first device; The n standard firmware password values are used to generate a standard verification key; the second device compares the standard verification key with the target authentication credential to determine whether the target authentication credential is authenticated successfully.

Through the above method, the second device can generate n standard firmware password values based on the stored standard hash value and the first check value, thereby generating a standard check key to authenticate the target authentication credential .

A possible implementation manner, the second device performs for the i-th layer to be authenticated among the n layers to be authenticated: according to the first check value of the i-th layer to be authenticated, determine the i+1 The first check value of each layer to be authenticated; the first check value of the first layer to be authenticated is determined according to the initial check value; i is a positive value greater than or equal to 1 and less than or equal to n-1 Integer; the second device determines the standard of the i+1th layer to be authenticated according to the standard hash value of the i+1th layer to be authenticated and the first check value of the ith layer to be authenticated Firmware password value; the standard firmware password value of the first layer to be authenticated is determined according to the standard hash value of the first layer to be authenticated.

Through the above method, the second device can generate the standard firmware password value of each layer to be authenticated according to the stored standard hash value and the first check value, so that each layer to be authenticated can be authenticated subsequently.

A possible implementation manner, when the authentication result of the first device is that the authentication result of the target authentication credential is a failure, a second authentication request message from the first device is received; the second authentication request message includes : the encrypted firmware password value of the i-th layer to be authenticated; the encrypted firmware password value is determined according to the firmware password value of the i-th layer to be authenticated; the second authentication request message is used to The i-th layer to be authenticated of the device requests authentication; the encrypted firmware password value of the i-th layer to be authenticated is authenticated, and according to the authentication result of the encrypted firmware password value of the i-th layer to be authenticated, a The first device sends a second authentication response; the second authentication response is used to indicate the authentication result of the i-th layer to be authenticated.

Through the above method, in order to improve the security in the transmission process, the second authentication request message can carry the encrypted firmware password value of the i-th layer to be authenticated, so that the second device can be based on the standard firmware password of the i-th layer to be authenticated value to authenticate the encrypted firmware password value of the i-th layer to be authenticated. For example, based on the standard firmware password value of each layer to be authenticated, the encrypted standard firmware password value of the i-th layer to be authenticated is generated, so as to compare with the encrypted firmware password value of the i-th layer to be authenticated, In order to realize the authentication of the i-th layer to be authenticated.

A possible implementation, the second device generates an encrypted i-th standard firmware password value according to the i-th standard firmware password value in the n standard firmware password values; Standard firmware password value to determine whether the i-th layer to be authenticated is authenticated successfully.

In a possible implementation manner, the second device may also send a third authentication request message to the first device; the third authentication request message is used to request to obtain the encrypted firmware password value of the i-th layer to be authenticated.

Through the above method, the third authentication request message can be actively sent to the first device as required to obtain the encrypted firmware password value of the i-th layer to be authenticated, thereby improving the flexibility of authentication.

In a possible implementation manner, the first authentication request message further includes: n encrypted firmware password values of the n layers to be authenticated; the second device may also verify the n encrypted firmware password values of the n layers to be authenticated. The authentication is performed respectively to determine the to-be-authenticated layer for which the authentication fails; the first authentication response is also used to indicate the to-be-authenticated layer for which the authentication fails.

Through the above method, the second device can respectively authenticate the n encrypted firmware password values of the n layers to be authenticated in the first authentication request message to obtain the layers to be authenticated of the authentication device, thereby improving the granularity of authentication and guiding subsequent The management of the first device improves the security of the first device.

In a possible implementation manner, the second device may also send a first random number to the first device; wherein, the target authentication credential is generated according to the first random number and the initial authentication credential; or, The target authentication credential is generated according to the first random number, the second random number and the initial authentication credential; the second random number is determined by the first device.

Through the above method, the second device can send the first random number to the first device, so that the first device can be made to encrypt the initial authentication credential to be sent based on the first random number, so as to improve the security of the authentication request during the transmission process .

A possible implementation manner, the encrypted firmware password value of the i-th layer to be authenticated is generated according to the first random number and the firmware password value of the i-th layer to be authenticated; The encrypted firmware password values of the layers to be authenticated are generated according to the first random number, the second random number, and the firmware password value of the i-th layer to be authenticated.

Through the above method, the first device can be made to encrypt the firmware password value of the i-th layer to be authenticated to be sent based on the first random number, so as to improve the security of the authentication request during the transmission process.

In a fourth aspect, a communication device is provided, for example, the communication device is the aforementioned first communication device. The first communication apparatus is configured to execute the method in the first aspect or any possible implementation manner of the first aspect. Specifically, the first communication apparatus may include a module for executing the method in the first aspect or any possible implementation manner of the first aspect, for example, including a processing module and a transceiver module. The transceiver module may refer to a functional module, and the functional module can perform both the function of receiving information and the function of transmitting information. Alternatively, the transceiver module may be a general term for a sending module and a receiving module, the sending module is used to complete the function of sending information, and the receiving module is used to complete the function of receiving information. Exemplarily, the first communication apparatus is an IoT device. Wherein, the first communication device includes n layers to be authenticated, and n is a positive integer.

The processing module is used to determine an initial verification value when the authentication process is started; the initial verification value is used to mark the current authentication process; and sequentially executes the i-th layer to be authenticated of the n layers to be authenticated The following process obtains the firmware password value of the nth layer to be authenticated: according to the first check value of the ith layer to be authenticated, determine the first check value of the i+1th layer to be authenticated; The first check value of the first layer to be authenticated is determined according to the initial check value; the i is a positive integer greater than or equal to 1 and less than or equal to n-1; according to the i+1th The code of the layer to be authenticated and the first check value of the i-th layer to be authenticated determine the firmware password value of the i+1-th layer to be authenticated; the firmware password value of the first layer to be authenticated is Determined according to the code of the first layer to be authenticated; the first device generates an initial authentication credential according to the firmware password value of the nth layer to be authenticated; the initial authentication credential is used to authenticate the party for authentication.

A possible implementation, the processing module is used to hash the code of the i+1th layer to be authenticated to obtain the hash value of the i+1th layer to be authenticated; The hash value of the +1 layer to be authenticated and the first check value of the i-th layer to be authenticated are encrypted to obtain the firmware password value of the i+1-th layer to be authenticated.

A possible implementation, the processing module is configured to hash the first check value of the i-th layer to be authenticated to obtain the first check value of the i+1-th layer to be authenticated .

A possible implementation, the processing module is configured to output the i-th to-be-authenticated layer to the i+1-th to-be-authenticated layer through the transceiver module after determining the firmware password value of the i-th layer to be authenticated. The first verification value of the authentication layer, the firmware password value of the i-th layer to be authenticated, and the initial verification value.

In a possible implementation manner, the processing module may be further configured to delete the first check value of the i-th layer to be authenticated and the firmware password value of the i-th layer to be authenticated.

In a possible implementation manner, the initial check value is any one of the following: a timestamp, a counter or a random number.

Regarding the technical effects brought by the fourth aspect or various possible implementations of the fourth aspect, reference may be made to the introduction to the technical effects of the first aspect or various possible implementations of the first aspect.

In a fifth aspect, a communication device is provided, for example, the communication device is the aforementioned first communication device. The first communication apparatus is configured to execute the method in the second aspect or any possible implementation manner of the second aspect. Specifically, the first communication apparatus may include a module for executing the method in the second aspect or any possible implementation manner of the second aspect, for example, including a processing module and a transceiver module. The transceiver module may refer to a functional module, and the functional module can perform both the function of receiving information and the function of transmitting information. Alternatively, the transceiver module may be a general term for a sending module and a receiving module, the sending module is used to complete the function of sending information, and the receiving module is used to complete the function of receiving information. Exemplarily, the first communication apparatus is an IoT device. in,

The processing module is configured to send a first authentication request message to the authenticator through the transceiver module; the first authentication request message includes: the initial check value and a target authentication credential; the target authentication credential is based on the initial The authentication credential is determined; the first authentication request message is used to request authentication for the first device; the first authentication response from the authenticator is received through the transceiver module; the first authentication response is used to indicate the first authentication response The authentication result of a device.

In a possible implementation manner, the processing module is further configured to send a second authentication request message to the authenticating party through the transceiver module when the authentication result of the first device is an authentication failure; the second authentication request message The authentication request message includes: the encrypted firmware password value of the i-th layer to be authenticated; the encrypted firmware password value is determined according to the firmware password value of the i-th layer to be authenticated; the second authentication request message is used for The i-th layer to be authenticated of the first device requests authentication;

The transceiver module is further configured to receive a second authentication response from the authenticating party; the second authentication response is used to indicate the authentication result of the i-th layer to be authenticated.

A possible implementation manner, before the transceiver module sends the second authentication request message to the authenticating party, is further configured to receive a third authentication request message from the authenticating party; the third authentication request message is used to request Obtain the encrypted firmware password value of the i-th layer to be authenticated.

A possible implementation manner, the first authentication request message further includes: n encrypted firmware password values of the n layers to be authenticated; the encrypted firmware of the i-th layer to be authenticated in the n layers to be authenticated The password value is determined after encryption according to the firmware password value of the i-th layer to be authenticated; the first authentication response is further used to indicate a layer to be authenticated that fails to be authenticated among the n layers to be authenticated.

A possible implementation manner, the transceiver module is further configured to receive the first random number from the authenticating party;

The processing module is further configured to generate the encrypted initial authentication credential according to the first random number and the initial authentication credential; or, according to the first random number, the second random number and the initial authentication credential; The authentication credential is to generate the encrypted initial authentication credential; the second random number is determined by the first device; the target authentication credential is determined according to the encrypted initial authentication credential.

A possible implementation, the processing module is configured to generate the encrypted firmware password value of the i-th layer to be authenticated according to the first random number and the firmware password value of the i-th layer to be authenticated; Alternatively, the processing module is configured to generate the encrypted firmware password of the i-th layer to be authenticated according to the first random number, the second random number and the firmware password value of the i-th layer to be authenticated value.

A possible implementation manner, the first authentication response includes at least one of the following: the initial verification value authentication fails, the target authentication credential authentication fails; the second authentication response includes at least one of the following: The authentication of the initial check value fails, the authentication of the target authentication credential fails, and the authentication of the i-th layer to be authenticated fails.

Regarding the technical effects brought by the fifth aspect or various possible implementations of the fifth aspect, reference may be made to the introduction to the technical effects of the second aspect or various possible implementations of the second aspect.

In a sixth aspect, a communication device is provided, for example, the communication device is the aforementioned second communication device. The second communication apparatus is configured to execute the method in the third aspect or any possible implementation manner of the third aspect. Specifically, the second communication apparatus may include a module for executing the method in the third aspect or any possible implementation manner of the third aspect, for example, including a processing module and a transceiver module. The transceiver module may refer to a functional module, and the functional module can perform both the function of receiving information and the function of transmitting information. Alternatively, the transceiver module may be a general term for a sending module and a receiving module, the sending module is used to complete the function of sending information, and the receiving module is used to complete the function of receiving information. Exemplarily, the second communication device is a server of the authenticating party. in,

The transceiver module is configured to receive a first authentication request message from a first device; the first authentication request message includes: the initial check value and a target authentication credential; the target authentication credential is based on the initial authentication The credential is determined; the first authentication request message is used to request authentication for the first device;

The processing module is configured to authenticate the first authentication request message; send a first authentication response to the first device through the transceiver module according to the authentication result of the first authentication request message; the first authentication response An authentication response is used to indicate the authentication result of the first device.

A possible implementation manner, the initial check value is a timestamp, and the processing module is configured to authenticate the initial check value according to the current time; or,

If the first check value is a counter, the processing module is configured to compare the initial check value with the second check value, and authenticate the initial check value; the second check value is the initial check value sent last time by the first device;

If the first check value is a random number, the processing module is configured to compare the first check value with all historical initial check values sent by the first device according to the initial check value. Authenticate.

A possible implementation, the processing module is configured to generate n standard firmware password values according to n standard hash values of the n layers to be authenticated and the first check value of the first device; Generate a standard verification key according to the n standard firmware password values; compare the standard verification key with the target authentication credential to determine whether the target authentication credential is successfully authenticated.

A possible implementation manner, the processing module is configured to, for the i-th layer to be authenticated among the n layers to be authenticated, perform: according to the first check value of the i-th layer to be authenticated, determine the The first check value of the i+1th layer to be authenticated; the first check value of the first layer to be authenticated is determined according to the initial check value; i is greater than or equal to 1 and less than or equal to n A positive integer of -1; according to the standard hash value of the i+1th layer to be authenticated and the first check value of the ith layer to be authenticated, determine the value of the i+1th layer to be authenticated Firmware password value; the firmware password value of the first layer to be authenticated is determined according to the standard hash value of the first layer to be authenticated.

A possible implementation manner, the processing module is configured to receive, through the transceiver module, a second message from the first device when the authentication result of the first device is that the target authentication credential fails. An authentication request message; the second authentication request message includes: the encrypted firmware password value of the i-th layer to be authenticated; the encrypted firmware password value is determined according to the firmware password value of the i-th layer to be authenticated; the The second authentication request message is used to request authentication for the i-th layer to be authenticated of the first device; to authenticate the encrypted firmware password value of the i-th layer to be authenticated, according to the i-th layer to be authenticated The authentication result of the encrypted firmware password value of the layer is sent to the first device through the transceiver module, and the second authentication response is used to indicate the authentication result of the i-th layer to be authenticated.

A possible implementation, the transceiver module is further configured to send a third authentication request message to the first device; the third authentication request message is used to request to obtain the encryption firmware of the i-th layer to be authenticated password value.

In a possible implementation, the processing module is further configured to compare the i-th standard firmware password value in the n standard firmware password values with the encrypted firmware password value of the i-th layer to be authenticated, Determine whether the i-th layer to be authenticated is authenticated successfully.

A possible implementation manner, the first authentication request message further includes: n encrypted firmware password values of the n layers to be authenticated; the processing module is further configured to encrypt the n layers of the n layers to be authenticated The firmware password value is authenticated respectively to determine the to-be-authenticated layer whose authentication has failed; the first authentication response is also used to indicate the to-be-authenticated layer that has failed authentication.

A possible implementation manner, the processing module is further configured to send a first random number to the first device through the transceiver module; wherein, the target authentication credential is based on the first random number and the The target authentication credential is generated according to the first random number, the second random number and the initial authentication credential; the second random number is determined by the first device.

A possible implementation manner, the encrypted firmware password value of the i-th layer to be authenticated is generated according to the first random number and the firmware password value of the i-th layer to be authenticated; The encrypted firmware password values of the layers to be authenticated are generated according to the first random number, the second random number, and the firmware password value of the i-th layer to be authenticated.

Regarding the technical effects brought by the sixth aspect or various possible implementations of the sixth aspect, reference may be made to the introduction to the technical effects of the third aspect or various possible implementations of the third aspect.

In a seventh aspect, a communication device is provided, and the communication device is, for example, the aforementioned first communication device. The first communication device includes a processor and a transceiver, and the processor and the transceiver are used to implement the methods described in various possible designs of the first aspect or the second aspect. Exemplarily, the first communication device is a chip provided in a communication device. Wherein, the transceiver is implemented by, for example, an antenna, a feeder, a codec, etc. in the communication device, or, if the first communication device is a chip provided in the communication device, the transceiver is, for example, a communication interface in the chip, the The communication interface is connected with the radio frequency transceiver component in the communication device, so as to realize the sending and receiving of information through the radio frequency transceiver component. The transceiver may refer to a functional module, and the functional module can perform both the function of receiving information and the function of transmitting information. Alternatively, the transceiver may be a collective term for a transmitter and a receiver, the transmitter is used to complete the function of sending information, and the receiver is used to complete the function of receiving information. Exemplarily, the communication device is an Internet of Things device.

In an eighth aspect, a communication device is provided, and the communication device is, for example, the aforementioned second communication device. The second communication device includes a processor and a transceiver, and the processor and the transceiver are used to implement the method described in the third aspect or various possible designs of the third aspect. Exemplarily, the second communication device is a chip provided in a communication device. Wherein, the transceiver is implemented by, for example, an antenna, a feeder, a codec, etc. in the communication device, or, if the second communication device is a chip provided in the communication device, the transceiver is, for example, a communication interface in the chip, the The communication interface is connected with the radio frequency transceiver component in the communication device, so as to realize the sending and receiving of information through the radio frequency transceiver component. The transceiver may refer to a functional module, and the functional module can perform both the function of receiving information and the function of transmitting information. Alternatively, the transceiver may be a collective term for a transmitter and a receiver, the transmitter is used to complete the function of sending information, and the receiver is used to complete the function of receiving information. Exemplarily, the communication device is an authenticator's server.

In a ninth aspect, a communication device is provided. The communication device may be the first communication device in the above method design. Exemplarily, the first communication device is a chip provided in a communication device. Exemplarily, the communication device is an in-vehicle device. The first communication apparatus may include: a communication interface for communicating with other apparatuses or devices; and a processor coupled to the communication interface. The communication interface may be a transceiver in the communication device, for example, implemented by an antenna, a feeder, a codec, etc. in the communication device, or, if the communication device is a chip provided in a communication device, the communication interface may be is the input/output interface of the chip, such as input/output pins, etc.

Optionally, the first communication apparatus may further include a memory for storing computer-executable program codes. The program code stored in the memory includes instructions. When the processor executes the instructions, the first communication device is caused to execute the method in any one possible implementation manner of the first aspect or the second aspect. Alternatively, the first communication device may also not include a memory. For example, the processor may execute instructions stored in an external memory, so that the first communication device may execute any one of the possible implementations of the first aspect or the second aspect. method.

A tenth aspect provides a communication device. The communication device may be the second communication device in the above method design. Exemplarily, the second communication device is a chip provided in a communication device. Exemplarily, the communication device is an in-vehicle device. The second communication apparatus may include: a communication interface for communicating with other apparatuses or devices; and a processor coupled to the communication interface. The communication interface may be a transceiver in the communication device, for example, implemented by an antenna, a feeder, a codec, etc. in the communication device, or, if the communication device is a chip provided in a communication device, the communication interface may be is the input/output interface of the chip, such as input/output pins, etc.

Optionally, the second communication apparatus may further include a memory for storing computer-executable program codes. The program code stored in the memory includes instructions. When the processor executes the instructions, the second communication apparatus is caused to execute the method in the third aspect or any possible implementation manner of the third aspect. Alternatively, the second communication device may not include a memory. For example, the processor may execute instructions stored in an external memory, so that the second communication device may execute the third aspect or any of the possible implementations of the third aspect. method.

In an eleventh aspect, a communication system is provided, the communication system comprising the communication device according to the fourth aspect, the communication device according to the fifth aspect, or the communication device according to the seventh aspect and the eighth aspect, The communication device according to the sixth aspect, or the communication device according to the ninth aspect.

A twelfth aspect provides a computer storage medium, where the computer-readable storage medium is used to store a computer program, and when the computer program runs on a computer, the computer is made to execute the first aspect or the first aspect. The method described in any of the possible embodiments.

A thirteenth aspect provides a computer storage medium, where the computer-readable storage medium is used to store a computer program, and when the computer program runs on a computer, the computer is made to execute the second aspect or the first aspect. The method described in any of the possible embodiments.

A fourteenth aspect provides a computer storage medium, where the computer readable storage medium is used to store a computer program, when the computer program runs on a computer, the computer is made to execute the third aspect or the third aspect. The method described in any of the possible embodiments.

A fifteenth aspect provides a computer program product comprising instructions, the computer program product is used to store a computer program, when the computer program is run on a computer, the computer causes the computer to execute the above-mentioned first aspect or the first aspect The method described in any one of the possible embodiments of .

A sixteenth aspect provides a computer program product comprising instructions, the computer program product is used to store a computer program, when the computer program is run on a computer, the computer causes the computer to execute the above-mentioned second aspect or the second aspect The method described in any one of the possible embodiments of .

A seventeenth aspect provides a computer program product comprising instructions, the computer program product is used to store a computer program, and when the computer program is run on a computer, the computer causes the computer to execute the above-mentioned third aspect or the third aspect The method described in any one of the possible embodiments of .

Description of drawings

FIG. 1a-FIG. 1b are schematic diagrams of a network architecture applied by an embodiment of the present application;

FIG. 2 is a flowchart of a device authentication method provided by an embodiment of the present application;

3a-3b are flowcharts of a device authentication method provided by an embodiment of the present application;

4a-4b are schematic diagrams of a method for generating an authentication credential provided by an embodiment of the present application;

FIG. 5 is a flowchart of a device authentication method provided by an embodiment of the present application;

6 is a flowchart of a device authentication method provided by an embodiment of the present application;

FIG. 7 is a schematic structural diagram of a communication device according to an embodiment of the present application;

FIG. 8 is a schematic structural diagram of a communication device according to an embodiment of the present application;

FIG. 9 is a schematic structural diagram of a communication device according to an embodiment of the present application;

FIG. 10 is a schematic structural diagram of a communication device according to an embodiment of the present application.

Detailed ways

In order to make the objectives, technical solutions and advantages of the embodiments of the present application more clear, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

1) IoT devices

This application primarily relates to low-power IoT devices. IoT devices can be low-power end devices with limited performance and resources. For example, devices that provide voice and/or data connectivity to a user may include, for example, handheld devices with wireless connectivity, or processing devices connected to a wireless modem. Also includes constrained devices, such as devices with lower power consumption, or devices with limited storage capacity, or devices with limited computing power, etc. For example, information sensing devices such as barcodes, radio frequency identification (radio frequency identification, RFID), sensors, global positioning system (global positioning system, GPS), and laser scanners are included. The terminal equipment can communicate with the core network via a radio access network (RAn), and exchange voice and/or data with the RAn. The terminal equipment may include user equipment (UE), wireless terminal equipment, mobile terminal equipment, device-to-device (D2D) terminal equipment, V2X terminal equipment, machine-to-machine/machine-type communication (machine-to-machine communication) -to-machine/machine-typecommunications, M2M/MTC) terminal equipment, Internet of things (Internet of things, IoT) terminal equipment, subscriber unit (subscriber unit), subscriber station (subscriber station), mobile station (mobilestation), remote station (remotestation), access point (access point, AP), remote terminal (remote terminal), access terminal (access terminal), user terminal (user terminal), user agent (useragent), or user equipment (user device) and the like. For example, these may include mobile telephones (or "cellular" telephones), computers with mobile terminal equipment, portable, pocket-sized, hand-held, computer-embedded mobile devices, and the like. For example, personal communication service (PCS) phones, cordless phones, session initiation protocol (SIP) phones, wireless local loop (WLL) stations, personal digital assistants (PDAs) ), and other equipment. As an example and not a limitation, in this embodiment of the present application, the IoT device with low power consumption may also include a wearable device. Wearable devices can also be called wearable smart devices or smart wearable devices, etc. It is a general term for the application of wearable technology to intelligently design daily wear and develop wearable devices, such as glasses, gloves, watches, clothing and shoes. Wait. A wearable device is a portable device that is worn directly on the body or integrated into the user's clothing or accessories. Wearable device is not only a hardware device, but also realizes powerful functions through software support, data interaction, and cloud interaction. In a broad sense, wearable smart devices include full-featured, large-scale, complete or partial functions without relying on smart phones, such as smart watches or smart glasses, and only focus on a certain type of application function, which needs to cooperate with other devices such as smart phones. Use, such as all kinds of smart bracelets, smart helmets, smart jewelry, etc. for physical sign monitoring.

2) Authentication method of IoT devices

The authentication method of IoT devices can be implemented by three different types of hardware modules according to different device characteristics. For example, a trusted platform module (TPM), a trusted execution environment (TEE) module, and a device identifier composition engine (DICE) module. The functions that the TPM module, the TEE module, and the DICE module can provide are successively reduced, the complexity is successively reduced, and their power consumption is successively reduced. For high-performance devices with sufficient power supply, the certification of IoT devices usually relies on TPM modules; for mobile devices with moderate energy consumption, the certification of IoT devices usually relies on TEE modules; for devices with strict low power consumption requirements In terms of devices, the authentication of IoT devices relies on the DICE module. As shown in Fig. 1a, a schematic flow chart of authentication of IoT devices is described. When the authenticator needs to verify the firmware security of the IoT device, the device simultaneously sends its firmware version (for example, firmware version: V2.1) and its firmware hash value (for example, firmwarehash: H323CD87LKUE7BGH…) to the verification subject. By identifying the firmware version, the verification subject can determine whether the IoT device has disclosed security vulnerabilities; by verifying the integrity of the firmware, the verification subject can determine whether the firmware code of the IoT device has been unauthorizedly tampered with.

3) The terms "system" and "network" in the embodiments of this application may be used interchangeably. "At least one" means one or more, and "plurality" means two or more. "And/or", which describes the association relationship of the associated objects, means that there can be three kinds of relationships, for example, A and/or B, which can mean: the existence of A alone, the existence of A and B at the same time, the existence of B alone, where A, B can be singular or plural. The character "/" generally indicates that the related objects are an "or" relationship. "At least one item(s) below" or similar expressions thereof refer to any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one item (a) of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple .

And, unless stated to the contrary, the ordinal numbers such as “first” and “second” mentioned in the embodiments of the present application are used to distinguish multiple objects, and are not used to limit the order, sequence, priority or priority of multiple objects. Importance. For example, the first message and the second message are only for distinguishing different messages, but do not indicate the difference in priority, sending order, or importance of the two kinds of messages.

Some concepts involved in the embodiments of the present application are described above, and the technical features of the embodiments of the present application are described below.

FIG. 1b is a schematic structural diagram of an authentication system for an Internet of Things device provided by an embodiment of the present application. As shown in FIG. 1b, the authentication system 100 of an IoT device may include an IoT device 10, an authenticator 20, and an access network device 30, where the authenticator 20 may be an authentication server, a security anchor, and the like.

For example, consider a scenario in a campus network for managing IoT devices. The authenticator can be the server of the cloud platform that provides data sharing for IoT devices in the park. Before each IoT device establishes a connection with the server, the server can initiate a trusted remote certification request to the IoT device. Thus, IoT devices (eg, connected power-constrained devices) are authenticated by the server. For IoT devices that pass the authentication, the communication connection initiated by the IoT device will be allowed by the server; for IoT devices that fail to pass the authentication, the communication initiated by the IoT device will be rejected by the server to improve the security of IoT devices sex.

For another example, the IoT device may also request network authentication during the process of accessing the network. In Figure 1b, the IoT device can interact with the authentication node through access network elements such as a base station (nodeB), a base station controller (Radio network Controller, RnC), or an access gateway that provide network access services for the IoT device Certification. The network management party measures the identity and firmware integrity of the IoT device, and sets network access rights for the IoT device according to the authentication result, so as to improve the security of the IoT device.

The IoT device may be user equipment with low power consumption requirements, including mobile phones, tablet computers, notebook computers, mobile Internet devices (Mobile Internet Device, MID), wearable devices (such as smart watches, smart bracelets, pedometers, etc.) User terminals such as devices, etc.), may also include IoT devices, and may also include other communication devices.

The authenticator may be a node that provides network authentication services for all user equipment accessing the network, may be an authentication node configured independently, or may be configured in a third-party system. The authenticator can be used to store related information such as the ID used to authenticate the IoT device and the encryption algorithm of the IoT device.

The following embodiments of the present application mainly describe the interactive authentication process between the IoT device and the authenticator. The Pre-Share Key (PSK) protocol that can be supported between the IoT device and the authenticator is used for PSK interactive authentication. As shown in Figure 1b, the IoT device side may include an authentication request client. The client is the entity responsible for running the authentication on the terminal side, including the interface with the key storage entity. The access network may be responsible for relaying the authentication message, and the network side The authentication server can include an authentication server, which can be used for authentication on the network side. FIG. 2 is a flow chart showing the implementation of PSK interactive authentication between an IoT device and an authenticating party in the prior art. See Figure 2, including:

Step 101 : the authenticator sends a first message to the IoT device, where the first message includes a random number (RAND_S) and identification information (ID_S) of the authenticator.

Step 102: The IoT device sends a second message to the authenticator, and the second message includes the random number (RAND_S) generated by the authenticator, the random number (RAND_P) generated by the IoT device, and the identification information of the IoT device (ID_P).

Step 103: The authenticating party sends a third message, where the third message includes a Message Authentication Code (MAC) generated for the third message using the pre-shared key, which is used for authentication of the IoT device square, which can be expressed as MAC_S.

Step 104: After the IoT device receives the third message sent by the authenticator, the IoT device generates and sends a fourth message, and the fourth message also includes a MAC generated by using a pre-shared key for The authenticating party authenticates the IoT device.

After the above interaction process, the IoT device and the authenticator use the random number and its pre-shared key contained in the interactive information to generate a session key for the IoT device and the authenticator to use in subsequent communications.

There are many ways to generate the PSK, and the following is an example of way a and way b.

Mode a, as shown in Figure 3a, can generate a pre-shared key based on asymmetric encryption between the IoT device and the authenticator, so as to perform mutual authentication.

After the device is produced, the device manufacturer can generate a pair of asymmetric public and private keys for the device, and burn the private key SK* and the certificate of the corresponding public key into the DICE module of the device, where the public key certificate of the device is set by The device manufacturer's private key is signed, and the DICE module ensures the security of the SK* and the corresponding public key certificate stored in it through programming and other methods. The firmware developer of the device (usually the manufacturer of the device) divides the device firmware into n layers, and when the device starts up, the n layers of firmware will be started step by step. The specific number of layers can be divided based on the specific firmware form of the device. In a possible implementation, the n-layer can be 2 layers, for example, including the bottom layer (for example, (U) extensible firmware interface (EFI) / basic The input and output system (Basic Input Output System, BIOS) layer) and the system layer (for example, the Android layer), the n layer may also be three layers, for example, including: the bottom layer, the system layer and the application layer. It can also be a 4-layer structure including a security layer, for example, including: a bottom layer, a system layer, a security layer and an application layer. The above is only an example, and there may be other ways in specific implementation, which are not limited here. In the following description, the n-layer firmware includes the firmware of the 0th layer to the firmware of the n-1th layer. Before starting the n-layer firmware, the DICE layer is started first, which is used to read the private key SK* to determine the parameters required by the next layer to generate the certificate.

As shown in Figure 3a, it may specifically include the following steps:

Step 201a: The device starts the DICE layer.

When the device starts, the device first starts the DICE layer, the DICE layer first generates a pair of public and private key pairs (PK0, SK0), and at the same time calculates the firmware hash value of the first firmware layer to be authenticated (layer 0). The value can satisfy: H(L0). Wherein, L0 is the firmware code of the 0th layer, and the firmware hash value of the 0th layer can be determined by performing a hash operation on the firmware code of the 0th layer. Therefore, the DICE layer can record the firmware hash value and firmware version of the 0th layer as the certificate extension option in the X509 certificate corresponding to the public key PK0, and generate the certificate of the DICE layer, and the certificate passes the private key SK in the DICE module. * to sign.

After the DICE layer passes the certificate of the DICE layer and the corresponding private key SK0 to the 0th layer, the DICE layer will be closed. It should be noted that, in order to ensure the security of the secret key SK*, during the entire startup process, only the DICE layer will close itself after completing the task.

Step 202a: The device starts the i-th layer to be authenticated.

For example, the layer to be authenticated connected after the DICE layer is the 0th layer. In this case, after the DICE layer is turned off, the 0th layer to be authenticated can be started.

After the ith layer is started, the firmware hash value H(Li) of the ith layer can be determined by hashing the firmware code of the ith layer. Write the firmware hash value and firmware version of the i-th layer into the certificate as an extension option of the i-layer certificate, and the certificate is signed by the private key SK(i-1), thereby generating the layer-i certificate. Certificate.

Repeat the above process until the n-layer firmware is all started.

Step 203a: The device generates an initial authentication credential PSK according to the certificates of the n layers to be authenticated.

When the n layers to be authenticated are all activated, the n-1th layer will obtain the certificates from the 0th to the n-1th layer, and the certificates form a certificate chain by means of signatures. At this time, the n-1th layer can generate an authentication credential P according to the certificate chain, where the authentication credential includes the firmware version number of the device and the certificate chain.

Step 204a: The device sends the initial authentication credential PSK to the authenticator, so as to authenticate the initial authentication credential PSK.

When the authenticator performs security authentication on the device, the device may transmit the initial authentication credential PSK to the authenticator through a secure channel.

Step 205a: The authenticator authenticates the received initial authentication certificate PSK of the device according to the stored root certificate of the device manufacturer's private key SK* self-signed.

Specifically, the authenticator uses the corresponding public key PK0 as the trust anchor for verification according to the root certificate self-signed by the private key SK* of the device manufacturer. The root certificate is used to verify the signature of the certificate chain, so as to determine that all certificate signatures have not been tampered with.

Second, the authenticator extracts the version number and metric hash value of the n-layer firmware from the extended options of the certificate in the initial authentication credential PSK. The authenticator determines whether the firmware code of each layer has been tampered with by comparing the version number with the corresponding metric hash value and the standard hash value of each layer in the database. The standard hash value is different for each layer in . If not tampered with, the metric hash in the certificate is the same as the standard hash for each layer in the database to determine the authenticity of the device firmware version and the integrity of the firmware.

In this method, due to the use of asymmetric encryption, the computational overhead introduced is 100 to 100,000 times higher than that of symmetric computing; in addition, due to the use of X.509 certificates, the minimum X.509 certificate is about 500 words. The generation of the certificate chain will further increase the transmission and calculation overhead with the number of firmware layers, so the energy consumption overhead is high.

Mode b, as shown in Figure 3b, in order to reduce the energy consumption overhead, a pre-shared key can be generated between the IoT device and the authenticator based on symmetric encryption, so as to perform mutual authentication. After the device is produced, the device manufacturer generates a unique device ID and a UDS based on the symmetric key for the device, and burns the UDS into the DICE module of the device as a trust anchor. The firmware startup is still the step-by-step startup of the n-layer firmware, and the n-layer firmware includes the firmware of the 0th layer to the firmware of the n-1th layer. Before starting the n-layer firmware, the DICE layer is started first, which is used to read the symmetric key UDS to determine the parameters required by the next layer to generate the firmware cryptographic value. Specifically, the following steps may be included:

Step 201b: The device starts the DICE layer.

The DICE module first calculates the firmware hash value H(L ₀ ) of the 0th layer;

Wherein, L ₀ represents the firmware code of the 0th layer, and the firmware hash value of the 0th layer can be determined by performing a hash operation on the firmware code of the 0th layer.

Determine the firmware password value of layer 0 through the firmware hash value of layer 0 and the symmetric key UDS;

Specifically, the firmware password value of layer 0 can satisfy:

Secret ₀ =HMAC(UDS,H(L ₀ ))

Among them, HMAC is an encryption function.

After the DICE layer passes Secret ₀ to layer 0, the DICE layer will be closed. During the entire startup process, only the DICE layer will shut itself down after completing the task to ensure that the key UDS is absolutely safe.

Step 202b: The device starts the i-th layer to be authenticated. where i is a positive integer.

In the process of starting the i-th layer to be authenticated, the firmware hash value of the i+1-th layer is calculated.

Wherein, L _i+1 represents the firmware code of the i+1 layer, and by hashing the firmware code of the i+1 layer, the firmware hash value H(L _i+1 ) of the i layer can be obtained.

In the process of starting the i-th layer to be authenticated, the firmware password value of the i+1-th layer is calculated, wherein the firmware password value of the i+1-th layer can be determined by the firmware password value of the i-th layer and the The firmware hash is determined by HMAC encryption. For example, the firmware password value for layer i+1 can satisfy:

Secret _i+1 =HMAC(Secret _i ,H(L _i+1 )),

It can be seen that the firmware password value of the next layer is related to the firmware password value of the previous layer. Therefore, the firmware password values of each layer have an association relationship, that is, as long as there is a layer of firmware hash value and standard hash value If the values do not match, the firmware password value will be different from the standard firmware password value, but it is impossible to determine which layer has a different firmware hash value that causes the firmware password value to be abnormal.

Repeat the above step 202b to start the next layer to be authenticated, and calculate the firmware password value required by the next layer until all the n layers of firmware are started.

Step 203b: The device generates an initial authentication credential PSK according to the certificates of the n layers to be authenticated.

After the startup is completed, the n-1th layer encrypts the firmware password value generated by the n-1th layer to generate the initial authentication certificate PSK.

The encryption method can use a key derivation function (key derivation function, KDF). That is, the initial authentication credential PSK can satisfy:

The initial authentication credential PSK=KDF(Secret _n-1 ).

Thus, the n-1th layer can generate an authentication credential according to the initial authentication credential PSK. The authentication credential may include: device ID, device firmware version number, initial authentication credential PSK, etc.

Step 204b: The device sends the authentication credential to the authenticator to authenticate the authentication credential.

The manner of sending the authentication credential may be that when the authenticating party sends the authentication request, the authentication credential is transmitted to the authenticating party through a secure channel.

Step 205b: The authenticator authenticates the received authentication credential of the device according to the stored key UDS corresponding to the device ID.

The corresponding relationship between the device ID and the UDS may be stored in the authenticator's cloud database, and the authenticator authenticates the authentication certificate according to the preset corresponding relationship between the device ID and the device's USD.

The authenticator needs to first read the corresponding UDS through the device ID, and read the correct hash value of the n-layer firmware of the device through the firmware version value provided by the device, for example, H*(L ₀ ),...,H*(L _{n- 1} ).

The authenticator then generates the initial authentication credential PSK* through the same algorithm. For example, by the method of determining the firmware password value in step 201b, the standard firmware password value of the 0th layer is determined as: Secret* ₀ =HMAC(UDS,H*(L ₀ )), and by the method of determining the firmware password value in step 202b , it is determined that the standard firmware password value of the i+1th layer is: Secret* _i+1 =HMAC(Secret* _i ,H*(L _i+1 )). Thus, the standard initial authentication credential PSK*=KDF(Secret* _n-1 ) is determined.

By comparing the standard initial authentication credential PSK* with the initial authentication credential PSK in the authentication credential, if they are consistent, the authenticity of the firmware version of the device can be determined. If not, it can be determined that the firmware of the device has been tampered with. Thus, the authenticator can judge the authenticity of the device firmware version and the integrity of the firmware.

In the above solution, the authentication credential used by the device for identity and firmware integrity verification is a static authentication credential, and the authentication credential may change only when the firmware version of the device is updated. Since the DICE module cannot provide hardware-level secure storage for authentication credentials, once hackers have the ability to steal static authentication credentials, the device identity is at risk of being counterfeited. The authenticator can only judge the integrity of the overall firmware through the initial authentication certificate PSK, but cannot precisely locate the specific level of the tampered firmware, and the granularity of the firmware integrity proof is insufficient.

Based on the above problems, the present application provides a method for generating an authentication credential, and a schematic diagram of the architecture of an authentication system composed of an IoT device and an authenticator can be shown in FIG. 1b. In the authentication system shown in FIG. 1b, both the IoT device and the authenticator can functionally include a DICE module. The device manufacturer has installed the DICE module for the device when producing the device, and introduced an initial check value Seed value into the DICE module. The Seed value is newly generated based on the current startup process. Therefore, the DICE module passes the Seed value. Firmware at each layer generates dynamic metrics during startup, which in turn generates dynamic authentication credentials for authentication.

In order to ensure security, the identity information of the device can be written to the DICE module of the device after the production of the device is completed. For example, after the production of the equipment is completed, the manufacturer can test the equipment, and after passing the test, the manufacturer of the equipment or the original equipment manufacturer can write the identity information of the equipment to the equipment. The identity information of the device includes, for example, one or more of the following: the model of the device, the UDS used by the device, or the identifier of the device. The ID may be a device ID generated for the device by the device manufacturer, and the UDS is a globally unique symmetric key UDS generated by the device manufacturer for the device. This symmetric key acts as a trust anchor. The device ID and UDS can be programmed into the DICE module to ensure that they are not tampered with.

The DICE module can also be used to manage and store the information related to the generated authentication credentials, such as the initial authentication credentials PSK, Seed, and other keys. The DICE module can also be used to generate and send authentication messages, encapsulate DICE-based authentication parameters such as device identity information, Seed, expiration date, version number, authentication credentials, etc. in the authentication message, and return the response from the authenticator Parameters such as random numbers based on the authenticator are parsed in the message. Thus, based on the received parameters of the authenticating party, the authentication credential is sent to the authenticating party. For example, the DICE module of the IoT device can encrypt the authentication credential based on the received random number. The DICE module can also be used to generate random numbers in the verification process according to the parameters of the authenticator provided by the DICE module, such as ID, expiration date and other information.

In addition, the device manufacturer can pre-distribute the corresponding relationship between the device ID and the UDS to the authenticator in an out-of-band way to clear the security. So that the authenticator can authenticate the authentication credential through the device ID and UDS. The authenticator can be a cloud server that performs specific services. The authenticator presets the authentication method of the validity of the initial check value Seed value in advance, and pre-judged the validity of the initial check value Seed during the verification process. Under the condition that the initial verification value Seed is valid, the authenticator generates a standard authentication credential through the same measurement mechanism and algorithm in the device startup process. By comparing the consistency of the dynamic authentication credentials provided by the device with the standard authentication credentials, the authenticator can judge the authenticity of the device identity and the legitimacy of the device firmware.

In the following introduction process, the method is applied to the network architecture shown in FIG. 1b as an example. In addition, the method may be performed by two communication apparatuses (or, in other words, two types of communication apparatuses), such as a first communication apparatus and a second communication apparatus. Wherein, the first communication device may be an IoT device or a communication device (such as a chip system) capable of supporting the functions required by the IoT device to implement the method, and the second communication device may be an authenticator or capable of supporting an authenticator to implement the method The communication device (for example, a chip system) with the required functions, of course, can also be other communication devices. And there is no restriction on the implementation of the first communication device and the second communication device, for example, the two communication devices can be realized in the same form, for example, both are realized in the form of equipment, or the two communication devices can also be realized in different ways. For example, the first communication device is realized in the form of a device, and the second communication device is realized in the form of a chip system. The two communication devices can also be two different chips, and so on.

The present application provides a method for generating an authentication credential, please refer to FIG. 4a , which is a flowchart of the method. Taking the method performed by the first device as an example, for example, the first device may be an IoT device to be authenticated, that is to say, in the following, the first communication device is the first device, as shown in FIG. 4a, including:

Step 401: The first device starts the DICE initial firmware layer.

In the initial firmware layer of DICE, the verification information of the next layer can be generated through UDS. The next layer can be the first layer to be authenticated. In order to distinguish the DICE initial firmware layer and the layer to be authenticated, the DICE initial firmware layer can be marked as layer -1.

Step 402: the DICE initial firmware layer determines the relevant information of the first layer to be authenticated;

In step 402, a first check value, a firmware hash value, a firmware password value, etc. of the first layer to be authenticated may be generated. The method for generating the first check value of the first to-be-authenticated layer is exemplified below by taking the methods A1-A2.

Method A1, the DICE initial firmware layer calculates the first check value of the first layer to be authenticated:

KEY ₀ =HMAC(UDS, Seed);

As shown in Figure 4b, the UDS is the symmetric key stored in the DICE module of the IoT device. The initial check value Seed is generated by the IoT device during the startup process. In a possible implementation manner, the initial check value Seed may be a random number, a timestamp, a counter, and the like. In each startup process, different initial verification values Seed can be generated, so that the generated authentication credentials can be guaranteed to be different values to realize dynamic verification.

Method A2, the encryption method of the first check value of the first layer to be authenticated, can also satisfy:

KEY ₀ =HMAC(Seed);

Wherein, HMAC is a hash-based message authentication code (hash-based message authentication code, HMAC), which is used to encrypt the UDS and M ₀ . Of course, in this application, the encryption method for determining the first check value KEY ₀ according to the initial check value Seed is not limited, and there may be other encryption methods, for example, a KDF function, or a pseudo random function (PRF). ), or a hash-based key derivation function (HKDF).

The method for generating the firmware hash value is exemplified by the methods B1-B2 below.

Method B1: DICE initial firmware layer, by hashing the firmware code of the first layer to be authenticated (which can be marked as layer 0), the firmware metric value of the first layer to be authenticated can be determined, as shown in Figure 4b , for example, the firmware metric value of the first layer to be authenticated can satisfy: M ₀ =H(L ₀ );

Among them, H is a hash algorithm, by hashing the firmware code of the 0th layer, the firmware metric value of the 0th layer can be obtained.

Mode B2: DICE initial firmware layer By hashing the firmware code and UDS of the first layer to be authenticated (which can be marked as layer 0), the firmware metric value of the first layer to be authenticated can be determined, for example, the first layer The firmware metrics of the layers to be authenticated can satisfy: M ₀ =H(UDS, L ₀ );

Combining method A2, the UDS and the firmware code of layer 0 can be hashed, thereby avoiding obtaining the initial verification value only according to the Seed, or obtaining the corresponding firmware password value only according to the firmware code, so that the authentication effect can be improved. and firmware code security.

It should be noted that, in this application, the determination method according to the firmware metric value of the 0th layer is not limited, and other encryption methods are also possible, for example, KDF function, PRF, or HKDF.

The method of generating the firmware password value is illustrated below by taking the methods C1-C2 as an example.

Mode C1, the DICE initial firmware layer calculates the firmware password value of the first layer to be authenticated, wherein the firmware password value of the 0th layer can be determined according to the UDS and the firmware metric value of the 0th layer, as shown in Figure 4b, for example, the first layer One firmware password value of the layer to be authenticated can satisfy:

Secret ₀ =HMAC(UDS, M ₀ );

Mode C2, the DICE initial firmware layer calculates the firmware password value of the first layer to be authenticated, wherein the firmware password value of the 0th layer can be determined according to the firmware metric value of the 0th layer, for example, the firmware password of the first layer to be authenticated The value can satisfy:

Secret ₀ =HMAC(M ₀ );

It should be noted that, in this application, the encryption method for determining the firmware password value according to the firmware metric value of the 0th layer is not limited, and there may be other encryption methods, such as KDF function, PRF, or HKDF.

Step 403: the first device starts the first layer to be authenticated;

For example, the first layer to be authenticated started by the first device is the layer 0 firmware, and the first check value KEY ₀ , Secret ₀ , the initial check value Seed and ID are passed to the layer 0 firmware through the DICE initial firmware layer .

Further, the DICE initial firmware layer deletes the values of KEY ₀ , M ₀ , and Secret ₀ , and closes the current DICE initial firmware layer to ensure the security of the key.

It should be noted that step 403 may be performed after step 404, or may be performed simultaneously, which is not limited herein.

Step 404: the first layer to be authenticated of the first device determines the relevant information of the second layer to be authenticated;

In step 405, the first check value, firmware hash value, firmware password value, etc. of the next layer to be authenticated may be generated.

The following description will be given by taking as an example that the i-th layer to be authenticated determines the first check value, the firmware hash value, and the firmware password value of the i+1-th layer to be authenticated. where i is a positive integer less than n.

Modes D1 and D2 are used to illustrate the manner in which the i-th layer to be authenticated determines the first check value of the i+1-th layer to be authenticated.

Mode D1, the i-th layer to be authenticated determines the first check value of the i+1-th layer to be authenticated according to the first check value of the i-th layer to be authenticated. As shown in Figure 4b, for example, the first check value of the i+1th layer to be authenticated satisfies:

KEY _i+1 =H(KEY _i );

That is, by hashing the first check value of the i-th layer to be authenticated, the first check value of the i+1-th layer to be authenticated can be determined.

Taking the first layer to be authenticated (layer 0) as an example, the first check value of the second layer to be authenticated satisfies: KEY ₁ =H(KEY ₀ ).

Mode D2, the i-th layer to be authenticated encrypts the first check value of the i-th layer to be authenticated to determine the first check value of the i+1-th layer to be authenticated. For example, the first check value of the i+1th layer to be authenticated satisfies:

KEY _i+1 =HMAC(KEY _i );

That is, by performing HMAC encryption on the first check value of the i-th layer to be authenticated, the first check value of the i+1-th layer to be authenticated can be determined.

Taking the first layer to be authenticated (layer 0) as an example, the first check value of the second layer to be authenticated (layer 1) satisfies: KEY ₁ =HMAC(KEY ₀ ).

Currently, the first check value of the i+1 th layer to be authenticated may also be determined by other methods, which is not limited here.

In step 405, the manner of determining the firmware hash value of the i+1 th layer to be authenticated may be determined according to the firmware code of the i+1 th layer to be authenticated. For example, the firmware hash value of the i+1th layer to be authenticated can satisfy:

M _i+1 =H(L _i+1 );

Among them, L _i+1 is the firmware code of the i+1th layer to be authenticated. By hashing the firmware code of the i+1th layer to be authenticated, the firmware hash of the i+1th layer to be authenticated can be determined. value.

Taking the first layer to be authenticated (layer 0) as an example, the firmware hash value of the second layer to be authenticated (layer 1) satisfies: M ₁ =H(L ₁ ).

The manner in which the i-th layer to be authenticated determines the firmware password value of the i+1-th layer to be authenticated is exemplified by way E1 and way E2.

In the manner E1, the firmware password value of the i+1th layer to be authenticated can be determined according to the firmware hash value of the i+1th layer to be authenticated and the first check value of the ith layer to be authenticated. As shown in Figure 4b, for example, the firmware password value of the i+1th layer to be authenticated can satisfy:

Secret _i+1 =HMAC(KEY _i ,H(L _i+1 )).

Taking the first layer to be authenticated (layer 0) as an example, the firmware password value of the second layer to be authenticated (layer 1) satisfies: Secret ₁ =HMAC(KEY ₀ , H(L ₁ )).

In manner E2, the firmware password value of the i+1 th layer to be authenticated can be determined according to the firmware hash value of the i+1 th layer to be authenticated. For example, the firmware password value of the i+1th layer to be authenticated can satisfy:

Secret _i+1 =HMAC(H(L _i+1 )).

Taking the first layer to be authenticated (layer 0) as an example, the firmware password value of the second layer to be authenticated (layer 1) satisfies: Secret ₁ =HMAC(H(L ₁ )).

In the above manner, the firmware password values generated by each layer to be authenticated are independent of each other, and are only related to the first check value generated during this startup and the firmware code of that layer. When verifying the firmware hash value, it is possible to determine which layers of the firmware hash value have problems, so that the tampered firmware layer can be accurately located according to the firmware password value of each layer to be authenticated generated by the IoT device. Further, according to the determined tampered firmware layer, a corresponding security policy can be executed on the firmware code of the corresponding layer to improve the security of the firmware code.

In the above manner, the i-th layer to be authenticated can determine the first check value KEY _i+1 of the i+1-th layer to be authenticated, the firmware hash value of the i+1-th layer to be authenticated, the i+ The firmware password value Secret _i+1 , the initial check value Seed, and the first device ID of 1 layer to be authenticated are passed to the i+1 layer to be authenticated, so that the i+1 layer to be authenticated determines the i+2 Information about the layer to be authenticated. Alternatively, the i-th layer to be authenticated may also send all the firmware password values Secret ₀ to Secret _i+1 of the i+1 layers to be authenticated to the i+1-th layer to be authenticated.

For example, the first device starts the second layer to be authenticated.

The second to-be-authenticated layer may determine relevant information of the third to-be-authenticated layer. For a specific implementation manner, reference may be made to step 405, which will not be repeated here.

The n layers to be authenticated are started layer by layer until all the n layers to be authenticated are started.

Step 406: The first device starts the nth layer to be authenticated, and determines the initial authentication credential PSK.

The n-1 th layer to be authenticated determines the initial authentication credential PSK=KDF(Secret _n-1 ).

When the first device is requested by the authenticator for a trusted remote certificate, the first device sends the target authentication credential to the authenticator through the network. There are many ways to send the target authentication credential. The following is an example of ways F1-F3.

Manner F1: The target authentication credential may include: the identity information of the first device, the initial verification value Seed, and the initial authentication credential PSK.

Wherein, the identity information of the first device may include at least one of the following: ID of the first device, firmware version number Firmware Version, identification of the first device, etc., which are not limited herein.

The Seed and the initial authentication credential PSK may be sent to the authenticating party in plain text, or may be sent in an encrypted manner, which is not limited here, and the specific sending method is described in detail in the following embodiments.

Mode F2: The n-1 th layer to be authenticated also determines the check sequence D=(Secret ₀ , Secret _{1 . . . ,} Secret _n-1 ) according to the firmware password values of the n layers to be authenticated.

At this time, the target authentication credential may include at least one of the following: the identity information of the first device, the initial verification value Seed of the first device, the initial authentication credential PSK, and the verification sequence D.

Wherein, the initial check value Seed, the initial authentication certificate PSK and/or the check sequence D may be sent to the authenticator in plaintext, or may be sent in an encrypted manner. The encryption method may be separate encryption or separate encryption. This is not limited. The specific sending manner is described in detail in the following embodiments.

Mode F3: Considering that when verifying the firmware password value of each layer, the firmware password value of the corresponding layer can be sent respectively, therefore, the target authentication credential can include: the identity information of the first device, the initial authentication credential PSK, Secret _i . Among them, Secret _i is the firmware password value of the i-th layer.

The present application provides an authentication method, please refer to FIG. 5 , which is a flowchart of the method. Take the method performed by the first device and the second device as an example, that is, take the first communication device as the first device and the second communication device as the second device as an example, for example, the first device is an IoT device, and the second device is used as an example. It can be the authenticator's server, or another entity. As shown in Figure 5, including:

Step 501: The first device sends a first authentication message to the second device.

The authentication request includes first information that triggers the authentication request.

For example, the first information may be for authentication. The first information may also include identifiers of other devices or other triggering conditions provided by the first device itself. For example, the first information includes measurement results, trigger identifiers, or information reported in response to other devices periodically, or may include startup or restart, software and hardware updates, or plug-and-play of the first device or other IoT devices. Information about the introduction of the device.

Alternatively, the first information may also include information in response to other events, such as the event that the first device is powered on, or the event that the first device receives information from other devices, and so on. For example, if the user wants to perform the first service, the user presses a certain button or some buttons, which is equivalent to inputting information, and other devices receive the information input by the user. After the other device receives the information input by the user, it can notify the first device to start the authentication process, and then the first device can execute step 501 .

In addition, the authentication request may further include the identity information of the first device and the initial verification value Seed generated by the first device during this startup.

The identity information of the first device may include at least one of the following: an ID of the device, a firmware version number FirmwareVersion, an identifier of the device, and the like.

Step 502: The second device authenticates the first authentication message.

The second device may, according to the authentication request, authenticate the identity information of the first device and the initial verification value Seed generated by the first device during this startup.

The initial check value Seed generated by the first device during this startup may be: a random number, a timestamp, a counter, and the like.

The following takes the modes G1-G3 as an example to illustrate the authentication mode for the initial check value Seed.

Mode G1: Seed is a counter, then the second device compares the value of the initial verification value Seed in the authentication request with the value of the initial verification value Seed provided by the first device in the history to determine the verification result of the initial verification value Seed .

For example, the initial check value Seed is an incrementing counter. At this time, if the value of the counter in the first authentication message provided by the first device is less than or equal to the value of the counter provided by the first device in the history, it is determined that the authentication of the first authentication message is not valid. pass. If the value of the counter in the authentication request provided by the first device is greater than the value of the counter provided by the first device in its history, it is determined that the Seed value in the first authentication message is valid, and other information can be authenticated.

For another example, the initial check value Seed is a decrementing counter. At this time, if the value of the counter in the first authentication message provided by the first device is greater than or equal to the counter value provided by the first device in the history, the first authentication message is determined. Authentication failed. If the value of the counter in the authentication request provided by the first device is smaller than the value of the counter provided by the first device in the history, it is determined that the Seed value in the first authentication message is valid, and other information can be authenticated.

Mode G2: The initial verification value Seed is a timestamp, then the second device compares the value of the initial verification value Seed in the authentication request with the maximum timestamp in the Seed provided by the first device in the history to determine the verification result of the Seed .

Wherein, if the timestamp in the first authentication message provided by the first device is less than or equal to the maximum timestamp provided by the first device in the history, it is determined that the authentication of the first authentication message fails. If the timestamp in the authentication request provided by the first device is greater than the maximum timestamp provided by the first device in its history, it is determined that the Seed value in the first authentication message is valid, and other information can be authenticated.

Mode G3: The initial verification value Seed is a random number, and the second device compares the value of the initial verification value Seed in the authentication request with all seeds provided by the first device in the history to determine the verification result of the Seed.

Wherein, if the random number in the first authentication message provided by the first device is repeated with any random number provided by the first device in the history, it is determined that the authentication of the first authentication message fails. If the random number in the authentication request provided by the first device does not overlap with the random number provided by the first device in the history, it is determined that the Seed value in the first authentication message is valid, and other information can be authenticated.

In the case that the initial check value Seed is valid, the historical value of the initial check value Seed is updated according to the received initial check value Seed, and step 503 is executed.

Step 502a: The second device authenticates the target authentication credential of the first device.

The target authentication credential may be an initial authentication credential PSK generated by the first device, or an encrypted initial authentication credential PSK.

In a possible implementation manner, the second device may determine the UDS corresponding to the first device according to the ID of the first device and the corresponding relationship between the ID of the device and the UDS. And according to the firmware version number of the first device, the standard hash values M ₀ *˜M _n * of each layer of the firmware of this version are determined.

Thus, according to the method of determining the first check value of each layer of the first device, the second device determines the standard first check value of each layer, and according to the method of determining the firmware password value of each layer of the first device, the second device determines each layer. Therefore, the second device determines the standard verification key PSK*.

Combining the modes A1-A2, B1-B2, and C1-C2, the second device can determine the standard of each layer correspondingly based on the first device correspondingly determining the first check value, the firmware password value and the initial authentication credential PSK The first check value and the standard firmware password value of each layer. The standard verification key PSK* is determined in the following manners A1, B1 and C1. For example, the first check value of the layer 0 firmware standard satisfies: KEY ₀ *=HMAC(UDS, Seed); the first check value of the layer i firmware standard satisfies: KEY _i =H(KEY _i-1 ); The layer firmware standard firmware password value satisfies: Secret ₀ *=HMAC(UDS, M ₀ *); the i-th layer firmware standard firmware password value satisfies: Secret _i *=HMAC(KEY _i , M _i *); thus, it is determined that the standard The verification key PSK*=H(D*), wherein the standard verification sequence D* can satisfy: D*=(Secret ₀ *, Secret ₁ *, . . . , Secret _n *).

Therefore, the second device can determine the validity of the initial authentication credential PSK of the first device based on the standard verification key PSK*, and if the standard verification key PSK* is equal to the initial authentication credential PSK, the second device determines the identity of the first device It is legal and the firmware version is real; when it is determined that the identity of the first device is legal and the firmware version is real, it can be determined that the authentication of the first device is successful, and step 503 can be performed at this time to return the authentication result. If the standard verification key PSK* is not equal to the initial authentication certificate PSK, the second device determines that the device identity of the first device is illegal because the firmware of the first device has been tampered with. At this time, the authentication result of the first authentication message may be returned to the first device, that is, the authentication of the first authentication credential fails.

Step 503: The second device returns a first authentication response to the first device.

The first authentication response may include an authentication result of the first authentication message.

Further, when the device identity is legal and the firmware version is real, the second device may also determine another condition for whether the first device is authenticated successfully according to whether the device firmware version is an approved valid version.

When the authentication result of the first authentication message returned by the second device to the first device is that the initial authentication credential PSK authentication failed, if the first authentication message does not carry the verification sequence, at this time, step 504b can be directly executed: the first device can Send a second authentication request message to the second device.

The second authentication request message may carry the firmware password value of each layer to be authenticated, and the firmware password value may be the respectively encrypted firmware password value. The second authentication message may also carry a check sequence, and the check sequence may also be an encrypted check sequence, so as to improve the security of the first device.

Another possible implementation manner may also be to perform step 504a: the second device sends a third authentication request message to the first device, the third authentication request message is used to obtain the verification sequence of the first device, and then step 504b is performed : The first device sends a second authentication request message to the second device to send the verification sequence.

Another possible implementation mode can also be to perform step 504a: the second device sends a third authentication request message to the first device, and the third authentication request message is used to obtain the firmware password value of the i-th layer to be verified, and then execute Step 504b: The first device sends a second authentication request message to the second device, where the second authentication request message carries the firmware password value of the i-th layer to be authenticated. This is not limited.

Step 504: The second device authenticates the firmware password value of each layer to be authenticated of the first device.

Combining the modes F1-F3, at this time, the second device may have multiple authentication modes, and the modes H1-H3 are exemplified below.

Mode H1, taking the first device sending the check sequence to the second device as an example, by comparing the standard check sequence D*=(Secret ₀ *,Secret ₁ *,...,Secret _n *) with the check sequence D=(Secret ₀ ,Secret _1…, Secret _n ), the specific tampered firmware level can be determined. For example, if Secret _i * is not equal to Secret _i , the second device can determine that the i-th layer of firmware is the tampered firmware layer.

Mode H2, taking the first device sending the firmware password value Secret _i of the i-th layer to be verified to the second device as an example, by comparing the standard firmware password value Secret _i * of the i-th layer to be verified in the standard check sequence, Compared with the firmware password value Secret _i of the i-th layer to be verified sent by the first device to the second device, if Secret _i * is not equal to Secret _i , the second device can determine that the layer-i firmware is tampered with Firmware level.

Another possible implementation is that the first device sends the encrypted firmware password value S _i of the i-th layer to be verified (the first firmware password value of the i-th layer to be verified) to the second device, for example, the The second device can encrypt the firmware password value Secret _i of the i-th layer to be verified based on the random number N1 generated by the second device, and the encrypted firmware password value S _i of the i-th layer to be verified can satisfy: S _i = HMAC(Secret _i ,N1). Therefore, after receiving the random number N1, the second device can determine the encrypted i-th pending layer according to the random number N1 and the standard firmware password value Secret _i * of the i-th layer to be verified. The standard firmware password value S _i * of the verification layer, thus, according to the encrypted standard firmware password value S _i * and the encrypted firmware password value S _i of the i-th layer to be verified sent by the first device is compared to determine the i-th Whether the layer to be verified is legal.

Further, the second device may perform step 504c: send a second authentication response to the first device, where the second authentication response is used to indicate a to-be-authenticated layer of the n to-be-authenticated layers whose authentication fails.

The following uses a specific scenario to illustrate the authentication process of this application. As shown in FIG. 6, FIG. 6 shows the authentication process of an IoT device and a server in the process of establishing a DTLS handshake. In this example, the DICE module of the first device Use an incrementing counter (Counter) as the Seed in the DICE module. After the first device is fully booted, the nth layer firmware of the first device may determine the initial authentication credential PSK for this boot. The authentication process can include the following steps:

Step 601: the first device sends a handshake request message to the second device;

The handshake request message may be a Client Hello message; the handshake request message may carry the identity information of the first device, for example, the ID of the first device, the firmware version number of the first device, and the like. The handshake request message may also carry a service identifier corresponding to the handshake request message. So that the second device can verify the handshake request message based on the service identifier.

Step 602: The second device generates a first random number based on the handshake request message.

The first random number may be represented as Nonce-1, and further, the second device may also generate a session identifier for the first device. The session identifier can be a temporary identifier cookie.

Step 603: The second device returns a handshake response message to the first device.

The handshake response message may be a Server Hello message, and the handshake response message may include a session identifier and a first random number.

Step 604: The first device determines the target authentication credential PSK sent to the second device based on the handshake response message of the second device.

The target authentication credential PSK sent to the second device may be an encrypted initial authentication credential PSK. The encrypted initial authentication credential PSK may have various encryption modes, and the following uses mode J1-mode J2 as an example.

Manner J1: The first device generates a second random number based on the handshake response message of the second device.

The second random number may be expressed as Nonce-2, and the second random number may be generated according to the first random number, or may be any random number, which is not limited herein. Thus, the first device may encrypt the initial authentication credential PSK based on the first random number and the second random number, thereby generating the target authentication credential. A possible implementation manner, the encrypted initial authentication credential PSK can satisfy: R=HMAC(PSK, Nonce-1|Nonce-2); where | represents the connector between the first random number and the second random number, and Nonce- 1|Nonce-2 indicates that a new parameter is generated by connecting the first random number and the second random number as a parameter for encrypting the initial authentication credential PSK.

Alternatively, the encrypted initial authentication credential PSK can satisfy: R=HMAC(PSK, Nonce-2|Nonce-1); of course, the encrypted initial authentication credential PSK can also be generated according to the first random number and the second random number. The random number is determined. The generation method of the third random number is not limited to the above-mentioned connection method, and may also be determined by an operation method, which is not limited here.

Manner J2: The first device determines the target authentication credential PSK based on the first random number of the second device.

In a possible implementation manner, the target authentication credential PSK may be an encrypted initial authentication credential PSK, and the encrypted initial authentication credential PSK may satisfy: R=HMAC(PSK, Nonce-1).

It should be noted that the above encryption function may also be other encryption functions, for example, a KDF function, a pseudo-random function PRF, or a hash function-based key derivation function HKDF, which is not limited here.

Step 605: The first device sends a first authentication message to the second device.

The first authentication message may include at least one of the following: device ID, firmware version number, initial check value Seed counter value Counter, target authentication credential, and check sequence D. It should be noted that, in order to save the length of the authentication message, the first authentication message may not carry the verification sequence D, and when it is determined that the target authentication credential fails to authenticate, the verification sequence is sent to determine the specific layer that failed the verification. Alternatively, only when the first device needs to verify the specific layer that fails the verification, it sends a verification sequence to the second device to verify the layer that fails to verify the specific verification.

A possible implementation manner, the first authentication message may be a Client Hello message, and the first authentication message may include at least one of the following: a session identifier, a second random number, a device ID, a firmware version number, and a Seed counter value Counter, The encrypted initial authentication credential PSK (target authentication credential), the encrypted check sequence D (which may be an encrypted firmware password value including n layers to be authenticated). Wherein, the encrypted verification sequence D can be generated in the same manner as the encrypted initial authentication credential PSK (target authentication credential). For example, the generated encrypted verification sequence D can satisfy:

X=(X ₁ , X ₂ , . . . , X _n )

Among them, for the i-th encrypted firmware password value of the n layers to be authenticated, it can satisfy:

X _i =(HMAC(Secret _i ,Nonce-1|Nonce-2)

Or, for the i-th encrypted firmware password value of the n layers to be authenticated, it can satisfy:

X _i =(HMAC(Secret _i ,Nonce-1)

For details, reference may be made to manners J1 and J2, which will not be repeated here.

In the first authentication message, the device ID may be carried by the PSK Identity in the pre-share-key extension (Extension) in the Client Hello message. Firmware version number, Seed counter value, encrypted initial authentication certificate PSK, and encrypted check sequence D can be carried through the new custom extension in the Client Hello message. limited.

Step 606: The second device authenticates the initial verification value Seed in the first authentication message.

For the specific authentication method, reference may be made to step 502, which will not be repeated here.

In step 606, when the initial verification value Seed authentication fails, execute step 609; when the initial verification value Seed authentication succeeds, execute step 607;

Step 607: The second device authenticates the target authentication credential.

For the specific authentication method, reference may be made to step 502a, which will not be repeated here.

Taking the target authentication credential as the initial authentication credential encrypted by the first random number and the second random data as an example, the second device can determine the PSK*, thereby determining the encrypted PSK*, that is, the standard verification key R*=HMAC( PSK*, Nonce-1|Nonce-2); if R*=R, and the Firmware Version is determined as acceptable by the server, it is determined that the device firmware is legal, and step 608 is performed; otherwise, step 609 is performed;

Step 608: The second device performs session negotiation with the first device, and performs a DTLS subsequent standard handshake process.

Specifically, it may include: the first device and the second device initiate a negotiation process for the session key, and verify the consistency of the session key, thereby completing the handshake process, so that the first device can send data to the second device subsequently.

Step 609: The DTLS handshake process is disconnected, and the process ends.

It should be noted that the process of the second device sending the first random number to the first device in steps 601 to 609 to realize the authentication process can also be replaced by other authentication processes, or, there can be any one or Multiple steps do not have to be performed, for example, step 601 does not have to be performed, that is, the second device does not need to send the first random number to the first device, and the first device can generate an encrypted initial authentication credential PSK according to the device's identity, without the first random number. . It only needs to be able to complete the authentication of the first device by the second device.

Further, in step 607, the firmware code in each layer to be authenticated can also be verified. For example, when it is determined that the device firmware is invalid, the second device can send a first authentication response to the first device to send the first authentication response to the first device. The device returns a message that the target authentication credential verification failed. Specifically, it can include:

Step 6010: The second device sends a first authentication response message to the first device.

The first authentication response message may be a Server Hello message.

A new custom extension option is added in the Server Hello message, carrying the indication information of "Target Authentication Credential Verification Failed".

Step 6011: The first device sends a second authentication request message to the second device.

The second authentication request message may carry the encrypted firmware password values of n layers to be authenticated, or the encrypted firmware password value of the i-th layer to be authenticated.

In a possible implementation manner, the first device may determine the encrypted firmware password values of the n layers to be authenticated based on the manner of determining the encrypted initial authentication credential PSK in manners J1 and J2. For example, the encrypted firmware password value for the ith layer to be authenticated can satisfy:

X _i =(HMAC(Secret _i ,Nonce-1|Nonce-2)

The first device may only carry the encrypted firmware password value of the i-th layer to be authenticated, or may send all the encrypted firmware password values of the n layers to be authenticated to the second device, which is not limited herein.

For example, the encrypted firmware password value of the layer to be authenticated can be carried in the custom extension option added in the Client Hello message, or it can be multiplexed with the original extension option, which is not limited here.

Step 6012: The first device sends a second authentication response message to the second device.

The second authentication response message is used to indicate the to-be-authenticated layer in the first device whose authentication has failed. For example, if it is determined that among the n layers to be authenticated, 2 layers to be authenticated fail to be authenticated (for example, layer 0, layer 2), the second authentication response message can carry layer 0 and layer 2 authentication Indication of failure.

Further, the second device may also determine the security policy of the response according to the first authentication response or the second authentication response.

The first execution strategy includes, for example, that the first device stops working, or the first device stops using some functions of the first device. For the first device, the first execution strategy may include that the first device stops working, or the first device stops using some functions of the first device. Some of the functions here may be functions related to the i-th layer to be authenticated. The first execution policy may be executed by the first device or executed by the second device. If the first execution strategy should be executed by the first device, the second device may send indication information to the first device, and the first device receives indication information from the second device, where the indication information is used to indicate the first execution strategy. Alternatively, the first execution strategy may be executed by the second device, and the second device may not send the instruction information to the first device, but execute the first execution strategy by itself, that is, prevent the function of the i-th layer to be authenticated. related business requests.

The apparatus for implementing the above method in the embodiments of the present application will be described below with reference to the accompanying drawings. Therefore, the above content can be used in subsequent embodiments, and repeated content will not be repeated.

FIG. 7 is a schematic block diagram of a communication apparatus 700 according to an embodiment of the present application. The communication apparatus 700 may be a communication device, or a device capable of supporting the communication device to implement the functions required by the method, such as a chip system. Illustratively, the communication device is an Internet of Things device. Exemplarily, the communication device is, for example, the first device 700 .

The communication device 700 includes a processing module 710 and a transceiver module 720 . Exemplarily, the communication apparatus 700 may be the first device, or may be a chip applied in the first device or other combined devices, components, etc. having the functions of the first device described above. When the communication apparatus 700 is the first device, the transceiver module 720 may be a transceiver, which may include an antenna and a radio frequency circuit, etc., and the processing module 710 may be a processor, such as a baseband processor, and the baseband processor may include one or more central Processing unit (central processing unit, CPU). When the communication apparatus 700 is a component having the functions of the above-mentioned first device, the transceiver module 720 may be a radio frequency unit, and the processing module 710 may be a processor, such as a baseband processor. When the communication device 700 is a system-on-chip, the transceiver module 720 may be an input/output interface of the system-on-chip (eg, a baseband chip), and the processing module may be a processor of the system-on-chip, which may include one or more central processing units.

The processing module 710 may be configured to perform all operations performed by the first device in the embodiment shown in FIG. 4a except for the transceiving operations, and/or be configured to support other processes of the techniques described herein. The transceiving module 720 may be used to perform all transceiving operations performed by the first device in the embodiment shown in FIG. 4a.

Alternatively, the processing module 710 may be configured to perform all operations performed by the first device in the embodiment shown in FIG. 5 or FIG. 6 except for the transceiving operations, and/or other processes for supporting the techniques described herein . The transceiving module 720 may be configured to perform all transceiving operations performed by the first device in the embodiment shown in FIG. 5 or FIG. 6 .

In addition, the transceiver module 720 may be a functional module, and the function module can complete both the sending operation and the receiving operation. For example, the transceiver module 720 may be used to perform the embodiment shown in FIG. 4a to the embodiment shown in FIG. 6 . All the sending and receiving operations performed by the first device in any of the embodiments, for example, when performing a sending operation, the transceiver module 720 can be considered to be a sending module, and when performing a receiving operation, it can be considered that the transceiver module 720 is a receiving operation. Alternatively, the transceiver module 720 can also be a general term for two functional modules, the two functional modules are respectively a sending module and a receiving module, the sending module is used to complete the sending operation, for example, the sending module can be used to perform the operation shown in FIG. 4a. For all the sending operations performed by the first device in any of the embodiments to the embodiments shown in FIG. 6 , the receiving module is used to complete the receiving operation, for example, the receiving module may be used to execute the embodiment shown in FIG. 4a All the receiving operations performed by the first device in any of the embodiments shown in FIG. 6 .

For example, the processing module 710 is configured to determine an initial verification value when the authentication process is started; the initial verification value is used to mark the current authentication process; sequentially for the i-th layer to be authenticated of the n layers to be authenticated Perform the following processing to obtain the firmware password value of the nth layer to be authenticated: according to the first check value of the ith layer to be authenticated, determine the first check value of the i+1th layer to be authenticated ; The first check value of the first layer to be authenticated is determined according to the initial check value; the i is a positive integer greater than or equal to 1 and less than or equal to n-1; according to the i+1 The codes of each layer to be authenticated and the first check value of the i-th layer to be authenticated determine the firmware password value of the i+1-th layer to be authenticated; the firmware password value of the first layer to be authenticated is determined according to the code of the first layer to be authenticated; the first device generates an initial authentication credential according to the firmware password value of the nth layer to be authenticated; the initial authentication credential is used to pass the transceiver module 720 Authenticate to the authenticator.

As an optional implementation manner, the processing module 710 is configured to hash the code of the i+1th layer to be authenticated to obtain the hash value of the i+1th layer to be authenticated; The hash values of the i+1 layers to be authenticated and the first check value of the i-th layer to be authenticated are encrypted to obtain the firmware password value of the i+1-th layer to be authenticated.

As an optional implementation manner, the processing module 710 is configured to hash the first check value of the i-th layer to be authenticated to obtain the first check value of the i+1-th layer to be authenticated value.

As an optional implementation manner, the processing module 710 is configured to, after determining the firmware password value of the i-th layer to be authenticated, output the i+1-th layer to the i+1-th layer to be authenticated through the transceiver module 720 The first check value of the layer to be authenticated, the firmware password value of the i+1 th layer to be authenticated, and the initial check value.

As an optional implementation manner, the processing module 710 may be further configured to delete the first check value of the i-th layer to be authenticated and the firmware password value of the i-th layer to be authenticated.

As an optional implementation manner, the initial check value is any one of the following: a timestamp, a counter, or a random number.

With reference to the embodiments shown in FIG. 5 and FIG. 6 , the processing module 710 is configured to send a first authentication request message to the authenticator through the transceiver module 720; the first authentication request message includes: the initial check value and the target authentication credential; the target authentication credential is determined according to the initial authentication credential; the first authentication request message is used to request authentication for the first device; the first authentication from the authenticator is received through the transceiver module 720 response; the first authentication response is used to indicate the authentication result of the first device.

As an optional implementation manner, the processing module 710 is further configured to send a second authentication request message to the authenticating party through the transceiver module when the authentication result of the first device is an authentication failure; the first device The second authentication request message includes: the encrypted firmware password value of the i-th layer to be authenticated; the encrypted firmware password value is determined according to the firmware password value of the i-th layer to be authenticated; the second authentication request message is used for requesting authentication for the i-th layer to be authenticated of the first device;

The transceiver module 720 is further configured to receive a second authentication response from the authenticator; the second authentication response is used to indicate the authentication result of the i-th layer to be authenticated.

As an optional implementation manner, before sending the second authentication request message to the authenticating party, the transceiver module 720 is further configured to receive a third authentication request message from the authenticating party; the third authentication request message is used for Request to obtain the encrypted firmware password value of the i-th layer to be authenticated.

A possible implementation manner, the first authentication request message further includes: n encrypted firmware password values of the n layers to be authenticated; the encrypted firmware of the i-th layer to be authenticated in the n layers to be authenticated The password value is determined after encryption according to the firmware password value of the i-th layer to be authenticated; the first authentication response is further used to indicate a layer to be authenticated that fails to be authenticated among the n layers to be authenticated.

In a possible implementation manner, the transceiver module 720 is further configured to receive the first random number from the authenticating party;

The processing module 710 is further configured to generate the encrypted initial authentication credential according to the first random number and the initial authentication credential; or, according to the first random number, the second random number and the initial authentication credential, the encrypted initial authentication credential is generated; the second random number is determined by the first device; the target authentication credential is determined according to the encrypted initial authentication credential.

A possible implementation, the processing module 710 is configured to generate the encrypted firmware password value of the i-th layer to be authenticated according to the first random number and the firmware password value of the i-th layer to be authenticated; or , a processing module 710, configured to generate the encrypted firmware password value of the i-th layer to be authenticated according to the first random number, the second random number and the firmware password value of the i-th layer to be authenticated.

A possible implementation manner, the first authentication response includes at least one of the following: the initial verification value authentication fails, the target authentication credential authentication fails; the second authentication response includes at least one of the following: The authentication of the initial check value fails, the authentication of the target authentication credential fails, and the authentication of the i-th layer to be authenticated fails.

It should be understood that the processing module 710 in this embodiment of the present application may be implemented by a processor or a circuit component related to the processor, and the transceiver module 720 may be implemented by a transceiver or a circuit component related to the transceiver.

As shown in FIG. 8 , an embodiment of the present application further provides a communication apparatus 800 . Exemplarily, the communication apparatus 800 is, for example, the first device 800 . Exemplarily, the communication apparatus 800 may be a communication device, such as an IoT device, or may also be a chip system or the like. The communication device 800 includes a processor 810 . Optionally, a memory 820 may also be included. Optionally, a transceiver 830 may also be included. The memory 820 stores computer instructions or programs, and the processor 810 can execute the computer instructions or programs stored in the memory 820 . When the computer instructions or programs stored in the memory 820 are executed, the processor 810 is configured to perform the operations performed by the processing module 710 in the foregoing embodiments, and the transceiver 830 is configured to perform operations performed by the transceiving module 720 in the foregoing embodiments. Alternatively, the communication device 800 may also not include the memory 820. For example, the memory is located outside the communication device 800. When the computer instructions or programs stored in the external memory are executed, the processor 810 is configured to execute the processing executed by the processing module 710 in the foregoing embodiment. In operation, the transceiver 830 is configured to perform the operations performed by the transceiver module 720 in the above embodiments.

Wherein, the transceiver 830 may be a functional unit, and the functional unit can complete both the sending operation and the receiving operation. For example, the transceiver 830 may be used to perform the embodiment shown in FIG. 4a to the embodiment shown in FIG. 6 . All transmit operations and receive operations performed by the first device in any of the embodiments, for example, when performing a transmit operation, the transceiver 830 can be considered as a transmitter, and when performing a receive operation, the transceiver 830 can be considered as a receiver. Alternatively, the transceiver 830 may also be a general term for two functional units, which are respectively a transmitter and a receiver, the transmitter is used to complete the transmission operation, for example, the transmitter can be used to perform the implementation shown in FIG. 4a For example to all the sending operations performed by the first device in any of the embodiments shown in FIG. 6 , the receiver is used to complete the receiving operation. For example, the receiver may be used to perform the embodiment shown in FIG. 4 a to FIG. All receiving operations performed by the first device in any of the embodiments shown in 6.

In addition, if the communication apparatus 800 is a chip system, the transceiver 830 can also be implemented through a communication interface of the chip system, and the communication interface is connected to a radio frequency transceiver component in the communication device, so as to realize information transmission and reception through the radio frequency transceiver component. The communication interface can be a functional unit, which can complete both the sending operation and the receiving operation. For example, the communication interface can be used to execute any one of the embodiments shown in FIG. 4a to the embodiments shown in FIG. 6 . All sending operations and receiving operations performed by the first device in It can also be a general term for two functional units. These two functional units are respectively a sending interface and a receiving interface. The sending interface is used to complete the sending operation. For example, the sending interface can be used to execute the embodiment shown in FIG. 4a to the one shown in FIG. 6 For all sending operations performed by the first device in any of the above embodiments, the receiving interface is used to complete the receiving operation. For example, the receiving interface may be used to perform the embodiment shown in FIG. 4a to the implementation shown in FIG. 6 . All receive operations performed by the first device in any of the examples.

It should be understood that the communication apparatus 700 or the communication apparatus 800 according to this embodiment of the present application may implement the function of the first device in any one of the embodiments shown in FIG. 4a to the embodiments shown in FIG. 6 , and the communication apparatus The operations and/or functions of the modules in 700 or the communication device 800 are respectively to implement the corresponding process in any one of the embodiments shown in FIG. 4a to the embodiment shown in FIG. Repeat.

FIG. 9 is a schematic block diagram of a communication apparatus 900 provided by an embodiment of the present application. The communication apparatus 900 may be a communication device, or a device capable of supporting the communication device to implement the functions required by the method, such as a chip system. Exemplarily, the communication device is the second device. Illustratively, the communication device is, for example, an authenticator's server or the like.

The communication device 900 includes a processing module 910 and a transceiver module 920 . Exemplarily, the communication apparatus 900 may be the second device, or may be a chip applied in the second device, or other combined devices, components, etc. having the functions of the second device described above. When the communication apparatus 900 is the second device, the transceiver module 920 may be a transceiver, which may include an antenna and a radio frequency circuit, etc., and the processing module 910 may be a processor, such as a baseband processor, and the baseband processor may include one or more central Processing unit (central processing unit, CPU). When the communication apparatus 900 is a component having the functions of the above-mentioned second device, the transceiver module 920 may be a radio frequency unit, and the processing module 910 may be a processor, such as a baseband processor. When the communication device 900 is a system-on-chip, the transceiver module 920 may be an input/output interface of the system-on-chip (eg, a baseband chip), and the processing module may be a processor of the system-on-chip, which may include one or more central processing units.

The processing module 910 may be configured to perform all operations performed by the second device in the embodiment shown in FIG. 4a except for the transceiving operations, and/or to support other processes of the techniques described herein. The transceiving module 920 may be used to perform all transceiving operations performed by the second device in the embodiment shown in FIG. 4a.

Alternatively, the processing module 910 may be configured to perform all the operations performed by the second device in the embodiment shown in FIG. 5 or FIG. 6 except for the transceiving operations, and/or other processes for supporting the techniques described herein . The transceiving module 920 may be configured to perform all transceiving operations performed by the second device in the embodiment shown in FIG. 5 or FIG. 6 .

In addition, the transceiver module 920 may be a functional module, and the function module can perform both sending operations and receiving operations. For example, the transceiver module 920 may be used to perform the steps in the embodiment shown in FIG. 4a to the embodiment shown in FIG. 6 . All the sending and receiving operations performed by the second device in any embodiment, for example, when performing a sending operation, the transceiver module 920 can be considered to be a sending module, and when performing a receiving operation, it can be considered that the transceiver module 920 is a receiving operation. Alternatively, the transceiver module 920 can also be a general term for two functional modules, the two functional modules are respectively a sending module and a receiving module, and the sending module is used to complete the sending operation, for example, the sending module can be used to perform the operation shown in FIG. 4a. For all sending operations performed by the second device in any of the embodiments to the embodiments shown in FIG. 6 , the receiving module is used to complete the receiving operation. For example, the receiving module may be used to execute the embodiment shown in FIG. 4a All the receiving operations performed by the second device in any of the embodiments shown in FIG. 6 .

For example, the transceiver module 920 is configured to receive a first authentication request message from a first device; the first authentication request message includes: the initial check value and a target authentication credential; the target authentication credential is based on the initial The authentication credential is determined; the first authentication request message is used to request authentication for the first device;

A processing module 910, configured to authenticate the first authentication request message; send a first authentication response to the first device through the transceiver module according to the authentication result of the first authentication request message; the first authentication response The authentication response is used to indicate the authentication result of the first device.

As an optional implementation manner, if the initial verification value is a timestamp, the processing module 910 is configured to authenticate the initial verification value according to the current time; or,

If the first check value is a counter, the processing module 910 is configured to compare the initial check value with the second check value, and authenticate the initial check value; the second check value is The initial check value sent last time by the first device;

The first check value is a random number, then the processing module 910 is configured to compare the initial check value with all historical initial check values sent by the first device, and perform the first check value on the first check value. Certification.

As an optional implementation manner, the processing module 910 is configured to generate n standard firmware password values according to the n standard hash values of the n layers to be authenticated and the first check value of the first device ; Generate a standard verification key according to the n standard firmware password values; compare the standard verification key with the target authentication credential to determine whether the target authentication credential is authenticated successfully.

As an optional implementation manner, the processing module 910 is configured to, for the i-th layer to be authenticated among the n layers to be authenticated, perform: according to the first check value of the i-th layer to be authenticated, determine the The first check value of the i+1th layer to be authenticated; the first check value of the first layer to be authenticated is determined according to the initial check value; i is greater than or equal to 1 and less than or equal to A positive integer of n-1; according to the standard hash value of the i+1-th layer to be authenticated and the first check value of the i-th layer to be authenticated, determine the i+1-th layer to be authenticated The firmware password value of the first layer to be authenticated is determined according to the standard hash value of the first layer to be authenticated.

As an optional implementation manner, the processing module 910 is configured to receive the first device from the first device through the transceiver module when the first device authentication result is that the authentication result of the target authentication credential is a failure. Two authentication request messages; the second authentication request message includes: the encrypted firmware password value of the i-th layer to be authenticated; the encrypted firmware password value is determined according to the firmware password value of the i-th layer to be authenticated; The second authentication request message is used to request authentication for the i-th layer to be authenticated of the first device; authenticate the encrypted firmware password value of the i-th layer to be authenticated, according to the i-th layer to be authenticated. For the authentication result of the encrypted firmware password value of the authentication layer, a second authentication response is sent to the first device through the transceiver module; the second authentication response is used to indicate the authentication result of the i-th layer to be authenticated.

As an optional implementation manner, the transceiver module 920 is further configured to send a third authentication request message to the first device; the third authentication request message is used to request to obtain the encryption of the i-th layer to be authenticated Firmware password value.

As an optional implementation manner, the processing module 910 is further configured to determine the i-th standard firmware password value after encryption according to the i-th standard firmware password value in the n standard firmware password values; The encrypted i-th standard firmware password value is compared with the encrypted firmware password value of the i-th layer to be authenticated to determine whether the i-th layer to be authenticated is authenticated successfully.

As an optional implementation manner, the first authentication request message further includes: n encrypted firmware password values of the n layers to be authenticated; the processing module 910 is further configured to verify the n values of the n layers to be authenticated The encrypted firmware password value is authenticated respectively to determine the to-be-authenticated layer whose authentication has failed; the first authentication response is also used to indicate the to-be-authenticated layer that has failed authentication.

As an optional implementation manner, the processing module 910 is further configured to send a first random number to the first device through the transceiver module; wherein, the target authentication credential is based on the first random number and the or the target authentication credential is generated according to the first random number, the second random number and the initial authentication credential; the second random number is determined by the first device .

As an optional implementation manner, the encrypted firmware password value of the i-th layer to be authenticated is generated according to the first random number and the firmware password value of the i-th layer to be authenticated; or, the The encrypted firmware password value of the i-th layer to be authenticated is generated according to the first random number, the second random number, and the firmware password value of the i-th layer to be authenticated.

It should be understood that the processing module 910 in this embodiment of the present application may be implemented by a processor or a circuit component related to the processor, and the transceiver module 920 may be implemented by a transceiver or a circuit component related to the transceiver.

As shown in FIG. 10 , an embodiment of the present application further provides a communication apparatus 1000 . Exemplarily, the communication apparatus 1000 is, for example, the second device. Exemplarily, the communication apparatus 1000 may be a communication device, such as an IoT device, or may also be a chip system or the like. The communication device 1000 includes a processor 1010 . Optionally, a memory 1020 may also be included. Optionally, a transceiver 1030 may also be included. The memory 1020 stores computer instructions or programs, and the processor 1010 can execute the computer instructions or programs stored in the memory 1020 . When the computer instructions or programs stored in the memory 1020 are executed, the processor 1010 is configured to perform the operations performed by the processing module 910 in the foregoing embodiments, and the transceiver 1030 is configured to perform operations performed by the transceiving module 920 in the foregoing embodiments. Alternatively, the communication device 1000 may also not include the memory 1020. For example, the memory is located outside the communication device 1000. When the computer instructions or programs stored in the external memory are executed, the processor 1010 is configured to execute the processing executed by the processing module 910 in the foregoing embodiment. In operation, the transceiver 1030 is configured to perform the operations performed by the transceiver module 920 in the above embodiments.

Wherein, the transceiver 1030 may be a functional unit, and the functional unit can complete both the sending operation and the receiving operation. For example, the transceiver 1030 may be used to execute the embodiment shown in FIG. 4a to the embodiment shown in FIG. 6 . All transmit operations and receive operations performed by the second device in any embodiment, for example, when performing a transmit operation, the transceiver 1030 can be considered as a transmitter, and when performing a receive operation, the transceiver 1030 can be considered as a receiver. Alternatively, the transceiver 1030 may also be a general term for two functional units, the two functional units are a transmitter and a receiver respectively, the transmitter is used to complete the transmission operation, for example, the transmitter can be used to perform the implementation shown in FIG. 4a. For example to all the sending operations performed by the second device in any of the embodiments shown in FIG. 6, the receiver is used to complete the receiving operation. For example, the receiver may be used to perform the embodiment shown in FIG. 4a to FIG. All receiving operations performed by the second device in any of the embodiments shown in 6.

In addition, if the communication apparatus 1000 is a chip system, the transceiver 1030 can also be implemented through a communication interface of the chip system, and the communication interface is connected to a radio frequency transceiver component in the communication device to realize information transmission and reception through the radio frequency transceiver component. The communication interface can be a functional unit, which can complete both the sending operation and the receiving operation. For example, the communication interface can be used to execute any one of the embodiments shown in FIG. 4a to the embodiments shown in FIG. 6 . All sending operations and receiving operations performed by the second device in the It can also be a general term for two functional units. These two functional units are respectively a sending interface and a receiving interface. The sending interface is used to complete the sending operation. For example, the sending interface can be used to execute the embodiment shown in FIG. 4a to the one shown in FIG. 6 For all sending operations performed by the second device in any of the above embodiments, the receiving interface is used to complete the receiving operation. For example, the receiving interface may be used to perform the embodiment shown in FIG. 4a to the implementation shown in FIG. 6 . All receive operations performed by the second device in any of the examples.

It should be understood that the communication apparatus 900 or the communication apparatus 1000 according to the embodiment of the present application may implement the function of the second device in any one of the embodiments shown in FIG. 4a to the embodiment shown in FIG. 6 , and the communication apparatus The operations and/or functions of each module in 900 or the communication device 1000 are respectively in order to realize the corresponding process in any one of the embodiments shown in FIG. 4a to the embodiment shown in FIG. Repeat.

An embodiment of the present application further provides a communication system, where the communication system includes the communication apparatus 700 or the communication apparatus 800 , and includes the communication apparatus 900 or the communication apparatus 1000 .

Embodiments of the present application further provide a computer storage medium, where the computer-readable storage medium is used to store a computer program, and when the computer program runs on a computer, the computer can execute any one of the possibilities shown in FIG. 4a. The method described in the embodiment of .

Embodiments of the present application further provide a computer storage medium, where the computer-readable storage medium is used to store a computer program, and when the computer program runs on a computer, the computer can execute any one of the possibilities shown in FIG. 5 . The method described in the embodiment of .

Embodiments of the present application further provide a computer storage medium, where the computer-readable storage medium is used to store a computer program, and when the computer program runs on a computer, the computer can execute any one of the possibilities shown in FIG. 6 . The method described in the embodiment of .

Embodiments of the present application further provide a computer program product including instructions, the computer program product is used to store a computer program, and when the computer program runs on a computer, the computer can execute any of the steps in FIG. 4a to FIG. 6 . The method described in a possible embodiment.

It should be understood that the processor mentioned in the embodiments of the present application may be a CPU, and may also be other general-purpose processors, digital signal processors (digital signal processors, DSPs), application specific integrated circuits (application specific integrated circuits, ASICs), off-the-shelf programmable processors Gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

It should also be understood that the memory mentioned in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. The non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable Except programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory may be random access memory (RAM), which acts as an external cache. By way of example and not limitation, many forms of RAM are available, such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double datarate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (synchlink DRAM, SLDRAM) and Direct memory bus random access memory (direct rambus RAM, DR RAM).

It should be noted that when the processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components, the memory (storage module) is integrated in the processor.

It should be noted that the memory described herein is intended to include, but not be limited to, these and any other suitable types of memory.

It should be understood that, in various embodiments of the present application, the size of the sequence numbers of the above-mentioned processes does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, and should not be dealt with in the embodiments of the present application. implementation constitutes any limitation.

Those of ordinary skill in the art can realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of this application.

Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working process of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution, and the computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: U disk, removable hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other media that can store program codes .

The above are only specific implementations of the present application, but the protection scope of the embodiments of the present application is not limited thereto. Any person skilled in the art who is familiar with the technical field can easily think of changes within the technical scope disclosed in the embodiments of the present application. Or alternatives, all should be covered within the protection scope of the embodiments of the present application. Therefore, the protection scope of the embodiments of the present application should be based on the protection scope of the claims.

Claims (27)

1. The method for generating the authentication voucher is applied to first equipment, wherein the first equipment comprises n layers to be authenticated, and n is a positive integer; the method comprises the following steps:

when starting the authentication process, determining an initial check value; the initial check value is used for marking the authentication process;

sequentially executing the following processing aiming at the ith layer to be authenticated of the n layers to be authenticated to obtain the firmware password value of the nth layer to be authenticated:

determining a first check value of the (i + 1) th layer to be authenticated according to the first check value of the ith layer to be authenticated; the first check value of the 1 st layer to be authenticated is determined according to the initial check value; the i is a positive integer which is greater than or equal to 1 and less than or equal to n-1;

determining a firmware password value of the (i + 1) th layer to be authenticated according to the code of the (i + 1) th layer to be authenticated and the first check value of the (i) th layer to be authenticated; the firmware password value of the 1 st layer to be authenticated is determined according to the code of the 1 st layer to be authenticated;

generating an initial authentication certificate according to the firmware password value of the nth layer to be authenticated; the initial authentication credential is to authenticate the first device.

2. The method according to claim 1, wherein the determining the firmware password value of the i +1 th layer to be authenticated according to the code of the i +1 th layer to be authenticated and the first check value of the i th layer to be authenticated comprises:

hashing the code of the (i + 1) th layer to be authenticated to obtain a hash value of the (i + 1) th layer to be authenticated;

and encrypting the hash value of the (i + 1) th layer to be authenticated and the first check value of the (i) th layer to be authenticated to obtain the firmware password value of the (i + 1) th layer to be authenticated.

3. The method according to claim 1, wherein the determining the first verification value of the (i + 1) th layer to be authenticated according to the first verification value of the (i) th layer to be authenticated comprises:

and hashing the first check value of the ith layer to be authenticated to obtain the first check value of the (i + 1) th layer to be authenticated.

4. The method according to any one of claims 1 to 3, wherein after determining the firmware cryptographic value of the i-th layer to be authenticated, the method further comprises:

and outputting the first check value of the (i + 1) th layer to be authenticated, the firmware password value of the (i + 1) th layer to be authenticated and the initial check value to the (i + 1) th layer to be authenticated.

5. The method of claim 4, further comprising:

and deleting the first check value of the (i + 1) th layer to be authenticated and the firmware password value of the (i + 1) th layer to be authenticated.

6. The method according to any of claims 1-5, wherein the initial check value is any of:

a timestamp, a counter, or a random number.

7. A device authentication method based on the authentication credential generation method according to any one of claims 1 to 6, characterized by comprising:

sending a first authentication request message to an authenticator; the first authentication request message includes: the initial check value and a target authentication credential; the target authentication credential is determined from the initial authentication credential; the first authentication request message is for requesting authentication for the first device;

receiving a first authentication response from the authenticator; the first authentication response is to indicate an authentication result of the first device.

8. The method of claim 7, further comprising:

when the authentication result of the first equipment is authentication failure, sending a second authentication request message to the authenticator; the second authentication request message includes: the cipher value of the encryption firmware of the ith layer to be authenticated; the encryption firmware password value is determined according to the firmware password value of the ith layer to be authenticated; the second authentication request message is used for requesting authentication for the ith layer to be authenticated of the first device;

receiving a second authentication response from the authenticator; the second authentication response is used for indicating the authentication result of the ith layer to be authenticated.

9. The method of claim 8, wherein before sending the second authentication request message to the authenticator, further comprising:

receiving a third authentication request message from the authenticator; the third authentication request message is used for requesting to acquire the cryptographic value of the encryption firmware of the ith layer to be authenticated.

10. The method of claim 7, wherein the first authentication request message further comprises: n encryption firmware password values of the n layers to be authenticated; the encryption firmware password value of the ith layer to be authenticated in the n layers to be authenticated is determined after encryption according to the firmware password value of the ith layer to be authenticated;

the first authentication response is also used for indicating the authentication failure to-be-authenticated layer in the n to-be-authenticated layers.

11. The method according to any one of claims 7-10, further comprising:

receiving a first random number from the authenticator;

generating the encrypted initial authentication certificate according to the first random number and the initial authentication certificate; or generating the encrypted initial authentication certificate according to the first random number, the second random number and the initial authentication certificate; the second random number is determined by the first device;

the target authentication credential is determined from the initial authentication credential, including:

the target authentication credential is determined according to the encrypted initial authentication credential.

12. The method of claim 11, wherein the encrypted firmware password value is determined according to the firmware password value of the i-th layer to be authenticated, and comprises:

generating an encrypted firmware password value of the ith layer to be authenticated according to the first random number and the firmware password value of the ith layer to be authenticated; or,

and generating an encrypted firmware password value of the ith layer to be authenticated according to the first random number, the second random number and the firmware password value of the ith layer to be authenticated.

13. The method according to any of claims 8-12, wherein the first authentication response comprises at least one of: the initial check value authentication fails, and the target authentication credential authentication fails;

the second authentication response comprising at least one of: the authentication of the initial check value fails, the authentication of the target authentication certificate fails, and the authentication of the ith layer to be authenticated fails.

14. A device authentication method based on the authentication credential generation method according to any one of claims 1 to 6, characterized by comprising:

receiving a first authentication request message from a first device; the first authentication request message includes: the initial check value and a target authentication credential; the target authentication credential is determined from the initial authentication credential; the first authentication request message is for requesting authentication for the first device;

authenticating the first authentication request message;

sending a first authentication response to the first equipment according to the authentication result of the first authentication request message; the first authentication response is to indicate the first device authentication result.

15. The method of claim 14, wherein authenticating the first authentication request message comprises:

if the initial check value is a timestamp, authenticating the initial check value according to the current time; or,

if the first check value is a counter, comparing the initial check value with a second check value, and authenticating the initial check value; the second check value is an initial check value sent last time by the first device;

and if the first check value is a random number, authenticating the first check value according to the comparison between the initial check value and all historical initial check values sent by the first equipment.

16. The method according to claim 14 or 15, wherein the authenticating the first authentication message comprises:

generating n standard firmware password values according to the n standard hash values of the n layers to be authenticated of the first device and the first check value;

generating a standard verification secret key according to the n standard firmware password values;

and comparing the standard verification secret key with the target authentication certificate to determine whether the target authentication certificate is successfully authenticated.

17. The method according to claim 16, wherein the generating n standard firmware cryptographic values according to the n standard hash values of the n layers to be authenticated of the first device and the first check value comprises:

aiming at the ith layer to be authenticated in the n layers to be authenticated, executing the following steps:

determining a first check value of the (i + 1) th layer to be authenticated according to the first check value of the ith layer to be authenticated; the first check value of the 1 st layer to be authenticated is determined according to the initial check value; i is a positive integer greater than or equal to 1 and less than or equal to n-1;

determining a standard firmware password value of the (i + 1) th layer to be authenticated according to the standard hash value of the (i + 1) th layer to be authenticated and the first check value of the (i) th layer to be authenticated; and the code value of the standard firmware of the 1 st layer to be authenticated is determined according to the standard hash value of the 1 st layer to be authenticated.

18. The method according to any one of claims 14-17, further comprising:

receiving a second authentication request message from the first equipment when the authentication result of the first equipment is that the authentication result of the target authentication certificate is failure; the second authentication request message includes: the cipher value of the encryption firmware of the ith layer to be authenticated; the encryption firmware password value is determined according to the firmware password value of the ith layer to be authenticated; the second authentication request message is used for requesting authentication for the ith layer to be authenticated of the first device;

authenticating the password value of the encryption firmware of the ith layer to be authenticated, and sending a second authentication response to the first equipment according to the authentication result of the password value of the encryption firmware of the ith layer to be authenticated; the second authentication response is used for indicating the authentication result of the ith layer to be authenticated.

19. The method of claim 18, further comprising:

sending a third authentication request message to the first device; the third authentication request message is used for requesting to acquire the cryptographic value of the encryption firmware of the ith layer to be authenticated.

20. The method according to claim 18 or 19, wherein the authenticating the encrypted firmware cryptographic value of the i-th layer to be authenticated comprises:

generating an ith standard firmware password value after encryption according to the ith standard firmware password value in the n standard firmware password values;

and comparing the encrypted ith standard firmware password value with the encrypted firmware password value of the ith layer to be authenticated to determine whether the authentication of the ith layer to be authenticated is successful.

21. The method of any of claims 14-20, wherein the first authentication request message further comprises: n encryption firmware password values of n layers to be authenticated; the method further comprises the following steps:

respectively authenticating the n encryption firmware password values of the n layers to be authenticated to determine the layer to be authenticated which fails to be authenticated; the first authentication response is also used for indicating the layer to be authenticated which fails authentication.

22. The method according to any one of claims 14-21, further comprising:

sending a first random number to the first device;

wherein the target authentication credential is generated from the first random number and the initial authentication credential; or the target authentication credential is generated according to the first random number, the second random number and the initial authentication credential; the second random number is determined by the first device.

23. The method of claim 22, wherein the encrypted firmware password value is determined according to the firmware password value of the i-th layer to be authenticated, and comprises:

the encryption firmware password value of the ith layer to be authenticated is generated according to the first random number and the firmware password value of the ith layer to be authenticated; or the encryption firmware password value of the ith layer to be authenticated is generated according to the first random number, the second random number and the firmware password value of the ith layer to be authenticated.

24. A communications apparatus, comprising:

a processor and an interface circuit;

wherein the processor is coupled to the memory through the interface circuit, the processor being configured to execute the program code in the memory to implement the method of any one of claims 1-6 or to implement the method of any one of claims 7-13.

25. A communications apparatus, comprising:

a processor and an interface circuit;

wherein the processor is coupled to the memory through the interface circuitry, the processor being configured to execute the program code in the memory to implement the method of any of claims 14-23.

26. A communication system comprising a communication apparatus according to any of claims 24 and a communication apparatus according to any of claims 25.

27. A computer-readable storage medium, characterized in that it stores a computer program which, when run on a computer, causes the computer to perform the method of any of claims 1-6, or causes the computer to perform the method of any of claims 7-13, or causes the computer to perform the method of any of claims 14-23.

Images