[go: up one dir, main page]

CN116432167A - Device authentication method, device and storage medium - Google Patents

Device authentication method, device and storage medium Download PDF

Info

Publication number
CN116432167A
CN116432167A CN202310332242.XA CN202310332242A CN116432167A CN 116432167 A CN116432167 A CN 116432167A CN 202310332242 A CN202310332242 A CN 202310332242A CN 116432167 A CN116432167 A CN 116432167A
Authority
CN
China
Prior art keywords
authenticated
equipment
authentication
check code
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310332242.XA
Other languages
Chinese (zh)
Inventor
迟红
王少东
孙京涛
汪朝晖
杜昭睿
王湛
王长宏
杨世昭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yantai Jiagang Electronic Technology Co ltd
BEIJING HUADA INFOSEC TECHNOLOGY Ltd
Original Assignee
Yantai Jiagang Electronic Technology Co ltd
BEIJING HUADA INFOSEC TECHNOLOGY Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yantai Jiagang Electronic Technology Co ltd, BEIJING HUADA INFOSEC TECHNOLOGY Ltd filed Critical Yantai Jiagang Electronic Technology Co ltd
Priority to CN202310332242.XA priority Critical patent/CN116432167A/en
Publication of CN116432167A publication Critical patent/CN116432167A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The embodiment of the invention relates to the technical field of computers and discloses a device authentication method, a device, equipment and a storage medium, wherein the method comprises the following steps: sending an authentication request to equipment to be authenticated, so that the equipment to be authenticated generates a first check code according to the authentication request; receiving the first check code and the equipment authentication information of the equipment to be authenticated, which are sent by the equipment to be authenticated; generating a second check code according to the equipment authentication information and the system public key; and under the condition that the first check code and the second check code are the same, determining that the equipment to be authenticated passes authentication. By applying the technical scheme of the invention, the equipment can be authenticated, and the safety of the equipment is ensured.

