[go: up one dir, main page]

CN110365492A - An authentication method, system, device and medium - Google Patents

An authentication method, system, device and medium Download PDF

Info

Publication number
CN110365492A
CN110365492A CN201910708733.3A CN201910708733A CN110365492A CN 110365492 A CN110365492 A CN 110365492A CN 201910708733 A CN201910708733 A CN 201910708733A CN 110365492 A CN110365492 A CN 110365492A
Authority
CN
China
Prior art keywords
authentication
signature
cloud computing
key
computing service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910708733.3A
Other languages
Chinese (zh)
Other versions
CN110365492B (en
Inventor
韩少阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Onething Technologies Co Ltd
Original Assignee
Shenzhen Onething Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Onething Technologies Co Ltd filed Critical Shenzhen Onething Technologies Co Ltd
Priority to CN201910708733.3A priority Critical patent/CN110365492B/en
Publication of CN110365492A publication Critical patent/CN110365492A/en
Application granted granted Critical
Publication of CN110365492B publication Critical patent/CN110365492B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种鉴权方法、系统、设备及介质。云计算服务设备通过预先在接入端设备中预设有鉴权密钥以及签名算法,进而对接入端设备进行鉴权时,通过其自身的鉴权密钥对随机密钥执行相应签名算法生成鉴权签名,并通过鉴权签名与标准签名之间的一致性比对,以此判断接入端设备所使用的鉴权密钥以及签名算法是否与预设的鉴权密钥及签名算法一致,从而断定接入端设备是否为可靠设备,即鉴权是否通过。本方法相对确保了在接入端设备所采集的数据准确安全,为云计算服务设备的数据处理提供了安全保证。此外,本发明还提供一种鉴权系统、设备及介质,有益效果同上所述。

The invention discloses an authentication method, system, equipment and medium. The cloud computing service device pre-sets the authentication key and signature algorithm in the access device, and then when authenticating the access device, it uses its own authentication key to generate a corresponding signature algorithm for the random key. Authentication signature, and through the consistency comparison between the authentication signature and the standard signature, it is judged whether the authentication key and signature algorithm used by the access device are consistent with the preset authentication key and signature algorithm , so as to determine whether the access device is a reliable device, that is, whether the authentication passes. The method relatively ensures the accuracy and safety of the data collected by the access device, and provides a security guarantee for the data processing of the cloud computing service device. In addition, the present invention also provides an authentication system, equipment and medium, and the beneficial effect is the same as that described above.

Description

一种鉴权方法、系统、设备及介质An authentication method, system, device and medium

技术领域technical field

本发明涉及云计算领域,特别是涉及一种鉴权方法、系统、设备及介质。The present invention relates to the field of cloud computing, in particular to an authentication method, system, equipment and medium.

背景技术Background technique

随着信息化的不断发展,云计算和智能硬件设备的关系越来越密切,边缘计算逐步成为了分布式云计算的数据提供基础。边缘计算是指利用智能硬件设备这类靠近数据源的边缘地带,从而完成对数据的分析和智能化处理。为了让边缘计算在云计算中应用领域不断的扩大,通常需要接入不同类型的智能硬件设备。With the continuous development of informatization, the relationship between cloud computing and intelligent hardware devices is getting closer and closer, and edge computing has gradually become the data provision basis for distributed cloud computing. Edge computing refers to the use of intelligent hardware devices, such as edge areas close to data sources, to complete data analysis and intelligent processing. In order to continuously expand the application field of edge computing in cloud computing, it is usually necessary to access different types of intelligent hardware devices.

为了能合理规划智能硬件设备的使用范围,并且确保智能硬件设备的可靠性,当前需要对第三方智能硬件设备进行鉴权操作,从而确保第三方智能硬件设备的数据是准确安全的,无法为云计算的数据处理提供安全保证。In order to reasonably plan the scope of use of smart hardware devices and ensure the reliability of smart hardware devices, it is currently necessary to perform authentication operations on third-party smart hardware devices, so as to ensure that the data of third-party smart hardware devices is accurate and safe. Computational data processing provides security guarantees.

由此可见,提供一种鉴权方法,以相对确保在第三方智能硬件设备上采集的数据准确安全,为云计算服务的数据处理提供安全保证,是本领域技术人员需要解决的技术问题。It can be seen that providing an authentication method to relatively ensure the accuracy and security of data collected on third-party intelligent hardware devices and provide security guarantees for data processing of cloud computing services is a technical problem to be solved by those skilled in the art.

发明内容Contents of the invention

本发明的目的是提供一种鉴权方法、系统、设备及介质,以相对确保在第三方智能硬件设备上采集的数据准确安全,为云计算服务的数据处理提供安全保证。The purpose of the present invention is to provide an authentication method, system, device and medium to relatively ensure the accuracy and security of data collected on third-party intelligent hardware devices, and to provide security guarantees for data processing of cloud computing services.

为解决上述技术问题,本发明提供一种鉴权方法,应用于云计算服务设备,包括:In order to solve the above technical problems, the present invention provides an authentication method applied to cloud computing service equipment, including:

向接入端设备下发随机密钥,并接收接入端设备返回的鉴权签名;其中,鉴权签名是通过接入端设备预存的鉴权密钥对随机密钥执行预定的签名算法生成的;Send a random key to the access device, and receive the authentication signature returned by the access device; wherein, the authentication signature is generated by performing a predetermined signature algorithm on the random key through the pre-stored authentication key of the access device of;

对鉴权签名以及预先产生的标准签名进行一致性比对;其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的;Consistency comparison between the authentication signature and the pre-generated standard signature; the standard signature is generated by signing the random key with the authentication key and signature algorithm pre-stored in the system corresponding to the device information of the access device ;

当鉴权签名与标准签名一致时,将接入端设备标记为鉴权通过设备。When the authentication signature is consistent with the standard signature, the access device is marked as an authentication passing device.

优选的,标准签名的生成过程包括:Preferably, the generation process of the standard signature includes:

获取接入端设备的设备信息;Obtain the device information of the access device;

在本地查找与设备信息对应鉴权密钥以及签名算法;Find the authentication key and signature algorithm corresponding to the device information locally;

通过与设备信息对应鉴权密钥以及签名算法对随机密钥进行签名生成标准签名。Use the authentication key corresponding to the device information and the signature algorithm to sign the random key to generate a standard signature.

优选的,在向接入端设备下发随机密钥,并接收接入端设备返回的鉴权签名之前,方法还包括:Preferably, before sending the random key to the access device and receiving the authentication signature returned by the access device, the method further includes:

接收接入端设备基于内置鉴权程序传入的鉴权初始化请求;其中,内置鉴权程序具有与云计算服务设备相匹配的非对称加密密钥;Receiving an authentication initialization request from the access device based on the built-in authentication program; wherein, the built-in authentication program has an asymmetric encryption key that matches the cloud computing service device;

将鉴权密钥以及签名算法基于非对称加密方式发送至接入端设备。Send the authentication key and signature algorithm to the access device based on asymmetric encryption.

优选的,接收接入端设备基于内置鉴权程序传入的鉴权初始化请求,包括:Preferably, receiving the authentication initialization request from the access device based on the built-in authentication program includes:

接收接入端设备基于内置鉴权程序传入的包含有身份标识信息的鉴权初始化请求;Receive an authentication initialization request containing identity information from the access device based on the built-in authentication program;

相应的,将鉴权密钥以及签名算法基于非对称加密方式发送至接入端设备,包括:Correspondingly, the authentication key and signature algorithm are sent to the access device based on asymmetric encryption, including:

将与身份标识信息唯一对应的鉴权密钥以及与身份标识信息唯一对应的签名算法基于非对称加密方式发送至接入端设备。The authentication key uniquely corresponding to the identity information and the signature algorithm uniquely corresponding to the identity information are sent to the access terminal device based on an asymmetric encryption method.

优选的,对鉴权签名以及预先产生的标准签名进行一致性比对,包括:Preferably, the consistency comparison between the authentication signature and the pre-generated standard signature includes:

对鉴权签名以及由鉴权设备预先产生并传入的标准签名进行一致性比对。Consistency comparison between the authentication signature and the standard signature pre-generated and imported by the authentication device.

此外,本发明还提供一种鉴权方法,应用于接入端设备,包括:In addition, the present invention also provides an authentication method applied to the access terminal device, including:

接收由云计算服务设备下发的随机密钥;Receive the random key issued by the cloud computing service device;

利用预先向云计算服务设备获取的鉴权密钥对随机密钥执行基于云计算服务设备预先设定的签名算法,生产鉴权签名;Use the authentication key obtained in advance from the cloud computing service device to execute the signature algorithm based on the cloud computing service device preset on the random key to produce an authentication signature;

将鉴权签名发送至云计算服务设备。Send the authentication signature to the cloud computing service device.

此外,本发明还提供一种鉴权系统,包括:In addition, the present invention also provides an authentication system, including:

云计算服务设备,用于向接入端设备下发随机密钥,并接收接入端设备返回的鉴权签名;其中,鉴权签名是通过接入端设备预存的鉴权密钥对随机密钥执行预定的签名算法生成的;对鉴权签名以及预先产生的标准签名进行一致性比对;其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的;当鉴权签名与标准签名一致时,将接入端设备标记为鉴权通过设备;The cloud computing service device is used to issue a random key to the access device, and receive the authentication signature returned by the access device; wherein, the authentication signature is a combination of the random key and the authentication key stored in the access device. The key is generated by executing a predetermined signature algorithm; the authentication signature and the pre-generated standard signature are compared for consistency; the standard signature is the authentication key and signature corresponding to the device information of the access device pre-stored in the system The random key is signed by the algorithm; when the authentication signature is consistent with the standard signature, the access device is marked as the authentication passing device;

接入端设备,用于接收由云计算服务设备下发的随机密钥;利用预先向云计算服务设备获取的鉴权密钥对随机密钥执行基于云计算服务设备预先设定的签名算法,生产鉴权签名;将鉴权签名发送至云计算服务设备。The access terminal device is used to receive the random key issued by the cloud computing service device; use the authentication key obtained from the cloud computing service device in advance to execute the signature algorithm based on the cloud computing service device preset on the random key, Produce the authentication signature; send the authentication signature to the cloud computing service device.

此外,本发明还提供一种云计算服务设备,设备包括存储器、处理器和总线,存储器上存储有可由总线传输至处理器并在处理器上运行的鉴权程序,鉴权程序被处理器执行时实现如上述应用于云计算服务设备的鉴权方法。In addition, the present invention also provides a cloud computing service device. The device includes a memory, a processor and a bus. The memory stores an authentication program that can be transmitted to the processor by the bus and run on the processor. The authentication program is executed by the processor. At the same time, the authentication method applied to the cloud computing service device as described above is implemented.

优选的,云计算服务设备为组成CDN网络或者区块链网络的节点。Preferably, the cloud computing service device is a node forming a CDN network or a block chain network.

此外,本发明还提供一种接入端设备,设备包括存储器、处理器和总线,存储器上存储有可由总线传输至处理器并在处理器上运行的鉴权程序,鉴权程序被处理器执行时实现如上述应用于接入端设备的鉴权方法。In addition, the present invention also provides an access terminal device, which includes a memory, a processor, and a bus. The memory stores an authentication program that can be transmitted to the processor by the bus and run on the processor. The authentication program is executed by the processor. At the same time, the authentication method applied to the access terminal device as described above is implemented.

此外,本发明还提供一种计算机可读存储介质,计算机可读存储介质上存储有鉴权程序,鉴权程序可被一个或者多个处理器执行,以实现如上述应用于云计算服务设备的鉴权方法,或实现如上述应用于接入端设备的鉴权方法。In addition, the present invention also provides a computer-readable storage medium. An authentication program is stored on the computer-readable storage medium. The authentication program can be executed by one or more processors, so as to implement the above-mentioned cloud computing service device. An authentication method, or implement the authentication method applied to the access terminal device as described above.

此外,本发明还提供一种计算机程序产品,包括计算机指令,当其在计算机上运行时,使得计算机可以执行上述应用于云计算服务设备的鉴权方法或上述应用于接入端设备的鉴权方法。In addition, the present invention also provides a computer program product, including computer instructions, which, when run on a computer, enable the computer to execute the above-mentioned authentication method applied to cloud computing service equipment or the above-mentioned authentication method applied to access terminal equipment. method.

本发明所提供的鉴权方法,云计算服务设备向接入端设备下发随机密钥,接入端设备在接收到由云计算服务设备下发的随机密钥后,使用预先向云计算服务设备获取的鉴权密钥对该随机密钥执行基于该云计算服务设备预先设定的签名算法,生成鉴权签名,并将鉴权签名发送至云计算服务设备中,云计算服务设备在接收到鉴权签名后,将鉴权签名与预先产生的标准签名进行一致性比对,其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的,当鉴权签名与标准签名一致时,则将接入端设备标记为通过鉴权的设备。通过预先在接入端设备中预设有鉴权密钥以及签名算法,进而对接入端设备进行鉴权时,通过其自身的鉴权密钥对随机密钥执行相应签名算法生成鉴权签名,并通过鉴权签名与标准签名之间的一致性比对,以此判断接入端设备所使用的鉴权密钥以及签名算法是否与预设的鉴权密钥及签名算法一致,从而断定接入端设备是否为可靠设备,即鉴权是否通过。本方法相对确保了在接入端设备所采集的数据准确安全,为云计算服务设备的数据处理提供了安全保证。此外,本发明还提供一种鉴权系统、设备及介质,有益效果同上所述。In the authentication method provided by the present invention, the cloud computing service device issues a random key to the access terminal device, and the access terminal device uses the random key issued by the cloud computing service device in advance to use the The authentication key obtained by the device executes the signature algorithm preset based on the cloud computing service device on the random key, generates an authentication signature, and sends the authentication signature to the cloud computing service device, and the cloud computing service device receives After obtaining the authentication signature, compare the authentication signature with the pre-generated standard signature. The standard signature is to use the authentication key and signature algorithm pre-stored in the system corresponding to the device information of the access device to randomly The key is signed and generated. When the authentication signature is consistent with the standard signature, the access device is marked as an authenticated device. By pre-setting the authentication key and signature algorithm in the access device, and then when authenticating the access device, it uses its own authentication key to execute the corresponding signature algorithm on the random key to generate an authentication signature. And through the consistency comparison between the authentication signature and the standard signature, it is judged whether the authentication key and signature algorithm used by the access device are consistent with the preset authentication key and signature algorithm, so as to conclude that the access Whether the input device is a reliable device, that is, whether the authentication is passed. This method relatively ensures the accuracy and safety of the data collected by the access terminal device, and provides a security guarantee for the data processing of the cloud computing service device. In addition, the present invention also provides an authentication system, equipment and medium, and the beneficial effect is the same as that described above.

附图说明Description of drawings

为了更清楚地说明本发明实施例,下面将对实施例中所需要使用的附图做简单的介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the embodiments of the present invention more clearly, the accompanying drawings used in the embodiments will be briefly introduced below. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. As far as people are concerned, other drawings can also be obtained based on these drawings on the premise of not paying creative work.

图1为本发明实施例提供的一种应用于云计算服务设备的鉴权方法的流程图;FIG. 1 is a flow chart of an authentication method applied to a cloud computing service device provided by an embodiment of the present invention;

图2为本发明实施例提供的另一种应用于云计算服务设备的鉴权方法的流程图;FIG. 2 is a flow chart of another authentication method applied to a cloud computing service device provided by an embodiment of the present invention;

图3为本发明实施例提供的另一种应用于云计算服务设备的鉴权方法的流程图;FIG. 3 is a flow chart of another authentication method applied to a cloud computing service device provided by an embodiment of the present invention;

图4为本发明实施例提供的一种应用于接入端设备的鉴权方法的流程图;FIG. 4 is a flow chart of an authentication method applied to an access terminal device provided by an embodiment of the present invention;

图5为本发明实施例提供的一种鉴权系统的结构示意图。FIG. 5 is a schematic structural diagram of an authentication system provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下,所获得的所有其他实施例,都属于本发明保护范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

由于在分布式云计算领域下参与边缘计算的智能硬件设备的功能类型多样,而分布式云计算服务仅需要获取参与边缘计算的智能硬件设备所提供的数据即可执行云计算业务,因此为了确保云计算业务所使用数据的内容丰富性,当前边缘计算的数据往往是由第三方智能硬件设备提供的。Due to the various types of intelligent hardware devices participating in edge computing in the field of distributed cloud computing, distributed cloud computing services only need to obtain the data provided by intelligent hardware devices participating in edge computing to perform cloud computing services, so in order to ensure The content of data used by cloud computing services is rich in content. Currently, data for edge computing is often provided by third-party smart hardware devices.

为了能合理规划智能硬件设备的使用范围,并且确保智能硬件设备的可靠性,当前需要对向云计算服务设备提供数据的第三方智能硬件设备进行鉴权操作,从而确保云计算服务设备在第三方智能硬件设备上采集的数据是准确安全的,无法为云计算服务设备的数据处理提供安全保证。In order to reasonably plan the scope of use of smart hardware devices and ensure the reliability of smart hardware devices, it is currently necessary to perform authentication operations on third-party smart hardware devices that provide data to cloud computing service devices, so as to ensure that cloud computing service devices are The data collected on smart hardware devices is accurate and safe, and cannot provide security guarantees for data processing of cloud computing service devices.

本发明的核心是提供一种鉴权方法、系统、设备及介质,以相对确保在第三方智能硬件设备上采集的数据准确安全,为云计算服务设备的数据处理提供安全保证。The core of the present invention is to provide an authentication method, system, device and medium to relatively ensure the accuracy and safety of data collected on third-party intelligent hardware devices, and to provide security guarantees for data processing of cloud computing service devices.

为了使本技术领域的人员更好地理解本发明方案,下面结合附图和具体实施方式对本发明作进一步的详细说明。In order to enable those skilled in the art to better understand the solution of the present invention, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

图1为本发明实施例提供的一种应用于云计算服务设备的鉴权方法的流程图。请参考图1,应用于云计算服务设备的鉴权方法的具体步骤包括:FIG. 1 is a flow chart of an authentication method applied to a cloud computing service device provided by an embodiment of the present invention. Please refer to Figure 1, the specific steps of the authentication method applied to cloud computing service equipment include:

步骤S10:向接入端设备下发随机密钥,并接收接入端设备返回的鉴权签名。Step S10: Send a random key to the access device, and receive the authentication signature returned by the access device.

其中,鉴权签名是通过接入端设备预存的鉴权密钥对随机密钥执行预定的签名算法生成的。Wherein, the authentication signature is generated by executing a predetermined signature algorithm on the random key with the authentication key pre-stored in the access device.

需要说明的是,云计算服务设备指的是对接入端进行鉴权,为了确保接入端设备传入的数据是可信的的服务设备,云计算服务设备需要在接收接入端设备传入的数据并进行云计算处理之前,先对接入端设备进行鉴权操作,也就是验证接入端设备是否有权利向云计算服务设备传输数据。本方法中的接入端设备是指向云计算服务中对数据进行处理或者传输、存储等的智能硬件设备。It should be noted that the cloud computing service device refers to authenticating the access terminal. In order to ensure that the data transmitted by the access terminal device is a credible service device, the cloud computing service device needs to Before the input data is processed by cloud computing, an authentication operation is performed on the access device, that is, to verify whether the access device has the right to transmit data to the cloud computing service device. The access device in this method refers to an intelligent hardware device that processes, transmits, and stores data in the cloud computing service.

本方法是云计算服务设备对接入端设备进行鉴权操作时的整体操作内容,在云计算服务设备对接入端设备进行鉴权之前,接入端设备应预先存储有向云计算服务设备证明其自身的身份可信的鉴权密钥以及相应的签名算法。云计算服务设备在对第三方鉴权时,向接入端设备下发随机密钥,进而接收接入端设备返回的鉴权签名,鉴权签名是接入端设备自身通过其预存的鉴权密钥对随机密钥执行预设的签名算法生成的。This method is the overall operation content when the cloud computing service device authenticates the access device. Before the cloud computing service device authenticates the access device, the access device should pre-store the cloud computing service device An authentication key that proves its own credible identity and the corresponding signature algorithm. When the cloud computing service device authenticates a third party, it sends a random key to the access device, and then receives the authentication signature returned by the access device. The authentication signature is the pre-stored authentication key of the access device itself. The key is generated by executing the preset signature algorithm on the random key.

步骤S11:对鉴权签名以及预先产生的标准签名进行一致性比对。Step S11: Perform consistency comparison between the authentication signature and the pre-generated standard signature.

其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的。Wherein, the standard signature is generated by signing a random key with an authentication key corresponding to the device information of the access device and a signature algorithm prestored in the system.

接入端的设备信息可以包括接入端的设备编号,接入端执行的业务ID等,在此不做具体限定。The device information of the access terminal may include the device number of the access terminal, the service ID executed by the access terminal, etc., which are not specifically limited here.

本步骤中的标准签名是云计算服务设备自身利用系统中针对于接入端设备预存的鉴权密钥以及签名算法对随机密钥进行签名产生的,该签名算法以及鉴权密钥与接入端设备的设备信息相对应,也就是说,云计算服务设备应预先获悉可信的接入端设备生成鉴权签名时所使用的鉴权密钥以及签名算法,或云计算服务设备预先对其信任的接入端设备设置有相应的鉴权密钥以及签名算法,进而当对接入端设备进行鉴权时,通过预先针对于接入端设备获悉或预设的鉴权密钥以及签名算法,生成基于随机密钥的标准签名,进而通过比对标准签名与鉴权签名是否一致,以此获悉当前鉴权的接入端设备是否具有预设的鉴权密钥以及签名算法。标准签名的生成过程包括:获取接入端设备的设备信息;在本地查找与设备信息对应鉴权密钥以及签名算法;通过与设备信息对应鉴权密钥以及签名算法对随机密钥进行签名生成标准签名。The standard signature in this step is generated by the cloud computing service device itself using the authentication key and signature algorithm pre-stored in the system for the access device to sign the random key. The signature algorithm and the authentication key are related to the access corresponding to the device information of the terminal device, that is to say, the cloud computing service device should know in advance the authentication key and signature algorithm used by the trusted access device to generate the authentication signature, or the cloud computing service device should The trusted access device is provided with a corresponding authentication key and signature algorithm, and then when authenticating the access device, through the pre-learned or preset authentication key and signature algorithm for the access device, Generate a standard signature based on a random key, and then compare whether the standard signature is consistent with the authentication signature, so as to know whether the currently authenticated access device has a preset authentication key and signature algorithm. The generation process of the standard signature includes: obtaining the device information of the access device; finding the authentication key and signature algorithm corresponding to the device information locally; generating a signature for the random key through the authentication key and signature algorithm corresponding to the device information Standard signature.

步骤S12:当鉴权签名与标准签名一致时,将接入端设备标记为鉴权通过设备。Step S12: When the authentication signature is consistent with the standard signature, mark the access device as an authentication-passed device.

当鉴权签名与标准签名一致时,则说明当前鉴权的接入端设备具有预设的鉴权密钥以及签名算法,因此当前的接入端设备是预先信任的接入端设备,进而将接入端设备标记为鉴权通过设备。When the authentication signature is consistent with the standard signature, it means that the currently authenticated access device has a preset authentication key and signature algorithm, so the current access device is a pre-trusted access device, and then the The access device is marked as an authenticated passing device.

本发明所提供的鉴权方法,云计算服务设备向接入端设备下发随机密钥,接入端设备在接收到由云计算服务设备下发的随机密钥后,使用预先向云计算服务设备获取的鉴权密钥对该随机密钥执行基于该云计算服务设备预先设定的签名算法,生成鉴权签名,并将鉴权签名发送至云计算服务设备中,云计算服务设备在接收到鉴权签名后,将鉴权签名与预先产生的标准签名进行一致性比对,其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的,当鉴权签名与标准签名一致时,则将接入端设备标记为通过鉴权的设备。通过预先在接入端设备中预设有鉴权密钥以及签名算法,进而对接入端设备进行鉴权时,通过其自身的鉴权密钥对随机密钥执行相应签名算法生成鉴权签名,并通过鉴权签名与标准签名之间的一致性比对,以此判断接入端设备所使用的鉴权密钥以及签名算法是否与预设的鉴权密钥及签名算法一致,从而断定接入端设备是否为可靠设备,即鉴权是否通过。本方法相对确保了在接入端设备所采集的数据准确安全,为云计算服务设备的数据处理提供了安全保证。In the authentication method provided by the present invention, the cloud computing service device issues a random key to the access terminal device, and the access terminal device uses the random key issued by the cloud computing service device in advance to use the The authentication key obtained by the device executes the signature algorithm preset based on the cloud computing service device on the random key, generates an authentication signature, and sends the authentication signature to the cloud computing service device, and the cloud computing service device receives After obtaining the authentication signature, compare the authentication signature with the pre-generated standard signature. The standard signature is to use the authentication key and signature algorithm pre-stored in the system corresponding to the device information of the access device to randomly The key is signed and generated. When the authentication signature is consistent with the standard signature, the access device is marked as an authenticated device. By pre-setting the authentication key and signature algorithm in the access device, and then when authenticating the access device, it uses its own authentication key to execute the corresponding signature algorithm on the random key to generate an authentication signature. And through the consistency comparison between the authentication signature and the standard signature, it is judged whether the authentication key and signature algorithm used by the access device are consistent with the preset authentication key and signature algorithm, so as to conclude that the access Whether the input device is a reliable device, that is, whether the authentication is passed. This method relatively ensures the accuracy and safety of the data collected by the access terminal device, and provides a security guarantee for the data processing of the cloud computing service device.

在上述实施例的基础上,本发明还提供以下一系列优选的实施例。On the basis of the above embodiments, the present invention also provides the following series of preferred embodiments.

图2为本发明实施例提供的另一种应用于云计算服务设备的鉴权方法的流程图。请参考图2,应用于云计算服务设备的鉴权方法的具体步骤包括:FIG. 2 is a flow chart of another authentication method applied to cloud computing service equipment provided by an embodiment of the present invention. Please refer to Figure 2, the specific steps of the authentication method applied to cloud computing service equipment include:

步骤S20:接收接入端设备基于内置鉴权程序传入的鉴权初始化请求。Step S20: Receive an authentication initialization request from the access device based on the built-in authentication program.

其中,内置鉴权程序具有与云计算服务设备相匹配的非对称加密密钥。Wherein, the built-in authentication program has an asymmetric encryption key matched with the cloud computing service device.

需要说明的是,本实施例中的接入端设备通过内置鉴权程序向云计算服务设备发起鉴权初始化请求,以此告知云计算服务设备向其自身告知鉴权密钥以及签名算法,鉴权程序可以是预先在云计算服务设备可信的接入端设备中安装的,鉴权程序响应接入端设备的控制生成相应的鉴权初始化请求,并由接入端设备发送至云计算服务设备,此外,本实施例中的鉴权程序具有与云计算服务设备相匹配的非对称加密密钥,也就是说鉴权程序中具有与云计算服务设备进行数据交互时加、解密所使用的公钥以及私钥,非对称加密密钥用于以加密传输的方式进行接入端设备与云计算服务设备之间的数据交互。It should be noted that the access terminal device in this embodiment initiates an authentication initialization request to the cloud computing service device through a built-in authentication program, so as to inform the cloud computing service device to inform itself of the authentication key and signature algorithm, and the authentication The authorization program can be pre-installed in the trusted access device of the cloud computing service device, and the authentication program responds to the control of the access device to generate a corresponding authentication initialization request, which is sent to the cloud computing service by the access device. device, in addition, the authentication program in this embodiment has an asymmetric encryption key that matches the cloud computing service device, that is to say, the authentication program has the encryption and decryption keys used for data interaction with the cloud computing service device. The public key, private key, and asymmetric encryption key are used for data interaction between the access device and the cloud computing service device in encrypted transmission.

步骤S21:将鉴权密钥以及签名算法基于非对称加密方式发送至接入端设备。Step S21: Send the authentication key and the signature algorithm to the access device based on an asymmetric encryption method.

本步骤中,云计算服务设备在接收到其信任的接入端设备传入的鉴权初始化请求后,利用非对称加密的方式将鉴权密钥以及签名算法以密文的方式发送至接入端设备中。通过非对称加密的方式将鉴权密钥以及签名算法发送至接入端设备,能够避免在传输过程中数据遭到窃取,相对确保传输过程的数据安全性,相对保证了鉴权过程的整体可靠性。由于云计算服务设备进行非对称加密,以及接入端设备进行相应解密操作的具体执行细节属于本领域技术人员公知的内容,而本实施例的重点在于应用非对称加密的这一技术提高鉴权的可靠性,因此对于对称加密及解密的相关内容在此不做赘述。In this step, after receiving the authentication initialization request from the trusted access device, the cloud computing service device uses asymmetric encryption to send the authentication key and signature algorithm to the access device in cipher text. in the end device. The authentication key and signature algorithm are sent to the access device through asymmetric encryption, which can prevent data from being stolen during the transmission process, relatively ensure the data security during the transmission process, and relatively guarantee the overall reliability of the authentication process sex. Since the cloud computing service device performs asymmetric encryption, and the specific implementation details of the corresponding decryption operation performed by the access terminal device are well known to those skilled in the art, the focus of this embodiment is to apply the technology of asymmetric encryption to improve authentication. reliability, so the content related to symmetric encryption and decryption will not be repeated here.

步骤S22:向接入端设备下发随机密钥,并接收接入端设备返回的鉴权签名。Step S22: Send a random key to the access device, and receive the authentication signature returned by the access device.

其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的。Wherein, the standard signature is generated by signing a random key with an authentication key corresponding to the device information of the access device and a signature algorithm prestored in the system.

步骤S23:对鉴权签名以及预先产生的标准签名进行一致性比对。Step S23: Perform consistency comparison between the authentication signature and the pre-generated standard signature.

步骤S24:当鉴权签名与标准签名一致时,将接入端设备标记为鉴权通过设备。Step S24: When the authentication signature is consistent with the standard signature, mark the access device as an authentication-passed device.

本实施例相对提高了接入端设备中预存的鉴权密钥以及签名算法的安全性,相对确保了鉴权过程的可靠性。This embodiment relatively improves the security of the authentication key and the signature algorithm prestored in the access device, and relatively ensures the reliability of the authentication process.

图3为本发明实施例提供的另一种应用于云计算服务设备的鉴权方法的流程图。请参考图3,应用于云计算服务设备的鉴权方法的具体步骤包括:FIG. 3 is a flow chart of another authentication method applied to cloud computing service equipment provided by an embodiment of the present invention. Please refer to Figure 3, the specific steps of the authentication method applied to cloud computing service equipment include:

步骤S30:接收接入端设备基于内置鉴权程序传入的包含有身份标识信息的鉴权初始化请求。Step S30: Receive an authentication initialization request including identity information from the access device based on the built-in authentication program.

其中,内置鉴权程序具有与云计算服务设备相匹配的非对称加密密钥。Wherein, the built-in authentication program has an asymmetric encryption key matched with the cloud computing service device.

需要说明的是,本实施例的重点在于接入端设备向云计算服务设备发送的鉴权初始化请求中包含有身份标识信息,身份标识信息表征的是接入端设备的身份信息,可以具体是接入端设备的产品序列(SN)码或MAC地址等。It should be noted that the focus of this embodiment is that the authentication initialization request sent by the access device to the cloud computing service device contains identity information, and the identity information represents the identity information of the access device, which can be specifically Product sequence (SN) code or MAC address of the access device.

步骤S31:将与身份标识信息唯一对应的鉴权密钥以及与身份标识信息唯一对应的签名算法基于非对称加密方式发送至接入端设备。Step S31: Send the authentication key uniquely corresponding to the identity information and the signature algorithm uniquely corresponding to the identity information to the access terminal device based on an asymmetric encryption method.

本步骤的重点在于云计算服务设备将与身份标识信息唯一对应的鉴权密钥以及与身份标识信息唯一对应的签名算法基于非对称加密的方式发送至接入端设备中,也就是说,云计算服务设备对不同接入端设备进行鉴权时所使用的鉴权密钥以及签名算法是不相同的,以此相对确保每一个接入端设备对于云计算服务设备而言的唯一性,进而在一定程度确保了对于接入端设备进行鉴权的可靠性。The focus of this step is that the cloud computing service device sends the authentication key uniquely corresponding to the identity information and the signature algorithm uniquely corresponding to the identity information to the access device based on asymmetric encryption, that is, the cloud The authentication keys and signature algorithms used by the computing service device to authenticate different access devices are different, so as to relatively ensure that each access device is unique to the cloud computing service device, and then in To a certain extent, the reliability of authenticating the access device is ensured.

步骤S32:向接入端设备下发随机密钥,并接收接入端设备返回的鉴权签名。Step S32: Send a random key to the access device, and receive the authentication signature returned by the access device.

其中,鉴权签名是通过接入端设备预存的鉴权密钥对随机密钥执行预定的签名算法生成的。Wherein, the authentication signature is generated by executing a predetermined signature algorithm on the random key with the authentication key pre-stored in the access device.

步骤S33:对鉴权签名以及预先产生的标准签名进行一致性比对。Step S33: Perform consistency comparison between the authentication signature and the pre-generated standard signature.

其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的。Wherein, the standard signature is generated by signing a random key with an authentication key corresponding to the device information of the access device and a signature algorithm prestored in the system.

步骤S34:当鉴权签名与标准签名一致时,将接入端设备标记为鉴权通过设备。Step S34: When the authentication signature is consistent with the standard signature, mark the access device as an authentication-passed device.

本实施例进一步确保了鉴权过程的可靠性。This embodiment further ensures the reliability of the authentication process.

在上述一系列实施方式的基础上,作为一种优选的实施方式,对鉴权签名以及预先产生的标准签名进行一致性比对,包括:On the basis of the series of implementations above, as a preferred implementation, the consistency comparison between the authentication signature and the pre-generated standard signature includes:

对鉴权签名以及由鉴权设备预先产生并传入的标准签名进行一致性比对。Consistency comparison between the authentication signature and the standard signature pre-generated and imported by the authentication device.

本实施方式的重点在于,通过接入端设备以及云计算服务设备以外的另一设备,即鉴权设备进行对标准签名的运算,进而将运算生成的标准签名传入云计算服务设备,也就是说,本实施方式中的鉴权设备也预先存储有对所述接入端设备预先设定的鉴权密钥以及对所述接入端设备预先设定的签名算法,鉴权设备存在的目的是为了对于云计算服务设备一致性比对时所采用的标准签名进行运算支持,云计算服务设备能够直接获取到鉴权设备计算并传入的标准签名,以此相对减少云计算服务设备在鉴权过程中的运算开销,进而相对确保云计算服务设备的除鉴权以外业务的正常进行。The key point of this embodiment is that the operation of the standard signature is performed by the access device and another device other than the cloud computing service device, that is, the authentication device, and then the standard signature generated by the operation is transmitted to the cloud computing service device, that is, In other words, the authentication device in this embodiment also pre-stores the authentication key preset for the access device and the signature algorithm preset for the access device. The purpose of the authentication device It is to support the calculation of the standard signature used in the consistency comparison of cloud computing service equipment. The computing overhead in the authorization process can relatively ensure the normal operation of the cloud computing service equipment except for authentication.

图4为本发明实施例提供的一种应用于接入端设备的鉴权方法的流程图。请参考图4,应用于接入端设备的鉴权方法的具体步骤包括:Fig. 4 is a flowchart of an authentication method applied to an access terminal device provided by an embodiment of the present invention. Please refer to Figure 4, the specific steps of the authentication method applied to the access device include:

步骤S40:接收由云计算服务设备下发的随机密钥。Step S40: Receive the random key issued by the cloud computing service device.

步骤S41:利用预先向云计算服务设备获取的鉴权密钥对随机密钥执行基于云计算服务设备预先设定的签名算法,生产鉴权签名。Step S41: Using the authentication key obtained from the cloud computing service device in advance to execute the signature algorithm preset based on the cloud computing service device on the random key to generate an authentication signature.

步骤S42:将鉴权签名发送至云计算服务设备。Step S42: Send the authentication signature to the cloud computing service device.

本发明所提供的鉴权方法,云计算服务设备向接入端设备下发随机密钥,接入端设备在接收到由云计算服务设备下发的随机密钥后,使用预先向云计算服务设备获取的鉴权密钥对该随机密钥执行基于该云计算服务设备预先设定的签名算法,生成鉴权签名,并将鉴权签名发送至云计算服务设备中,云计算服务设备在接收到鉴权签名后,将鉴权签名与预先产生的标准签名进行一致性比对,其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的,当鉴权签名与标准签名一致时,则将接入端设备标记为通过鉴权的设备。通过预先在接入端设备中预设有鉴权密钥以及签名算法,进而对接入端设备进行鉴权时,通过其自身的鉴权密钥对随机密钥执行相应签名算法生成鉴权签名,并通过鉴权签名与标准签名之间的一致性比对,以此判断接入端设备所使用的鉴权密钥以及签名算法是否与预设的鉴权密钥及签名算法一致,从而断定接入端设备是否为可靠设备,即鉴权是否通过。本方法相对确保了在接入端设备所采集的数据准确安全,为云计算服务设备的数据处理提供了安全保证。In the authentication method provided by the present invention, the cloud computing service device issues a random key to the access terminal device, and the access terminal device uses the random key issued by the cloud computing service device in advance to use the The authentication key obtained by the device executes the signature algorithm preset based on the cloud computing service device on the random key, generates an authentication signature, and sends the authentication signature to the cloud computing service device, and the cloud computing service device receives After obtaining the authentication signature, compare the authentication signature with the pre-generated standard signature. The standard signature is to use the authentication key and signature algorithm pre-stored in the system corresponding to the device information of the access device to randomly The key is signed and generated. When the authentication signature is consistent with the standard signature, the access device is marked as an authenticated device. By pre-setting the authentication key and signature algorithm in the access device, and then when authenticating the access device, it uses its own authentication key to execute the corresponding signature algorithm on the random key to generate an authentication signature. And through the consistency comparison between the authentication signature and the standard signature, it is judged whether the authentication key and signature algorithm used by the access device are consistent with the preset authentication key and signature algorithm, so as to conclude that the access Whether the input device is a reliable device, that is, whether the authentication is passed. This method relatively ensures the accuracy and safety of the data collected by the access terminal device, and provides a security guarantee for the data processing of the cloud computing service device.

在上文中对于鉴权方法的实施例进行了详细的描述,本发明还提供一种与该方法对应的云计算服务设备,由于云计算服务设备部分的实施例与方法部分的实施例相互对应,云计算服务设备部分的实施例请参见方法部分的实施例的描述,这里暂不赘述。The embodiment of the authentication method has been described in detail above, and the present invention also provides a cloud computing service device corresponding to the method. Since the embodiments of the cloud computing service device part and the embodiments of the method part correspond to each other, For the embodiment of the cloud computing service equipment part, please refer to the description of the embodiment of the method part, which will not be repeated here.

本发明实施例提供的一种云计算服务设备,包括存储器、处理器和总线,存储器上存储有可由总线传输至处理器并在处理器上运行的鉴权程序,鉴权程序被处理器执行时实现如上述的应用于云计算服务设备的鉴权方法。A cloud computing service device provided by an embodiment of the present invention includes a memory, a processor, and a bus. The memory stores an authentication program that can be transmitted to the processor by the bus and run on the processor. When the authentication program is executed by the processor Realize the above-mentioned authentication method applied to cloud computing service equipment.

该云计算服务设备可以是组成CDN网络或者区块链网络的节点。The cloud computing service device may be a node forming a CDN network or a block chain network.

其中,存储器至少包括一种类型的可读存储介质,可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。存储器在一些实施例中可以是云计算服务设备的内部存储单元,例如该云计算服务设备的硬盘。存储器在另一些实施例中也可以是云计算服务设备的外部存储设备,例如云计算服务设备上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器还可以既包括云计算服务设备的内部存储单元也包括外部存储设备。存储器不仅可以用于存储安装于云计算服务设备的应用软件及各类数据,例如视频转码程序的代码等,还可以用于暂时地存储已经输出或者将要输出的数据。Wherein, the memory includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (eg, SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the storage may be an internal storage unit of the cloud computing service device, such as a hard disk of the cloud computing service device. In other embodiments, the memory may also be an external storage device of the cloud computing service device, such as a plug-in hard disk equipped on the cloud computing service device, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD ) card, flash memory card (Flash Card), etc. Further, the storage may also include both an internal storage unit of the cloud computing service device and an external storage device. The memory can not only be used to store application software and various data installed in cloud computing service equipment, such as the code of video transcoding program, etc., but also can be used to temporarily store data that has been output or will be output.

处理器在一些实施例中可以是一中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行存储器中存储的程序代码或处理数据,例如执行视频转码程序等。In some embodiments, the processor may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor or other data processing chips for running program codes stored in the memory or processing data, For example, execute a video transcoding program, etc.

该总线可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。该总线可以分为地址总线、数据总线、控制总线等。The bus may be a peripheral component interconnect standard (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like. The bus can be divided into address bus, data bus, control bus and so on.

本发明所提供的云计算服务设备向接入端设备下发随机密钥,接入端设备在接收到由云计算服务设备下发的随机密钥后,使用预先向云计算服务设备获取的鉴权密钥对该随机密钥执行基于该云计算服务设备预先设定的签名算法,生成鉴权签名,并将鉴权签名发送至云计算服务设备中,云计算服务设备在接收到鉴权签名后,将鉴权签名与预先产生的标准签名进行一致性比对,其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的,当鉴权签名与标准签名一致时,则将接入端设备标记为通过鉴权的设备。通过预先在接入端设备中预设有鉴权密钥以及签名算法,进而对接入端设备进行鉴权时,通过其自身的鉴权密钥对随机密钥执行相应签名算法生成鉴权签名,并通过鉴权签名与标准签名之间的一致性比对,以此判断接入端设备所使用的鉴权密钥以及签名算法是否与预设的鉴权密钥及签名算法一致,从而断定接入端设备是否为可靠设备,即鉴权是否通过。本设备相对确保了在接入端设备所采集的数据准确安全,为云计算服务设备的数据处理提供了安全保证。The cloud computing service device provided by the present invention sends a random key to the access device, and the access device uses the authentication key previously obtained from the cloud computing service device after receiving the random key issued by the cloud computing service device. The authorization key executes the signature algorithm preset based on the cloud computing service device on the random key, generates an authentication signature, and sends the authentication signature to the cloud computing service device, and the cloud computing service device receives the authentication signature Finally, compare the authentication signature with the pre-generated standard signature, where the standard signature uses the authentication key and signature algorithm pre-stored in the system corresponding to the device information of the access device to sign the random key generated, and when the authentication signature is consistent with the standard signature, the access device is marked as an authenticated device. By pre-setting the authentication key and signature algorithm in the access device, and then when authenticating the access device, it uses its own authentication key to execute the corresponding signature algorithm on the random key to generate an authentication signature. And through the consistency comparison between the authentication signature and the standard signature, it is judged whether the authentication key and signature algorithm used by the access device are consistent with the preset authentication key and signature algorithm, so as to conclude that the access Whether the input device is a reliable device, that is, whether the authentication is passed. This device relatively ensures the accuracy and security of the data collected by the access device, and provides a security guarantee for the data processing of the cloud computing service device.

此外,本发明还提供一种接入端设备,本发明实施例提供的一种接入端设备,包括存储器、处理器和总线,存储器上存储有可由总线传输至处理器并在处理器上运行的鉴权程序,鉴权程序被处理器执行时实现如上述的应用于接入端设备的鉴权方法。In addition, the present invention also provides an access terminal device. The access terminal device provided by the embodiment of the present invention includes a memory, a processor, and a bus. The memory stores data that can be transmitted to the processor by the bus and run on the processor. The authentication program, when the authentication program is executed by the processor, implements the above-mentioned authentication method applied to the access terminal device.

接入端设备在接收到由云计算服务设备下发的随机密钥后,使用预先向云计算服务设备获取的鉴权密钥对该随机密钥执行基于该云计算服务设备预先设定的签名算法,生成鉴权签名,并将鉴权签名发送至云计算服务设备中,云计算服务设备在接收到鉴权签名后,将鉴权签名与预先产生的标准签名进行一致性比对,其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的,当鉴权签名与标准签名一致时,则将接入端设备标记为通过鉴权的设备。通过预先在接入端设备中预设有鉴权密钥以及签名算法,进而对接入端设备进行鉴权时,通过其自身的鉴权密钥对随机密钥执行相应签名算法生成鉴权签名,并通过鉴权签名与标准签名之间的一致性比对,以此判断接入端设备所使用的鉴权密钥以及签名算法是否与预设的鉴权密钥及签名算法一致,从而断定接入端设备是否为可靠设备,即鉴权是否通过。本设备相对确保了在接入端设备所采集的数据准确安全,为云计算服务设备的数据处理提供了安全保证。After receiving the random key issued by the cloud computing service device, the access terminal device uses the authentication key obtained in advance from the cloud computing service device to execute a signature based on the cloud computing service device's preset settings on the random key. Algorithm to generate an authentication signature, and send the authentication signature to the cloud computing service device. After receiving the authentication signature, the cloud computing service device will compare the authentication signature with the pre-generated standard signature. Among them, The standard signature is generated by signing the random key with the authentication key corresponding to the device information of the access device pre-stored in the system and the signature algorithm. When the authentication signature is consistent with the standard signature, the access device will be marked as for authenticated devices. By pre-setting the authentication key and signature algorithm in the access device, and then when authenticating the access device, it uses its own authentication key to execute the corresponding signature algorithm on the random key to generate an authentication signature. And through the consistency comparison between the authentication signature and the standard signature, it is judged whether the authentication key and signature algorithm used by the access device are consistent with the preset authentication key and signature algorithm, so as to conclude that the access Whether the input device is a reliable device, that is, whether the authentication is passed. This device relatively ensures the accuracy and security of the data collected by the access device, and provides a security guarantee for the data processing of the cloud computing service device.

图5为本发明实施例提供的一种鉴权系统的结构示意图。FIG. 5 is a schematic structural diagram of an authentication system provided by an embodiment of the present invention.

如图5所示,本发明提供的鉴权系统,包括:As shown in Figure 5, the authentication system provided by the present invention includes:

云计算服务设备10,用于向接入端设备11下发随机密钥,并接收第三方设11备返回的鉴权签名;其中,鉴权签名是通过接入端设备11预存的鉴权密钥对随机密钥执行预定的签名算法生成的;对鉴权签名以及预先产生的标准签名进行一致性比对;其中,标准签名是通过对接入端设备11预先设定的鉴权密钥向随机密钥执行对接入端设备11预先设定的签名算法生成的;当鉴权签名与标准签名一致时,将接入端设备11标记为鉴权通过设备;The cloud computing service device 10 is configured to issue a random key to the access device 11, and receive the authentication signature returned by the third-party device 11; wherein, the authentication signature is the authentication key pre-stored by the access device 11 The key is generated by performing a predetermined signature algorithm on the random key; the authentication signature and the pre-generated standard signature are compared for consistency; wherein, the standard signature is sent to the access terminal device 11 through the preset authentication key. The random key is generated by a preset signature algorithm for the access device 11; when the authentication signature is consistent with the standard signature, the access device 11 is marked as an authentication pass device;

接入端设备11,用于接收由云计算服务设备10下发的随机密钥;利用预先向云计算服务设备10获取的鉴权密钥对随机密钥执行基于云计算服务设备10预先设定的签名算法,生产鉴权签名;将鉴权签名发送至云计算服务设备10。The access terminal device 11 is used to receive the random key issued by the cloud computing service device 10; use the authentication key obtained from the cloud computing service device 10 in advance to execute the random key based on the cloud computing service device 10 preset The signature algorithm is used to generate an authentication signature; and the authentication signature is sent to the cloud computing service device 10.

本发明所提供的鉴权系统,云计算服务设备向接入端设备下发随机密钥,接入端设备在接收到由云计算服务设备下发的随机密钥后,使用预先向云计算服务设备获取的鉴权密钥对该随机密钥执行基于该云计算服务设备预先设定的签名算法,生成鉴权签名,并将鉴权签名发送至云计算服务设备中,云计算服务设备在接收到鉴权签名后,将鉴权签名与预先产生的标准签名进行一致性比对,其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的,当鉴权签名与标准签名一致时,则将接入端设备标记为通过鉴权的设备。通过预先在接入端设备中预设有鉴权密钥以及签名算法,进而对接入端设备进行鉴权时,通过其自身的鉴权密钥对随机密钥执行相应签名算法生成鉴权签名,并通过鉴权签名与标准签名之间的一致性比对,以此判断接入端设备所使用的鉴权密钥以及签名算法是否与预设的鉴权密钥及签名算法一致,从而断定接入端设备是否为可靠设备,即鉴权是否通过。本系统相对确保了在接入端设备所采集的数据准确安全,为云计算服务设备的数据处理提供了安全保证。In the authentication system provided by the present invention, the cloud computing service device issues a random key to the access terminal device, and the access terminal device uses the random key issued by the cloud computing service device to use the The authentication key obtained by the device executes the signature algorithm preset based on the cloud computing service device on the random key, generates an authentication signature, and sends the authentication signature to the cloud computing service device, and the cloud computing service device receives After obtaining the authentication signature, compare the authentication signature with the pre-generated standard signature. The standard signature is to use the authentication key and signature algorithm pre-stored in the system corresponding to the device information of the access device to randomly The key is signed and generated. When the authentication signature is consistent with the standard signature, the access device is marked as an authenticated device. By pre-setting the authentication key and signature algorithm in the access device, and then when authenticating the access device, it uses its own authentication key to execute the corresponding signature algorithm on the random key to generate an authentication signature. And through the consistency comparison between the authentication signature and the standard signature, it is judged whether the authentication key and signature algorithm used by the access device are consistent with the preset authentication key and signature algorithm, so as to conclude that the access Whether the input device is a reliable device, that is, whether the authentication is passed. This system relatively ensures the accuracy and safety of the data collected by the access device, and provides a security guarantee for the data processing of the cloud computing service device.

此外,本发明还提供一种计算机可读存储介质,计算机可读存储介质上存储有运算终端数据处理程序,运算终端数据处理程序可被一个或者多个处理器执行,以实现如上述的应用于云计算服务设备的鉴权方法或应用于接入端设备的鉴权方法。In addition, the present invention also provides a computer-readable storage medium, on which a computing terminal data processing program is stored, and the computing terminal data processing program can be executed by one or more processors, so as to realize the application as above An authentication method for a cloud computing service device or an authentication method applied to an access terminal device.

本发明所提供的计算机可读存储介质,云计算服务设备向接入端设备下发随机密钥,接入端设备在接收到由云计算服务设备下发的随机密钥后,使用预先向云计算服务设备获取的鉴权密钥对该随机密钥执行基于该云计算服务设备预先设定的签名算法,生成鉴权签名,并将鉴权签名发送至云计算服务设备中,云计算服务设备在接收到鉴权签名后,将鉴权签名与预先产生的标准签名进行一致性比对,其中,标准签名是利用系统预存的与接入端设备的设备信息对应的鉴权密钥以及签名算法对随机密钥进行签名生成的,当鉴权签名与标准签名一致时,则将接入端设备标记为通过鉴权的设备。通过预先在接入端设备中预设有鉴权密钥以及签名算法,进而对接入端设备进行鉴权时,通过其自身的鉴权密钥对随机密钥执行相应签名算法生成鉴权签名,并通过鉴权签名与标准签名之间的一致性比对,以此判断接入端设备所使用的鉴权密钥以及签名算法是否与预设的鉴权密钥及签名算法一致,从而断定接入端设备是否为可靠设备,即鉴权是否通过。本计算机可读存储介质相对确保了在接入端设备所采集的数据准确安全,为云计算服务设备的数据处理提供了安全保证。In the computer-readable storage medium provided by the present invention, the cloud computing service device sends a random key to the access device, and the access device uses the random key issued by the cloud computing service device in advance to the cloud The authentication key obtained by the computing service device executes the signature algorithm preset based on the cloud computing service device on the random key, generates an authentication signature, and sends the authentication signature to the cloud computing service device, and the cloud computing service device After receiving the authentication signature, compare the authentication signature with the pre-generated standard signature, where the standard signature uses the authentication key and signature algorithm pre-stored in the system corresponding to the device information of the access device It is generated by signing the random key, and when the authentication signature is consistent with the standard signature, the access device is marked as an authentication-passed device. By pre-setting the authentication key and signature algorithm in the access device, and then when authenticating the access device, it uses its own authentication key to execute the corresponding signature algorithm on the random key to generate an authentication signature. And through the consistency comparison between the authentication signature and the standard signature, it is judged whether the authentication key and signature algorithm used by the access device are consistent with the preset authentication key and signature algorithm, so as to conclude that the access Whether the input device is a reliable device, that is, whether the authentication is passed. The computer-readable storage medium relatively ensures the accuracy and safety of the data collected by the access device, and provides a security guarantee for the data processing of the cloud computing service device.

以上对本发明所提供的一种鉴权方法、系统、设备及介质进行了详细介绍。说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。The authentication method, system, equipment and medium provided by the present invention have been introduced in detail above. Each embodiment in the description is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for the related information, please refer to the description of the method part. It should be pointed out that for those skilled in the art, without departing from the principles of the present invention, some improvements and modifications can be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.

还需要说明的是,在本说明书中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should also be noted that in this specification, relative terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that these entities or operations There is no such actual relationship or order between the operations. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.

Claims (11)

1.一种鉴权方法,其特征在于,包括:1. An authentication method, characterized in that, comprising: 向接入端设备下发随机密钥,并接收所述接入端设备返回的鉴权签名;其中,所述鉴权签名是所述接入端设备通过预存的鉴权密钥对所述随机密钥执行预定的签名算法生成的;Sending a random key to the access device, and receiving the authentication signature returned by the access device; wherein, the authentication signature is that the access device pairs the random The key is generated by executing a predetermined signature algorithm; 对所述鉴权签名以及预先产生的标准签名进行一致性比对;其中,所述标准签名是利用系统预存的与所述接入端设备的设备信息对应的鉴权密钥以及签名算法对所述随机密钥进行签名生成的;Perform a consistency comparison between the authentication signature and the pre-generated standard signature; wherein, the standard signature uses the authentication key and signature algorithm pre-stored in the system corresponding to the device information of the access device to compare the Generated by signing with the above random key; 当所述鉴权签名与所述标准签名一致时,将所述接入端设备标记为鉴权通过设备。When the authentication signature is consistent with the standard signature, mark the access device as an authentication-passed device. 2.根据权利要求1所述的鉴权方法,其特征在于,所述标准签名的生成过程包括:2. The authentication method according to claim 1, wherein the generating process of the standard signature comprises: 获取所述接入端设备的设备信息;Acquiring device information of the access device; 在本地查找与所述设备信息对应鉴权密钥以及签名算法;Search locally for the authentication key and signature algorithm corresponding to the device information; 通过与所述设备信息对应鉴权密钥以及签名算法对所述随机密钥进行签名生成所述标准签名。The standard signature is generated by signing the random key by using an authentication key corresponding to the device information and a signature algorithm. 3.根据权利要求1所述的鉴权方法,其特征在于,在所述向接入端设备下发随机密钥,并接收所述接入端设备返回的鉴权签名之前,所述方法还包括:3. The authentication method according to claim 1, wherein, before sending the random key to the access device and receiving the authentication signature returned by the access device, the method further includes: include: 接收所述接入端设备基于内置鉴权程序传入的鉴权初始化请求;其中,所述内置鉴权程序具有与所述云计算服务设备相匹配的非对称加密密钥;Receiving an authentication initialization request from the access device based on a built-in authentication program; wherein the built-in authentication program has an asymmetric encryption key that matches the cloud computing service device; 将所述鉴权密钥以及所述签名算法基于非对称加密方式发送至所述接入端设备。Send the authentication key and the signature algorithm to the access device based on an asymmetric encryption method. 4.根据权利要求3所述的鉴权方法,其特征在于,所述接收所述接入端设备基于内置鉴权程序传入的鉴权初始化请求,包括:4. The authentication method according to claim 3, wherein the receiving the authentication initialization request from the access device based on the built-in authentication program includes: 接收所述接入端设备基于所述内置鉴权程序传入的包含有身份标识信息的所述鉴权初始化请求;receiving the authentication initialization request including identity information sent by the access device based on the built-in authentication program; 相应的,所述将所述鉴权密钥以及所述签名算法基于非对称加密方式发送至所述接入端设备,包括:Correspondingly, the sending the authentication key and the signature algorithm to the access device based on an asymmetric encryption method includes: 将与所述身份标识信息唯一对应的所述鉴权密钥以及与所述身份标识信息唯一对应的所述签名算法基于非对称加密方式发送至所述接入端设备。Sending the authentication key uniquely corresponding to the identity information and the signature algorithm uniquely corresponding to the identity information to the access terminal device in an asymmetric encryption manner. 5.根据权利要求1至4任意一项所述的鉴权方法,其特征在于,所述对所述鉴权签名以及预先产生的标准签名进行一致性比对,包括:5. The authentication method according to any one of claims 1 to 4, wherein the consistency comparison between the authentication signature and the pre-generated standard signature comprises: 对所述鉴权签名以及由鉴权设备预先产生并传入的所述标准签名进行一致性比对。Consistency comparison is performed on the authentication signature and the standard signature pre-generated and imported by the authentication device. 6.一种鉴权方法,其特征在于,包括:6. An authentication method, characterized in that, comprising: 接收由云计算服务设备下发的随机密钥;Receive the random key issued by the cloud computing service device; 利用预先向所述云计算服务设备获取的鉴权密钥对所述随机密钥执行基于所述云计算服务设备预先设定的签名算法,生产鉴权签名;Executing a signature algorithm preset based on the cloud computing service device on the random key using the authentication key obtained in advance from the cloud computing service device to generate an authentication signature; 将所述鉴权签名发送至所述云计算服务设备。Send the authentication signature to the cloud computing service device. 7.一种鉴权系统,其特征在于,包括:7. An authentication system, characterized in that it comprises: 云计算服务设备,用于向接入端设备下发随机密钥,并接收所述接入端设备返回的鉴权签名;其中,所述鉴权签名是通过所述接入端设备预存的鉴权密钥对所述随机密钥执行预定的签名算法生成的;对所述鉴权签名以及预先产生的标准签名进行一致性比对;其中,所述标准签名是利用系统预存的与所述接入端设备的设备信息对应的鉴权密钥以及签名算法对所述随机密钥进行签名生成的;当所述鉴权签名与所述标准签名一致时,将所述接入端设备标记为鉴权通过设备;The cloud computing service device is configured to issue a random key to the access device, and receive the authentication signature returned by the access device; wherein, the authentication signature is the authentication signature pre-stored by the access device. The random key is generated by performing a predetermined signature algorithm on the random key; the consistency comparison between the authentication signature and the pre-generated standard signature is carried out; The random key is generated by signing the random key with the authentication key corresponding to the device information of the access device and the signature algorithm; when the authentication signature is consistent with the standard signature, the access device is marked as an authentication key. right through the device; 所述接入端设备,用于接收由所述云计算服务设备下发的随机密钥;利用预先向云计算服务设备获取的鉴权密钥对所述随机密钥执行基于所述云计算服务设备预先设定的签名算法,生产鉴权签名;将所述鉴权签名发送至所述云计算服务设备。The access terminal device is configured to receive a random key issued by the cloud computing service device; use the authentication key obtained from the cloud computing service device in advance to execute the random key based on the cloud computing service The signature algorithm preset by the device generates an authentication signature; and sends the authentication signature to the cloud computing service device. 8.一种云计算服务设备,其特征在于,所述设备包括存储器、处理器和总线,所述存储器上存储有可由所述总线传输至所述处理器并在所述处理器上运行的鉴权程序,所述鉴权程序被所述处理器执行时实现如权利要求1至5任意一项所述的鉴权方法。8. A cloud computing service device, characterized in that the device includes a memory, a processor and a bus, and the memory stores authentication information that can be transmitted to the processor by the bus and run on the processor. An authorization program, which implements the authentication method according to any one of claims 1 to 5 when the authentication program is executed by the processor. 9.根据权利要求8所述的云计算服务设备,其特征在于,所述云计算服务设备为组成CDN网络或者区块链网络的节点。9. The cloud computing service device according to claim 8, wherein the cloud computing service device is a node forming a CDN network or a block chain network. 10.一种接入端设备,其特征在于,所述设备包括存储器、处理器和总线,所述存储器上存储有可由所述总线传输至所述处理器并在所述处理器上运行的鉴权程序,所述鉴权程序被所述处理器执行时实现如权利要求6所述的鉴权方法。10. An access terminal device, characterized in that the device includes a memory, a processor, and a bus, and the memory stores authentication information that can be transmitted to the processor by the bus and run on the processor. An authorization program, which implements the authentication method as claimed in claim 6 when the authentication program is executed by the processor. 11.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有鉴权程序,所述鉴权程序可被一个或者多个处理器执行,以实现如权利要求1至5任意一项所述的鉴权方法,或实现如权利要求6所述的鉴权方法。11. A computer-readable storage medium, wherein an authentication program is stored on the computer-readable storage medium, and the authentication program can be executed by one or more processors, so as to realize the 5. The authentication method described in any one, or realize the authentication method described in claim 6.
CN201910708733.3A 2019-08-01 2019-08-01 Authentication method, system, device and medium Active CN110365492B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910708733.3A CN110365492B (en) 2019-08-01 2019-08-01 Authentication method, system, device and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910708733.3A CN110365492B (en) 2019-08-01 2019-08-01 Authentication method, system, device and medium

Publications (2)

Publication Number Publication Date
CN110365492A true CN110365492A (en) 2019-10-22
CN110365492B CN110365492B (en) 2022-04-01

Family

ID=68222995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910708733.3A Active CN110365492B (en) 2019-08-01 2019-08-01 Authentication method, system, device and medium

Country Status (1)

Country Link
CN (1) CN110365492B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110868709A (en) * 2019-11-26 2020-03-06 王永兴 Method and system for preventing harassment and enabling normal communication
CN113890766A (en) * 2021-11-08 2022-01-04 南方电网数字电网研究院有限公司 Power equipment authentication method, device, server and system based on Internet of Things

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621801A (en) * 2009-08-11 2010-01-06 深圳华为通信技术有限公司 Method, system, server and terminal for authenticating wireless local area network
CN103391292A (en) * 2013-07-18 2013-11-13 百度在线网络技术(北京)有限公司 Mobile-application-oriented safe login method, system and device
EP3462667A1 (en) * 2017-09-27 2019-04-03 Banco Bilbao Vizcaya Argentaria, S.A. Blockchain based joint blind key escrow
CN110062002A (en) * 2019-04-29 2019-07-26 核芯互联科技(青岛)有限公司 A kind of method for authenticating and Related product

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621801A (en) * 2009-08-11 2010-01-06 深圳华为通信技术有限公司 Method, system, server and terminal for authenticating wireless local area network
CN103391292A (en) * 2013-07-18 2013-11-13 百度在线网络技术(北京)有限公司 Mobile-application-oriented safe login method, system and device
EP3462667A1 (en) * 2017-09-27 2019-04-03 Banco Bilbao Vizcaya Argentaria, S.A. Blockchain based joint blind key escrow
CN110062002A (en) * 2019-04-29 2019-07-26 核芯互联科技(青岛)有限公司 A kind of method for authenticating and Related product

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110868709A (en) * 2019-11-26 2020-03-06 王永兴 Method and system for preventing harassment and enabling normal communication
CN113890766A (en) * 2021-11-08 2022-01-04 南方电网数字电网研究院有限公司 Power equipment authentication method, device, server and system based on Internet of Things
CN113890766B (en) * 2021-11-08 2024-04-09 南方电网数字电网科技(广东)有限公司 Power equipment authentication method, device, server and system based on Internet of things and storage medium

Also Published As

Publication number Publication date
CN110365492B (en) 2022-04-01

Similar Documents

Publication Publication Date Title
US10440151B2 (en) Service authorization handshake
WO2021017128A1 (en) Login token generation method and apparatus, login token verification method and apparatus, and server
US10382426B2 (en) Authentication context transfer for accessing computing resources via single sign-on with single use access tokens
TWI682297B (en) Method, device and system for preventing cross-website request forgery
WO2017020452A1 (en) Authentication method and authentication system
US9942042B1 (en) Key containers for securely asserting user authentication
CN109474437B (en) A method for applying digital certificate based on biometric information
TW201339886A (en) Method, device, and system for managing user authentication
CN113221128B (en) Account and password storage method and registration management system
CN106209734B (en) The identity identifying method and device of process
US20200196143A1 (en) Public key-based service authentication method and system
EP3206329B1 (en) Security check method, device, terminal and server
CN113971274B (en) An identification method and device
CN110011950B (en) Authentication method and device for video stream address
US10728232B2 (en) Method for authenticating client system, client device, and authentication server
KR20180129475A (en) Method, user terminal and authentication service server for authentication
WO2019184206A1 (en) Identity authentication method and apparatus
CN110365492A (en) An authentication method, system, device and medium
WO2017031859A1 (en) Method and apparatus for verifying access security
CN112653676B (en) Identity authentication method and equipment crossing authentication system
CN113505353A (en) Authentication method, device, equipment and storage medium
US9288060B1 (en) System and method for decentralized authentication of supplicant devices
CN104753879A (en) Method and system for authenticating cloud service provider through terminal and method and system for authenticating terminal through cloud service provider
KR20200137126A (en) Apparatus and method for registering biometric information, apparatus and method for biometric authentication
CN114090996A (en) Multi-party system mutual trust authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant