[go: up one dir, main page]

CN119210877A - Identity authentication method, device, terminal equipment and storage medium - Google Patents

Identity authentication method, device, terminal equipment and storage medium Download PDF

Info

Publication number
CN119210877A
CN119210877A CN202411405538.0A CN202411405538A CN119210877A CN 119210877 A CN119210877 A CN 119210877A CN 202411405538 A CN202411405538 A CN 202411405538A CN 119210877 A CN119210877 A CN 119210877A
Authority
CN
China
Prior art keywords
equipment
identity
information
authentication
authenticated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411405538.0A
Other languages
Chinese (zh)
Inventor
卢良政
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Kaihong Digital Industry Development Co Ltd
Original Assignee
Shenzhen Kaihong Digital Industry Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Kaihong Digital Industry Development Co Ltd filed Critical Shenzhen Kaihong Digital Industry Development Co Ltd
Priority to CN202411405538.0A priority Critical patent/CN119210877A/en
Publication of CN119210877A publication Critical patent/CN119210877A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The invention discloses an identity authentication method, an identity authentication device, terminal equipment and a storage medium, wherein the method comprises the steps of determining self credential information of identity equipment to be authenticated when the identity equipment to be authenticated receives a target instruction; determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment to generate temporary credential information of the auxiliary authentication equipment, and authenticating the identity information of the equipment to be authenticated according to the self credential information and the temporary credential information. Therefore, the equipment identity authentication process needs to combine the self credential information of the equipment and the temporary credential information of other equipment, and the identity credential credibility of the equipment to be authenticated in the identity authentication process can be effectively improved by combining the temporary credential information about the equipment to be authenticated generated by other equipment, so that the identity information security of the internet equipment in the identity authentication process is enhanced.

Description

Identity authentication method, device, terminal equipment and storage medium
Technical Field
The present invention relates to the field of internet of things, and in particular, to an identity authentication method, an identity authentication device, a terminal device, and a storage medium.
Background
In the Internet age, the equipment identity authentication technology can prevent the information resource from being used unauthorized, so that the safety of the information resource is ensured. Currently, the equipment identity authentication technology mainly adopts SE (Secure Element) and TEE (Trusted Execution Environment) to ensure network security when data and application programs perform identity authentication in mobile equipment and embedded systems. The SE is an independent hardware component for storing sensitive information and performing encryption operation, and by storing private keys and certificates of the device in the SE, the SE can ensure that the data credentials are kept safe and difficult to tamper with or steal in the life cycle of the device, so that higher-level security isolation is realized. The TEE is an isolated area of the processor that runs in parallel with the device operating system to provide a secure execution environment that ensures that the device's authentication process is protected from malware and unauthorized access by running authentication logic inside the TEE.
It can be seen that the existing device identity authentication technology needs to rely on SE and TEE to provide an encryption place for the identity authentication process of the device, which increases the deployment cost of the network system. Meanwhile, the equipment identity authentication technology of SE and TEE is adopted, only a safe identity authentication execution environment is provided for equipment, and the credibility of identity credentials of the equipment in the identity authentication process cannot be improved.
Accordingly, there is a need for improvement and advancement in the art.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an identity authentication method, an identity authentication device, a terminal device and a storage medium aiming at the defects of the prior art, and aims to solve the problems that the equipment identity authentication technology in the prior art needs to rely on SE and TEE to provide an encryption place for the identity authentication process of equipment, the deployment cost of a network system is increased, and the equipment identity authentication technology adopting SE and TEE only provides a safe identity authentication execution environment for the equipment and cannot improve the identity credential credibility of the equipment in the identity authentication process.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
In a first aspect, the present invention provides an identity authentication method, where the method includes:
when the identity equipment to be authenticated receives a target instruction, self credential information of the identity equipment to be authenticated is determined;
determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment, and generating temporary credential information of the auxiliary authentication equipment;
and authenticating the identity information of the equipment to be authenticated according to the self-credential information and the temporary credential information.
In one implementation manner, when the identity device to be authenticated receives the target instruction, determining self-credential information of the identity device to be authenticated includes:
Acquiring a digital certificate and a secret key of the equipment to be authenticated according to the target instruction;
And determining self-certificate information of the equipment to be authenticated according to the digital certificate and the secret key.
In one implementation manner, the determining a target scene according to the target instruction, and determining a secondary authentication device according to the target scene, includes:
Determining the grade information of the target scene according to the target instruction;
determining the level requirement and the quantity requirement of the auxiliary authentication equipment according to the level information;
and determining the auxiliary authentication equipment according to the level requirement and the quantity requirement.
In one implementation, the issuing a request to the secondary authentication device, generating temporary credential information for the secondary authentication device, includes:
Based on the distributed soft bus, sending a request to the auxiliary authentication equipment;
And generating temporary credential information of the auxiliary authentication equipment according to the request, wherein the temporary credential information comprises identification information of the equipment to be authenticated.
In one implementation, the generating temporary credential information of the secondary authentication device according to the request includes:
Determining the effective duration of the temporary credential information according to the request;
And generating the temporary credential information of the auxiliary authentication equipment according to the effective duration.
In one implementation manner, the authenticating the identity information of the identity device to be authenticated according to the self-credential information and the temporary credential information includes:
Inputting the self-certification information and the temporary certification information into a distributed data management system through a preset encryption channel;
Verifying the validity of the self-certification information and the temporary certification information according to the distributed data management system to obtain a verification result;
And determining an identity authentication result of the equipment to be authenticated according to the authentication result.
In one implementation manner, the determining, according to the verification result, an identity authentication result of the device to be authenticated, includes:
when the verification result is that the self credential information and the temporary credential information pass verification, determining that the identity authentication result is that the identity information of the equipment to be authenticated is correct;
And when the verification result is that at least one of the self-certificate information and the temporary certificate information is not verified, determining that the identity authentication result is the identity information error of the equipment to be authenticated.
In a second aspect, an embodiment of the present invention further provides an identity authentication device, where the device includes:
The self-certification information determining module is used for determining self-certification information of the identity equipment to be certified when the identity equipment to be certified receives a target instruction;
The temporary credential information determining module is used for determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment and generating temporary credential information of the auxiliary authentication equipment;
And the identity information authentication module is used for authenticating the identity information of the equipment to be authenticated according to the self-certificate information and the temporary certificate information.
In a third aspect, an embodiment of the present invention further provides a terminal device, where the terminal device includes a memory, a processor, and an identity authentication program stored in the memory and capable of running on the processor, and when the processor executes the identity authentication program, the processor implements the steps of the identity authentication method in any one of the foregoing schemes.
In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores an identity authentication program, where the identity authentication program, when executed by a processor, implements the steps of the identity authentication method according to any one of the above schemes.
The method has the advantages that compared with the prior art, the method comprises the steps of determining self-certification information of the identity equipment to be authenticated when the identity equipment to be authenticated receives a target instruction, determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment to generate temporary certification information of the auxiliary authentication equipment, and authenticating the identity information of the identity equipment to be authenticated according to the self-certification information and the temporary certification information. Therefore, the equipment identity authentication process needs to combine the self credential information of the equipment and the temporary credential information of other equipment, and the identity credential credibility of the equipment to be authenticated in the identity authentication process can be effectively improved by combining the temporary credential information about the equipment to be authenticated generated by other equipment, so that the identity information security of the internet equipment in the identity authentication process is enhanced.
Drawings
Fig. 1 is a flowchart of a specific implementation of an identity authentication method according to an embodiment of the present invention.
Fig. 2 is a functional schematic diagram of an identity authentication device according to an embodiment of the present invention.
Fig. 3 is a schematic block diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and effects of the present invention clearer and more specific, the present invention will be described in further detail below with reference to the accompanying drawings and examples.
It will be appreciated by persons skilled in the art that the specific embodiments described herein are for purposes of illustration only and are not intended to be limiting. As used herein, the singular forms "a," "an," "the" and "the" are intended to include the plural forms as well, and the word "comprising" when used in the specification of the present invention means that there are one or more of the stated features, integers, steps, operations, elements, and/or components, but does not exclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein includes all or any element and all combination of one or more of the associated listed items.
The embodiment provides an identity authentication method, an identity authentication device, a terminal device and a storage medium, and when in implementation, in the embodiment, when the identity equipment to be authenticated receives the target instruction, self credential information of the identity equipment to be authenticated is determined. And then, determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment, and generating temporary credential information of the auxiliary authentication equipment. And finally, authenticating the identity information of the equipment to be authenticated according to the self-credential information and the temporary credential information. Therefore, the device identity authentication process of the embodiment needs to combine the self credential information of the device and the temporary credential information of other devices, and by combining the temporary credential information about the device to be authenticated generated by other devices, the identity credential credibility of the device to be authenticated in the identity authentication process can be effectively improved, and the identity information security of the internet device in the identity authentication process is enhanced.
The identity authentication method of the embodiment can be applied to terminal equipment, wherein the terminal equipment can be preset mobile terminal equipment such as mobile phones, tablets and computers, and intelligent equipment such as intelligent televisions. In this embodiment, the terminal device may be an external device connected to the identity authentication device, or may be a device built in the identity authentication device. Further, the device in this embodiment may refer to a device installed in the open source hong system (OpenHarmony OS) or a device in the standard system of the open source hong system (KaihongOS). OpenHarmony OS support interconnection and interworking of various terminal devices, covering various intelligent devices ranging from consumer electronics to industrial control, which may include, but are not limited to, smart wearable devices such as smart watches, health monitoring bracelets, smart home products such as smart speakers, smart televisions, smart lighting systems, security monitoring, mobile terminals such as smart phones, tablet computers, internet of things devices such as smart sensors, smart door locks, environmental monitoring devices, educational and office devices such as electronic whiteboards, conference systems, vehicle-mounted devices such as vehicle-mounted entertainment information systems, smart rear-view mirrors.
As shown in fig. 1, the identity authentication method of the present embodiment includes the steps of:
and step S100, when the identity equipment to be authenticated receives the target instruction, determining self-certificate information of the identity equipment to be authenticated.
Typically, various terminal devices in an automation system based on internet of things (IoT) are interconnected and intercommunicated. When the terminal devices are connected to an Internet of things system, the terminal devices can match and register the respective self-certificate information with the system gateway in advance. Then, when the terminal devices send out requests to other devices in the internet of things system, the gateway sends out a target instruction to return to the terminal device, and the relevant credential information of the terminal device can be called out through the target instruction. And then comparing and verifying the fetched credential information with the self credential information of the device stored in the gateway when the device is registered. And finally, judging whether the identity information of the current terminal equipment is correct or not according to the verification result.
That is, when the to-be-authenticated device receives the target instruction, the to-be-authenticated device can preferentially determine its own credential information through the registration information of the to-be-authenticated device when joining the internet of things system, so as to verify whether the identity information of the to-be-authenticated device is correct according to the own credential information in the subsequent process.
Specifically, the identity authentication method can be performed in an internet of things system platform based on OpenHarmony, and the internet of things system platform based on OpenHarmony mainly comprises a distributed soft bus, a distributed data management module, a distributed task scheduling module and a device virtualization module. The distributed soft bus is a unified base of the multi-device terminal, provides unified distributed communication capability for seamless interconnection among devices, can quickly discover and connect the devices, efficiently transmit tasks and data, is internally provided with a safety mechanism, ensures safety in the data transmission process, and avoids information leakage during interaction among the multiple devices. The distributed data management module is based on a distributed soft bus, so that the distributed management of application program data and user data is realized, the user data is not bound with single physical equipment, business logic and data storage are separated, and data is seamlessly joined when the application is run across the equipment, so that a basic condition is created for consistent and smooth user experience. The distributed task scheduling module builds a unified distributed service management/discovery/synchronization/registration/calling mechanism based on the technical characteristics of distributed soft buses, distributed data management, distributed storage and the like, supports operations such as remote starting, remote calling, binding, unbinding and migration on the application of the cross-equipment, and can select the most suitable equipment to operate the distributed task according to the capacities, positions, service operation states and resource use conditions of different equipment and in combination with the habit and intention of users. The device virtualization module can realize resource fusion, device management and data processing of different devices, and the peripheral devices are used as extension of the mobile phone capability to jointly form a super virtual terminal.
In one implementation manner, step S100 of the present embodiment specifically includes the following steps:
step S101, acquiring a digital certificate and a secret key of the equipment to be authenticated according to the target instruction;
step S102, self-certification information of the identity equipment to be authenticated is determined according to the digital certificate and the secret key.
In specific implementation, the method further comprises the steps of registering each device added into the Internet of things system before the identity device to be authenticated receives the target instruction, enabling each device added into the Internet of things system to have a unique device identifier, managing respective keys through the distributed key management system, providing a basis for identity authentication, and then interconnecting all devices in the Internet of things system based on the distributed soft bus. The device identifier may be a digital certificate and a secret key of the device, where the digital certificate includes a public key of the device, a private key signature issued by a CA (CERTIFICATE AUTHORITY ), and data information such as identity information of the device.
And then, when the identity equipment to be authenticated sends a request to other equipment in the Internet of things system, receiving a target instruction sent by the other equipment and returned to the identity equipment to be authenticated, acquiring a digital certificate and a secret key of the identity equipment to be authenticated from the distributed secret key management system according to the target instruction, and finally using the digital certificate and the secret key for verifying the identity of the identity equipment to be authenticated as self-certification information of the identity equipment to be authenticated. Preferably, the self-credential information in this embodiment includes, but is not limited to, a digital certificate, a key, and a token, which is not particularly limited in this embodiment.
Step 200, determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment, and generating temporary credential information of the auxiliary authentication equipment.
Because the target instruction is generated according to the request sent by the identity device to be authenticated to other devices, the target instruction can reflect the scene involved in the request sent by the identity device to be authenticated to other devices. Then, a proper auxiliary authentication device is selected according to the scene related to the request, so that the reference value of temporary credential information of the auxiliary authentication device generated in the subsequent process can be improved.
In one implementation manner, when determining a target scene according to the target instruction and determining an auxiliary authentication device according to the target scene, the embodiment includes the following steps:
Step S201, determining the grade information of the target scene according to the target instruction;
Step S202, determining the level requirement and the quantity requirement of the auxiliary authentication equipment according to the level information;
step S203, determining the auxiliary authentication device according to the level requirement and the quantity requirement.
Specifically, the target instruction may reflect the level information of the target scene involved in the request sent by the identity device to be authenticated to other devices, and different level information may be used to reflect different scene security requirements. For example, when the target scene is a starting scene of the intelligent home equipment, the grade information is a second grade, and when the target scene is a starting scene of the intelligent door lock equipment, the grade information is a first grade, wherein the scene safety requirement of the first grade is higher than the scene safety requirement of the second grade.
Further, in this embodiment, the level requirements and the quantity requirements corresponding to the different level information may be obtained according to a reference table of the level requirements and the quantity requirements corresponding to the preset level information, where the reference table may be set by user according to the current requirements, for example, in the first level, the level requirements of the set auxiliary authentication device are one level and the quantity requirements are three, and in the second level, the level requirements of the set auxiliary authentication device are two levels and the quantity requirements are two.
Then, in the first level, the auxiliary authentication device may optionally select a number of devices (such as three devices) in the devices such as the intelligent face recognition device, the intelligent camera, the intelligent door, the intelligent lock, the intelligent switch, etc. which belong to the first level device in the internet of things system, and use the number of devices as the auxiliary authentication device of the starting scene of the first level intelligent door lock device. In the second level, the auxiliary authentication device can randomly select a number of devices (such as two devices) from the devices belonging to the second level devices in the internet of things system, such as an intelligent fan, an intelligent air conditioner, an intelligent refrigerator, an intelligent chair and the like, and use the devices as auxiliary authentication devices of a starting scene of the second level intelligent home device.
In one implementation manner, when a request is sent to the auxiliary authentication device and temporary credential information of the auxiliary authentication device is generated, the method includes the following steps:
step S204, based on the distributed soft bus, sending a request to the auxiliary authentication equipment;
Step 205, generating temporary credential information of the auxiliary authentication device according to the request, where the temporary credential information includes identification information of the device to be authenticated.
Because the identity device to be authenticated, the auxiliary authentication device and other devices in the internet of things system are connected and intercommunicated based on the distributed soft bus, the method can send a request to the auxiliary authentication device based on the distributed soft bus after the auxiliary authentication device is determined. Then, the auxiliary authentication device may generate temporary credential information for reflecting and containing identification information of the identity device to be authenticated according to the request information issued by the identity device to be authenticated.
Preferably, the temporary credential information in this embodiment includes, but is not limited to, a digital certificate of an identity device to be authenticated, a key of the identity device to be authenticated, a session key between an auxiliary authentication device and the identity device to be authenticated, an encryption certificate, a token, or other temporary credential information, which is not specifically limited in this embodiment. Meanwhile, the process of generating temporary credential information of the auxiliary authentication device in the embodiment further comprises the step that the auxiliary authentication device and the identity device to be authenticated respectively send digital certificates of the auxiliary authentication device and the identity device to be authenticated to the gateway for verification, so that the device identities of the auxiliary authentication device and the identity device to be authenticated are ensured to be legal.
In one implementation, step S205 of this embodiment specifically includes the following steps:
step S2051, determining the effective duration of the temporary credential information according to the request;
step S2052, generating the temporary credential information of the auxiliary authentication device according to the effective duration.
In a specific implementation process, the temporary credential information generated by the auxiliary authentication device of the present embodiment may further set an effective duration, where the effective duration includes an effective time range and an effective number of times. That is, in the process of generating the temporary credential information by the auxiliary authentication device, a special instruction containing timeliness limitation is input according to the request to determine the effective duration of the temporary credential information, so that the temporary credential information is ensured to be effective only in a specific situation, and timeliness of the temporary credential information is ensured.
The special instruction containing the time limit can be set through scene requirements, for example, in a starting scene of the intelligent door lock device, the effective times are set to be one time, so that the temporary credential information of the auxiliary authentication device selected in the scene can only be used once, that is, in the next starting scene of the intelligent door lock device, new auxiliary authentication device is needed to be selected or new temporary credential information is generated, thereby improving the reliability of the identity credential in the identity authentication process and enhancing the identity information security of the internet device.
Optionally, the specific operation procedure of generating temporary credential information of the auxiliary authentication device in this embodiment may be to use a key exchange algorithm (such as ECDH algorithm) in the transport layer security protocol (Transport Layer Security, TLS) to assist the auxiliary authentication device and the device to be authenticated to negotiate a session key shared by both parties, where the session key is only limited to the communication encryption authentication procedure used for the current session. The ECDH (Elliptic Curve Diffie-Hellman) algorithm is a key protocol method based on elliptic curve cryptography, and can provide an efficient and safe key exchange environment.
And step S300, authenticating the identity information of the equipment to be authenticated according to the self-credential information and the temporary credential information.
In one implementation manner, step S300 of the present embodiment specifically includes the following steps:
step 301, inputting the self-certification information and the temporary certification information to a distributed data management system through a preset encryption channel;
Step S302, verifying the validity of the self-certification information and the temporary certification information according to the distributed data management system to obtain a verification result;
step S303, determining an identity authentication result of the equipment to be authenticated according to the authentication result.
Specifically, in this embodiment, after obtaining self-credential information such as a digital certificate and a key of an identity device to be authenticated according to a target instruction, the self-credential information is input into a distributed data management system through a preset encryption channel. Further, after determining the temporary credential information generated by the auxiliary authentication device, the embodiment also inputs the temporary credential information to the distributed data management system through a preset encryption channel. Optionally, the preset encryption channels (or encryption protocols) in this embodiment include, but are not limited to :SSL/TLS (Secure Sockets Layer/Transport Layer Security)、IPSec (Internet Protocol Security)、SSH (Secure Shell)、HTTPS with Client Certificates、MQTT with TLS and rabitmq WITH AMQP AND TLS, and in specific application scenarios, system architecture and security requirements, the actual personnel can select appropriate encryption algorithm, key management and certificate verification mechanism as required to achieve the best data encryption transmission effect.
Further, in the distributed data management system, the validity of the self-credential information and the temporary credential information is verified, and a verification result is obtained. The step of verifying the validity of the self-credential information and the temporary credential information in the embodiment comprises the steps of firstly verifying the authenticity of the self-credential information of the identity device to be authenticated. Then, the authenticity and validity of the temporary credential information provided by the auxiliary authentication device are respectively verified. And finally, further determining an identity authentication result of the equipment to be authenticated according to the authentication result.
In one implementation manner, step S303 of the present embodiment specifically includes the following steps:
step S3031, when the verification result is that both the self credential information and the temporary credential information pass verification, determining that the identity authentication result is that the identity information of the equipment to be authenticated is correct;
step S3032, when the verification result is that at least one of the self-credential information and the temporary credential information fails to pass the verification, determining that the identity authentication result is that the identity information of the equipment to be authenticated is wrong.
That is, in one aspect, when the verification result of the embodiment is that both the self credential information and the temporary credential information pass through, it is determined that the identity information of the identity device to be authenticated is correct, that is, the identity of the identity device to be authenticated passes through. On the other hand, when the verification result in the embodiment is that at least one of the self-credential information and the temporary credential information is not verified, it is determined that the identity authentication result is that the identity information of the equipment to be authenticated is wrong, that is, the identity authentication of the equipment to be authenticated is not passed. The verification result in this embodiment is that at least one of the self-credential information and the temporary credential information fails to pass, including the case that the self-credential information fails to pass and the temporary credential information fails to pass, and also including the case that the self-credential information and the temporary credential information fail to pass.
In summary, when the embodiment provides an identity authentication method, in a specific implementation, when an identity device to be authenticated receives a target instruction, the embodiment determines self-credential information of the identity device to be authenticated. And then, determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment, and generating temporary credential information of the auxiliary authentication equipment. And finally, authenticating the identity information of the equipment to be authenticated according to the self-credential information and the temporary credential information. Therefore, the device identity authentication process of the embodiment needs to combine the self credential information of the device and the temporary credential information of other devices, and by combining the temporary credential information about the device to be authenticated generated by other devices, the identity credential credibility of the device to be authenticated in the identity authentication process can be effectively improved, and the identity information security of the internet device in the identity authentication process is enhanced.
Based on the above embodiment, the present invention also provides an identity authentication device, as shown in fig. 2, which includes a self-credential information determination module 10, a temporary credential information determination module 20, and an identity information authentication module 30. Specifically, the self-credential information determining module 10 is configured to determine self-credential information of the identity device to be authenticated when the identity device to be authenticated receives a target instruction. The temporary credential information determining module 20 is configured to determine a target scene according to the target instruction, determine a secondary authentication device according to the target scene, send a request to the secondary authentication device, and generate temporary credential information of the secondary authentication device. The identity information authentication module 30 is configured to authenticate identity information of the device to be authenticated according to the self-credential information and the temporary credential information.
In one implementation, the self-credential information determination module 10 includes:
The digital certificate and key acquisition unit is used for acquiring the digital certificate and key of the equipment to be authenticated according to the target instruction;
and the self-certification information determining unit is used for determining the self-certification information of the equipment to be authenticated according to the digital certificate and the secret key.
In one implementation, the temporary credential information determination module 20 includes:
The grade information determining unit is used for determining grade information of the target scene according to the target instruction;
A level demand and quantity demand determining unit configured to determine a level demand and a quantity demand of the auxiliary authentication device according to the level information;
And the auxiliary authentication device determining unit is used for determining the auxiliary authentication device according to the level requirement and the quantity requirement.
A request sending unit, configured to send a request to the auxiliary authentication device based on a distributed soft bus;
And the temporary credential information generation unit is used for generating temporary credential information of the auxiliary authentication equipment according to the request, wherein the temporary credential information contains identification information of the equipment to be authenticated.
In one implementation, the temporary credential information generating unit includes:
An effective duration determining subunit, configured to determine an effective duration of the temporary credential information according to the request;
and the temporary credential information determining subunit is used for generating the temporary credential information of the auxiliary authentication equipment according to the effective duration.
In one implementation, the identity information authentication module 30 includes:
the credential information transmission unit is used for inputting the self credential information and the temporary credential information into a distributed data management system through a preset encryption channel;
the credential information verification unit is used for verifying the validity of the self credential information and the temporary credential information according to the distributed data management system to obtain a verification result;
And the identity authentication result determining unit is used for determining the identity authentication result of the equipment to be authenticated according to the verification result.
In one implementation, the identity authentication result determining unit includes:
The identity information authentication passing subunit is used for determining that the identity information of the equipment to be authenticated is correct when the authentication result is that the self credential information and the temporary credential information are authenticated;
and the identity information authentication failing subunit is used for determining that the identity authentication result is the identity information error of the equipment to be authenticated when the authentication result is that at least one of the self credential information and the temporary credential information fails to pass the authentication.
The working principle of each module in the identity authentication device of this embodiment is the same as that of each step in the above method embodiment, and will not be described here again.
Based on the above embodiment, the present invention also provides a terminal device, and a schematic block diagram of the terminal device may be shown in fig. 3. The terminal device may include one or more processors 100 (only one shown in fig. 3), a memory 101, and a computer program 102, e.g., an authentication program, stored in the memory 101 and executable on the one or more processors 100. The one or more processors 100, when executing computer program 102, may implement the various steps in embodiments of an identity authentication method. Or the one or more processors 100, when executing the computer program 102, may perform the functions of the various modules/units of the embodiments of the authentication device, without limitation.
In one embodiment, the Processor 100 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSPs), application SPECIFIC INTEGRATED Circuits (ASICs), off-the-shelf Programmable gate arrays (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In one embodiment, the memory 101 may be an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. The memory 101 may also be an external storage device of the electronic device, such as a plug-in hard disk provided on the electronic device, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), or the like. Further, the memory 101 may also include both an internal storage unit and an external storage device of the electronic device. The memory 101 is used to store computer programs and other programs and data required by the terminal device. The memory 101 may also be used to temporarily store data that has been output or is to be output.
It will be appreciated by persons skilled in the art that the functional block diagram shown in fig. 3 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the terminal device to which the present inventive arrangements are applied, and that a particular terminal device may include more or fewer components than shown, or may combine some of the components, or may have a different arrangement of components.
Those skilled in the art will appreciate that implementing all or part of the above-described methods may be accomplished by way of a computer program, which may be stored on a non-transitory computer readable storage medium, that when executed may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, operational database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual operation data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
In summary, the invention discloses an identity authentication method, an identity authentication device, a terminal device and a storage medium, wherein the method comprises the steps of determining self credential information of an identity device to be authenticated when the identity device to be authenticated receives a target instruction; determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment to generate temporary credential information of the auxiliary authentication equipment, and authenticating the identity information of the equipment to be authenticated according to the self credential information and the temporary credential information. Therefore, the equipment identity authentication process needs to combine the self credential information of the equipment and the temporary credential information of other equipment, and the identity credential credibility of the equipment to be authenticated in the identity authentication process can be effectively improved by combining the temporary credential information about the equipment to be authenticated generated by other equipment, so that the identity information security of the internet equipment in the identity authentication process is enhanced.
It should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention, and not for limiting the same, and although the present invention has been described in detail with reference to the above-mentioned embodiments, it should be understood by those skilled in the art that the technical solution described in the above-mentioned embodiments may be modified or some technical features may be equivalently replaced, and these modifications or substitutions do not make the essence of the corresponding technical solution deviate from the spirit and scope of the technical solution of the embodiments of the present invention.

Claims (10)

1. An identity authentication method, the method comprising:
when the identity equipment to be authenticated receives a target instruction, self credential information of the identity equipment to be authenticated is determined;
determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment, and generating temporary credential information of the auxiliary authentication equipment;
and authenticating the identity information of the equipment to be authenticated according to the self-credential information and the temporary credential information.
2. The method for authenticating an identity according to claim 1, wherein the determining self-credential information of the identity device to be authenticated when the identity device to be authenticated receives the target instruction includes:
Acquiring a digital certificate and a secret key of the equipment to be authenticated according to the target instruction;
And determining self-certificate information of the equipment to be authenticated according to the digital certificate and the secret key.
3. The identity authentication method according to claim 1, wherein the determining a target scene according to the target instruction, determining a secondary authentication device according to the target scene, comprises:
Determining the grade information of the target scene according to the target instruction;
determining the level requirement and the quantity requirement of the auxiliary authentication equipment according to the level information;
and determining the auxiliary authentication equipment according to the level requirement and the quantity requirement.
4. The method of claim 3, wherein the issuing a request to the secondary authentication device generates temporary credential information for the secondary authentication device, comprising:
Based on the distributed soft bus, sending a request to the auxiliary authentication equipment;
And generating temporary credential information of the auxiliary authentication equipment according to the request, wherein the temporary credential information comprises identification information of the equipment to be authenticated.
5. The identity authentication method of claim 4, wherein the generating temporary credential information of the secondary authentication device according to the request comprises:
Determining the effective duration of the temporary credential information according to the request;
And generating the temporary credential information of the auxiliary authentication equipment according to the effective duration.
6. The identity authentication method according to claim 2 or 5, wherein the authenticating the identity information of the device to be authenticated according to the self-credential information and the temporary credential information includes:
Inputting the self-certification information and the temporary certification information into a distributed data management system through a preset encryption channel;
Verifying the validity of the self-certification information and the temporary certification information according to the distributed data management system to obtain a verification result;
And determining an identity authentication result of the equipment to be authenticated according to the authentication result.
7. The method according to claim 6, wherein the determining the identity authentication result of the device to be authenticated according to the verification result includes:
when the verification result is that the self credential information and the temporary credential information pass verification, determining that the identity authentication result is that the identity information of the equipment to be authenticated is correct;
And when the verification result is that at least one of the self-certificate information and the temporary certificate information is not verified, determining that the identity authentication result is the identity information error of the equipment to be authenticated.
8. An identity authentication device, the device comprising:
The self-certification information determining module is used for determining self-certification information of the identity equipment to be certified when the identity equipment to be certified receives a target instruction;
The temporary credential information determining module is used for determining a target scene according to the target instruction, determining auxiliary authentication equipment according to the target scene, sending a request to the auxiliary authentication equipment and generating temporary credential information of the auxiliary authentication equipment;
And the identity information authentication module is used for authenticating the identity information of the equipment to be authenticated according to the self-certificate information and the temporary certificate information.
9. A terminal device, characterized in that it comprises a memory, a processor and an authentication program stored in said memory and executable on said processor, said processor implementing the steps of the authentication method according to any one of claims 1-7 when said authentication program is executed.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon an identity authentication program, which, when executed by a processor, implements the steps of the identity authentication method according to any of claims 1-7.
CN202411405538.0A 2024-10-10 2024-10-10 Identity authentication method, device, terminal equipment and storage medium Pending CN119210877A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411405538.0A CN119210877A (en) 2024-10-10 2024-10-10 Identity authentication method, device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411405538.0A CN119210877A (en) 2024-10-10 2024-10-10 Identity authentication method, device, terminal equipment and storage medium

Publications (1)

Publication Number Publication Date
CN119210877A true CN119210877A (en) 2024-12-27

Family

ID=94072106

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411405538.0A Pending CN119210877A (en) 2024-10-10 2024-10-10 Identity authentication method, device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN119210877A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106897901A (en) * 2017-02-16 2017-06-27 湖北大学 Based on the shared bicycle Secure Billing method that home is proved
CN107633162A (en) * 2017-10-19 2018-01-26 深圳怡化电脑股份有限公司 A kind of identity identifying method, device, system, equipment and storage medium
CN109446955A (en) * 2018-10-17 2019-03-08 南京理工大学泰州科技学院 A kind of image processing method, device, unmanned plane and server
CN113055889A (en) * 2021-02-01 2021-06-29 浙江大学 Mobile phone pasture detection and calibration method based on resonance characteristics of inertial measurement unit
CN114091001A (en) * 2022-01-17 2022-02-25 南京易科腾信息技术有限公司 Collaborative authentication method, system, device and storage medium
CN114818007A (en) * 2022-04-26 2022-07-29 诺丁汉(宁波保税区)区块链有限公司 A blockchain-based overseas invoice authentication method, system and storage medium
CN116017307A (en) * 2022-12-30 2023-04-25 金卡智能集团股份有限公司 Intelligent device binding method and device, computer device and readable storage medium
CN116325841A (en) * 2020-10-21 2023-06-23 国际商业机器公司 Multi-factor authentication of internet of things devices

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106897901A (en) * 2017-02-16 2017-06-27 湖北大学 Based on the shared bicycle Secure Billing method that home is proved
CN107633162A (en) * 2017-10-19 2018-01-26 深圳怡化电脑股份有限公司 A kind of identity identifying method, device, system, equipment and storage medium
CN109446955A (en) * 2018-10-17 2019-03-08 南京理工大学泰州科技学院 A kind of image processing method, device, unmanned plane and server
CN116325841A (en) * 2020-10-21 2023-06-23 国际商业机器公司 Multi-factor authentication of internet of things devices
CN113055889A (en) * 2021-02-01 2021-06-29 浙江大学 Mobile phone pasture detection and calibration method based on resonance characteristics of inertial measurement unit
CN114091001A (en) * 2022-01-17 2022-02-25 南京易科腾信息技术有限公司 Collaborative authentication method, system, device and storage medium
CN114818007A (en) * 2022-04-26 2022-07-29 诺丁汉(宁波保税区)区块链有限公司 A blockchain-based overseas invoice authentication method, system and storage medium
CN116017307A (en) * 2022-12-30 2023-04-25 金卡智能集团股份有限公司 Intelligent device binding method and device, computer device and readable storage medium

Similar Documents

Publication Publication Date Title
CN110915183B (en) Block chain authentication via hard/soft token validation
US20230049177A1 (en) System, Apparatus And Method For Scalable Internet Of Things (IOT) Device On-Boarding With Quarantine Capabilities
US9659160B2 (en) System and methods for authentication using multiple devices
US9621355B1 (en) Securely authorizing client applications on devices to hosted services
US9380058B1 (en) Systems and methods for anonymous authentication using multiple devices
US8112787B2 (en) System and method for securing a credential via user and server verification
US8782401B2 (en) Enhanced privacy ID based platform attestation
US10404680B2 (en) Method for obtaining vetted certificates by microservices in elastic cloud environments
WO2018112946A1 (en) Registration and authorization method, device and system
KR20190111042A (en) Method and apparatus for communication between blockchain nodes, apparatus and electronic device, and Method and apparatus for blockchain based certificate management
KR20170106515A (en) Multi-factor certificate authority
US12132839B2 (en) Decentralised authentication
US11082236B2 (en) Method for providing secure digital signatures
CN110177124A (en) Identity identifying method and relevant device based on block chain
TW202137199A (en) Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium
JP6650513B2 (en) Method and device for registering and authenticating information
CN114338091A (en) Data transmission method and device, electronic equipment and storage medium
CN111431840A (en) Security processing method and device
CN119652526A (en) A blockchain-based information authentication method and related equipment
CN119210877A (en) Identity authentication method, device, terminal equipment and storage medium
US20220158852A1 (en) Providing a Proof of Origin for a Digital Key Pair
CN112184150A (en) Multi-party approval method, device and system in data sharing exchange and electronic device
CN115987636B (en) Information security implementation method, device and storage medium
CN115361168B (en) A data encryption method, device, equipment and medium
US20230129128A1 (en) Secure and documented key access by an application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination