Terminal authentication method, device, apparatus and storage medium

By introducing dynamic weight obfuscation algorithms and data encapsulation technology into IoT terminals, the problem of low Bluetooth authentication security is solved, and the authentication security and data integrity of IoT terminals are improved.

CN122227237APending Publication Date: 2026-06-16SHENZHEN TCL NEW-TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHENZHEN TCL NEW-TECH CO LTD
Filing Date
2026-03-25
Publication Date
2026-06-16

AI Technical Summary

Technical Problem

Existing Bluetooth authentication methods have low security in IoT terminals, making them vulnerable to unauthorized access by counterfeit devices and easy to crack, leading to data leaks.

Method used

A dynamic weighted obfuscation algorithm is introduced to obfuscate the terminal challenge code, terminal fingerprint data, and prime number weight matrix. The data is then encapsulated by combining the authentication timestamp and the dynamic protocol magic number to generate authentication verification data.

Benefits of technology

It improves the security of the IoT terminal authentication process, enhances randomness and the integrity and timeliness of authentication verification data, and increases the difficulty of reverse engineering.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122227237A_ABST
    Figure CN122227237A_ABST
Patent Text Reader

Abstract

The application provides a terminal authentication method, device and equipment and a storage medium. The terminal authentication method comprises the following steps: in response to a first authentication request sent by an Internet of Things terminal, obtaining a terminal challenge code carried by the terminal authentication request; performing confusion operation according to the terminal challenge code, terminal fingerprint data and a prime weight matrix to obtain confusion operation data; performing encapsulation according to the confusion operation data, an authentication timestamp and a dynamic protocol magic number to obtain authentication verification data; transmitting the authentication verification data to the Internet of Things terminal for terminal authentication, and receiving a terminal authentication result transmitted by the Internet of Things terminal based on the authentication verification data. The application can improve the difficulty of reverse cracking in the authentication process of the Internet of Things terminal, thereby improving the security of the Internet of Things authentication.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of Internet of Things (IoT) technology, specifically to a terminal authentication method, apparatus, device, and storage medium. Background Technology

[0002] Currently, with the rapid development of IoT terminals and Bluetooth technology, more and more IoT terminals such as smart door locks, medical devices and industrial sensors are using Bluetooth as a communication transmission link for data transmission. However, the existing Bluetooth authentication methods have low security, are easily accessed by counterfeit devices, and the authentication schemes are easily cracked, leading to security problems such as data leakage. Summary of the Invention

[0003] This application provides a terminal authentication method, apparatus, device, and storage medium, aiming to solve the technical problem of low security of Bluetooth authentication for IoT terminals in the prior art.

[0004] On the one hand, embodiments of this application provide a terminal authentication method, which includes the following steps: In response to the first authentication request sent by the IoT terminal, obtain the terminal challenge code carried in the terminal authentication request; The terminal challenge code, terminal fingerprint data, and prime number weight matrix are used to perform a confusion operation to obtain the confusion operation data. The authentication verification data is obtained by encapsulating the obfuscated data, authentication timestamp, and dynamic protocol magic number. The authentication verification data is transmitted to the IoT terminal for terminal authentication, and the terminal authentication result based on the authentication verification data transmission is received from the IoT terminal.

[0005] In one possible implementation of this application, the step of performing an obfuscation operation based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain obfuscated data includes: The terminal fingerprint data is converted to obtain a converted fingerprint array; The transformed fingerprint array is weighted using a prime number weight matrix to obtain a weighted fingerprint array; Obfuscation operation data is generated based on the weighted fingerprint array and the terminal challenge code.

[0006] In one possible implementation of this application, generating obfuscation operation data based on the weighted fingerprint array and the terminal challenge code includes: The weighted fingerprint array and the terminal challenge code are XORed byte by byte to obtain the initial obfuscated data; Obtain the authentication timestamp corresponding to the terminal authentication request, and generate obfuscation operation data based on the authentication timestamp and the initial obfuscation data.

[0007] In one possible implementation of this application, before performing the obfuscation operation based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain the obfuscated data, the method further includes: In response to a device registration request triggered by an IoT terminal, obtain the terminal hardware data and corresponding prime number sequence of the IoT terminal; Generate a prime number weight matrix corresponding to the IoT terminal based on the prime number sequence corresponding to the IoT terminal; The terminal fingerprint data of the Internet of Things terminal is generated using the terminal hardware address and / or hardware characteristic information in the terminal hardware data.

[0008] In one possible implementation of this application, the step of encapsulating the obfuscation operation data, authentication timestamp, and dynamic protocol magic number to obtain authentication verification data includes: Perform a forward hash operation on the obfuscated data to obtain a first hash value; A hash operation is performed on the reversed obfuscated data corresponding to the obfuscated data to obtain a second hash value; A verification hash value is generated based on the first hash value and the second hash value; The authentication verification data is obtained by encapsulating the verification hash value, authentication timestamp, and dynamic protocol magic number.

[0009] In one possible implementation of this application, the step of encapsulating the authentication verification data based on the verification hash value, authentication timestamp, and dynamic protocol magic number includes: Generate the corresponding dynamic protocol magic number based on the magic number generation strategy corresponding to the IoT terminal; By concatenating the verification hash value and the authentication timestamp, the concatenated verification data is obtained. Authentication verification data is generated based on the spliced ​​verification data and the dynamic protocol magic number.

[0010] In one possible implementation of this application, the step of generating authentication verification data based on the concatenated verification data and the dynamic protocol magic number includes: Combine the spliced ​​verification data and the dynamic protocol magic number to generate initial authentication data; Calculate the checksum data corresponding to the initial authentication data to obtain authentication verification information; The initial authentication data and authentication verification data are assembled to obtain authentication verification data.

[0011] On the other hand, this application provides a terminal authentication method for use in Internet of Things (IoT) terminals, the terminal authentication method comprising the following steps: In response to the second authentication request, the authentication verification data corresponding to the second authentication request is received. The authentication verification data is a verification data packet generated by the terminal authentication device based on the terminal challenge code corresponding to the first authentication request. The time verification result is determined based on the authentication timestamp and current time information in the authentication verification data. If the time verification result is a normal verification result, then terminal authentication is performed on the authentication verification data to obtain the terminal authentication result.

[0012] On the other hand, this application provides a terminal authentication device, the terminal authentication device comprising: The information acquisition module is configured to respond to the first authentication request sent by the IoT terminal and acquire the terminal challenge code carried in the terminal authentication request; The obfuscation module is configured to perform obfuscation operations based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain obfuscated data. The data encapsulation module is configured to encapsulate the obfuscated data, authentication timestamp, and dynamic protocol magic number to obtain authentication verification data. The terminal authentication module is configured to transmit the authentication verification data to the IoT terminal for terminal authentication, and to receive the terminal authentication result from the IoT terminal based on the authentication verification data transmission.

[0013] On the other hand, this application also provides a terminal authentication device, the terminal authentication device comprising: One or more processors; Memory; and One or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to implement the steps of the terminal authentication method.

[0014] On the other hand, this application also provides a computer-readable storage medium having a computer program stored thereon, the computer program being loaded by a processor to perform the steps in the terminal authentication method.

[0015] This application obtains a terminal challenge code carried in a first authentication request sent by an IoT terminal; performs obfuscation operations on the terminal challenge code, terminal fingerprint data, and a prime number weight matrix to obtain obfuscated data; encapsulates the obfuscated data, authentication timestamp, and dynamic protocol magic number to obtain authentication verification data; transmits the authentication verification data to the IoT terminal for terminal authentication, and receives the terminal authentication result from the IoT terminal based on the transmitted authentication verification data. This approach introduces a dynamic weight obfuscation algorithm to obfuscate the terminal challenge code, terminal fingerprint data, and prime number weight matrix during the authentication process of IoT devices, thereby enhancing randomness. Furthermore, the data encapsulation processing based on the obfuscated data, authentication timestamp, and dynamic protocol magic number improves the integrity and timeliness of the authentication verification data, thus increasing the difficulty of reverse engineering during the authentication process and enhancing the security of IoT authentication. Attached Figure Description

[0016] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0017] Figure 1 This is a schematic diagram illustrating a scenario of the terminal authentication method according to an embodiment of this application; Figure 2 This is a flowchart illustrating one embodiment of the terminal authentication method in this application. Figure 3 A flowchart illustrating an embodiment of the terminal authentication method for generating authentication verification data provided in this application; Figure 4 A flowchart illustrating another embodiment of the terminal authentication method provided in this application; Figure 5 A schematic diagram of the structure of one embodiment of the terminal authentication device provided in this application; Figure 6 This is a schematic diagram of the structure of one embodiment of the terminal authentication device provided in this application. Detailed Implementation

[0018] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0019] In the description of this invention, it should be understood that the terms "center," "longitudinal," "lateral," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," and "outer," etc., indicating orientation or positional relationships based on the orientation or positional relationships shown in the accompanying drawings, are only for the convenience of describing the invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation, and therefore should not be construed as a limitation of the invention. Furthermore, the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of indicated technical features. Thus, features defined with "first" and "second" may explicitly or implicitly include one or more of the stated features. In the description of this invention, "a plurality of" means two or more, unless otherwise explicitly specified.

[0020] In this application, the term "exemplary" is used to mean "serving as an example, illustration, or description." Any embodiment described as "exemplary" in this application is not necessarily to be construed as being more preferred or advantageous than other embodiments. The following description is provided to enable any person skilled in the art to make and use the invention. Details are set forth in the following description for purposes of explanation. It should be understood that those skilled in the art will recognize that the invention can be made without using these specific details. In other instances, well-known structures and processes will not be described in detail to avoid obscuring the description of the invention with unnecessary detail. Therefore, the invention is not intended to be limited to the embodiments shown, but is consistent with the broadest scope of the principles and features disclosed in this application.

[0021] Currently, with the rapid development of IoT terminals and Bluetooth technology, more and more IoT terminals such as smart door locks, medical devices and industrial sensors are using Bluetooth as a communication transmission link for data transmission. However, the existing Bluetooth authentication methods have low security, are easily accessed by counterfeit devices, and the authentication schemes are easily cracked, leading to security problems such as data leakage.

[0022] Based on this, this application proposes a terminal authentication method, apparatus, device, and computer-readable storage medium to solve the technical problem of low security of Bluetooth authentication for IoT terminals in the prior art.

[0023] The terminal authentication method in this embodiment of the invention is applied to a terminal authentication device, which is set in a terminal authentication equipment. The terminal authentication equipment is provided with one or more processors, a memory, and one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to implement the terminal authentication method. The terminal authentication equipment can be a smart terminal associated with a smart IoT terminal, such as a mobile phone, tablet computer, network device, and smart computer. Optionally, the terminal authentication equipment can also be a server or a service cluster composed of multiple servers.

[0024] like Figure 1 As shown, Figure 1 This is a schematic diagram illustrating a scenario of the terminal authentication method according to an embodiment of this application. In this embodiment, the terminal authentication scenario includes a terminal authentication device 100 (which integrates a terminal authentication apparatus) and an IoT terminal 200. The terminal authentication device 100 runs a computer-readable storage medium corresponding to the terminal authentication method to execute the steps of the terminal authentication method. The IoT terminal 200 is a business terminal that interfaces with the terminal authentication device 100 for authentication.

[0025] Understandable, Figure 1 The terminal authentication device in the terminal authentication method scenario shown, or the device included in the terminal authentication device, does not constitute a limitation on the embodiments of the present invention. That is, the number or type of terminal authentication device included in the terminal authentication method scenario, or the number or type of device included in each device, does not affect the overall implementation of the technical solution in the embodiments of the present invention, and can all be considered as equivalent substitutions or derivatives of the technical solutions claimed in the embodiments of the present invention.

[0026] In this embodiment of the invention, the terminal authentication device 100 is mainly used to: respond to the first authentication request sent by the Internet of Things terminal and obtain the terminal challenge code carried in the terminal authentication request; The terminal challenge code, terminal fingerprint data, and prime number weight matrix are used to perform a confusion operation to obtain the confusion operation data. The authentication verification data is obtained by encapsulating the obfuscated data, authentication timestamp, and dynamic protocol magic number. The authentication verification data is transmitted to the IoT terminal for terminal authentication, and the terminal authentication result based on the authentication verification data transmission is received from the IoT terminal.

[0027] The terminal authentication device 100 in this embodiment of the invention can be an independent terminal authentication device, such as a mobile phone, tablet computer, network device, server and smart computer, or a terminal authentication network or terminal authentication cluster composed of multiple terminal authentication devices.

[0028] This application provides a terminal authentication method, apparatus, device, and computer-readable storage medium, which will be described in detail below.

[0029] It will be understood by those skilled in the art that Figure 1 The application environment shown is only one application scenario related to the solution of this application and does not constitute a limitation on the application scenario of this application. Other application environments may include more than one application scenario. Figure 1 The number of more or fewer terminal authentication devices shown, or the terminal authentication network connection relationships, for example Figure 1 Only one terminal authentication device is shown in the diagram. It is understood that the scenario of this terminal authentication method may also include one or more terminal authentication devices, which are not specifically limited here. The terminal authentication device 100 may also include a memory for storing order data and other data.

[0030] It should be noted that, Figure 1 The schematic diagram of the terminal authentication method shown is merely an example. The scenarios of the terminal authentication method described in this embodiment are intended to more clearly illustrate the technical solutions of this embodiment and do not constitute a limitation on the technical solutions provided by this embodiment.

[0031] Based on the scenarios described above for terminal authentication methods, various embodiments of the terminal authentication method disclosed in this invention are proposed.

[0032] like Figure 2 As shown, Figure 2 This is a flowchart illustrating one embodiment of the terminal authentication method in this application. The terminal authentication method includes the following steps 201 to 204: 201. Respond to the first authentication request sent by the IoT terminal and obtain the terminal challenge code carried in the terminal authentication request; The terminal authentication method in this embodiment is applied to a terminal authentication device. The type and number of terminal authentication devices are not specifically limited. That is, the terminal authentication device can be one or more smart terminals or servers that have Bluetooth or other communication connections with the Internet of Things terminal. In a specific embodiment, the terminal authentication device is a smartphone.

[0033] Optionally, the IoT terminal is a smart IoT terminal capable of sending authentication requests to a terminal authentication device for authentication, and is used to perform corresponding IoT interactive operations after successful authentication. Optionally, in a specific embodiment, the IoT terminal can be an IoT device such as a smart door lock, smart medical device, smart home appliance, or industrial sensor. The IoT terminal can communicate with the terminal authentication device via Bluetooth, WiFi, or cellular networks for authentication processing.

[0034] Optionally, the first authentication request is sent by the IoT terminal, which drives the terminal authentication device to generate corresponding authentication verification data for authentication processing.

[0035] Optionally, the terminal challenge code is customized data sent by the IoT terminal (acting as an authentication server) to the terminal authentication device for authentication. This data drives the terminal authentication device to process the data based on the challenge code and return the processed authentication verification data for verification, thereby verifying the identity or legitimacy of the target object. Optionally, in one specific embodiment, the terminal challenge code is a 16-byte random number randomly generated by the IoT terminal.

[0036] Optionally, during operation, the terminal authentication device receives a first authentication request sent by an IoT terminal that has registered the device, parses the first authentication request, obtains the terminal challenge code carried in the first authentication request, and performs operations such as obfuscation operation, hash chain verification and data packet encapsulation on the terminal challenge code in subsequent steps to generate authentication verification data for legitimacy verification.

[0037] Optionally, before receiving the first authentication request triggered by the IoT device, the terminal authentication device may also receive a device registration request triggered by the IoT device and register the IoT device.

[0038] Optionally, the terminal authentication device responds to the device registration request triggered by the IoT terminal and obtains the terminal hardware data and corresponding prime number sequence of the IoT terminal.

[0039] Optionally, a device registration request is an access event that represents the first time an IoT terminal accesses the IoT platform corresponding to the terminal authentication device. That is, after the IoT terminal powers on for the first time, it can trigger a device registration request to access the IoT platform and register the device.

[0040] Optionally, the terminal hardware data is hardware information identifying the IoT terminal. For example, in one specific embodiment, the terminal hardware data includes the terminal hardware address and / or hardware characteristic information corresponding to the IoT terminal. The terminal hardware address is the MAC address information corresponding to the IoT terminal. The hardware characteristic information is hardware data information characterizing the terminal performance characteristics of the IoT terminal. Optionally, in one specific embodiment, the hardware characteristic information includes terminal hardware data such as the number of CPU cores and screen resolution.

[0041] Optionally, the prime number sequence is an ordered sequence of prime numbers generated by the IoT terminal or terminal authentication device, corresponding to the IoT terminal. For example, the terminal authentication device can generate a prime number sequence corresponding to the IoT terminal when the IoT terminal registers.

[0042] Optionally, during the device registration phase of the IoT terminal, after generating a prime number sequence corresponding to the IoT terminal, the terminal authentication device also generates a prime number weight matrix corresponding to the IoT terminal based on the prime number sequence. The prime number weight matrix, generated from the prime number sequence, is used to perform obfuscation operations on the terminal challenge code during the authentication process, thereby ensuring the non-linear characteristics of subsequent obfuscation operations. Optionally, the terminal authentication device can generate the prime number weight matrix corresponding to the IoT terminal from the prime number sequence using algorithms such as prime number assignment algorithms, prime number square root algorithms, and prime number weight matrix construction algorithms.

[0043] Optionally, during the device registration phase of the IoT terminal, to ensure the uniqueness of the device identifier during subsequent authentication, the terminal authentication device also generates terminal fingerprint data for the IoT terminal using the terminal hardware address and / or hardware characteristic information from the terminal hardware data. This terminal fingerprint data is used to uniquely identify the IoT terminal. This terminal fingerprint data can be generated by encrypting and fusing the terminal hardware address and hardware characteristic information.

[0044] 202. Perform a confusion operation based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain the confusion operation data; Optionally, after obtaining the terminal challenge code, terminal fingerprint data, and prime number weight matrix, the terminal authentication device also performs an obfuscation operation based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain obfuscated data.

[0045] Optionally, the obfuscation operation data is the parameter data obtained by the terminal authentication device through obfuscation operation on the terminal challenge code, which is used to generate corresponding authentication verification data based on the obfuscation operation data in subsequent steps.

[0046] Optionally, after obtaining the terminal fingerprint data, the terminal authentication device performs data conversion on the terminal fingerprint data to obtain a converted fingerprint array. Optionally, in one specific embodiment, the terminal authentication device performs data conversion on the terminal fingerprint data to obtain a converted fingerprint array represented by a target character array. In one specific embodiment, the target character array is a character array format that facilitates subsequent obfuscation operations. In one specific embodiment, the target character array is an ASCII character array. The converted fingerprint array is a conversion array that converts the terminal fingerprint data into a representation of the target character array.

[0047] Optionally, after obtaining the converted fingerprint array, the terminal authentication device uses a prime number weight matrix to weight the converted fingerprint array, obtaining a weighted fingerprint array. That is, the terminal authentication device uses the prime number weight matrix to weight each character in the converted fingerprint array to obtain the weighted fingerprint array. The weighted fingerprint array is a character array obtained by weighting each character in the converted fingerprint array.

[0048] Optionally, after obtaining the weighted fingerprint array, the terminal authentication device also generates obfuscation data based on the weighted fingerprint array and the terminal challenge code. That is, the terminal authentication device performs a byte-by-byte XOR operation on the weighted fingerprint array and the terminal challenge code to obtain initial obfuscation data. The initial obfuscation data is the computational data obtained by performing preliminary obfuscation processing on the terminal challenge code using the weighted fingerprint array.

[0049] Optionally, to further enhance randomness, the terminal authentication device also obtains the authentication timestamp corresponding to the terminal authentication request, and generates obfuscation operation data based on the authentication timestamp and the initial obfuscation data. That is, the terminal authentication device uses a time acquisition interface to collect the current time information as the authentication timestamp, and generates a corresponding time entropy from this authentication timestamp to process the initial obfuscation data, thereby generating obfuscation operation data. Optionally, the time acquisition interface is the `performance.now()` interface. The authentication timestamp is high-precision time information used to add time entropy during the obfuscation operation.

[0050] For example, in one specific embodiment, the terminal authentication device uses the authentication timestamp as a time entropy to perform a calculation with the initial obfuscated data to generate obfuscated calculation data. For example, the terminal authentication device can perform a bitwise XOR operation or other operations on the authentication timestamp and the initial obfuscated data to generate obfuscated calculation data, thereby further enhancing the randomness of the obfuscated calculation data.

[0051] 203. Encapsulate the obfuscated data, authentication timestamp, and dynamic protocol magic number to obtain authentication verification data; Optionally, after obtaining the obfuscation operation data and authentication timestamp, the terminal authentication device also encapsulates the obfuscation operation data, authentication timestamp, and dynamic protocol magic number to generate authentication verification data for authentication verification.

[0052] Optionally, the authentication verification data is the authentication verification data associated with the terminal challenge code and to be verified. This authentication verification data is a verification data packet obtained by processing and encapsulating obfuscated runtime data, authentication timestamps, and dynamic protocol magic numbers.

[0053] Optionally, the dynamic protocol magic number is a dynamically variable identifier value used for protocol identification and basic data validity verification in the communication protocol corresponding to the terminal authentication device and the IoT terminal. This dynamic protocol magic number is appended to the data packet header, causing the data packet header to change over time. Optionally, in one specific embodiment, the dynamic protocol magic number is BB55 + date + hour.

[0054] Optionally, after obtaining the obfuscation operation data, the terminal authentication device also performs a layered hash operation on the obfuscation operation data to generate a verification hash value, and then encapsulates the verification hash value, authentication timestamp, and dynamic protocol magic number to generate authentication verification data.

[0055] Optionally, the terminal authentication device performs a forward hash operation on the obfuscated data to obtain a first hash value. This first hash value is the hash value obtained by performing a forward hash operation on the obfuscated data.

[0056] Optionally, the terminal authentication device also obtains the reversed operation data corresponding to the obfuscated operation data, and performs a hash operation on the reversed obfuscated data corresponding to the obfuscated operation data to obtain a second hash value. That is, the terminal authentication device obtains the reversed operation data with the character order reversed from the obfuscated operation data, and performs a hash operation on the reversed operation data to obtain a second hash value. The second hash value is the hash value obtained by performing a hash operation on the reversed operation data with the character order reversed from the obfuscated operation data.

[0057] Optionally, after obtaining the first hash value and the second hash value, the terminal authentication device also generates a verification hash value based on the first hash value and the second hash value. That is, the terminal authentication device performs a byte-by-byte XOR operation on the first hash value and the second hash value to generate the verification hash value.

[0058] Optionally, after obtaining the verification hash value, the terminal authentication device encapsulates the verification hash value, authentication timestamp, and dynamic protocol magic number to obtain authentication verification data, thereby ensuring the integrity and timeliness of the authentication verification data.

[0059] 204. Transmit the authentication verification data to the IoT terminal for terminal authentication, and receive the terminal authentication result from the IoT terminal based on the authentication verification data transmission.

[0060] Optionally, after generating authentication verification data to be used for authentication verification, the terminal authentication device also transmits the authentication verification data to the IoT terminal for terminal authentication and receives the terminal authentication result returned by the IoT terminal based on the authentication verification data.

[0061] Optionally, the terminal authentication result is a verification result representing the legitimacy of the authentication verification data sent by the terminal authentication device to the IoT terminal. That is, after generating the authentication verification data, the terminal authentication device sends the authentication verification data to the IoT terminal so that the IoT terminal can perform legality verification based on the authentication verification data and generate a corresponding terminal authentication result. When the terminal authentication result is successful, the IoT terminal can interact with the terminal authentication device, thereby improving the security of business interactions.

[0062] In this embodiment, the terminal authentication device responds to a first authentication request sent by an IoT terminal and obtains the terminal challenge code carried in the authentication request. It then performs an obfuscation operation based on the terminal challenge code, terminal fingerprint data, and a prime number weight matrix to obtain obfuscated data. This obfuscated data is then encapsulated using the obfuscated data, authentication timestamp, and dynamic protocol magic number to obtain authentication verification data. The device transmits the authentication verification data to the IoT terminal for terminal authentication and receives the terminal authentication result from the IoT terminal based on the transmitted authentication verification data. This approach introduces a dynamic weight obfuscation algorithm to obfuscate the terminal challenge code, terminal fingerprint data, and prime number weight matrix during the IoT device authentication process, thereby enhancing randomness. Furthermore, the data encapsulation based on the obfuscated data, authentication timestamp, and dynamic protocol magic number improves the integrity and timeliness of the authentication verification data, increasing the difficulty of reverse engineering during the IoT terminal authentication process and thus enhancing IoT authentication security.

[0063] like Figure 3 As shown, Figure 3 This is a flowchart illustrating an embodiment of the terminal authentication method provided in this application for generating authentication verification data. Specifically, in Figure 3 In the illustrated embodiment, the terminal authentication method further includes steps 301 to 303: 301. Generate the corresponding dynamic protocol magic number based on the magic number generation strategy corresponding to the IoT terminal; 302. Concatenate the verification hash value and the authentication timestamp to obtain the concatenated verification data; 303. Generate authentication verification data based on the splicing verification data and the dynamic protocol magic number.

[0064] Based on the above embodiments, in this embodiment, after obtaining the verification hash value, the terminal authentication device encapsulates it according to the verification hash value, the authentication timestamp, and the dynamic protocol magic number to obtain authentication verification data, thereby ensuring the integrity and timeliness of the authentication verification data.

[0065] Optionally, the terminal authentication device generates a corresponding dynamic protocol magic number based on the magic number generation strategy corresponding to the IoT terminal. The magic number generation strategy is a magic number generation rule used to generate the dynamic protocol magic number corresponding to the current authentication of the IoT terminal. For example, in one specific embodiment, the magic number generation strategy combines the static magic number with the current date and current time information to obtain the dynamic protocol magic number. Optionally, in one specific embodiment, the static magic number is BB55, and the corresponding dynamic protocol magic number is BB55 + current date information + current time information.

[0066] Optionally, the terminal authentication device may also concatenate the verification hash value and the authentication timestamp to obtain concatenated verification data, and generate authentication verification data based on the concatenated verification data and the dynamic protocol magic number.

[0067] That is, the terminal authentication device combines the spliced ​​verification data and the dynamic protocol magic number to generate the initial authentication data. In other words, the terminal authentication device adds the dynamic protocol magic number to the header of the spliced ​​verification data packet to obtain the initial authentication data.

[0068] Optionally, to ensure data integrity, the terminal authentication device also calculates the checksum data corresponding to the initial authentication data to obtain authentication verification information. This authentication verification information is a checksum data used to assess the integrity of the data packet.

[0069] Optionally, after obtaining the verification information, the terminal authentication device assembles the initial authentication data and authentication verification data to obtain authentication verification data, transmits the authentication verification data to the IoT terminal for terminal authentication, and receives the terminal authentication result returned by the IoT terminal based on the authentication verification data.

[0070] In this embodiment, the terminal authentication device generates a corresponding dynamic protocol magic number based on the magic number generation strategy corresponding to the IoT terminal; it concatenates the verification hash value and the authentication timestamp to obtain concatenated verification data; and it generates authentication verification data based on the concatenated verification data and the dynamic protocol magic number. This ensures the integrity and timeliness of the data packets corresponding to the authentication verification data.

[0071] like Figure 4 As shown, Figure 4 This is a flowchart illustrating another embodiment of the terminal authentication method provided in this application. Figure 4 In the illustrated embodiment, the terminal authentication method includes steps 401 to 403: 401. Respond to the second authentication request and receive the authentication verification data corresponding to the second authentication request; 402. Determine the time verification result based on the authentication timestamp and current time information in the authentication verification data; 403. If the time verification result is a normal verification result, then perform terminal authentication on the authentication verification data to obtain the terminal authentication result.

[0072] Based on the above embodiments, in this embodiment, the IoT terminal responds to the second authentication request and receives the authentication verification data corresponding to the second authentication request.

[0073] Optionally, the second authentication request is an authentication verification event triggered by the terminal authentication device based on the first authentication request. The IoT terminal receives the second authentication request and obtains the authentication verification data corresponding to the second authentication request. This authentication verification data is a verification data packet generated by the terminal authentication device based on the terminal challenge code corresponding to the first authentication request.

[0074] Optionally, after obtaining the authentication verification data, the IoT terminal retrieves the authentication timestamp from the authentication verification data and determines the time verification result based on the authentication timestamp and the current time information. That is, the IoT terminal is equipped with a time window circuit breaker mechanism to limit the effective time range of the authentication verification data, thereby ensuring the timeliness of the authentication verification data and preventing replay attacks.

[0075] Optionally, the IoT terminal calculates the time difference data between the authentication timestamp and the current time information, and compares the time difference data with the target time window data to determine the time verification result.

[0076] Optionally, if the IoT terminal determines that the event difference data is greater than the target time window data, it determines that the authentication verification data has timed out, uses the abnormal verification result as the time verification result of the authentication verification data, and refuses to perform authentication processing on the authentication verification data.

[0077] Optionally, if the IoT terminal determines that the event difference data is less than the target time window data, it determines that the authentication data packet has not timed out and uses the normal verification result as the time verification result of the authentication data packet.

[0078] Optionally, if the IoT terminal determines that the time verification result is a normal verification result, the IoT terminal performs terminal authentication on the authentication verification data to obtain the terminal authentication result. That is, the IoT terminal performs local calculations and compares the hash values ​​of the authentication verification data that was sent beyond the target time window to determine the terminal verification result, and then transmits the terminal verification result to the terminal authentication device.

[0079] In this embodiment, the IoT device receives authentication verification data corresponding to the second authentication request in response to the second authentication request. This authentication verification data is a verification data packet generated by the terminal authentication device based on the terminal challenge code corresponding to the first authentication request. A time verification result is determined based on the authentication timestamp and current time information in the authentication verification data. If the time verification result is a normal verification result, terminal authentication is performed on the authentication verification data to obtain the terminal authentication result. This effectively authenticates timely authentication data packets to prevent replay attacks and improve authentication security.

[0080] To better implement the terminal authentication method in the embodiments of this application, based on the terminal authentication method, the embodiments of this application also provide a terminal authentication device, such as... Figure 5 As shown, Figure 5 This is a schematic diagram of the structure of one embodiment of the terminal authentication device provided in this application. Specifically, the terminal authentication device 500 includes: The information acquisition module 501 is configured to respond to the first authentication request sent by the Internet of Things terminal and acquire the terminal challenge code carried in the terminal authentication request; The obfuscation operation module 502 is configured to perform obfuscation operation based on the terminal challenge code, terminal fingerprint data and prime number weight matrix to obtain obfuscation operation data; The data encapsulation module 503 is configured to encapsulate the obfuscated data, authentication timestamp and dynamic protocol magic number to obtain authentication verification data. The terminal authentication module 504 is configured to transmit the authentication verification data to the IoT terminal for terminal authentication, and to receive the terminal authentication result from the IoT terminal based on the authentication verification data transmission.

[0081] In one possible implementation of this embodiment, the terminal authentication device performs an obfuscation operation based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain obfuscated data, including: The fingerprint data of the terminal is converted to obtain a converted fingerprint array; The transformed fingerprint array is weighted using a prime number weight matrix to obtain a weighted fingerprint array; Obfuscation operation data is generated based on the weighted fingerprint array and the terminal challenge code.

[0082] In one possible implementation of this embodiment, the terminal authentication device generates obfuscation operation data based on the weighted fingerprint array and the terminal challenge code, including: The weighted fingerprint array and the terminal challenge code are XORed byte by byte to obtain the initial obfuscated data; Obtain the authentication timestamp corresponding to the terminal authentication request, and generate obfuscation operation data based on the authentication timestamp and the initial obfuscation data.

[0083] In one possible implementation of this embodiment, before the terminal authentication device performs an obfuscation operation based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain the obfuscated data, it further includes: In response to a device registration request triggered by an IoT terminal, obtain the terminal hardware data and corresponding prime number sequence of the IoT terminal; Generate a prime number weight matrix corresponding to the IoT terminal based on the prime number sequence corresponding to the IoT terminal; The terminal fingerprint data of the Internet of Things terminal is generated using the terminal hardware address and / or hardware characteristic information in the terminal hardware data.

[0084] In one possible implementation of this embodiment, the terminal authentication device encapsulates the obfuscation operation data, authentication timestamp, and dynamic protocol magic number to obtain authentication verification data, including: Perform a forward hash operation on the obfuscated data to obtain a first hash value; A hash operation is performed on the reversed obfuscated data corresponding to the obfuscated data to obtain a second hash value; A verification hash value is generated based on the first hash value and the second hash value; The authentication verification data is obtained by encapsulating the verification hash value, authentication timestamp, and dynamic protocol magic number.

[0085] In one possible implementation of this embodiment, the terminal authentication device encapsulates the authentication verification data based on the verification hash value, authentication timestamp, and dynamic protocol magic number, including: Generate the corresponding dynamic protocol magic number based on the magic number generation strategy corresponding to the IoT terminal; By concatenating the verification hash value and the authentication timestamp, the concatenated verification data is obtained. Authentication verification data is generated based on the spliced ​​verification data and the dynamic protocol magic number.

[0086] In one possible implementation of this embodiment, the terminal authentication device generates authentication verification data based on the concatenated verification data and the dynamic protocol magic number, including: Combine the spliced ​​verification data and the dynamic protocol magic number to generate initial authentication data; Calculate the checksum data corresponding to the initial authentication data to obtain authentication verification information; The initial authentication data and authentication verification data are assembled to obtain authentication verification data.

[0087] In one possible implementation of this embodiment, the terminal authentication device is further configured to respond to the second authentication request and receive authentication verification data corresponding to the second authentication request, wherein the authentication verification data is a verification data packet generated by the terminal authentication device based on the terminal challenge code corresponding to the first authentication request. The time verification result is determined based on the authentication timestamp and current time information in the authentication verification data. If the time verification result is a normal verification result, then terminal authentication is performed on the authentication verification data to obtain the terminal authentication result.

[0088] In this embodiment, the terminal authentication device responds to a first authentication request sent by an IoT terminal and obtains the terminal challenge code carried in the authentication request. It then performs an obfuscation operation based on the terminal challenge code, terminal fingerprint data, and a prime number weight matrix to obtain obfuscated data. This obfuscation data is then encapsulated using the obfuscated data, authentication timestamp, and dynamic protocol magic number to obtain authentication verification data. The device transmits the authentication verification data to the IoT terminal for terminal authentication and receives the terminal authentication result from the IoT terminal based on the transmitted authentication verification data. This approach introduces a dynamic weight obfuscation algorithm to obfuscate the terminal challenge code, terminal fingerprint data, and prime number weight matrix during the IoT device authentication process, thereby enhancing randomness. Furthermore, the data encapsulation based on the obfuscated data, authentication timestamp, and dynamic protocol magic number improves the integrity and timeliness of the authentication verification data, increasing the difficulty of reverse engineering during the IoT terminal authentication process and thus enhancing IoT authentication security.

[0089] This invention also provides a terminal authentication device, such as... Figure 6 As shown, Figure 6 This is a schematic diagram of an embodiment of the terminal authentication device provided in this application.

[0090] The terminal authentication device integrates any of the terminal authentication devices provided in the embodiments of the present invention, and the terminal authentication device includes: One or more processors; Memory; and One or more applications, wherein the one or more applications are stored in the memory and configured by the processor to perform the steps of the terminal authentication method described in any of the embodiments of the above terminal authentication method.

[0091] Specifically, the terminal authentication device may include components such as a processor 601 with one or more processing cores, a memory 602 with one or more computer-readable storage media, a power supply 603, and an input unit 604. Those skilled in the art will understand that... Figure 6The terminal authentication device structure shown does not constitute a limitation on the terminal authentication device. It may include more or fewer components than shown, or combine certain components, or have different component arrangements. Wherein: The processor 601 is the control center of the terminal authentication device. It connects various parts of the device via interfaces and lines, and executes software programs and / or modules stored in the memory 602, as well as calling data stored in the memory 602, to perform various functions and process data, thereby providing overall monitoring of the terminal authentication device. Optionally, the processor 601 may include one or more processing cores; preferably, it may integrate an application processor and a modem processor, wherein the application processor primarily handles the operating system, user interface, and applications, while the modem processor primarily handles wireless communication. It is understood that the modem processor may not be integrated into the processor 601.

[0092] The memory 602 can be used to store software programs and modules. The processor 601 executes various functional applications and terminal authentication by running the software programs and modules stored in the memory 602. The memory 602 may mainly include a program storage area and a data storage area. The program storage area may store the operating system, at least one application program required for a function (such as sound playback function, image playback function, etc.), etc.; the data storage area may store data created based on the use of the terminal authentication device, etc. In addition, the memory 602 may include high-speed random access memory, and may also include non-volatile memory, such as at least one disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 602 may also include a memory controller to provide the processor 601 with access to the memory 602.

[0093] The terminal authentication device also includes a power supply 603 that supplies power to the various components. Preferably, the power supply 603 can be logically connected to the processor 601 through a power management system, thereby enabling functions such as charging, discharging, and power consumption management through the power management system. The power supply 603 may also include one or more DC or AC power supplies, recharging systems, power fault detection circuits, power converters or inverters, power status indicators, and other arbitrary components.

[0094] The terminal authentication device may also include an input unit 604, which can be used to receive input digital or character information, and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.

[0095] Although not shown, the terminal authentication device may also include a display unit, etc., which will not be described in detail here. Specifically, in this embodiment, the processor 601 in the terminal authentication device loads the executable files corresponding to the processes of one or more applications into the memory 602 according to the following instructions, and the processor 601 runs the applications stored in the memory 602 to realize various functions, as follows: In response to the first authentication request sent by the IoT terminal, obtain the terminal challenge code carried in the terminal authentication request; The terminal challenge code, terminal fingerprint data, and prime number weight matrix are used to perform a confusion operation to obtain the confusion operation data. The authentication verification data is obtained by encapsulating the obfuscated data, authentication timestamp, and dynamic protocol magic number. The authentication verification data is transmitted to the IoT terminal for terminal authentication, and the terminal authentication result based on the authentication verification data transmission is received from the IoT terminal.

[0096] Therefore, embodiments of the present invention provide a computer-readable storage medium, which may include: read-only memory (ROM), random access memory (RAM), magnetic disk, or optical disk, etc. A computer program is stored thereon, which is loaded by a processor to execute the steps in any of the terminal authentication methods provided in the embodiments of the present invention. For example, the computer program loaded by the processor can execute the following steps: In response to the first authentication request sent by the IoT terminal, obtain the terminal challenge code carried in the terminal authentication request; The terminal challenge code, terminal fingerprint data, and prime number weight matrix are used to perform a confusion operation to obtain the confusion operation data. The authentication verification data is obtained by encapsulating the obfuscated data, authentication timestamp, and dynamic protocol magic number. The authentication verification data is transmitted to the IoT terminal for terminal authentication, and the terminal authentication result based on the authentication verification data transmission is received from the IoT terminal.

[0097] In the above embodiments, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the detailed descriptions of other embodiments above, which will not be repeated here.

[0098] In practice, each of the above units or structures can be implemented as an independent entity or can be arbitrarily combined to be implemented as the same or several entities. For the specific implementation of each of the above units or structures, please refer to the previous method embodiments, which will not be repeated here.

[0099] For details on the implementation of each of the above operations, please refer to the previous examples, which will not be repeated here.

[0100] The terminal authentication method provided by the embodiments of this application has been described in detail above. Specific embodiments have been used to illustrate the principle and implementation of the present invention. The description of the above embodiments is only for the purpose of helping to understand the method and core idea of ​​the present invention. At the same time, for those skilled in the art, there will be changes in the specific implementation and application scope based on the idea of ​​the present invention. Therefore, the content of this specification should not be construed as a limitation of the present invention.

Claims

1. A terminal authentication method, characterized in that, The terminal authentication method includes: In response to the first authentication request sent by the IoT terminal, obtain the terminal challenge code carried in the terminal authentication request; The terminal challenge code, terminal fingerprint data, and prime number weight matrix are used to perform a confusion operation to obtain the confusion operation data. The authentication verification data is obtained by encapsulating the obfuscated data, authentication timestamp, and dynamic protocol magic number. The authentication verification data is transmitted to the IoT terminal for terminal authentication, and the terminal authentication result based on the authentication verification data transmission is received from the IoT terminal.

2. The terminal authentication method according to claim 1, characterized in that, The step of performing obfuscation operations based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain obfuscated data includes: The terminal fingerprint data is converted to obtain a converted fingerprint array; The transformed fingerprint array is weighted using a prime number weight matrix to obtain a weighted fingerprint array; Obfuscation operation data is generated based on the weighted fingerprint array and the terminal challenge code.

3. The terminal authentication method according to claim 2, characterized in that, The step of generating obfuscation operation data based on the weighted fingerprint array and the terminal challenge code includes: The weighted fingerprint array and the terminal challenge code are XORed byte by byte to obtain the initial obfuscated data; Obtain the authentication timestamp corresponding to the terminal authentication request, and generate obfuscation operation data based on the authentication timestamp and the initial obfuscation data.

4. The terminal authentication method according to claim 1, characterized in that, Before performing the obfuscation operation based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain the obfuscated data, the method further includes: In response to a device registration request triggered by an IoT terminal, the terminal hardware data and the corresponding prime number sequence of the IoT terminal are obtained. Generate a prime number weight matrix corresponding to the IoT terminal based on the prime number sequence corresponding to the IoT terminal; The terminal fingerprint data of the Internet of Things terminal is generated using the terminal hardware address and / or hardware characteristic information in the terminal hardware data.

5. The terminal authentication method according to claim 1, characterized in that, The authentication verification data is obtained by encapsulating the obfuscated data, authentication timestamp, and dynamic protocol magic number, including: Perform a forward hash operation on the obfuscated data to obtain a first hash value; A hash operation is performed on the reversed obfuscated data corresponding to the obfuscated data to obtain a second hash value; A verification hash value is generated based on the first hash value and the second hash value; The authentication verification data is obtained by encapsulating the verification hash value, authentication timestamp, and dynamic protocol magic number.

6. The terminal authentication method according to claim 5, characterized in that, The authentication verification data is obtained by encapsulating the verification hash value, authentication timestamp, and dynamic protocol magic number, including: Generate the corresponding dynamic protocol magic number based on the magic number generation strategy corresponding to the IoT terminal; By concatenating the verification hash value and the authentication timestamp, the concatenated verification data is obtained. Authentication verification data is generated based on the spliced ​​verification data and the dynamic protocol magic number.

7. The terminal authentication method according to claim 6, characterized in that, The step of generating authentication verification data based on the concatenated verification data and the dynamic protocol magic number includes: Combine the spliced ​​verification data and the dynamic protocol magic number to generate initial authentication data; Calculate the checksum data corresponding to the initial authentication data to obtain authentication verification information; The initial authentication data and authentication verification data are assembled to obtain authentication verification data.

8. A terminal authentication method, characterized in that, The terminal authentication method, applied to Internet of Things (IoT) terminals, includes: In response to the second authentication request, the authentication verification data corresponding to the second authentication request is received. The authentication verification data is a verification data packet generated by the terminal authentication device based on the terminal challenge code corresponding to the first authentication request. The time verification result is determined based on the authentication timestamp and current time information in the authentication verification data. If the time verification result is a normal verification result, then terminal authentication is performed on the authentication verification data to obtain the terminal authentication result.

9. A terminal authentication device, characterized in that, The terminal authentication device includes: The information acquisition module is configured to respond to the first authentication request sent by the IoT terminal and acquire the terminal challenge code carried in the terminal authentication request; The obfuscation module is configured to perform obfuscation operations based on the terminal challenge code, terminal fingerprint data, and prime number weight matrix to obtain obfuscated data. The data encapsulation module is configured to encapsulate the obfuscated data, authentication timestamp, and dynamic protocol magic number to obtain authentication verification data. The terminal authentication module is configured to transmit the authentication verification data to the IoT terminal for terminal authentication, and to receive the terminal authentication result from the IoT terminal based on the authentication verification data transmission.

10. A terminal authentication device, characterized in that, The terminal authentication device includes: One or more processors; Memory; and One or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to implement the steps of the terminal authentication method according to any one of claims 1 to 8.

11. A computer-readable storage medium, characterized in that, It stores a computer program, which is loaded by a processor to execute the steps of the terminal authentication method according to any one of claims 1 to 8.