Description

Device authentication method, device and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a device authentication method, a device, equipment and a storage medium.
Background
With the development of computer technology, the types of electronic devices, such as a mobile power supply, a printer ink box, a vehicle recorder, an electronic cigarette and the like, are increasing, and great convenience is brought to the life of people.
In order to ensure the rights of manufacturers and the data security of users, it is necessary to check whether the electronic devices used by the users are genuine. For example, the authenticity of the electronic device may be determined by verifying the correctness of the device serial number of the electronic device. However, since the device serial number is easily tampered with, the device authentication method based on the device serial number easily determines some electronic devices falsified by the device serial number as genuine, that is, the accuracy of the device authentication is not high.
Disclosure of Invention
In view of the above problems, embodiments of the present invention provide a device authentication method, device, and storage medium, which are used to solve the problem in the prior art that the device authentication accuracy is not high.
According to an aspect of an embodiment of the present invention, there is provided a device authentication method, applied to a terminal device, the method including: sending an authentication request to equipment to be authenticated, so that the equipment to be authenticated generates a first check code according to the authentication request; receiving the first check code and the equipment authentication information of the equipment to be authenticated, which are sent by the equipment to be authenticated; generating a second check code according to the equipment authentication information and the system public key; and under the condition that the first check code and the second check code are the same, determining that the equipment to be authenticated passes authentication.
In an optional manner, before the authentication request is sent to the device to be authenticated, the method further includes: generating a random number, and obtaining an authentication parameter according to the random number and a preset curve parameter, wherein the authentication parameter comprises a parameter obtained by dot multiplying the random number and the preset curve parameter; and generating the authentication request according to the authentication parameters.
In an optional manner, the device authentication information includes a device public key corresponding to the device to be authenticated, and the generating a second check code according to the device authentication information and the system public key includes: obtaining a first operation result according to the random number and the system public key; obtaining a second operation result according to the random number and the equipment public key; and obtaining the second check code according to the first operation result and the second operation result.
In an alternative way, the second check code is obtained by the following formula:
H=a*L+a*Y
wherein H is the second check code, a is the random number, L is the device public key, and Y is the system public key.
In an optional manner, the device authentication information includes a device serial number of the device to be authenticated and a device public key corresponding to the device to be authenticated, and the generating a second check code according to the device authentication information and the system public key includes: obtaining a third operation result according to the equipment serial number and the equipment public key; obtaining a fourth operation result according to the random number, the third operation result and the system public key; obtaining a fifth operation result according to the random number and the equipment public key; and obtaining the second check code according to the fourth operation result and the fifth operation result.
In an alternative way, the second check code is obtained by the following formula:
H=a*L+a*hash(U||L)*Y
wherein H is the second check code, a is the random number, U is the device serial number, L is the device public key, hash (U L) is the hash value of the concatenation result of U and L, and Y is the system public key.
According to another aspect of the embodiment of the present invention, there is provided a device authentication method applied to a device to be authenticated, the method including: receiving an authentication request sent by a terminal device, wherein the authentication request comprises authentication parameters; generating a first check code according to the authentication parameter and the joint key; and sending the first check code and the equipment authentication information of the equipment to be authenticated to the terminal equipment so that the terminal equipment generates a second check code according to the equipment authentication information and a system public key, and determining an authentication result of the equipment to be authenticated according to the first check code and the second check code.
In an optional manner, the joint key is obtained according to a device private key and a system private key corresponding to the device to be authenticated.
In an alternative way, the joint key is obtained by the following formula:
k=(r+s)mod n
where k is the joint key, r is the device private key, s is the system private key, and n is the modulus.
In an optional manner, the joint key is obtained according to a hash value of a concatenation result of the equipment serial number of the equipment to be authenticated and the equipment public key corresponding to the equipment to be authenticated, and a system private key and the equipment private key corresponding to the equipment to be authenticated.
In an alternative way, the joint key is obtained by the following formula:
k=(r+z*s)mod n
wherein k is the joint key and z is the hash value; r is the equipment private key, s is the system private key, and n is the modulus.
In an alternative, the method further comprises: and when the first check code is generated, adopting an anti-attack algorithm to encrypt the generation process of the first check code.
According to another aspect of the embodiment of the present invention, there is provided an apparatus authentication apparatus applied to a terminal apparatus, the apparatus including: the device comprises a sending module, a receiving module and a receiving module, wherein the sending module is used for sending an authentication request to the device to be authenticated so that the device to be authenticated generates a first check code according to the authentication request; the receiving module is used for receiving the first check code sent by the equipment to be authenticated and equipment authentication information of the equipment to be authenticated; the generation module is used for generating a second check code according to the equipment authentication information and the system public key; and the determining module is used for determining that the equipment to be authenticated passes authentication under the condition that the first check code and the second check code are the same.
In an optional manner, before the authentication request is sent to the device to be authenticated, the sending module is further configured to generate a random number, and obtain an authentication parameter according to the random number and a preset curve parameter, where the authentication parameter includes a parameter obtained by dot multiplying the random number and the preset curve parameter; and generating the authentication request according to the authentication parameters.
In an optional manner, the device authentication information includes a device public key corresponding to the device to be authenticated, and the generating module is configured to obtain a first operation result according to the random number and the system public key; obtaining a second operation result according to the random number and the equipment public key; and obtaining the second check code according to the first operation result and the second operation result.
In an alternative manner, the generating module is configured to obtain the second check code by the following formula:
H=a*L+a*Y
wherein H is the second check code, a is the random number, L is the device public key, and Y is the system public key.
In an optional manner, the device authentication information includes a device serial number of the device to be authenticated and a device public key corresponding to the device to be authenticated, and the generating module is configured to obtain a third operation result according to the device serial number and the device public key; obtaining a fourth operation result according to the random number, the third operation result and the system public key; obtaining a fifth operation result according to the random number and the equipment public key; and obtaining the second check code according to the fourth operation result and the fifth operation result.
In an alternative manner, the generating module is configured to obtain the second check code by the following formula:
H=a*L+a*hash(U||L)*Y
wherein H is the second check code, a is the random number, U is the device serial number, L is the device public key, hash (U L) is the hash value of the concatenation result of U and L, and Y is the system public key.
According to another aspect of the embodiment of the present invention, there is provided a device authentication apparatus applied to a device to be authenticated, the apparatus including: the receiving module is used for receiving an authentication request sent by the terminal equipment, wherein the authentication request comprises authentication parameters; the generation module is used for generating a first check code according to the authentication parameter and the joint key; the sending module is used for sending the first check code and the equipment authentication information of the equipment to be authenticated to the terminal equipment so that the terminal equipment generates a second check code according to the equipment authentication information and a system public key, and determines an authentication result of the equipment to be authenticated according to the first check code and the second check code.
In an optional manner, the joint key is obtained according to a device private key and a system private key corresponding to the device to be authenticated.
In an alternative way, the joint key is obtained by the following formula:
k=(r+s)mod n
where k is the joint key, r is the device private key, s is the system private key, and n is the modulus.
In an optional manner, the joint key is obtained according to a hash value of a concatenation result of the equipment serial number of the equipment to be authenticated and the equipment public key corresponding to the equipment to be authenticated, and a system private key and the equipment private key corresponding to the equipment to be authenticated.
In an alternative way, the joint key is obtained by the following formula:
k=(r+z*s)mod n
wherein k is the joint key and z is the hash value; r is the equipment private key, s is the system private key, and n is the modulus.
In an optional manner, the generating module is further configured to encrypt the generating process of the first check code by using an anti-attack algorithm when the first check code is generated.
According to another aspect of the embodiment of the present invention, there is provided a terminal device including: a processor; a memory for storing at least one executable instruction; the executable instructions cause the processor to perform the operations of the device authentication method as described in any one of the above.
According to another aspect of an embodiment of the present invention, there is provided a device to be authenticated, including: a processor; a memory for storing at least one executable instruction; the executable instructions cause the processor to perform the operations of the device authentication method as described in any one of the above.
According to another aspect of an embodiment of the present invention, there is provided a computer-readable storage medium having stored therein at least one executable instruction that, when executed on a terminal device, causes the terminal device to perform the operations of the device authentication method as set forth in any one of the above.
According to another aspect of an embodiment of the present invention, there is provided a computer-readable storage medium having stored therein at least one executable instruction that, when executed on a device to be authenticated, causes the device to be authenticated to perform the operations of the device authentication method as set forth in any one of the above.
In summary, according to the device authentication method, device and storage medium provided by the embodiments of the present invention, an authentication request may be sent by a terminal device to a device to be authenticated, so that the device to be authenticated may generate a first check code according to the authentication request, then receive the first check code sent by the device to be authenticated and device authentication information of the device to be authenticated, and generate a second check code according to the device authentication information and a system public key, where the authentication of the device to be authenticated is determined to pass under the condition that the first check code and the second check code are the same.
By applying the scheme, the identity authentication of the equipment to be authenticated can be realized through simple point-by-point addition operation, the accuracy of equipment authentication can be improved, a complex signature/signature verification process is not needed, and the authentication operation is simple; meanwhile, the equipment to be authenticated only needs to store a small amount of information, such as equipment authentication information, and does not need to store digital certificates and the like, so that the storage space of the equipment to be authenticated can be saved.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and may be implemented according to the content of the specification, so that the technical means of the embodiments of the present invention can be more clearly understood, and the following specific embodiments of the present invention are given for clarity and understanding.
Drawings
The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 shows a flowchart of a device authentication method provided by the present invention;
FIG. 2 shows a sub-flowchart of a device authentication method provided by the present invention;
FIG. 3 shows a sub-flowchart of another device authentication method provided by the present invention;
FIG. 4 is a flow chart illustrating another device authentication method provided by the present invention;
FIG. 5 shows an interaction diagram of a device authentication method provided by the invention;
FIG. 6 is an interactive diagram of another device authentication method provided by the present invention;
fig. 7 is a schematic diagram showing the structure of a device authentication apparatus provided by the present invention;
fig. 8 is a schematic structural diagram of another device authentication apparatus provided by the present invention;
fig. 9 shows a schematic structural diagram of an electronic device provided by the invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
With the enhancement of legal awareness, people are increasingly conscious of protection of their own economic interests, for example, in order to prevent electronic devices or devices in the electronic devices from being counterfeited when users use the electronic devices, the users need to authenticate the electronic devices to determine whether the electronic devices are genuine.
In one scheme of the related technology, the authentication device may be used to obtain device information of the electronic device, where if the device information is encrypted, the authentication device further needs to decrypt the device information, then compares the decrypted information with genuine information, and determines that the electronic device passes authentication when the decrypted information and the genuine information are consistent, that is, the electronic device is genuine.
However, in this scheme, keys for encrypting and decrypting device information are stored on the electronic device and the authentication device, so key leakage easily occurs. Thus, this approach also presents a very high safety risk.
In another aspect of the related art, in order to avoid the key from being compromised, an asymmetric algorithm may be used to perform device authentication of the electronic device. The method adopts a public key cryptosystem, the public key cryptosystem comprises a public key and a private key, the private key is stored in an authentication device, the electronic device can sign device information by using the private key, the authentication device performs signature verification on the signature, and if the signature verification passes, the authentication of the electronic device is confirmed to pass.
However, when the public key system is used for device authentication, in addition to the private key of the electronic device itself, a certificate issued by the issuing system needs to be stored, and the certificate can ensure the validity of the public key and the private key owned by the electronic device. That is, the conventional public key cryptosystem requires a complete signature, signature verification algorithm and certificate, which occupy more memory resources, and the use process is also complicated, i.e. the operation cost of the authentication method is high.
In view of one or more of the foregoing problems, fig. 1 shows a flowchart of a device authentication method provided by an embodiment of the present invention, where the method may be executed by a terminal device, and the method may send an authentication request to a device to be authenticated, so that the device to be authenticated generates a first check code according to the authentication request, and sends the first check code and device authentication information of the device to be authenticated to the terminal device, and the terminal device may generate a second check code according to the device authentication information and a system public key, and determine an authentication result of the device to be authenticated according to a comparison result of the first check code and the second check code.
By applying the scheme, the terminal equipment can finish authentication of equipment to be authenticated, and determine whether the equipment to be authenticated is genuine, so that the use rights and interests of users are ensured, and the interests of manufacturers of the electronic equipment are maintained.
The terminal device may be any electronic device having an authentication function, may be a device such as a mobile phone or a computer, may be a dedicated authentication device, or may be an anti-counterfeit chip configured on the terminal device, which is not particularly limited in this embodiment. The device to be authenticated refers to a device which needs to be verified in authenticity, and can also be any form of electronic device, such as an intelligent lock, a vehicle recorder, an electronic cigarette, a mobile power supply, a printer ink box and the like.
Referring to fig. 1, the device authentication method may include the steps of:
step 110: and sending an authentication request to the equipment to be authenticated so that the equipment to be authenticated generates a first check code according to the authentication request.
The first check code refers to a check code for performing device authentication on the device to be authenticated, and is generated by the device to be authenticated.
Specifically, when authenticating the device to be authenticated, the terminal device may generate an authentication request and send the authentication request to the device to be authenticated, so that the device to be authenticated may generate a first check code according to the authentication request. For example, the user may trigger an authentication operation of the device to be authenticated through the terminal device, and the terminal device may generate an authentication request in response to the authentication operation and send the authentication request to the device to be authenticated through a communication connection with the device to be authenticated, so that the device to be authenticated may perform authentication processing.
The authentication request may include identity information of the terminal device and an authentication parameter, for example, the identity information may include information such as a device identifier of the terminal device, and the authentication parameter may be a related parameter generated by the terminal device to authenticate the device to be authenticated.
In an alternative way, before sending an authentication request to the device to be authenticated, the terminal device may further perform the following method:
Generating a random number, and obtaining authentication parameters according to the random number and preset curve parameters;
and generating an authentication request according to the authentication parameters.
Wherein the random number is a number sequence randomly generated by the terminal device; the preset curve parameters refer to preset curve parameters, which can be curve parameters of a public key encryption algorithm based on elliptic curve cryptography (Elliptic Curve Cryptography, ECC), and the length of the preset curve parameters can be set according to actual requirements.
When authenticating the device to be authenticated, the terminal device may first generate a random number, determine a preset curve parameter, and generate an authentication parameter according to the random number and the preset curve parameter. For example, the random number and the preset curve parameter may be subjected to a dot product operation to obtain an authentication parameter, and then an authentication request carrying the authentication parameter is generated.
In addition, when generating the authentication request, the terminal device may encapsulate information such as a device identifier of the terminal device, a generation time parameter of the authentication request, and the like in the authentication request.
By the method, the authentication request comprising the authentication parameters can be generated, so that the equipment to be authenticated can generate the first check code according to the authentication parameters in the authentication request.
Step 120: and receiving the first check code sent by the equipment to be authenticated and equipment authentication information of the equipment to be authenticated.
After receiving the authentication request sent by the terminal equipment, the equipment to be authenticated can analyze the authentication request to acquire the authentication parameters carried in the authentication request, and generate a first check code according to the authentication parameters. Then, the first check code and the device authentication information of the device to be authenticated may be transmitted to the terminal device.
The device authentication information refers to authentication information related to the device for authenticating the device to be authenticated, and may include information such as device information of the device to be authenticated and related keys.
Through step 120, the terminal device may receive the first check code sent by the device to be authenticated and the device authentication information of the device to be authenticated, so as to complete acquisition of the authentication data of the device to be authenticated.
Step 130: and generating a second check code according to the equipment authentication information and the system public key.
The system public key is a public key for authenticating the device to be authenticated, which is acquired by the terminal device, and can be generated by an issuing system of the device to be authenticated when leaving a factory. The terminal device may store the system public key generated by the issuing system locally, or may acquire the system public key online through a corresponding server.
In order to authenticate the device to be authenticated, the terminal device may generate a second check-up code according to the received device authentication information and the system public key.
In an alternative way, the device authentication information may comprise a device public key of the device to be authenticated. The device public key refers to a public key of the device to be authenticated, which can be generated by an issuing system of the device to be authenticated and written into the device to be authenticated, or can be obtained by the device to be authenticated on line through a corresponding server and transmitted to the terminal device through device authentication information.
Thus, referring to FIG. 2, step 130 may be implemented by:
step 210: and obtaining a first operation result according to the random number and the system public key.
Firstly, the terminal device may perform calculation according to the random number and the system public key, for example, perform mathematical operation on the random number and the system public key according to corresponding calculation rules, so as to obtain a first operation result. For example, the terminal device may perform dot multiplication on the random number and the system public key to obtain the first operation result.
Step 220: and obtaining a second operation result according to the random number and the equipment public key.
Then, the terminal device may perform calculation according to the random number and the device public key, for example, perform mathematical operation on the random number and the device public key according to the corresponding calculation rule, so as to obtain a second operation result. For example, the terminal device may dot multiply the random number with the device public key to obtain the second operation result.
Step 230: and obtaining a second check code according to the first operation result and the second operation result.
Finally, the terminal device may combine the first operation result and the second operation result to generate a second check code, for example, perform point addition on the first operation result and the second operation result to obtain the second check code.
Specifically, in an alternative manner, the second check code may be obtained by the following formula (1):
H= a*L+a*Y (1)
wherein H is a second check code, a is a random number, L is a device public key, and Y is a system public key.
That is, the value obtained by dot multiplying the random number and the device public key and dot multiplying the random number and the system public key and then dot adding the two dot multiplication results is the second check code.
By the method, the second check code can be obtained through calculation according to the random number, the system public key and the equipment public key.
In an alternative manner, the device authentication information may include a device serial number of the device to be authenticated and a device public key corresponding to the device to be authenticated. The device serial number refers to a device identifier of the device to be authenticated, and can be used for uniquely identifying the device to be authenticated.
Thus, referring to FIG. 3, step 130 may be implemented by:
Step 310: and obtaining a third operation result according to the equipment serial number and the equipment public key.
Firstly, the terminal device may perform calculation according to the device serial number and the device public key, for example, perform mathematical operation on the device serial number and the device public key according to the corresponding calculation rule, so as to obtain a third operation result. For example, the terminal device may splice the device serial number and the device public key, and then process the result with a hash algorithm to obtain a third operation result.
Step 320: and obtaining a fourth operation result according to the random number, the third operation result and the system public key.
The terminal device can carry out mathematical operation on the values according to the random number, the third operation result and the system public key to obtain a fourth operation result. For example, the terminal device may sequentially perform dot multiplication on the random number, the third operation result, and the system public key to obtain a fourth operation result.
Step 330: and obtaining a fifth operation result according to the random number and the equipment public key.
Furthermore, the terminal device may perform mathematical operation according to the random number and the device public key, for example, perform dot multiplication on the random number and the device public key according to a corresponding calculation rule, to obtain a fifth operation result.
Step 340: and obtaining a second check code according to the fourth operation result and the fifth operation result.
Finally, the terminal device may combine the fourth operation result and the fifth operation result to generate the second check code, for example, perform point addition on the fourth operation result and the fifth operation result to obtain the second check code.
Specifically, in an alternative manner, the second check code may be obtained by the following formula (2):
H= a*L+a*hash(U||L)*Y (2)
wherein H is a second check code, a is a random number, U is a device serial number, L is a device public key, hash (U L) is a hash value of a splicing result of U and L, and Y is a system public key.
By the method, the second check code can be generated according to the equipment serial number, the random number, the equipment public key and the system public key.
Step 140: and under the condition that the first check code and the second check code are the same, determining that the equipment to be authenticated passes authentication.
If the equipment to be authenticated passes the authentication, indicating that the equipment to be authenticated is genuine equipment; otherwise, if the first check code and the second check code are different, the fact that the equipment to be authenticated is not authenticated is indicated, and the equipment to be authenticated is a fake equipment.
Through the steps 110 to 140, the terminal device may send an authentication request to the device to be authenticated, so that the device to be authenticated may generate a first check code according to the authentication request, then receive the first check code sent by the device to be authenticated and the device authentication information of the device to be authenticated, generate a second check code according to the device authentication information and the system public key, and determine that the device to be authenticated passes the authentication under the condition that the first check code and the second check code are the same.
By applying the scheme, the identity authentication of the equipment to be authenticated can be realized through simple point-by-point addition operation, the accuracy of equipment authentication can be improved, a complex signature/signature verification process is not needed, and the authentication operation is simple; meanwhile, the equipment to be authenticated only needs to store a small amount of information, such as equipment authentication information, and does not need to store digital certificates and the like, so that the storage space of the equipment to be authenticated can be saved.
Fig. 4 shows a flowchart of another device authentication method provided by the embodiment of the present invention, where the method may be performed by a device to be authenticated, and may receive an authentication request sent by a terminal device, generate a first check according to an authentication parameter and a joint key in the authentication request, so as to send a first check code and device authentication information of the device to be authenticated to the terminal device, so that the terminal device may generate a second check code according to the device authentication information and a system public key, and determine an authentication result of the device to be authenticated according to the first check code and the second check code.
Referring to fig. 4, the device authentication method may include the steps of:
step 410: and receiving an authentication request sent by the terminal equipment.
Wherein the authentication request may include authentication parameters. The authentication parameter may be a parameter obtained by generating a random number by the terminal device and performing dot multiplication on the random number and a preset curve parameter.
The device to be authenticated can establish communication connection with the terminal device, and the communication modes of the device to be authenticated and the terminal device can be wired communication or wireless communication. For example, the user may control the terminal device to establish a bluetooth connection or a wireless network connection with the device to be authenticated, or may also control the terminal device to establish a communication connection with the device to be authenticated through a physical connection line. The device to be authenticated can receive the authentication request sent by the terminal device through communication connection between the terminal device and the device to be authenticated.
Step 420: and generating a first check code according to the authentication parameter and the joint key.
After receiving the authentication request sent by the terminal device, the device to be authenticated may generate a first check code according to the acquired joint key and the authentication parameter in the authentication request. For example, the device to be authenticated may perform mathematical operation on the authentication parameter and the joint key according to corresponding calculation rules, to obtain the first check code.
The joint key may be generated by an issuing system of the device to be authenticated at the time of shipment and written into the device to be authenticated, based on which the device to be authenticated may read the joint key locally.
In this embodiment, the joint key may be generated in any of two ways:
(1) And obtaining the joint key according to the equipment private key and the system private key corresponding to the equipment to be authenticated.
The device private key is a private key corresponding to the device public key, and the system private key is a public key corresponding to the system public key. That is, the device public key and the device private key constitute a pair of public-private key pairs, and the system public key and the system private key constitute a pair of public-private key pairs.
And according to the device private key and the system private key corresponding to the device to be authenticated, the joint key can be further calculated. For example, the device private key and the system private key corresponding to the device to be authenticated may be subjected to modulo addition operation with a certain weight to obtain the joint key.
Specifically, in an alternative manner, the joint key may be obtained by the following formula (3):
k=(r+s)mod n (3)
where k is the joint key, r is the device private key, s is the system private key, and n is the modulus. n is an ECC parameter, and can be set according to actual requirements.
That is, the device private key r and the system private key s are modulo-n added, and the obtained value is the joint key.
(2) And obtaining a joint key according to the hash value of the splicing result of the equipment serial number of the equipment to be authenticated and the equipment public key corresponding to the equipment to be authenticated, and the system private key and the equipment private key corresponding to the equipment to be authenticated.
In order to enhance the security of the joint key, the device serial number of the device to be authenticated and the device public key can be spliced to obtain a splicing result, then the splicing result is converted by adopting a hash algorithm to obtain a hash value corresponding to the splicing result, and finally the joint key is obtained through calculation according to the hash value, the system private key and the device private key.
Specifically, in an alternative manner, the joint key may be obtained by the following formula (4):
k=(r+z*s)mod n (4)
wherein k is a joint key and z is a hash value; r is the device private key, s is the system private key, and n is the modulus.
That is, z is a hash value of a splicing result obtained after the equipment serial number of the equipment to be authenticated and the equipment public key are spliced, the hash value z and the system private key s are subjected to dot multiplication operation, and the obtained dot multiplication result and the equipment private key are subjected to modulo n addition to obtain the joint key.
By the method, the joint key can be generated based on two public and private key pairs, so that the encryption line of the key can be enhanced, and the security of the key is ensured.
Step 430: and sending the first check code and the equipment authentication information of the equipment to be authenticated to the terminal equipment so that the terminal equipment generates a second check code according to the equipment authentication information and the system public key, and determining an authentication result of the equipment to be authenticated according to the first check code and the second check code.
After the first check code is generated, the device to be authenticated can send the first check code and its own device authentication information to the terminal device, so that it can execute steps 110 to 140 to complete the authentication of the device to be authenticated.
In order to prevent the device to be authenticated from being attacked when generating the first check code, in an alternative way, the following method may be further performed:
and when the first check code is generated, adopting an anti-attack algorithm to encrypt the generation process of the first check code. The anti-attack algorithm may be a DES algorithm, a randomization algorithm, or the like.
For example, when generating the first check code, the generation process may be subjected to encryption processing by:
Input:P(x,y),k=(1,k t-2 ,…k 0 ) 2 n (modulus)
Output: q=k×p// p is an authentication parameter
R(x,y)=randompoint()=r 2 * G, G; the// G is a preset curve parameter, r 2 Is a 32bit random number
k 1 =k+r 1 *n,k 1 =(1,k t-2 ,…k 0 ) 2 //r 1 Is a 32bit random number
T 0 =P(x,y,1)+R(x,y)
T 1 =-R(x,y),T 2 =P(x,y,1)-R(x,y);
for(i=t1-2 downto 0)
if(k i =1)
T 0 =2*T 0
T 0 =T 0 +T 2
if(k i =0)
T 0 =2*T 0
T 0 =T 0 +T 1
return(T 0 +T 1 )
In the above method, k i =0 and k i Each of the =1 branches performs a point-add operation and a point-multiply algorithm at the same time, and cannot be distinguished in time, so that a simple power analysis (Simple Power Analysis, SPA) attack can be defended. Meanwhile, since P does not directly participate in the operation, the point T is caused by introducing a random point R (x, y) 0 、T 1 、T 2 Participating in the operation, the joint key k does not directly participate in the operation either, but rather by introducing a 32-bit random number r 1 Randomizing k to let k 1 =k+r 1 * n participates in the operation, so that random points and random numbers are covered in the calculation process of Q, and the attack of differential power analysis (Differential Power Analysis, DPA)) can be defended.
Through the steps 410 to 430, the authentication request sent by the terminal device can be received by the device to be authenticated, the first check code is generated according to the authentication parameter in the authentication request and the joint key of the device to be authenticated, and then the first check code and the device authentication information are sent to the terminal device, so that the device authentication is completed. By the method, the equipment to be authenticated can respond to the authentication request of the terminal equipment and send the related authentication information of the equipment to be authenticated to the terminal equipment.
Fig. 5 shows an interaction diagram of another device authentication method according to an embodiment of the present invention, as shown in fig. 5, may include the following steps:
step 501: the terminal device stores the system public key Y.
Wherein G is a preset curve parameter; the system public key Y is a public key generated by an issuing system of the equipment to be authenticated, the corresponding system private key is s, and Y=s×G, namely, the system public key Y is obtained by performing dot multiplication on the system private key s and a preset curve parameter G.
Step 502: the device to be authenticated stores the joint key k, the device serial number U, and the device public key L.
The joint key k, the device serial number U and the device public key L are generated by an issuing system of the device to be authenticated and written into the device to be authenticated.
The joint key k is generated by issuing a public-private key pair of the system itself (the system public key is y=s×g, s is the system private key) and a public-private key pair corresponding to the device to be authenticated (the device public key is l=r×g, r is the device private key).
Specifically, the joint key k is obtained by performing modulo n addition on the system private key s and the device private key r. Wherein, G and n are elliptic curve parameters, and the parameter length can be customized.
In the above method for generating the joint key k, the device serial number U is used as data read by the terminal device and does not participate in authentication calculation.
Step 503: the terminal device generates a random number a and calculates an authentication parameter p=a×g.
The terminal equipment can perform dot multiplication operation on the random number a and the preset curve parameter G to obtain an authentication parameter.
Step 504: and the terminal equipment sends an authentication request carrying the authentication parameter P to the equipment to be authenticated.
Step 505: the device to be authenticated generates a first check code Q according to the authentication parameter P in the authentication request.
For example, the device to be authenticated may perform a dot product operation on the joint key k and the authentication parameter P according to the authentication parameter P and the joint key k in the authentication request, to obtain a first check code q=k×p.
Step 506: the device to be authenticated sends the first check code Q and the device authentication information to the terminal device.
The device authentication information includes a device serial number U and a device public key L.
Step 507: and the terminal equipment calculates a second check code according to the received equipment authentication information and the system public key L.
For example, the terminal device may perform a dot product operation on the random number a and the device public key L, and perform a dot product operation on the random number a and the system public key Y at the same time, and perform a dot product operation on the results obtained by the two dot product operations to obtain the second check code h=a×l+a×y.
Step 508: and the terminal equipment compares Q and H and determines whether the equipment to be authenticated passes authentication.
Under the condition that the first check code Q and the second check code H are equal, the authentication of the equipment to be authenticated can be determined to pass, otherwise, the authentication of the equipment to be authenticated is determined not to pass.
Fig. 6 shows an interaction diagram of another device authentication method according to an embodiment of the present invention, as shown in fig. 6, may include the following steps:
step 601: the terminal device stores the system public key Y.
Wherein G is a preset curve parameter; the system public key Y is a public key generated by an issuing system of the equipment to be authenticated, the corresponding system private key is s, and Y=s×G, namely, the system public key Y is obtained by performing dot multiplication on the system private key s and a preset curve parameter G.
Step 602: the device to be authenticated stores the joint key k, the device serial number U, and the device public key L.
The joint key k, the device serial number U and the device public key L are generated by an issuing system of the device to be authenticated and written into the device to be authenticated.
The joint key k is generated by issuing a public-private key pair of the system itself (the system public key is y=s×g, s is the system private key) and a public-private key pair corresponding to the device to be authenticated (the device public key is l=r×g, r is the device private key).
Specifically, the joint key k is obtained by splicing the equipment serial number U and the equipment public key L, then carrying out hash conversion on the spliced result by adopting a hash algorithm to obtain a hash value z, carrying out dot multiplication on the hash value z and the system private key s, and carrying out modulo n addition operation on the obtained dot multiplication result and the equipment private key r. Wherein, G and n are elliptic curve parameters, and the parameter length can be customized.
Step 603: the terminal device generates a random number a and calculates an authentication parameter p=a×g.
The terminal equipment can perform dot multiplication operation on the random number a and the preset curve parameter G to obtain an authentication parameter.
Step 604: and the terminal equipment sends an authentication request carrying the authentication parameter P to the equipment to be authenticated.
Step 605: the device to be authenticated generates a first check code according to the authentication parameter P in the authentication request.
For example, the device to be authenticated may perform a dot product operation on the joint key k and the authentication parameter P according to the authentication parameter P and the joint key k in the authentication request, to obtain a first check code q=k×p.
Step 606: the device to be authenticated sends the first check code Q and the device authentication information to the terminal device.
The device authentication information includes a device serial number U and a device public key L.
Step 607: and the terminal equipment calculates a second check code according to the received equipment authentication information and the system public key L.
Wherein, the second check code h=a×l+a×hash (u||l) ×y.
For example, the terminal device may splice the device serial number U and the device public key L, perform hash conversion on the spliced result by using a hash algorithm, then sequentially perform dot product operation on the random number a, the value obtained by the hash conversion, and the system public key L, and perform dot product operation on the random number a and the device public key L, and perform dot product operation on the results of the two dot product operations to obtain the second check code H.
Step 608: and the terminal equipment compares Q and H and determines whether the equipment to be authenticated passes authentication.
Under the condition that the first check code Q and the second check code H are equal, the authentication of the equipment to be authenticated can be determined to pass, otherwise, the authentication of the equipment to be authenticated is determined not to pass.
Through the method, the equipment to be authenticated can be authenticated through interaction between the terminal equipment and the equipment to be authenticated, and in the two authentication methods, the equipment to be authenticated only needs to store the equipment serial number U, the equipment public key L and the joint key k, and the memory occupied by the information is very small, so that the storage space of the equipment to be authenticated can be saved, the authentication process of the digital certificate is avoided, and the authentication process of the equipment to be authenticated can be simplified.
Fig. 7 is a schematic structural diagram of a device authentication apparatus according to an embodiment of the present invention, where the device authentication apparatus may be applied to a terminal device, and as shown in fig. 7, a device authentication apparatus 700 may include: a sending module 710, configured to send an authentication request to a device to be authenticated, so that the device to be authenticated generates a first check code according to the authentication request; a receiving module 720, configured to receive a first check code sent by a device to be authenticated and device authentication information of the device to be authenticated; a generating module 730, configured to generate a second check-up code according to the device authentication information and the system public key; the determining module 740 is configured to determine that the device to be authenticated passes authentication if the first check code and the second check code are the same.
In an alternative manner, before sending the authentication request to the device to be authenticated, the sending module 710 is further configured to generate a random number, and obtain an authentication parameter according to the random number and a preset curve parameter, where the authentication parameter includes a parameter obtained by dot multiplying the random number and the preset curve parameter; and generating an authentication request according to the authentication parameters.
In an optional manner, the device authentication information includes a device public key corresponding to the device to be authenticated, and the generating module 730 is configured to obtain a first operation result according to the random number and the system public key; obtaining a second operation result according to the random number and the equipment public key; and obtaining a second check code according to the first operation result and the second operation result.
In an alternative manner, the generating module 730 is configured to obtain the second check code by the following formula:
H=a*L+a*Y
wherein H is a second check code, a is a random number, L is a device public key, and Y is a system public key.
In an optional manner, the device authentication information includes a device serial number of the device to be authenticated and a device public key corresponding to the device to be authenticated, and the generating module 730 is configured to obtain a third operation result according to the device serial number and the device public key; obtaining a fourth operation result according to the random number, the third operation result and the system public key; obtaining a fifth operation result according to the random number and the equipment public key; and obtaining a second check code according to the fourth operation result and the fifth operation result.
In an alternative manner, the generating module 730 is configured to obtain the second check code by the following formula:
H=a*L+a*hash(U||L)*Y
wherein H is a second check code, a is a random number, U is a device serial number, L is a device public key, hash (U L) is a hash value of a splicing result of U and L, and Y is a system public key.
The specific details of each module in the above apparatus are already described in the method section embodiments, and the details of the undisclosed solution may be referred to the method section embodiments, so that they will not be described in detail.
Fig. 8 is a schematic structural diagram of another device authentication apparatus provided in an embodiment of the present invention, where the device authentication apparatus may be applied to a device to be authenticated, and as shown in fig. 8, the device authentication apparatus 800 may include: a receiving module 810, configured to receive an authentication request sent by a terminal device, where the authentication request includes an authentication parameter; a generating module 820, configured to generate a first check code according to the authentication parameter and the joint key; the sending module 830 is configured to send the first check code and device authentication information of the device to be authenticated to the terminal device, so that the terminal device generates a second check code according to the device authentication information and the system public key, and determines an authentication result of the device to be authenticated according to the first check code and the second check code.
In an alternative way, the joint key is obtained according to a device private key and a system private key corresponding to the device to be authenticated.
In an alternative approach, the joint key is obtained by the following formula:
k=(r+s)mod n
where k is the joint key, r is the device private key, s is the system private key, and n is the modulus.
In an alternative manner, the joint key is obtained according to the hash value of the concatenation result of the device serial number of the device to be authenticated and the device public key corresponding to the device to be authenticated, and the system private key and the device private key corresponding to the device to be authenticated.
In an alternative approach, the joint key is obtained by the following formula:
k=(r+z*s)mod n
wherein k is a joint key and z is a hash value; r is the device private key, s is the system private key, and n is the modulus.
In an alternative manner, the generating module 820 is further configured to encrypt the first check code generating process by using an anti-attack algorithm when generating the first check code.
The specific details of each module in the above apparatus are already described in the method section embodiments, and the details of the undisclosed solution may be referred to the method section embodiments, so that they will not be described in detail.
Fig. 9 shows a schematic structural diagram of an electronic device according to an embodiment of the present invention, where the electronic device may be a terminal device or a device to be authenticated in the embodiment of the device authentication method, and the specific embodiment of the present invention does not limit specific implementation of the electronic device.
As shown in fig. 9, the electronic device may include: a processor 902, a communication interface (Communications Interface), a memory 906, and a communication bus 908.
Wherein: processor 902, communication interface 904, and memory 906 communicate with each other via a communication bus 908. A communication interface 904 for communicating with network elements of other devices, such as clients or other servers. The processor 902 is configured to execute the program 910, and may specifically perform the relevant steps in the embodiment of the device authentication method described above.
In particular, the program 910 may include program code including computer-executable instructions.
The processor 902 may be a central processing unit, CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included in the electronic device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
A memory 906 for storing a program 910. Memory 906 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 910 may specifically be invoked by the processor 902 to cause an electronic device to perform the operational steps of the device authentication method described above.
An embodiment of the present invention provides a computer readable storage medium, where at least one executable instruction is stored, where the executable instruction when executed on an electronic device causes the electronic device to perform the device authentication method in any of the foregoing method embodiments.
The executable instructions may be particularly useful for causing an electronic device to perform the operational steps of the device authentication method described above.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. In addition, embodiments of the present invention are not directed to any particular programming language.
In the description provided herein, numerous specific details are set forth. It will be appreciated, however, that embodiments of the invention may be practiced without such specific details. Similarly, in the above description of exemplary embodiments of the invention, various features of embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. Wherein the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Except that at least some of such features and/or processes or elements are mutually exclusive.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.

Claims (18)

1. A device authentication method, applied to a terminal device, the method comprising:
sending an authentication request to equipment to be authenticated, so that the equipment to be authenticated generates a first check code according to the authentication request;
receiving the first check code and the equipment authentication information of the equipment to be authenticated, which are sent by the equipment to be authenticated;
generating a second check code according to the equipment authentication information and the system public key;
and under the condition that the first check code and the second check code are the same, determining that the equipment to be authenticated passes authentication.
2. The method of claim 1, wherein prior to sending the authentication request to the device to be authenticated, the method further comprises:
generating a random number, and obtaining an authentication parameter according to the random number and a preset curve parameter, wherein the authentication parameter comprises a parameter obtained by dot multiplying the random number and the preset curve parameter;
and generating the authentication request according to the authentication parameters.
3. The method according to claim 2, wherein the device authentication information includes a device public key corresponding to the device to be authenticated, and the generating a second check code according to the device authentication information and the system public key includes:
Obtaining a first operation result according to the random number and the system public key;
obtaining a second operation result according to the random number and the equipment public key;
and obtaining the second check code according to the first operation result and the second operation result.
4. A method according to claim 3, wherein the second check code is obtained by the following formula:
H=a*L+a*Y
wherein H is the second check code, a is the random number, L is the device public key, and Y is the system public key.
5. The method according to claim 2, wherein the device authentication information includes a device serial number of the device to be authenticated and a device public key corresponding to the device to be authenticated, and the generating a second check code according to the device authentication information and the system public key includes:
obtaining a third operation result according to the equipment serial number and the equipment public key;
obtaining a fourth operation result according to the random number, the third operation result and the system public key;
obtaining a fifth operation result according to the random number and the equipment public key;
and obtaining the second check code according to the fourth operation result and the fifth operation result.
6. The method of claim 5, wherein the second check code is obtained by the following formula:
H=a*L+a*hash(U||L)*Y
wherein H is the second check code, a is the random number, U is the device serial number, L is the device public key, hash (U L) is the hash value of the concatenation result of U and L, and Y is the system public key.
7. A device authentication method, applied to a device to be authenticated, the method comprising:
receiving an authentication request sent by a terminal device, wherein the authentication request comprises authentication parameters;
generating a first check code according to the authentication parameter and the joint key;
and sending the first check code and the equipment authentication information of the equipment to be authenticated to the terminal equipment so that the terminal equipment generates a second check code according to the equipment authentication information and a system public key, and determining an authentication result of the equipment to be authenticated according to the first check code and the second check code.
8. The method of claim 7, wherein the joint key is derived from a device private key and a system private key corresponding to the device to be authenticated.
9. The method of claim 8, wherein the joint key is obtained by the formula:
k=(r+s)mod n
Where k is the joint key, r is the device private key, s is the system private key, and n is the modulus.
10. The method of claim 7, wherein the joint key is obtained according to a hash value of a concatenation result of the device serial number of the device to be authenticated and the device public key corresponding to the device to be authenticated, and a system private key and a device private key corresponding to the device to be authenticated.
11. The method of claim 10, wherein the joint key is obtained by the formula:
k=(r+z*s)mod n
wherein k is the joint key and z is the hash value; r is the equipment private key, s is the system private key, and n is the modulus.
12. The method of claim 7, wherein the method further comprises:
and when the first check code is generated, adopting an anti-attack algorithm to encrypt the generation process of the first check code.
13. A device authentication apparatus, characterized by being applied to a terminal device, the apparatus comprising:
the device comprises a sending module, a receiving module and a receiving module, wherein the sending module is used for sending an authentication request to the device to be authenticated so that the device to be authenticated generates a first check code according to the authentication request;
The receiving module is used for receiving the first check code sent by the equipment to be authenticated and equipment authentication information of the equipment to be authenticated;
the generation module is used for generating a second check code according to the equipment authentication information and the system public key;
and the determining module is used for determining that the equipment to be authenticated passes authentication under the condition that the first check code and the second check code are the same.
14. A device authentication apparatus, characterized by being applied to a device to be authenticated, the apparatus comprising:
the receiving module is used for receiving an authentication request sent by the terminal equipment, wherein the authentication request comprises authentication parameters;
the generation module is used for generating a first check code according to the authentication parameter and the joint key;
the sending module is used for sending the first check code and the equipment authentication information of the equipment to be authenticated to the terminal equipment so that the terminal equipment generates a second check code according to the equipment authentication information and a system public key, and determines an authentication result of the equipment to be authenticated according to the first check code and the second check code.
15. A terminal device, comprising: a processor;
a memory for storing at least one executable instruction;
The executable instructions cause the processor to perform the operations of the device authentication method of any one of claims 1 to 6.
16. A device to be authenticated, comprising: a processor;
a memory for storing at least one executable instruction;
the executable instructions cause the processor to perform the operations of the device authentication method of any one of claims 7 to 12.
17. A computer readable storage medium, wherein at least one executable instruction is stored in the storage medium, which when executed on a terminal device, causes the terminal device to perform the operations of the device authentication method according to any one of claims 1 to 6.
18. A computer readable storage medium, wherein at least one executable instruction is stored in the storage medium, which when run on a device to be authenticated, causes the device to be authenticated to perform the operations of the device authentication method according to any one of claims 7 to 12.
CN202310332242.XA 2023-03-30 2023-03-30 Device authentication method, device and storage medium Pending CN116432167A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310332242.XA CN116432167A (en) 2023-03-30 2023-03-30 Device authentication method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310332242.XA CN116432167A (en) 2023-03-30 2023-03-30 Device authentication method, device and storage medium

Publications (1)

Publication Number Publication Date
CN116432167A true CN116432167A (en) 2023-07-14

Family

ID=87090130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310332242.XA Pending CN116432167A (en) 2023-03-30 2023-03-30 Device authentication method, device and storage medium

Country Status (1)

Country Link
CN (1) CN116432167A (en)

Similar Documents

Publication Publication Date Title
US12254440B2 (en) Blockchain-based authentication and authorization
CN1941699B (en) Cryptographic method, host system, trusted platform module and computer arrangement
US8078876B2 (en) Apparatus and method for direct anonymous attestation from bilinear maps
CN111628868A (en) Digital signature generation method and device, computer equipment and storage medium
US20100169650A1 (en) Storage minimization technique for direct anonymous attestation keys
WO2020038137A1 (en) Two-dimensional code generation method, data processing method, apparatus, and server
US8595505B2 (en) Apparatus and method for direct anonymous attestation from bilinear maps
JPH09128507A (en) Mutual certifying method
TW202137199A (en) Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium
JP4851497B2 (en) Apparatus and method for direct anonymous authentication from bilinear maps
CN112948789B (en) Identity authentication method and device, storage medium and electronic equipment
WO2023284691A1 (en) Account opening method, system, and apparatus
CN105376064A (en) Anonymous message authentication system and message signing method thereof
CN117675285A (en) An identity verification method, chip and device
KR102157695B1 (en) Method for Establishing Anonymous Digital Identity
CN117176353A (en) Method and device for processing data
CN119768815A (en) Carbon data management method, device, system and related equipment
CN112837064B (en) Signature method, signature verification method and signature verification device for alliance chain
CN119379286A (en) A data rights confirmation method and system based on blockchain and homomorphic encryption
CN114329522A (en) A kind of private key protection method, device, system and storage medium
CN116432167A (en) Device authentication method, device and storage medium
CN115134092A (en) Intelligent contract certificate management control method and system based on state cryptographic algorithm
CN115277240A (en) Authentication method and device for Internet of things equipment
CN114268434A (en) Asymmetric password authentication method, device and storage medium
CN114548986A (en) Payment method, payment security code generation method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination