CN119697731A

CN119697731A - Device networking method, electronic device and storage medium

Info

Publication number: CN119697731A
Application number: CN202411883393.5A
Authority: CN
Inventors: 付晓磊; 王忠平; 杨启彬; 王东东
Original assignee: Hunan Kaihong Zhigu Digital Industry Development Co ltd
Current assignee: Hunan Kaihong Zhigu Digital Industry Development Co ltd
Priority date: 2024-12-19
Filing date: 2024-12-19
Publication date: 2025-03-25

Abstract

The invention discloses a device networking method, electronic equipment and a storage medium, which relate to the technical field of wireless communication, and specifically realize the scheme that equipment identity authentication information is acquired and initiated in response to a device networking instruction; transmitting the initiating equipment identity authentication information to the receiving equipment, acquiring a networking identification code fed back by the receiving equipment after verifying the initiating equipment identity authentication information, and networking according to the networking identification code and the receiving equipment. According to the embodiment of the invention, through the encrypted transmission of the verification networking identification code based on the identity authentication information among the devices, the safe communication among the devices is ensured, the initiating device performs networking through the safe shared networking identification code and the receiving device, the complicated step of manually inputting the networking identification code by a user is simplified, the user experience is improved, the noninductive networking among the devices is realized, and the beneficial effect of improving the networking efficiency is achieved.

Description

Equipment networking method, electronic equipment and storage medium

Technical Field

The present invention relates to the field of wireless communications technologies, and in particular, to a device networking method, an electronic device, and a storage medium.

Background

With the rapid development of information technology, the intelligent equipment has a network connection function, so that the time and space system for users to access network resources and for users to perform information interaction are greatly widened, and the multi-equipment networking technology enables various intelligent equipment to realize interconnection and intercommunication through a network. The OpenHarmony system is used as an open, intelligent and safe operation system of the internet of things, provides powerful support for discovery connection, networking and transmission among devices based on a distributed soft bus technology, however, in order to ensure the credibility of networking devices, the OpenHarmony system introduces a device authentication mode based on personal identification codes (Personal Identification Number, PIN), in the mode, one end device displays the PIN, the other end device needs to manually input the same PIN, and then the password authentication key exchange protocol and the secure tunnel service protocol are used for realizing secure communication connection among the devices. However, although the PIN-based device authentication method is excellent in terms of security, there are two major drawbacks in that, firstly, when a new device joins a network, a user needs to manually input a PIN, which increases the complexity of user operation and reduces user experience, and secondly, when a large-scale device is networked, a PIN needs to be manually input for every two devices, which greatly reduces the efficiency of the network, particularly in the case of a large number of networking devices. Therefore, how to ensure the networking safety of the equipment, simplify the operation flow of the user, improve the user experience and the networking efficiency, and become the current urgent problem to be solved by OpenHarmony systems.

Disclosure of Invention

The invention provides a device networking method, electronic equipment and a storage medium, which simplify the operation flow of a user, improve the user experience, realize the noninductive networking among devices and improve the networking efficiency.

In one aspect of the embodiment of the present invention, a device networking method is provided, applied to an initiating device, and the method includes:

Responding to an equipment networking instruction, and acquiring equipment identity authentication initiating information;

Transmitting the identity authentication information of the initiating equipment to the receiving equipment, and acquiring a networking identification code fed back by the receiving equipment after verifying the identity authentication information of the initiating equipment;

Networking is carried out according to the networking identification code and the receiving equipment.

In one aspect of the embodiment of the present invention, another device networking method is provided, applied to a receiving device, where the method includes:

Acquiring the identity authentication information of the initiating equipment transmitted by the initiating equipment, and verifying the identity authentication information of the initiating equipment;

Determining that the identity authentication information of the initiating device passes verification, and generating receiving device authentication information containing a networking identification code;

transmitting the receiving device authentication information to the initiating device for networking.

In another aspect of an embodiment of the present invention, there is provided an electronic device including:

At least one processor;

and a memory communicatively coupled to the at least one processor;

The memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the device networking method of any one of the embodiments of the present invention.

According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to implement a device networking method according to any of the embodiments of the present invention when executed.

According to the embodiment of the invention, the initiating device can receive the device networking instruction for triggering the device to conduct networking through the receiving module provided by the initiating device, after the initiating device obtains the device networking instruction, the initiating device can respond to the device networking instruction, namely, after the initiating device obtains the device networking instruction, the initiating device executes the operation of obtaining the initiating device identity authentication information to obtain the initiating device identity authentication information, the initiating device transmits the obtained initiating device identity authentication information to the receiving device, after the receiving device receives the initiating device identity authentication information, the initiating device can verify the initiating device identity authentication information, after the verification is passed, the receiving device can generate a networking identification code, the generated networking identification code is fed back to the initiating device, the initiating device is responsible for receiving the networking identification code fed back by the receiving device, after the initiating device receives the networking identification code, networking authentication is established according to the networking identification code and the corresponding receiving device, networking of the initiating device and the receiving device is completed, and after the initiating device and the receiving device are successful in networking, the initiating device and the receiving device can conduct safe communication. According to the embodiment of the invention, the identity authentication information is verified between the devices, the networking identification code is encrypted and transmitted, the safe communication between the devices is ensured, the networking is directly carried out with the receiving device through the networking identification code fed back by the receiving device, the complicated step of manually inputting the networking identification code by a user is simplified, the user experience is improved, the noninductive networking between the devices is realized through sharing the networking identification code between the devices, and the beneficial effect of improving the networking efficiency is achieved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a flowchart of a device networking method applied to an initiating device according to a first embodiment of the present invention;

fig. 2 is a flowchart of a device networking method applied to a receiving device according to a second embodiment of the present invention;

fig. 3 is a flowchart of another device networking method applied to an initiating device according to a third embodiment of the present invention;

Fig. 4 is a flowchart of another device networking method applied to a receiving device according to a fourth embodiment of the present invention;

fig. 5 is a schematic overview diagram of a noninductive networking provided in a fifth embodiment of the present invention;

FIG. 6 is a schematic diagram of a device proof overview provided in accordance with a fifth embodiment of the invention;

fig. 7 is a flowchart of a noninductive networking according to a fifth embodiment of the present invention;

fig. 8 is a schematic diagram of an apparatus structure for implementing a device networking method applied to an initiating device according to an embodiment of the present invention;

fig. 9 is a schematic diagram of an apparatus structure for implementing a device networking method applied to a receiving device according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of an electronic device implementing a device networking method according to an embodiment of the present invention.

Detailed Description

In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

Example 1

Fig. 1 is a flowchart of a device networking method applied to an initiating device, where the method may be performed by a device networking apparatus, the device networking apparatus may be implemented in hardware and/or software, and the device networking apparatus may be configured in an electronic device. As shown in fig. 1, the method includes:

S101, responding to a device networking instruction, and acquiring the identity authentication information of the initiating device.

In the embodiment of the invention, the equipment networking instruction can be understood as a signal for triggering equipment to carry out networking, and the source of the equipment networking instruction can comprise that a user manually sends out the equipment networking instruction through an interactive interface or a system automatically triggers the equipment networking instruction according to preset logic and the like.

The initiating device identity authentication information may be understood as a data set for verifying the identity of the initiating device, and may include, for example, initiating device proof, initiating device identification, or device signature, etc.

Specifically, the initiating device may receive, through a receiving module provided by the initiating device, a device networking instruction for triggering the device to perform networking, and after the initiating device obtains the device networking instruction, may respond to the device networking instruction, that is, after the initiating device obtains the device networking instruction, the initiating device performs an operation of obtaining identity authentication information of the initiating device, so as to obtain the identity authentication information of the initiating device, where the identity authentication information of the initiating device is used to verify the identity of the initiating device.

S102, transmitting the identity authentication information of the initiating equipment to the receiving equipment, and acquiring a networking identification code fed back by the receiving equipment after verifying the identity authentication information of the initiating equipment.

In the embodiment of the invention, the networking identification code can be understood as a piece of data which is used for carrying out subsequent networking authentication among devices, and the safety sharing of the networking identification code ensures the safety of network communication and mutual authentication among devices in the networking process of the devices.

Specifically, the initiating device acquires the initiating device identity authentication information, the initiating device transmits the acquired initiating device identity authentication information to the receiving device, the receiving device can verify the initiating device identity authentication information after receiving the initiating device identity authentication information, the receiving device can generate a networking identification code after the initiating device identity authentication is passed, the generated networking identification code is fed back to the initiating device, and the initiating device is responsible for receiving the networking identification code fed back by the receiving device.

The manner in which the initiating device transmits the acquired initiating device identity authentication information to the receiving device may include, for example, the initiating device may establish a communication connection with the receiving device via a communication protocol, and transmit the acquired initiating device identity authentication information to the receiving device via the established communication connection.

The step of generating the networking identification code by the receiving device may include performing identity authentication on the initiating device identity authentication information by using a public key verification algorithm, and after the initiating device identity authentication information passes, sending an authentication passing instruction to a distributed management module in the receiving device, where the distributed management module receives the authentication passing instruction and generates the networking identification code.

By way of example, the step of verifying the initiating device identity authentication information may include verifying the authenticity of the identity authentication information, verifying the integrity of the identity authentication information, and the like.

The step of the initiating device receiving the networking identification code fed back by the receiving device may include that the initiating device receives the receiving device identity authentication information containing the networking identification code, verifies the receiving device identity authentication information, and decrypts the receiving device identity authentication information after verification is passed to obtain the networking identification code.

S103, networking is carried out with the receiving equipment according to the networking identification code.

Specifically, after receiving the networking identification code, the initiating device establishes networking authentication with the corresponding receiving device according to the networking identification code, and completes networking of the initiating device and the receiving device, and after successful networking of the initiating device and the receiving device, the initiating device and the receiving device can carry out secure communication.

The method comprises the steps of receiving equipment identity authentication information which is fed back by the receiving equipment after verifying the initiating equipment identity authentication information and contains the networking identification code, verifying the receiving equipment identity authentication information, and extracting the networking identification code from the verified receiving equipment identity authentication information.

Example two

Fig. 2 is a flowchart of an apparatus networking method applied to a receiving apparatus according to an embodiment of the present invention, where the embodiment of the present invention provides an apparatus networking method applied to a receiving apparatus based on the foregoing embodiment. As shown in fig. 2, the method includes:

S201, acquiring the identity authentication information of the initiating equipment transmitted by the initiating equipment, and verifying the identity authentication information of the initiating equipment.

Specifically, a preset identity authentication information verification rule can be obtained, the receiving device can receive the identity authentication information of the initiating device transmitted by the initiating device through a receiving module equipped by the receiving device, the received identity authentication information of the initiating device can be verified according to the preset identity authentication information verification rule, a verification result is obtained, and subsequent operations are executed based on the verification result.

The step of verifying the received initiating device identity authentication information according to the preset identity authentication information verification rule may include performing identity authentication on the initiating device identity authentication information by using a public key verification algorithm to obtain key data such as device identity credentials or device identifiers, continuing to verify the key data to obtain a verification result, and performing subsequent operations based on the verification result.

By way of example, the step of verifying the initiating device identity authentication information may include verifying the authenticity of the initiating device identity authentication information, verifying the integrity of the identity authentication information, and the like.

S202, determining that the identity authentication information of the initiating device passes verification, and generating receiving device authentication information containing a networking identification code.

Specifically, after the receiving device acquires the identity authentication information of the initiating device, the receiving device verifies the received identity authentication information of the initiating device, and when the identity authentication information is confirmed to pass the verification, the receiving device can generate the identity authentication information of the receiving device containing the networking identification code.

The step of generating the receiving equipment identity authentication information including the networking identification code may include networking, identifying and encrypting by a public key encryption algorithm method to obtain a ciphertext identification code, signing the initiating equipment identity information and the ciphertext networking identification code by a private key signature algorithm to generate a receiving equipment signature, and assembling the receiving equipment identity information, the ciphertext networking identification code and the receiving equipment signature into the receiving equipment identity authentication information.

S203, transmitting the authentication information of the receiving equipment to the initiating equipment for networking.

Specifically, the receiving device transmits the generated receiving device authentication information to the initiating device, and the transmitting device may perform networking with the receiving device based on the received receiving device authentication information.

In the embodiment of the invention, a preset identity authentication information verification rule can be obtained, the receiving device can receive the initiating device identity authentication information transmitted by the initiating device through a receiving module equipped by the receiving device, the received initiating device identity authentication information can be verified according to the preset identity authentication information verification rule, after the initiating identity authentication information is confirmed to pass the verification, the receiving device can generate the receiving device identity authentication information containing the networking identification code, the receiving device transmits the generated receiving device authentication information to the initiating device, and the transmitting device performs networking with the receiving device based on the receiving device authentication information. According to the embodiment of the invention, the identity authentication information of the initiating equipment is verified, after the identity authentication information is confirmed to pass through verification, the identity authentication information of the receiving equipment containing the networking identification code is generated and sent to the initiating equipment, so that the identity and the safe sharing networking identification code of both sides of the equipment can be effectively verified, the networking safety of the equipment is enhanced, the complicated step of manually inputting the networking identification code by a user is reduced by transmitting the networking identification code to the initiating equipment for networking, the networking process is simplified, and after the networking identification code is successfully transmitted, the initiating equipment and the receiving equipment can automatically carry out networking, and the networking efficiency between the equipment is improved.

It can be understood that based on the steps S101, S102, S103, S201, S202 and S203, an integrated device networking method may be further constructed, where the method covers a complete networking process from an initiating device to a receiving device, and the method includes that when the initiating device acquires a device networking instruction, the initiating device automatically responds to the device networking instruction and responds to the device networking instruction, that is, acquires the initiating device identity authentication information for verifying its identity, the initiating device transmits the acquired initiating device identity authentication information to the receiving device, the receiving device verifies the initiating device identity authentication information after receiving the initiating device identity authentication information, and when the verification result is that the identity authentication information passes verification, the receiving device generates a receiving device identity authentication information containing a networking identification code, and sends the receiving device identity authentication information back to the initiating device, and after the initiating device verifies the receiving device identity authentication information, the receiving device identity information receives the networking identification code, and the initiating device establishes a networking process with the receiving device based on the acquired networking identification code.

Example III

Figure 3 is a flowchart of another device networking method applied to an initiating device according to an embodiment of the present invention, the embodiment of the invention provides another device networking method applied to the initiating device on the basis of the embodiment mode. As shown in fig. 3, the method includes:

S301, responding to a device networking instruction, and acquiring an initiating device certification and an initiating device identification of the initiating device.

In the embodiment of the invention, the initiating device certificate can be understood as information for proving the identity of the initiating device, and the initiating device certificate can comprise an initiating device public key, an initiating device identifier and the like, wherein the initiating device certificate comprises a trusted signature generated by a signing authority trusted private key on data in the device certificate, and the trusted signature can be verified by the signing authority trusted public key.

An originating device identification may be understood as a string of identification codes used to distinguish between different originating devices in a network, which may be, for example, an originating device serial number, generated by the originating device hardware, and guaranteed to be unique and non-tamperable.

Specifically, the initiating device acquires a device networking instruction for triggering the device to perform networking, and after the initiating device acquires the device networking instruction, the initiating device can respond to the device networking instruction, namely after the initiating device acquires the device networking instruction, the initiating device executes operations of acquiring an initiating device certificate and an initiating device identifier of the initiating device, so that the initiating device certificate and the initiating device identifier of the initiating device are acquired, wherein the authenticity and the uniqueness of the initiating device can be ensured by acquiring the initiating device certificate and the device identifier of the initiating device.

S302, a challenge value generation rule is called to generate a verification random number as a challenge value.

In the embodiment of the invention, the challenge value generation rule can be understood as a set of algorithm for generating a true random number, wherein the true random number is a completely unpredictable random number, and the challenge value generation rule can ensure that each generated verification random number has uniqueness.

The verification random number can be understood as a series of numbers which are unpredictable, and the verification random number is used as a challenge value for subsequent identity verification, so that replay attacks of malicious equipment can be effectively prevented.

A challenge value may be understood as a piece of random number generated by a challenge value generation rule for subsequent authentication.

Specifically, a preset challenge value generation rule is obtained, a section of verification random number for subsequent identity verification is generated according to the preset challenge value generation rule, and the verification random number is used as a challenge value for identity verification at the time, wherein the verification random number has uniqueness.

S303, using the private key of the initiating device to process the challenge value and the initiating device identification as the initiating device signature.

In the embodiment of the invention, the specific expression form or the data content of the private key in the asymmetric encryption algorithm of the initiating equipment is used for decrypting data or generating a digital signature, and the digital signature is generated in a safe environment and can only be owned by the equipment and cannot be disclosed.

The initiating device signature can be understood as an identifier, the initiating device signature can ensure the authenticity of the identity of the initiator of the communication and the integrity of the data in the transmission process, and the communication safety can be improved and the malicious device spoofing attack can be prevented by introducing the initiating device signature.

Specifically, the challenge value and the initiating device identifier of the initiating device are obtained, and the initiating device private key can be used for carrying out digital signature processing on the challenge value and the device identifier to obtain the initiating device signature, wherein the digital signature is a data processing technology based on cryptography.

For example, the step of obtaining the initiating device signature may include performing specified splicing on the challenge value and the initiating device identifier to form a data block to be signed, performing signature processing on the data block to be signed by using the initiating device private key based on a private key signature algorithm, and generating a digital signature, wherein the digital signature is used as the initiating device signature, and the private key signature algorithm is a cryptography algorithm used for guaranteeing the integrity and the authenticity of data.

S304, the initiating device certification, the initiating device identification, the challenge value and the initiating device signature are used as initiating device identity authentication information.

Specifically, the initiating device certificate, the initiating device identifier, the challenge value and the initiating device signature are obtained, the obtained initiating device certificate, initiating device identifier, the challenge value and the initiating device signature can be integrated to form a complete data packet, and the complete data packet is used as initiating device identity authentication information.

S305, calling a soft bus communication protocol to transmit the identity authentication information of the initiating device to the receiving device.

In embodiments of the present invention, a soft bus communication protocol may be understood as a standard that is followed by communication between devices, the soft bus communication protocol specifying the format, rate, and manner in which data is transferred between devices.

Specifically, the initiating device can establish communication connection with the receiving device based on the soft bus communication protocol, and transmit the identity authentication information of the initiating device to the receiving device through the established communication connection, and the receiving device performs subsequent operations based on the received identity authentication information of the initiating device.

S306, receiving the receiving equipment identity authentication information which is fed back by the receiving equipment after verifying the initiating equipment identity authentication information and contains the networking identification code.

In the embodiment of the present invention, the receiving equipment identity authentication information may be understood as a data set for verifying the identity of the receiving equipment, and by way of example, the receiving equipment identity authentication information may include equipment proof of the receiving equipment, equipment identifier of the receiving equipment, and a networking identification code, etc., and it may be understood that the networking identification code is extracted from the receiving equipment identity authentication information.

Specifically, the initiating device sends the initiating device identity authentication information to the receiving device, the receiving device verifies the initiating device identity authentication information, after verification, the receiving device generates receiving device identity authentication information which comprises a networking identification code and is used for verifying the identity of the receiving device, the receiving device identity authentication information is sent to the initiating device, and the initiating device is responsible for receiving the receiving device identity authentication information fed back by the receiving device, wherein the receiving device identity authentication information at least comprises the networking identification code.

S307, verifying the receiving equipment identity authentication information by using the signing center trusted public key, and extracting the networking identification code from the verified receiving equipment identity authentication information.

In the embodiment of the present disclosure, the signing authority trusted public key may be understood as a digital sequence, which is generated and distributed by the signing authority and used for decrypting the authentication information of the receiving device, and the signing authority trusted public key is injected into the initiating device by the signing authority under a secure environment.

Specifically, a signing center trusted public key generated by a signing center and distributed to an initiating device is obtained, the signing center trusted public key is used for decrypting the receiving device authentication information, in the initiating device, the receiving device authentication information is authenticated by the signing center trusted public key, after authentication is passed, the receiving device authentication information can be decrypted by the initiating device private key, the networking identification code is searched for in the decrypted receiving device authentication information, and the searched networking identification code is extracted from the receiving device authentication information, so that the networking identification code is obtained.

S308, networking is carried out with the receiving equipment according to the networking identification code.

In the embodiment of the invention, the initiating device acquires the device networking instruction for triggering the device to carry out networking, the initiating device can respond to the device networking instruction after acquiring the device networking instruction, namely, the initiating device can execute the operations of acquiring the initiating device certification and the initiating device identification of the initiating device after acquiring the device networking instruction, thereby acquiring the initiating device certification and the initiating device identification of the initiating device, acquiring a preset challenge value generation rule, generating a section of verification random number for subsequent identity verification according to the preset challenge value generation rule, taking the verification random number as the challenge value for verifying identity, carrying out digital signature processing on the challenge value and the device identification by using an initiating device private key, obtaining an initiating device signature, integrating the acquired initiating device certification, the initiating device identification, the challenge value and the initiating device signature, forming a complete data packet, taking the complete data packet as initiating device identity authentication information, establishing communication connection between the initiating device and the receiving device based on a soft bus communication protocol, transmitting the initiating device identity authentication information to the receiving device through the established communication connection, generating a section of verification random number for subsequent identity verification according to the preset challenge value generation rule, carrying out the verification random number as the challenge value for the authentication, carrying out digital signature processing on the challenge value for the receiving device, carrying out the digital signature processing on the challenge value and the device identification by using the initiating device private key, carrying out the digital signature processing on the challenge value and the equipment signature after the receiving authentication information, the authentication information is acquired by using the initiating device private key, the receiving the authentication information, the complete signature can be obtained by using the receiving the authentication information, and the complete signature is used for receiving the authentication information by the authentication information, and extracting the searched networking identification code from the authentication information of the receiving equipment, thereby obtaining the networking identification code, and networking the initiating equipment according to the networking identification code and the receiving equipment. According to the embodiment of the invention, the challenge value generation rule is called to generate the verification random number to serve as the challenge value, the verification of the equipment identity is carried out based on the challenge value, replay attack on malicious equipment can be effectively prevented, risks of misuse and falsification of the equipment identity can be effectively prevented, the equipment identity, the challenge value and the initiating terminal signature are integrated into the identity authentication information, all necessary information can be received and verified by the receiving equipment and the initiating equipment at one time, the complex flow of identity authentication is simplified, communication connection is established through a soft bus communication protocol, the high efficiency and the stability of information transmission are ensured, key information such as a networking identification code is decrypted by utilizing a signature center public key, the confidentiality, the authenticity and the integrity of the information are ensured, networking safety is enhanced, the non-inductive networking among the equipment is realized by networking the networking identification code and the receiving equipment based on the safe transmission of the receiving equipment, and the networking efficiency of the equipment is further improved.

On the basis of the embodiment, the embodiment of the invention utilizes the trusted public key of the signing center to verify the identity authentication information of the receiving equipment, and extracts the networking identification code in the verified identity authentication information of the receiving equipment, and the method comprises the steps of extracting the receiving equipment certification, the receiving equipment identification, the receiving equipment ciphertext and the receiving equipment signature in the identity authentication information of the receiving equipment, verifying the equipment identification and the receiving equipment identification in the receiving equipment certification, verifying the receiving equipment certification by using the trusted public key of the signing center, verifying the receiving equipment signature by using the public key of the receiving equipment in the receiving equipment certification, and calling the private key of the initiating equipment to decrypt the receiving equipment ciphertext when the receiving equipment identification, the receiving equipment certification and the receiving equipment signature pass the verification, so as to obtain the networking identification code.

In the embodiment of the invention, the receiving device certificate is understood as information for proving the identity of the receiving device, and the receiving device certificate may include a receiving device public key or a receiving device identification, for example.

The receiving device identification may be understood as another string of identification codes for distinguishing between different receiving devices in the network, for example, the receiving device identification may be a receiving device serial number or a receiving device media access control address, generated by the receiving device hardware, which may guarantee unique and non-tamperable.

The receiving device ciphertext may be understood as information that is encrypted, and the receiving device ciphertext includes at least a networking identification code.

The signature of the receiving device can be understood as another identifier, the signature of the receiving device can ensure the authenticity of the identity of a receiving party of communication and the integrity of data in the transmission process, and the security of communication can be improved and malicious device spoofing attack can be prevented by introducing the signature of the receiving device.

The receiving device public key may be understood as another sequence of numbers used to verify the receiving device signature.

The originating device private key may be understood as another sequence of numbers used to decrypt the receiving device ciphertext.

Specifically, after receiving device authentication information is obtained by the initiating device, decryption operation can be performed on the receiving device authentication information, receiving device certification, receiving device identification, receiving device ciphertext and receiving device signature are extracted from the decrypted receiving device authentication information, the receiving device identification extracted from the receiving device authentication information is verified by using the actual device identification obtained from the receiving device, a first verification result is obtained, the receiving device certification extracted from the analyzed identity authentication information is verified by using a trusted public key of a signature center, a second verification result is obtained, a receiving device public key in the receiving device certification is obtained, the receiving device signature is verified by using the receiving device public key in the receiving device certification, a third verification result is obtained, when the first verification result, the second verification result and the third verification result are all passing verification, the receiving device ciphertext is decrypted by using the initiating device private key, a networking identification code is obtained, and networking is performed between the initiating device and the receiving device based on the networking identification code.

For example, the step of extracting the receiving device proof, the receiving device identification, the receiving device ciphertext, and the receiving device signature from the receiving device authentication information may include decrypting the receiving device authentication information using a decryption algorithm to obtain the receiving device proof, the receiving device identification, the receiving device ciphertext, and the receiving device signature.

The step of verifying various types of data may include, for example, calculating a hash value of the original data and a hash value of the verified data, and if the hash values are completely identical, considering that the verification result is passed.

Example IV

Fig. 4 is a flowchart of another device networking method applied to a receiving device according to an embodiment of the present invention, where the embodiment of the present invention provides another device networking method applied to a receiving device on the basis of the foregoing embodiment. As shown in fig. 4, the method includes:

s401, receiving the identity authentication information of the initiating equipment through a soft bus communication protocol.

Specifically, the receiving device establishes communication connection with the initiating device through a soft bus communication protocol, and the receiving device receives the identity authentication information of the initiating device through the communication connection.

S402, analyzing the identity authentication information of the initiating device to obtain the initiating device evidence, the initiating device identification, the challenge value and the initiating device signature.

Specifically, the receiving device receives the initiating device identity authentication information transmitted by the initiating device, analyzes the initiating device identity authentication information, and extracts the initiating device identity, the initiating device identifier, the challenge value and the initiating device signature from the analyzed initiating device identity authentication information.

S403, verifying the equipment identification in the initiating equipment certification with the initiating equipment identification.

Specifically, the initiating equipment certificate for proving the initiating equipment identity is obtained, the initiating equipment certificate for proving the initiating equipment identity can be analyzed, the actual equipment identifier of the initiating equipment is extracted from the initiating equipment certificate for initiating equipment identity, and the equipment identifier extracted from the analyzed initiating equipment certificate is used for comparing and verifying the initiating equipment identifier to obtain a verification result.

S404, verifying the initiating device certification by using the signing authority trusted public key.

Specifically, the signature center trusted public key is utilized to verify the initiating equipment certificate extracted from the analyzed identity authentication information.

For example, verifying the initiating device proof with the signing authority trusted public key may include verifying a signature validity in the initiating device proof and an authenticity of the initiating device proof content with the signing authority trusted public key based on a key verification algorithm.

S405, verifying the signature of the initiating device by using the public key of the initiating device in the initiating device certificate.

In the embodiment of the invention, the public key of the initiating device can be understood as a concrete expression form of the public key or data content in an asymmetric encryption algorithm, and the public key is used for encrypting data or verifying a digital signature and is generated in a secure environment.

The initiating device signature can be understood as an identifier, the device signature can ensure the authenticity of the identity of the initiator of the communication and the integrity of the data in the transmission process, and the communication safety can be improved and the malicious device can be prevented from deception attack by introducing the initiating device signature.

Specifically, the receiving device may invoke the public key of the initiating device in the initiating device certificate to verify the initiating device signature extracted from the resolved identity authentication information, and after verification, the initiating device identifier and the challenge value may be considered to be real and complete.

The step of verifying the signature of the receiving device by using the public key of the initiating device in the initiating device certificate may include assembling the initiating device identifier and the challenge value into a data block, calling a public key signature verification algorithm by using the public key of the initiating device in the initiating device certificate, inputting the data block and the signature of the initiating device, and if the result of the public key signature verification algorithm passes, considering that the authentication passes.

And S406, when the authentication of the initiating equipment is successful, the initiating equipment identification and the sending equipment signature are confirmed, the identity authentication information of the initiating equipment is confirmed to pass the authentication.

Specifically, the receiving device verifies the initiating device certificate, the initiating device identifier and the sending device signature to obtain a verification result, if the verification results are verification success, the initiating device identity authentication information can be considered to pass verification, and then subsequent operation can be continued.

S407, after the equipment identity authentication information is initiated to pass verification, the distributed equipment management module is called to generate a networking identification code.

In the embodiment of the invention, the distributed device management module may be understood as a component in the receiving device, which is used to generate the network identification code.

Specifically, after the identity authentication information of the initiating terminal passes the verification, a verification success instruction can be sent to the distributed equipment management module of the receiving equipment, and after the distributed equipment management module receives the verification success instruction, a networking identification code can be generated based on the verification success instruction.

S408, obtaining the receiving equipment certificate and the receiving equipment identifier, and extracting a challenge value of initiating equipment identity authentication information and the initiating equipment identifier.

Specifically, the receiving device performs operations of acquiring the initiating device proof of the initiating device, the initiating device identification of the initiating device and the initiating device identity authentication information, acquires the receiving device proof, the receiving device identification and the initiating device identity authentication information of the receiving device, can decrypt the initiating device identity authentication information after verification, and extracts the challenge value and the initiating device identification from the initiating device identity authentication information after verification and decryption, wherein the acquiring of the receiving device proof and the receiving device identification can ensure the authenticity and the uniqueness of the initiating device. .

S409, calling an initiating device public key in the initiating device certificate to encrypt the challenge value, the receiving device identifier, the initiating device identifier and the networking identification code into a receiving device ciphertext.

Specifically, the receiving device may assemble the networking identifier, the originating device identifier, the receiving device identifier, and the challenge value in the originating device identity authentication information into a data block, and may encrypt the data block using the originating device public key to generate the receiving device ciphertext.

S410, calling a receiving device private key to process the receiving device identification and the receiving device ciphertext into a receiving device signature.

In the embodiment of the invention, the private key of the receiving device can be understood as the specific expression form or data content of the private key in an asymmetric encryption algorithm, and the private key is used for generating a digital signature and is generated in a safe environment.

Specifically, the receiving device identifier and the receiving device ciphertext are obtained, and the obtained receiving device identifier and the obtained receiving device ciphertext can be encrypted by utilizing the receiving device private key together to obtain the receiving device signature.

S411, receiving equipment certification, receiving equipment identification, receiving equipment ciphertext and receiving equipment signature are taken as receiving equipment identity authentication information.

Specifically, the receiving device certificate, the receiving device identifier, the receiving device ciphertext and the receiving device signature are obtained, the obtained receiving device certificate, the receiving device identifier, the receiving device ciphertext and the receiving device signature can be integrated to form a complete data packet, and the complete data packet is used as the initiating and receiving identity authentication information.

S412, the soft bus communication protocol is invoked to transmit the identity authentication information of the receiving device to the initiating device.

Specifically, the receiving device establishes communication connection with the initiating device based on the soft bus communication protocol, and transmits the identity authentication information of the receiving device to the initiating device through the established communication connection, and the initiating device performs subsequent operations based on the received identity authentication information of the receiving device.

In the embodiment of the invention, the receiving device establishes communication connection with the initiating device through a soft bus communication protocol, the receiving device receives the initiating device identity authentication information of the initiating device through the communication connection, analyzes the initiating device identity authentication information, extracts the initiating device identity, the initiating device identifier, the challenge value and the initiating device signature from the analyzed initiating device identity authentication information, compares and verifies the initiating device identifier by utilizing the device identifier extracted from the analyzed initiating device identity authentication information, verifies the initiating device identifier extracted from the analyzed initiating device identity authentication information by utilizing a trusted public key of a signature center, can invoke the initiating device public key in the initiating device identity authentication to verify the initiating device signature extracted from the analyzed initiating device identity authentication information, can consider that the initiating device identity authentication information passes verification, can send a verification success instruction to a distributed device management module of the receiving device, can generate a group network identification code based on the verification success instruction after receiving the verification success instruction, can execute the initiating device identifier of the receiving device identity authentication of the initiating device, the initiating device identity authentication and the receiving device identity authentication and can obtain the operation authentication information from the receiving device identity authentication information and the challenge value after the receiving device authentication information is decrypted, can verify the receiving the authentication information from the receiving device identity authentication information and the challenge value, the method comprises the steps of assembling the data block into a data block, encrypting the data block by using an initiating device public key, generating a receiving device ciphertext, integrating the acquired receiving device certificate, the receiving device identifier, the receiving device ciphertext and the receiving device signature to form a complete data packet, taking the complete data packet as initiating and receiving identity authentication information, establishing communication connection between the receiving device and the initiating device based on a soft bus communication protocol, transmitting the receiving device identity authentication information to the initiating device through the established communication connection, and carrying out subsequent operation by the initiating device based on the received receiving device identity authentication information. According to the embodiment of the invention, the identity authentication information of the initiating equipment is analyzed to verify the identity of the initiating equipment, and after the verification is successful, the receiving equipment generates the received equipment identity authentication information containing the ciphertext networking identification code and sends the information to the initiating equipment, so that the true credibility of the identity between the equipment is ensured, the noninductive networking among the equipment is realized through safely sharing the networking identification code, the networking process is simplified, and the networking efficiency of the equipment is further improved.

Example five

The embodiment of the invention discloses a non-inductive networking method based on OpenHarmony soft buses, which provides equipment identity authentication and plaintext personal identification code (Personal Identification Number, PIN) secure sharing capability through equipment authentication and asymmetric cryptography. The embodiment of the invention can optimize the operation of manually inputting PIN by a user, realize the noninductive networking authentication of the user in the equipment networking process, wherein the noninductive networking overview is shown in figure 5, the mode of exchanging PIN codes is changed in the soft bus networking process, the compatibility of the manual PIN-inputting networking mode is maintained, the manual PIN-inputting networking can also participate in the equipment networking when the multi-equipment networking is carried out, and the equipment networking equipment generates the same session key through the OpenHarmony original password authentication key exchange protocol (Password Authenticated Key Exchange, PAKE) and the security token service protocol (Security Token Service, STS) after holding the same plaintext PIN, thereby realizing the secure communication connection of the equipment networking.

And signing the equipment identity and related information by utilizing asymmetric cryptography and a trusted signing center to generate a verifiable equipment certificate. The device proof overview is shown in fig. 6, wherein the device injects a signing center trusted public key, a device proof and a device private key issued by a trusted signing center into a secure environment, and the trusted identity authentication and PIN secure sharing of the two sides of the device are realized through the device proof, wherein the device proof issued by the trusted signing center comprises information such as the device public key, the device identification, the trusted signature and the like.

The embodiment of the invention utilizes equipment identification and asymmetric cryptography to realize the safe sharing of equipment identification and plaintext PIN in the equipment soft bus networking authentication process, wherein, the noninductive networking process is shown in figure 7, firstly, equipment identification and initiating equipment Identification (ID) are acquired, a challenge value is generated, an initiating terminal signature value of 'equipment ID+challenge value' is generated by using an initiating terminal equipment private key, the 'initiating terminal equipment identification+initiating terminal ID+challenge value+initiating terminal signature value' is sent to a receiving terminal through a soft bus, then, the receiving terminal verifies the initiating terminal identification, and receiving terminal identification information containing ciphertext PIN is generated, the initiating terminal identification is analyzed to acquire the equipment ID and is verified with the initiating terminal equipment ID, the verification is continued, the IDENTITY verification is continued to be executed after success, the IDENTITY verification is failed to be executed, the initiating terminal identification is verified by using a signature center, the IDENTITY verification is continued to be executed after success, the IDENTITY verification is failed and is exited, the IDENTITY verification is continued after success, the IDENTITY verification is failed by using the initiating terminal identification in the initiating terminal equipment identification. After the identity authentication of the initiating terminal passes, the receiving terminal regenerates the receiving terminal identity authentication information containing the ciphertext PIN, and the generating process comprises the steps of obtaining the equipment certification of the receiving terminal and the ID of the receiving terminal, obtaining the plaintext PIN generated by the OpenHarmony distributed equipment management module, assembling a challenge value, the equipment ID of the initiating terminal, the equipment ID of the receiving terminal and the plaintext PIN into information to be encrypted, encrypting the information to be encrypted by using an initiating terminal public key of the equipment certification of the initiating terminal, generating a receiving terminal ciphertext, generating a receiving terminal signature by using a private key of the equipment of the receiving terminal, and transmitting the equipment certification of the receiving terminal, the ID of the receiving terminal, the ciphertext of the receiving terminal and the receiving terminal signature to the initiating terminal through a soft bus; finally, the initiating terminal verifies the identity of the receiving terminal, decrypts the plain text PIN, namely, analyzing the equipment ID field in the equipment proof of the receiving terminal, verifying the equipment ID field with the equipment ID of the receiving terminal, continuing to execute the verification, failing to verify the equipment proof of the receiving terminal by using a trusted public key of a signature center, verifying whether the equipment proof is signed by the trusted signature center, continuing to execute the verification, failing to verify the equipment proof, verifying the signature value of the receiving terminal by using the public key of the equipment proof of the receiving terminal, if the verification is successful, failing to verify the identity, and decrypting the PIN from the ciphertext of the receiving terminal after the verification is passed, the process comprises decrypting the ciphertext of the receiving terminal by using the private key of the initiating terminal, decrypting the challenge value, the equipment ID of the initiating terminal, the ID of the receiving terminal and the PIN of the receiving terminal, verifying the decrypted challenge value, the ID of the initiating terminal and the equipment ID of the receiving terminal, continuing to verify the verification, and exiting after the verification is passed, the PIN is then extracted from the decrypted information and the plaintext PIN is provided to OpenHarmony of the distributed device management module for use in OpenHarmony subsequent generation of the communication session key.

Example six

Fig. 8 is a schematic structural diagram of a device networking apparatus applied to an initiating device according to an embodiment of the present invention. As shown in fig. 8, the apparatus includes:

An information obtaining module 501, configured to obtain, in response to an equipment networking instruction, equipment identity authentication information;

The identification code obtaining module 502 is configured to transmit the identity authentication information of the initiating device to the receiving device, and obtain a networking identification code fed back by the receiving device after verifying the identity authentication information of the initiating device;

The networking module 503 is configured to perform networking with the receiving device according to the networking identification code.

Based on the above embodiment, the acquisition information module 501 is specifically used,

Acquiring an initiating device certification and an initiating device identification of the initiating device;

invoking a challenge value generation rule to generate a verification random number as a challenge value;

processing the challenge value and the initiating device identification into initiating device signatures by using the initiating device private key;

And taking the initiating equipment certification, the initiating equipment identification, the challenge value and the initiating equipment signature as initiating equipment identity authentication information.

The acquiring identification code module 502 further includes a transmission information unit for calling the soft bus communication protocol to transmit the initiating equipment identity authentication information to the receiving equipment, an information receiving unit for receiving the receiving equipment identity authentication information including the networking identification code fed back by the receiving equipment after verifying the initiating equipment identity authentication information, and an identification code extracting unit for verifying the receiving equipment identity authentication information by using the signature center trusted public key and extracting the networking identification code in the verified receiving equipment identity authentication information.

The identification code extraction unit is particularly adapted to,

Extracting a receiving device certificate, a receiving device identifier, a receiving device ciphertext and a receiving device signature from the receiving device identity authentication information;

Verifying the equipment identification in the receiving equipment certificate and the receiving equipment identification;

verifying the receiving device proof using the signing authority trusted public key;

verifying the receiving device signature using a receiving device public key within the receiving device certificate;

And when the receiving equipment identifier, the receiving equipment certificate and the receiving equipment signature pass verification, calling an initiating equipment private key to decrypt the receiving equipment ciphertext to obtain a networking identification code.

Example seven

Fig. 9 is a schematic structural diagram of an apparatus networking device applied to a receiving apparatus according to an embodiment of the present invention. As shown in fig. 9, the apparatus includes:

The information verification module 601 is configured to obtain the identity authentication information of the initiating device transmitted by the initiating device, and verify the identity authentication information of the initiating device;

The identification code generating module 602 is configured to determine that the identity authentication information of the initiating device passes verification, and generate receiving device authentication information including a networking identification code;

the identification code transmission module 603 is configured to transmit the authentication information of the receiving device to the initiating device for networking.

The authentication information module 601 is specifically used for,

Receiving initiating equipment identity authentication information through a soft bus communication protocol;

Analyzing the identity authentication information of the initiating device to obtain the initiating device evidence, the initiating device identification, the challenge value and the initiating device signature;

verifying the equipment identifier in the initiating equipment identity certificate with the initiating equipment identifier;

Verifying the initiating device attestation using the signing authority trusted public key;

Verifying the signature of the initiating device by using the initiating device public key in the initiating device certificate;

And when the initiating equipment certification, the initiating equipment identification and the initiating equipment signature are all verified successfully, determining that the initiating equipment identity authentication information passes the verification.

The identification code generation module 602 is specifically configured to,

After the identity authentication information of the initiating equipment passes the verification, a distributed equipment management module is called to generate a networking identification code;

Acquiring a receiving device certificate and a receiving device identifier, and extracting a challenge value of initiating device identity authentication information and the initiating device identifier;

invoking an initiating device public key in the initiating device certificate to encrypt the challenge value, the receiving device identifier, the initiating device identifier and the networking identification code into a receiving device ciphertext;

invoking a receiving device private key to process the receiving device identifier and the receiving device ciphertext into a receiving device signature;

And taking the receiving device certification, the receiving device identification, the receiving device ciphertext and the receiving device signature as receiving device authentication information.

The identification code transmission module 603 is specifically configured to invoke a soft bus communication protocol to transmit the authentication information of the receiving device to the initiating device.

Example eight

Fig. 10 shows a schematic diagram of the structure of an electronic device that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown in the embodiments of the present invention, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the embodiments of the present invention described and/or claimed in this document.

As shown in fig. 10, the electronic device includes at least one processor 11, and a Memory such as a Read-Only Memory (ROM) 12, a random access Memory (Random Access Memory, RAM) 13, etc. communicatively connected to the at least one processor 11, wherein the Memory stores a computer program executable by the at least one processor, and the processor 11 can perform various appropriate actions and processes according to the computer program stored in the ROM12 or the computer program loaded from the storage unit 18 into the RAM 13. In the RAM13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM12 and the RAM13 are connected to each other via a bus 14. An Input/Output (I/O) interface 15 is also connected to bus 14.

Various components in the electronic device are connected to the I/O interface 15, including an input unit 16, such as a keyboard, a mouse, etc., an output unit 17, such as various types of displays, speakers, etc., a storage unit 18, such as a magnetic disk, optical disk, etc., and a communication unit 19, such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.

The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a central processing unit, a graphics processing unit, various specialized artificial intelligence computing chips, various processors running machine learning model algorithms, digital signal processors, and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, for example, the device networking method.

In some embodiments, the device networking method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of a device networking method may be performed. Alternatively, in other embodiments, the processor 11 may be configured as a device networking method by any other suitable means (e.g., by means of firmware).

Various implementations of the systems and techniques described above in this embodiment of the invention may be implemented in digital electronic circuitry, integrated circuit systems, field programmable gate arrays, application specific integrated circuits, special purpose standard products, systems on chip, loaded programmable logic devices, computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include being implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be a special or general purpose programmable processor, operable to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.

A computer program for implementing the methods of embodiments of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of embodiments of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a RAM, a ROM, an erasable programmable read-Only Memory (EPROM or flash Memory), an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having a display device (e.g., a cathode ray tube or a liquid crystal display monitor) for displaying information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the electronic device. Other types of devices may also be used to provide interaction with the user, for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback), and input from the user may be received in any form (including: acoustic input, speech input, or tactile input).

The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include local area networks, wide area networks, blockchain networks, and the internet.

The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and virtual special server service are overcome.

It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.

The above detailed description should not be construed as limiting the scope of the embodiments of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims

1. A method of networking devices, applied to an initiating device, the method comprising:

Transmitting the initiating equipment identity authentication information to receiving equipment, and acquiring a networking identification code fed back after the receiving equipment verifies the initiating equipment identity authentication information;

networking is carried out with the receiving equipment according to the networking identification code.

2. The method of claim 1, wherein the obtaining the initiating device identity authentication information comprises:

processing the challenge value and the initiating device identification into an initiating device signature using an initiating device private key;

And taking the initiating equipment certificate, the initiating equipment identifier, the challenge value and the initiating equipment signature as the initiating equipment identity authentication information.

3. The method of claim 1, wherein the transmitting the initiating device identity authentication information to a receiving device and obtaining a networking identification code fed back by the receiving device after verifying the initiating device identity authentication information, comprises:

Invoking a soft bus communication protocol to transmit the initiating equipment identity authentication information to the receiving equipment;

Receiving the receiving equipment identity authentication information which is fed back by the receiving equipment and contains the networking identification code after verifying the initiating equipment identity authentication information;

And verifying the identity authentication information of the receiving equipment by using a trusted public key of a signature center, and extracting the networking identification code from the verified identity authentication information of the receiving equipment.

4. A method according to claim 3, wherein verifying the receiving device identity authentication information using a signing authority trusted public key and extracting the networking identification code within the verified receiving device identity authentication information comprises:

Verifying the equipment identification in the receiving equipment certificate with the receiving equipment identification;

Verifying the receiving device attestation using a signing authority trusted public key;

And when the receiving equipment identifier, the receiving equipment certificate and the receiving equipment signature pass verification, calling an initiating equipment private key to decrypt the receiving equipment ciphertext to obtain the networking identification code.

5. A method of networking devices, applied to a receiving device, the method comprising:

Determining that the identity authentication information of the initiating equipment passes verification, and generating receiving equipment authentication information containing a networking identification code;

6. The method of claim 5, wherein the obtaining the initiating device identity authentication information transmitted by the initiating device and verifying the initiating device identity authentication information comprises:

Receiving the identity authentication information of the initiating equipment through a soft bus communication protocol;

Analyzing the initiating equipment identity authentication information to obtain initiating equipment certification, initiating equipment identification, a challenge value and initiating equipment signature;

Verifying the initiating device attestation using a signing authority trusted public key;

Verifying the initiating device signature by using an initiating device public key in the initiating device certificate;

and when the initiating equipment certification, the initiating equipment identification and the initiating equipment signature are verified successfully, determining that the initiating equipment identity authentication information passes verification.

7. The method of claim 5, wherein said determining that the initiating device identity authentication information is verified, generating receiving device authentication information comprising a networking identity, comprises:

after the identity authentication information of the initiating equipment passes verification, a distributed equipment management module is called to generate a networking identification code;

Acquiring a receiving device certificate and a receiving device identifier, and extracting the challenge value of the initiating device identity authentication information and the initiating device identifier;

And taking the receiving equipment certification, the receiving equipment identification, the receiving equipment ciphertext and the receiving equipment signature as the receiving equipment authentication information.

8. The method of claim 5, wherein said transmitting the receiving device authentication information to the initiating device for networking comprises:

And calling a soft bus communication protocol to transmit the authentication information of the receiving equipment to the initiating equipment.

9. An electronic device, the electronic device comprising:

at least one processor, and

A memory communicatively coupled to the at least one processor, wherein,

The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the device networking method of any one of claims 1-8.

10. A computer readable storage medium storing computer instructions for causing a processor to implement the device networking method of any one of claims 1-8 when executed.