Device authentication method and apparatus, device, and medium
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- GOERTEK INC
- Filing Date
- 2025-01-06
- Publication Date
- 2026-07-07
Smart Images

Figure CN122348828A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of computer technology, and more specifically, to a device authentication method, apparatus, device, and medium. Background Technology
[0002] Currently, smart devices are being used more and more widely, such as smart glasses and smartwatches. Consequently, the number of smart devices a user uses is also increasing. However, with the growing number of smart devices used by a user, unified management of these devices has become an inevitable trend.
[0003] However, when managing smart devices used by users in a unified manner, authentication and authorization of these devices becomes a prerequisite. Therefore, how to achieve authentication and authorization of smart devices has become an urgent technical problem to be solved. Summary of the Invention
[0004] One objective of this application is to provide a new technical solution for device certification.
[0005] According to a first aspect of this application, a device authentication method is provided, applied to an authentication device, the method comprising:
[0006] Upon receiving a device addition instruction for a device of a preset communication type, the signal scanning mode for that preset communication type is activated;
[0007] Obtain a connection request of the preset communication type sent by the device to be authenticated, wherein the connection request includes the name of the device to be authenticated;
[0008] If the name in the connection request conforms to the preset naming rules, a communication connection is established with the device to be authenticated;
[0009] Receive the inherent identity information sent by the device to be authenticated based on the communication connection;
[0010] If the inherent identity information is the preset identity information, it is determined that the device to be authenticated has been successfully authenticated.
[0011] Optionally, the method further includes:
[0012] If the inherent identity information is not the preset identity information, a repeat instruction is sent to the device to be authenticated. The repeat instruction is used to instruct the device to be authenticated to resend the inherent identity information to the authentication device.
[0013] If the received inherent identity information is not the preset identity information after a preset number of consecutive attempts, it is determined that the authentication of the device to be authenticated has failed, and a reminder message indicating that the authentication of the device to be authenticated has failed is output.
[0014] Optionally, after determining that the device to be authenticated has been successfully authenticated if the inherent identity information matches a preset identity, the method further includes:
[0015] Send an authentication success indication to the device to be authenticated;
[0016] Receive the public key generated according to a preset asymmetric encryption algorithm sent by the device to be authenticated;
[0017] The public key characteristics are determined based on the preset asymmetric encryption algorithm;
[0018] Verify the validity of the public key based on its characteristics;
[0019] If the public key is valid, the first transmitted information is encrypted using the public key to obtain the first encrypted transmitted information;
[0020] Send the first encrypted transmission information to the device to be authenticated.
[0021] Optionally, the step of encrypting the first transmitted information using the public key to obtain the first encrypted transmitted information includes:
[0022] A symmetric key is generated based on a preset symmetric encryption algorithm to serve as the first transmitted information.
[0023] The first transmitted information is encrypted using the public key to obtain an encrypted symmetric key, which is then used as the first encrypted transmitted information.
[0024] The method further includes:
[0025] Receive the second encrypted transmission information sent by the device to be authenticated, which is encrypted with the symmetric key;
[0026] The second transmitted information is obtained by decrypting the second encrypted transmitted information using the symmetric key;
[0027] And / or encrypt the third transmission information using the symmetric key to obtain the third encrypted transmission information;
[0028] The third encrypted transmission information is sent to the device to be authenticated.
[0029] According to a second aspect of this application, a device authentication method is provided, applied to a device to be authenticated, the method comprising:
[0030] When a communication connection mode of a preset communication type is enabled, a connection request of the preset communication type is broadcast, and the connection request includes the name of the device to be authenticated;
[0031] When a communication connection is established with the authentication device based on the connection request, the inherent identity information is sent to the authentication device.
[0032] Optionally, the method further includes:
[0033] Upon receiving a duplicate instruction from the authentication device, the inherent identity information is resent to the authentication device.
[0034] Optionally, the method further includes:
[0035] Upon receiving an authentication instruction from the authentication device, a paired public key and private key are generated according to a preset asymmetric encryption algorithm.
[0036] Send the public key to the authentication device;
[0037] Receive the first encrypted transmission information sent by the authentication device;
[0038] The first encrypted transmission information is decrypted using the private key to obtain the first transmission information.
[0039] Optionally, the first transmission information is a symmetric key, and the second transmission information is encrypted according to the symmetric key to obtain the second encrypted transmission information;
[0040] The second encrypted transmission information is sent to the authentication device;
[0041] And / or, receive third encrypted transmission information sent by the device to be authenticated;
[0042] The third encrypted transmission information is obtained by decrypting the third transmission information using the symmetric key.
[0043] According to a third aspect of this application, a device authentication apparatus is provided, wherein when the device authentication apparatus is applied to an authentication device, the device authentication apparatus includes:
[0044] The enabling module is used to enable the signal scanning mode of the preset communication type when a device addition instruction for a device of the preset communication type is received.
[0045] The acquisition module is used to acquire a connection request of the preset communication type sent by the device to be authenticated, wherein the connection request includes the name of the device to be authenticated;
[0046] A connection establishment module is used to establish a communication connection with the device to be authenticated if the name in the connection request conforms to a preset naming rule.
[0047] The first sending module is used to receive the inherent identity information sent by the device to be authenticated based on the communication connection;
[0048] The determination module is used to determine that the device to be authenticated has been successfully authenticated when the inherent identity information is the preset identity information;
[0049] When the device authentication device is applied to a device to be authenticated, the device authentication device includes:
[0050] The broadcast module is used to broadcast a connection request of the preset communication type when a communication connection mode of the preset communication type is enabled, wherein the connection request includes the name of the device to be authenticated;
[0051] The second sending module is used to send inherent identity information to the authentication device when a communication connection is established with the authentication device based on the connection request.
[0052] According to a fourth aspect of this application, an electronic device is provided, the electronic device including the device authentication device as described in the second aspect;
[0053] Alternatively, the electronic device includes a memory and a processor, the memory for storing computer instructions, wherein if the electronic device is an authentication device, the processor is configured to invoke the computer instructions from the memory to perform the method as described in any one of the first aspects, and if the electronic device is a device to be authenticated, the processor is configured to invoke the computer instructions from the memory to perform the method as described in any one of the second aspects.
[0054] According to a fifth aspect of this application, a computer-readable storage medium is provided having a computer program stored thereon, which, when executed by a processor, implements the method according to any one of the first and second aspects.
[0055] Other features and advantages of this application will become clear from the following detailed description of exemplary embodiments with reference to the accompanying drawings. Attached Figure Description
[0056] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments of the present application and, together with their description, serve to explain the principles of the present application.
[0057] Figure 1 This is a flowchart illustrating a device certification method provided in this application. Figure 1 ;
[0058] Figure 2 This is a flowchart illustrating a device certification method provided in this application. Figure 2 ;
[0059] Figure 3This is a flowchart illustrating a device certification method provided in this application. Figure 3 ;
[0060] Figure 4 This is a schematic diagram of the display interface of an authentication device provided in this application;
[0061] Figure 5 This is a schematic diagram of the structure of a device authentication apparatus provided in this application. Figure 1 ;
[0062] Figure 6 This is a schematic diagram of the structure of a device authentication apparatus provided in this application. Figure 2 ;
[0063] Figure 7 This is a schematic diagram of the structure of an electronic device provided in this application. Detailed Implementation
[0064] Various exemplary embodiments of this application will now be described in detail with reference to the accompanying drawings. It should be noted that, unless otherwise specifically stated, the relative arrangement, numerical expressions, and values of the components and steps set forth in these embodiments do not limit the scope of this application.
[0065] The following description of at least one exemplary embodiment is merely illustrative and is in no way intended to limit the scope of this application and its application or use.
[0066] Techniques, methods, and equipment known to those skilled in the art may not be discussed in detail, but where appropriate, such techniques, methods, and equipment should be considered part of the specification.
[0067] In all the examples shown and discussed herein, any specific values should be interpreted as merely exemplary and not as limitations. Therefore, other examples of exemplary embodiments may have different values.
[0068] It should be noted that similar labels and letters in the following figures indicate similar items; therefore, once an item is defined in one figure, it does not need to be discussed further in subsequent figures.
[0069] This application provides a device authentication method, which is applied to a device to be authenticated, such as... Figure 1 and Figure 3 As shown, it includes the following steps S1100 and S1200.
[0070] Step S1100: When the communication connection mode of the preset communication type is enabled, a connection request of the preset communication type is broadcast, and the connection request includes the name of the device to be authenticated.
[0071] In this embodiment, the device to be authenticated is a device waiting to be authenticated by the device being authenticated. In one example, the device to be authenticated is smart glasses, a smartwatch, etc., and the device being authenticated is a smartphone.
[0072] The device to be authenticated must support at least one type of communication. The communication type enabled by the device during the authentication process is denoted as the preset communication type. The preset communication type includes, but is not limited to, any one of: Wi-Fi, Bluetooth Classic (SPP), Bluetooth Low Energy (BLE), and NFC.
[0073] In one embodiment of this application, when a user needs to manage the devices to be authenticated in a unified manner, the user first ensures that the connection mode of a communication type supported by the device to be authenticated is enabled, for example, the user manually enables the Bluetooth of the device to be authenticated.
[0074] When the device to be authenticated enables a communication connection mode of a preset communication type, it broadcasts a connection request of the preset communication type, wherein the connection request carries the name of the device to be authenticated.
[0075] It should be noted that the device to be certified has a name set in advance that follows a preset naming rule. In one example, the preset naming rule could be: Brand Name_Device Category_Device Model_SN Code.
[0076] Corresponding to step S1100 above, this application provides another device authentication method applied to authentication equipment, such as... Figure 2 and Figure 3 As shown, the process includes steps S2100 to S2500.
[0077] Step S2100: Upon receiving a device addition instruction for a device of a preset communication type, the signal scanning mode of the preset communication type is activated.
[0078] In this embodiment, when a user wants to manage a specific device to be authenticated using the authentication device, they input a device addition instruction for a device of a preset communication type into the authentication device. Upon receiving the device addition instruction, the authentication device activates the signal scanning mode for the preset communication type. Based on step S1100 above, the authentication device then obtains the connection request for the preset communication type broadcast by the device to be authenticated, which is step S2200 below.
[0079] Step S2200: Obtain a connection request sent by the device to be authenticated, which is of a preset communication type and includes the name of the device to be authenticated.
[0080] Step S2300: If the name in the connection request conforms to the preset naming rules, establish a communication connection between the device to be authenticated and the device.
[0081] Among them, the naming rules of the devices that can be uniformly managed are pre-stored in the certification device, and the aforementioned pre-stored naming rules are recorded as preset naming rules.
[0082] In this embodiment, the authentication device first performs initial authentication on the device to be authenticated based on the name of the device to be authenticated in the connection request sent by the device to be authenticated. Specifically, the authentication device parses the name of the device to be authenticated from the connection request sent by the device to be authenticated and determines whether the name of the device to be authenticated conforms to a preset naming rule. If it does not conform, the authentication device determines that the authentication of the device to be authenticated has failed.
[0083] Since devices typically provide an interface for modifying their names, users can change the device's name. This leads to a situation where unauthorized users can modify the name of an unauthorized device to conform to the aforementioned preset naming rules, allowing the authentication device to successfully authenticate it. To resolve this issue, if the name of the device to be authenticated conforms to the preset naming rules, the authentication device establishes a communication connection with the device to be authenticated. A second authentication process is then performed, as described in steps S1200, S2400, and S2500.
[0084] Step S1200: If a communication connection is established with the authentication device based on a connection request, send the inherent identity information to the authentication device.
[0085] In this embodiment, when the device to be authenticated detects that a communication connection has been established with the authentication device, it determines that the authentication device has successfully authenticated its name. Furthermore, based on the communication connection with the authentication device, the device to be authenticated sends its inherent identity information to the authentication device.
[0086] The inherent identity information is an identity setting at the underlying level of the device to be authenticated that cannot be modified by the user. That is, the device to be authenticated does not have an interface to modify the inherent identity information. In one example, the inherent identity information is the MAC address of the device to be authenticated.
[0087] In one embodiment of this application, intrinsic identity information can be sent to the authentication device via a token.
[0088] Corresponding to step S1200 above, the authentication device performs the following steps 2400 and S2500.
[0089] Step S2400: Receive the inherent identity information sent by the device to be authenticated based on the communication connection.
[0090] Step S2500: If the inherent identity information is the preset identity information, determine that the device to be authenticated has been successfully authenticated.
[0091] In one embodiment of this application, the authentication device pre-stores the identity information of devices that can be uniformly managed, or the authentication device can query the identity information of devices that can be uniformly managed from the server. In this embodiment, the identity information of devices that can be uniformly managed by the authentication device is recorded as preset identity information.
[0092] If the authentication device determines that the inherent identity information is a preset identity information for a device that can be uniformly managed by the authentication device, then the inherent identity information is determined to be the preset identity information. Based on this, the authentication of the device to be authenticated is determined to be successful.
[0093] In one embodiment of this application, such as Figure 4 As shown, if the authenticating device successfully authenticates the device to be authenticated, the icon of the device to be authenticated will be displayed on the interface. Figure 4 The examples used to illustrate this are smartwatches and smart glasses, which are devices to be certified.
[0094] This application provides a device authentication method applied to an authentication device, comprising: upon receiving a device addition instruction for a device of a preset communication type, activating a signal scanning mode for that preset communication type; acquiring a connection request of the preset communication type sent by the device to be authenticated, the connection request including the name of the device to be authenticated; establishing a communication connection with the device to be authenticated if the name conforms to a preset naming rule; receiving inherent identity information sent by the device to be authenticated based on the communication connection; and determining that the device to be authenticated has been successfully authenticated if the inherent identity information matches the preset identity information. In this method, the authentication device achieves dual authentication of the device to be authenticated through the name of the device to be authenticated and its inherent identity information.
[0095] This application provides a device authentication method applied to a device to be authenticated. The method includes: broadcasting a connection request of the preset communication type when a communication connection mode of the preset communication type is enabled, the connection request including the name of the device to be authenticated; and sending inherent identity information to the authentication device when a communication connection is established with the authentication device based on the connection request. This method allows the authentication device to achieve dual authentication of the device to be authenticated using the name of the device to be authenticated and the inherent identity information of the device to be authenticated.
[0096] In one embodiment of this application, corresponding to step S2500 above, if the inherent identity information is not the preset identity information, it is determined that the authentication of the device to be authenticated has failed.
[0097] In another embodiment of this application, corresponding to step S2500 above, the device authentication method for authentication devices provided in this application further includes the following steps S2600 and S2700.
[0098] Step S2600: If the inherent identity information is not the preset identity information, send a repeat instruction to the device to be authenticated.
[0099] The repeat instruction is used to instruct the device to be authenticated to resend its inherent identity information to the authentication device.
[0100] Corresponding to step S2600 above, the device authentication method for the device to be authenticated provided in this application further includes the following step S1300.
[0101] Step S1300: Upon receiving a repeat instruction from the authentication device, resend the inherent identity information to the authentication device.
[0102] In this embodiment, when the device to be authenticated receives a repeat instruction from the authentication device, it resends its inherent identity information to the authentication device. Based on this, the authentication device re-receives the inherent identity information sent by the authentication device and performs authentication on the inherent identity information.
[0103] Based on the above steps S2600 and S1300, the problem of the authentication device failing to authenticate a device that can be uniformly managed can be avoided by the device to be authenticated sending incorrect inherent identity information due to network or other reasons.
[0104] Step S2700: If the inherent identity information received is not the preset identity information after a preset number of consecutive attempts, it is determined that the authentication of the device to be authenticated has failed, and a reminder message indicating that the authentication of the device to be authenticated has failed is output.
[0105] In this embodiment, the preset number of times can be set based on experience. In one example, the preset number of times is 3.
[0106] If the received identity information is not the preset identity information after a preset number of consecutive attempts, the device to be authenticated is determined not to be a device that can be managed by the authentication device. In this case, authentication of the device to be authenticated fails, and a notification message indicating authentication failure is output. This notification message can be output via audio, text, or other means. Furthermore, the authentication device can disconnect the connection between itself and the device to be authenticated upon determining that authentication has failed.
[0107] In one embodiment of this application, the device authentication method for authentication devices provided in this application, after step S2500 above, such as... Figure 3 As shown, it also includes the following step S2800.
[0108] Step S2800: Send a successful authentication instruction to the device to be authenticated.
[0109] If the authentication device determines that the device to be authenticated has been successfully authenticated, it will send an authentication success instruction to the device to be authenticated.
[0110] Based on step S2800 above, to improve the security of data interaction during effective data exchange between the authentication device and the device to be authenticated, such as... Figure 3 As shown, the device authentication method for the device to be authenticated provided in this application further includes the following steps S1400 to S1700.
[0111] Step S1400: Upon receiving the authentication instruction sent by the authentication device, generate a paired public key and private key according to a preset asymmetric encryption algorithm.
[0112] In this embodiment, upon receiving an authentication instruction from the authentication device, the device to be authenticated determines that the device being authenticated has been successfully authenticated. At this time, the device to be authenticated generates a public key and a private key for pairing according to a preset asymmetric algorithm.
[0113] In one example, the default asymmetric encryption algorithm can be the RSA algorithm.
[0114] Step S1500: Send the public key to the authentication device.
[0115] In this embodiment, the device to be authenticated sends its public key to the authentication device, which then uses it to encrypt the data transmitted to the device to be authenticated. The authentication device also retains its private key to decrypt the data encrypted with the public key sent by the authentication device.
[0116] Corresponding to step S1500 above, such as Figure 3 As shown, the device authentication method for authentication equipment provided in this application further includes the following steps S2900 to S21300 after the above step S2800.
[0117] Step S2900: Receive the public key generated according to a preset asymmetric encryption algorithm sent by the device to be authenticated.
[0118] Step S21000: Determine the public key characteristics according to the preset asymmetric encryption algorithm.
[0119] In this embodiment, the authentication device is familiar with a preset asymmetric encryption algorithm. Based on this, the authentication device can determine the public key characteristics of the public key generated by the preset asymmetric encryption algorithm.
[0120] Taking the default asymmetric encryption algorithm, RSA, as an example, the public key characteristics include: the starting identifier is "-----BEGIN PUBLIC KEY-----", the ending identifier is "-----END PUBLIC KEY-----", and the public key length is 2048 bits.
[0121] Step S21100: Verify the legitimacy of the public key based on its characteristics.
[0122] In this embodiment, after receiving the public key sent by the device to be authenticated, the authentication device verifies whether the received public key meets the public key characteristics. If it does not meet the characteristics, the public key is determined to be invalid. At this time, a reminder message indicating that the public key is invalid and effective data interaction cannot be performed can be sent to the device to be authenticated.
[0123] If the authentication device verifies that the received public key meets the public key characteristics, it determines the public key and then executes the following step S21200.
[0124] Step S21200: If the public key is valid, encrypt the first transmitted information using the public key to obtain the first encrypted transmitted information.
[0125] Step S21300: Send the first encrypted transmission information to the device to be authenticated.
[0126] In this embodiment, the first transmission information is valid data to be transmitted to the device to be authenticated.
[0127] If the authentication device determines that the public key is valid, it encrypts the first transmitted information using the public key to obtain the first encrypted transmitted information. This first encrypted transmitted information is then sent to the device to be authenticated.
[0128] Corresponding to the above steps S21300, steps S1600 and S1700 are as follows.
[0129] Step S1600: Receive the first encrypted transmission information sent by the authentication device.
[0130] Step S1700: Decrypt the first encrypted transmission information using the private key to obtain the first transmission information.
[0131] In this embodiment, after receiving the first encrypted transmission information sent by the authentication device, the first encrypted transmission information can be obtained by decrypting it with the private key.
[0132] The above steps ensure that only the device to be authenticated, holding the private key, can decrypt the first encrypted transmission information and obtain it. This prevents the leakage of the first transmission information sent by the authentication device to the device to be authenticated.
[0133] In one embodiment of this application, such as Figure 3 As shown, the first encrypted transmission information obtained by encrypting the first transmission information with the public key in step S21200 can be specifically implemented through the following steps S21210 and S21220.
[0134] Step S21210: Generate a symmetric key according to a preset symmetric encryption algorithm to serve as the first transmitted information.
[0135] Step S21220: Encrypt the first transmission information according to the public key to obtain the encrypted symmetric key as the first encrypted transmission information.
[0136] In one example, the default symmetric encryption algorithm is either AES or DES.
[0137] In this embodiment, a symmetric key is generated according to a preset symmetric encryption algorithm. Further, the symmetric key is used as the first transmission information, and encrypted with the public key to generate first encrypted transmission information. Based on this, the symmetric key encrypted with the public key can be sent to the device to be authenticated through the aforementioned step S21200. Based on this, the device to be authenticated obtains the symmetric key through the aforementioned step S1700, and further, can use the symmetric key for encryption and decryption during subsequent data interaction.
[0138] Based on the above, such as Figure 3 As shown, the device authentication method for authentication equipment provided in this application further includes the following steps S21400 and S21500.
[0139] Step S21400: Encrypt the third transmission information using a symmetric key to obtain the third encrypted transmission information.
[0140] In this embodiment, the third transmission information is the transmission data to be sent from the authentication device to the device to be authenticated.
[0141] Step S21500: Send the third encrypted transmission information to the device to be authenticated.
[0142] Corresponding to steps S21400 and S21500 above, as follows Figure 3 As shown, the device authentication method for the device to be authenticated provided in this application further includes the following steps S1800 and S1900.
[0143] Step S1800: Receive the third encrypted transmission information sent by the device to be authenticated.
[0144] Step S1900: Decrypt the third encrypted transmission information using the symmetric key to obtain the third transmission information.
[0145] And / or, such as Figure 3 As shown, the device authentication method for the device to be authenticated provided in this application further includes the following steps S11000 and S11100.
[0146] Step S11000: The first transmission information is a symmetric key. The second transmission information is encrypted using the symmetric key to obtain the second encrypted transmission information.
[0147] Step S11100: Send the second encrypted transmission information to the authentication device.
[0148] In this embodiment, the second transmission information is the transmission data to be sent from the device to be authenticated to the authentication device.
[0149] Corresponding to steps S11000 and S11100 above, as follows Figure 3 As shown, the device authentication method for authentication equipment provided in this application further includes the following steps S21600 and S21700.
[0150] Step S21600: Receive the second encrypted transmission information sent by the device to be authenticated, which is encrypted with a symmetric key.
[0151] Step S21700: Decrypt the second encrypted transmission information using the symmetric key to obtain the second transmission information.
[0152] This application also provides a device authentication apparatus, wherein the device authentication apparatus is applied to an authentication device, such as... Figure 5 As shown, the device authentication device 500 includes:
[0153] The activation module 510 is used to activate the signal scanning mode of the preset communication type when it receives a device addition instruction for a device of a preset communication type.
[0154] The acquisition module 520 is used to acquire a connection request of the preset communication type sent by the device to be authenticated, wherein the connection request includes the name of the device to be authenticated;
[0155] A connection establishment module 530 is used to establish a communication connection with the device to be authenticated if the name in the connection request conforms to a preset naming rule.
[0156] The first sending module 540 is used to receive the inherent identity information sent by the device to be authenticated based on the communication connection;
[0157] The determination module 550 is used to determine that the device to be authenticated has been successfully authenticated when the inherent identity information is the preset identity information.
[0158] In one embodiment of this application, the first sending module 540 is further configured to send a repeat instruction to the device to be authenticated when the inherent identity information is not the preset identity information, the repeat instruction being used to instruct the device to be authenticated to resend the inherent identity information to the authentication device;
[0159] In this embodiment, the device authentication apparatus 500 provided in this application further includes:
[0160] The output module is used to determine that the authentication of the device to be authenticated has failed if the inherent identity information received is not the preset identity information after a preset number of consecutive times, and to output a reminder message indicating that the authentication of the device to be authenticated has failed.
[0161] In one embodiment of this application, the first sending module 540 is further configured to send an authentication success indication to the device to be authenticated;
[0162] In this embodiment, the device authentication apparatus 500 provided in this application further includes:
[0163] The first receiving module is used to receive the public key generated according to a preset asymmetric encryption algorithm sent by the device to be authenticated;
[0164] The determining module 550 is further configured to determine the public key characteristics based on the preset asymmetric encryption algorithm;
[0165] Verify the validity of the public key based on its characteristics;
[0166] If the public key is valid, the first transmitted information is encrypted using the public key to obtain the first encrypted transmitted information;
[0167] In this embodiment, the first sending module 540 is also used to send first encrypted transmission information to the device to be authenticated.
[0168] In one embodiment of this application, the determining module 550 includes:
[0169] The generation unit is used to generate a symmetric key according to a preset symmetric encryption algorithm to serve as the first transmitted information;
[0170] The determining unit encrypts the first transmission information according to the public key to obtain an encrypted symmetric key as the first encrypted transmission information;
[0171] In this embodiment, the first receiving module is further configured to receive second encrypted transmission information encrypted with the symmetric key sent by the device to be authenticated;
[0172] In this embodiment, the device authentication apparatus 500 provided in this application further includes:
[0173] The first decryption module is used to decrypt the second encrypted transmission information using the symmetric key to obtain the second transmission information;
[0174] And / or, the first encryption module is used to encrypt the third transmission information using the symmetric key to obtain the third encrypted transmission information;
[0175] In this embodiment, the first sending module 540 is also used to send the third encrypted transmission information to the device to be authenticated.
[0176] When the device authentication device is applied to the device to be authenticated, such as Figure 6 As shown, the device authentication device 600 includes:
[0177] The broadcast module 610 is used to broadcast a connection request of the preset communication type when a communication connection mode of the preset communication type is enabled, wherein the connection request includes the name of the device to be authenticated;
[0178] The second sending module 620 is used to send inherent identity information to the authentication device when a communication connection is established with the authentication device based on the connection request.
[0179] In one embodiment of this application, the device authentication apparatus 600 provided in this application further includes:
[0180] The second sending module is further configured to resend the inherent identity information to the authentication device upon receiving a repeat instruction from the authentication device.
[0181] In one embodiment of this application, the device authentication apparatus 600 provided in this application further includes:
[0182] The generation module is used to generate a paired public key and private key according to a preset asymmetric encryption algorithm when receiving an authentication instruction sent by the authentication device.
[0183] In this embodiment, the second sending module 620 is further configured to send the public key to the authentication device;
[0184] The device authentication apparatus 600 provided in this application also includes:
[0185] The second receiving module is used to receive the first encrypted transmission information sent by the authentication device;
[0186] The first encrypted transmission information is decrypted using the private key to obtain the first transmission information.
[0187] In one embodiment of this application, the device authentication apparatus 600 provided in this application further includes:
[0188] The second encryption module is used to encrypt the second transmission information according to the symmetric key, which is the first transmission information;
[0189] The second sending module 620 is further configured to send the second encrypted transmission information to the authentication device;
[0190] And / or, the second receiving module is further configured to receive third encrypted transmission information sent by the device to be authenticated;
[0191] The third encrypted transmission information is obtained by decrypting the third transmission information using the symmetric key.
[0192] This application also provides an electronic device, which includes a device authentication device 500 or a device authentication device 600 as shown in the above device embodiments;
[0193] Or, such as Figure 7 As shown, the electronic device 700 includes a memory 710 and a processor 720. The memory 710 is used to store computer instructions. When the electronic device 700 is an authentication device, the processor 720 is used to call the computer instructions from the memory 710 to execute the device authentication method applied to the authentication device as described above. When the electronic device 700 is a device to be authenticated, the processor is used to call the computer instructions from the memory to execute the device authentication method applied to the device to be authenticated as described above.
[0194] This application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements any of the device authentication methods provided in any of the above method embodiments.
[0195] This application may be a system, method, and / or computer program product. A computer program product may include a computer-readable storage medium having computer-readable program instructions loaded thereon for causing a processor to implement various aspects of this application.
[0196] Computer-readable storage media can be tangible devices capable of holding and storing instructions for use by an instruction execution device. Computer-readable storage media can be, for example—but not limited to—electrical storage devices, magnetic storage devices, optical storage devices, electromagnetic storage devices, semiconductor storage devices, or any suitable combination thereof. More specific examples (a non-exhaustive list) of computer-readable storage media include: portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static random access memory (SRAM), portable compact disc read-only memory (CD-ROM), digital multifunction disc (DVD), memory sticks, floppy disks, mechanical encoding devices, such as punch cards or recessed protrusions storing instructions thereon, and any suitable combination thereof. The computer-readable storage media used herein are not to be construed as transient signals themselves, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., light pulses through fiber optic cables), or electrical signals transmitted through wires.
[0197] The computer-readable program instructions described herein can be downloaded from computer-readable storage media to various computing / processing devices, or downloaded via a network, such as the Internet, local area network, wide area network, and / or wireless network, to an external computer or external storage device. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers, and / or edge servers. A network adapter card or network interface in each computing / processing device receives the computer-readable program instructions from the network and forwards them to the computer-readable storage media in the respective computing / processing device.
[0198] The computer program instructions used to perform the operations of this application may be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine-dependent instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, including object-oriented programming languages such as Smalltalk, C++, etc., and conventional procedural programming languages such as the "C" language or similar programming languages. The computer-readable program instructions may be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving a remote computer, the remote computer may be connected to the user's computer via any type of network—including a local area network (LAN) or a wide area network (WAN)—or may be connected to an external computer (e.g., via the Internet using an Internet service provider). In some embodiments, electronic circuits, such as programmable logic circuits, field-programmable gate arrays (FPGAs), or programmable logic arrays (PLAs), are personalized by utilizing state information from the computer-readable program instructions. These electronic circuits can execute the computer-readable program instructions to implement various aspects of this application.
[0199] Various aspects of this application are described herein with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It should be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer-readable program instructions.
[0200] These computer-readable program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus to produce a machine such that, when executed by the processor of the computer or other programmable data processing apparatus, they create means for implementing the functions / actions specified in one or more blocks of the flowchart and / or block diagram. These computer-readable program instructions can also be stored in a computer-readable storage medium that causes a computer, programmable data processing apparatus, and / or other device to operate in a particular manner; thus, the computer-readable medium storing the instructions comprises an article of manufacture that includes instructions for implementing aspects of the functions / actions specified in one or more blocks of the flowchart and / or block diagram.
[0201] Computer-readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable data processing apparatus, or other device to produce a computer-implemented process, thereby causing the instructions executed on the computer, other programmable data processing apparatus, or other device to perform the functions / actions specified in one or more boxes of a flowchart and / or block diagram.
[0202] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of an instruction containing one or more executable instructions for implementing a specified logical function. In some alternative implementations, the functions marked in the blocks may occur in a different order than those marked in the drawings. For example, two consecutive blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or action, or using a combination of dedicated hardware and computer instructions. It will be well known to those skilled in the art that implementation in hardware, implementation in software, and implementation using a combination of software and hardware are equivalent.
[0203] The various embodiments of this application have been described above. These descriptions are exemplary and not exhaustive, nor are they limited to the disclosed embodiments. Many modifications and variations will be apparent to those skilled in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen to best explain the principles, practical applications, or technical improvements to the technology in the market, or to enable others skilled in the art to understand the embodiments disclosed herein. The scope of this application is defined by the appended claims.
Claims
1. A device authentication method, characterized in that, Applied to authentication devices, the method includes: Upon receiving a device addition instruction for a device of a preset communication type, the signal scanning mode for that preset communication type is activated; Obtain a connection request of the preset communication type sent by the device to be authenticated, wherein the connection request includes the name of the device to be authenticated; If the name in the connection request conforms to the preset naming rules, a communication connection is established with the device to be authenticated; Receive the inherent identity information sent by the device to be authenticated based on the communication connection; If the inherent identity information is the preset identity information, it is determined that the device to be authenticated has been successfully authenticated.
2. The method according to claim 1, characterized in that, The method further includes: If the inherent identity information is not the preset identity information, a repeat instruction is sent to the device to be authenticated. The repeat instruction is used to instruct the device to be authenticated to resend the inherent identity information to the authentication device. If the received inherent identity information is not the preset identity information after a preset number of consecutive attempts, it is determined that the authentication of the device to be authenticated has failed, and a reminder message indicating that the authentication of the device to be authenticated has failed is output.
3. The method according to claim 1, characterized in that, After determining that the device to be authenticated has been successfully authenticated when the inherent identity information matches a preset identity, the method further includes: Send an authentication success indication to the device to be authenticated; Receive the public key generated according to a preset asymmetric encryption algorithm sent by the device to be authenticated; The public key characteristics are determined based on the preset asymmetric encryption algorithm; Verify the validity of the public key based on its characteristics; If the public key is valid, the first transmitted information is encrypted using the public key to obtain the first encrypted transmitted information; Send the first encrypted transmission information to the device to be authenticated.
4. The method according to claim 3, characterized in that, The step of encrypting the first transmitted information using the public key to obtain the first encrypted transmitted information includes: A symmetric key is generated based on a preset symmetric encryption algorithm to serve as the first transmitted information. The first transmitted information is encrypted using the public key to obtain an encrypted symmetric key, which is then used as the first encrypted transmitted information. The method further includes: Receive the second encrypted transmission information sent by the device to be authenticated, which is encrypted with the symmetric key; The second transmitted information is obtained by decrypting the second encrypted transmitted information using the symmetric key; And / or encrypt the third transmission information using the symmetric key to obtain the third encrypted transmission information; The third encrypted transmission information is sent to the device to be authenticated.
5. A device authentication method, characterized in that, Applied to a device to be authenticated, the method includes: When a communication connection mode of a preset communication type is enabled, a connection request of the preset communication type is broadcast, and the connection request includes the name of the device to be authenticated; When a communication connection is established with the authentication device based on the connection request, the inherent identity information is sent to the authentication device.
6. The method according to claim 5, characterized in that, The method further includes: Upon receiving a duplicate instruction from the authentication device, the inherent identity information is resent to the authentication device.
7. The method according to claim 5, characterized in that, The method further includes: Upon receiving an authentication instruction from the authentication device, a paired public key and private key are generated according to a preset asymmetric encryption algorithm. Send the public key to the authentication device; Receive the first encrypted transmission information sent by the authentication device; The first encrypted transmission information is decrypted using the private key to obtain the first transmission information.
8. The method according to claim 7, characterized in that, The method further includes: The first transmission information is a symmetric key. The second transmission information is encrypted using the symmetric key to obtain the second encrypted transmission information. The second encrypted transmission information is sent to the authentication device; And / or, receive third encrypted transmission information sent by the device to be authenticated; The third encrypted transmission information is obtained by decrypting the third transmission information using the symmetric key.
9. A device authentication apparatus, characterized in that, When the device authentication device is used to authenticate a device, the device authentication device includes: The enabling module is used to enable the signal scanning mode of the preset communication type when a device addition instruction for a device of the preset communication type is received. The acquisition module is used to acquire a connection request of the preset communication type sent by the device to be authenticated, wherein the connection request includes the name of the device to be authenticated; A connection establishment module is used to establish a communication connection with the device to be authenticated if the name in the connection request conforms to a preset naming rule. The first sending module is used to receive the inherent identity information sent by the device to be authenticated based on the communication connection; The determination module is used to determine that the device to be authenticated has been successfully authenticated when the inherent identity information is the preset identity information; When the device authentication device is applied to a device to be authenticated, the device authentication device includes: The broadcast module is used to broadcast a connection request of the preset communication type when a communication connection mode of the preset communication type is enabled, wherein the connection request includes the name of the device to be authenticated; The second sending module is used to send inherent identity information to the authentication device when a communication connection is established with the authentication device based on the connection request.
10. An electronic device, characterized in that, The electronic device includes the device authentication device as described in claim 9; Alternatively, the electronic device includes a memory and a processor, the memory for storing computer instructions, wherein if the electronic device is an authentication device, the processor is configured to retrieve the computer instructions from the memory to perform the method as described in any one of claims 1-4, and if the electronic device is a device to be authenticated, the processor is configured to retrieve the computer instructions from the memory to perform the method as described in any one of claims 5-8.
11. A computer-readable storage medium, characterized in that, It stores a computer program that, when executed by a processor, implements the method according to any one of claims 1-8.