Search

CN-122020625-A - Device authentication method and device, electronic device and storage medium

CN122020625ACN 122020625 ACN122020625 ACN 122020625ACN-122020625-A

Abstract

The disclosure relates to a device authentication method, a device, an electronic device and a storage medium. The method comprises the steps of responding to the first equipment to finish account verification and first biological verification, generating a first FIDO key and a first FIDO public key which correspond to each other according to a verification result of the first biological verification, wherein the account verification comprises a verification mode based on a user account, the first biological verification comprises a verification mode based on user biological information, when the second equipment finishes authentication of the first equipment according to authentication information sent by the first equipment, the first server finishes authentication of the second equipment according to signature information sent by the second equipment, and under the condition that the second server receives and stores the first FIDO public key sent by the first server, the first equipment receives a result that the authentication of the first equipment passes, sent by the second server. By the method and the device, the first equipment is authenticated by the biological authentication means based on the FIDO authentication mode, so that the authentication efficiency is improved, and the user operation is simplified.

Inventors

  • Shu Yijie
  • FAN NAN

Assignees

  • 北京小米移动软件有限公司

Dates

Publication Date
20260512
Application Date
20241112

Claims (17)

  1. 1. A device authentication method, comprising: Responding to first equipment to complete account verification and first biological verification, wherein the first equipment generates a first FIDO key and a first FIDO public key which correspond to each other according to a verification result of the first biological verification, the account verification comprises a verification mode based on a user account, and the first biological verification comprises a verification mode based on user biological information; Under the conditions that the second equipment completes the authentication of the first equipment according to the authentication information sent by the first equipment, the first server side completes the authentication of the second equipment according to the signature information sent by the second equipment, the second server side receives and stores a first FIDO public key sent by the first server side, the first equipment receives the result that the authentication of the first equipment sent by the second server side passes, The first FIDO public key received by the second server is received by the second device from the first device and sent to the second server, and the signature information is generated by the second device according to the second FIDO key to sign the first FIDO public key.
  2. 2. The method according to claim 1, wherein the method further comprises: in response to selecting the second device on the first device, the first device establishes a first communication connection with the second device; The first device sends the first FIDO public key to the second device over the first communication connection.
  3. 3. The method of claim 2, further comprising the first device establishing a second communication connection with the first device, the second communication connection being an end-to-end encrypted communication connection, in the event that the first server verifies the signature information based on a second FIDO public key, the first server stores the first FIDO public key to the second server, and the second server sends the first device authentication result to the first device.
  4. 4. The method according to claim 3, wherein, in the case that the system ecology corresponding to the first device and the system ecology corresponding to the second service terminal are the same system ecology, the first device receives an encryption key sent by the first service terminal through the second communication connection, where the encryption key is used to implement end-to-end encrypted communication between the first device and the second service terminal under the same system ecology; the method further comprises the steps of: And storing the encryption key in response to receiving the encryption key sent by the first server.
  5. 5. The method of any one of claims 1 to 4, wherein the first biometric authentication comprises one or more of a user fingerprint information based authentication modality, a user facial information based authentication modality, a user iris information based authentication modality, and a user voiceprint information based authentication modality.
  6. 6. A device authentication method, comprising: Under the condition that a first device completes account verification and first biological verification and generates a first FIDO key and a first FIDO public key which correspond to each other according to a first biological verification result, a second device receives authentication information and the first FIDO public key sent by the first device, and completes authentication of the first device according to the authentication information, wherein the account verification comprises a verification mode based on a user account, and the first biological verification comprises a verification mode based on user biological information; signing the first FIDO public key according to a second FIDO key, generating signature information, transmitting the first FIDO public key and the signature information to a first service end, The signature information is used for completing verification of the second equipment at the first server side, and the first FIDO public key is used for sending and storing the signature information at the second server side under the condition that the first server side completes verification of the second equipment so as to complete authentication of the first equipment.
  7. 7. The method of claim 6, wherein the second device receiving the authentication information and the first FIDO public key sent by the first device comprises: The second device receives the authentication information and the first FIDO public key over the first communication connection if the first device selects the second device and establishes a first communication connection with the second device.
  8. 8. The method of claim 7, wherein in the case where the second device is the first device to upload the FIDO public key to the second server, the second FIDO public key is generated and uploaded to the first server as follows: Responding to the second equipment to complete equipment verification based on the verification code input by the user and the second server, and executing second biological verification by the second equipment and generating the second FIDO public key; The second device uploads the second FIDO public key to the second server; The second device uploads the second FIDO public key to the first service terminal under the condition that the second service terminal stores the second FIDO public key and sends a result that the second device passes authentication to the second device; The second biometric authentication comprises one or more of an authentication mode based on user fingerprint information, an authentication mode based on user face information, an authentication mode based on user iris information and an authentication mode based on user voiceprint information.
  9. 9. The method according to any one of claims 6 to 8, wherein the first biometric authentication comprises one or more of a user fingerprint information based authentication method, a user face information based authentication method, a user iris information based authentication method, and a user voiceprint information based authentication method.
  10. 10. A device authentication method, comprising: Under the condition that a first device completes account verification and first biological verification, and generates a first FIDO key and a first FIDO public key which correspond to each other according to a first biological verification result, and a second device completes authentication of the first device according to authentication information sent by the first device, a first service end receives signature information and the first FIDO public key sent by the second device, and verifies the second device according to the signature information, wherein the account verification comprises a verification mode based on a user account, the first biological verification comprises a verification mode based on user biological information, and the signature information is generated by the second device according to a signature of the second FIDO public key on the first FIDO public key; and in response to the completion of the verification of the second device, the first server sends the first FIDO public key to a second server, wherein the first FIDO public key is used for completing the authentication of the first device at the second server.
  11. 11. The method according to claim 10, wherein the method further comprises: under the condition that the system ecology corresponding to the first equipment and the system ecology corresponding to the second service end are the same, and the first equipment and the first service end establish second communication connection, the first service end sends an encryption key to the first equipment through the second communication connection, the second communication connection is an end-to-end encryption communication connection, and the encryption key is used for realizing end-to-end encryption communication between the first equipment and the second service end under the same system ecology.
  12. 12. The method according to any one of claims 10 to 11, wherein the first biometric authentication comprises one or more of a user fingerprint information based authentication method, a user face information based authentication method, a user iris information based authentication method, and a user voiceprint information based authentication method.
  13. 13. A device authentication apparatus, comprising: The public-private key pair generating unit is used for responding to first equipment to complete account verification and first biological verification, the first equipment generates a first FIDO key and a first FIDO public key which correspond to each other according to a verification result of the first biological verification, the account verification comprises a verification mode based on a user account, and the first biological verification comprises a verification mode based on user biological information; An information receiving unit, configured to, when a second device completes authentication of the first device according to authentication information sent by the first device, a first server completes authentication of the second device according to signature information sent by the second device, the second server receives and stores a first FIDO public key sent by the first server, the first device receives a result that the authentication of the first device sent by the second server passes, The first FIDO public key received by the second server is received by the second device from the first device and sent to the second server, and the signature information is generated by the second device according to the second FIDO key to sign the first FIDO public key.
  14. 14. A device authentication apparatus, comprising: The device authentication unit is used for receiving authentication information and a first FIDO public key sent by first equipment under the condition that the first equipment completes account number authentication and first biological authentication and generates a first FIDO secret key and a first FIDO public key which correspond to each other according to a first biological authentication result, and completing authentication of the first equipment according to the authentication information, wherein the account number authentication comprises an authentication mode based on a user account number, and the first biological authentication comprises an authentication mode based on user biological information; A signature information generating unit for signing the first FIDO public key according to the second FIDO key to generate signature information and transmitting the first FIDO public key and the signature information to a first service end, The signature information is used for completing verification of the second equipment at the first server side, and the first FIDO public key is used for sending and storing the signature information at the second server side under the condition that the first server side completes verification of the second equipment so as to complete authentication of the first equipment.
  15. 15. A device authentication apparatus, comprising: The device verification unit is used for receiving signature information and a first FIDO public key sent by the second device by a first service end and verifying the second device according to the signature information when the first device completes account verification and first biological verification and generates a first FIDO secret key and a first FIDO public key which correspond to each other according to a first biological verification result and the second device completes authentication of the first device according to authentication information sent by the first device, wherein the account verification comprises a verification mode based on a user account, the first biological verification comprises a verification mode based on user biological information, and the signature information is generated by the second device according to a first FIDO public key signature by the second device; the public key sending unit is used for responding to the completion of verification of the second equipment, the first service end sends the first FIDO public key to the second service end, and the first FIDO public key is used for completing authentication of the first equipment at the second service end.
  16. 16. An electronic device, comprising: A processor: A memory for storing processor-executable instructions; Wherein the processor is configured to perform the device authentication method of any one of claims 1 to 5, or to perform the device authentication method of any one of claims 6 to 9, or to perform the device authentication method of any one of claims 10 to 12.
  17. 17. A storage medium having instructions stored therein that, when executed by a processor, enable the processor to perform the device authentication method of any one of claims 1 to 5, or to perform the device authentication method of any one of claims 6 to 9, or to perform the device authentication method of any one of claims 10 to 12.

Description

Device authentication method and device, electronic device and storage medium Technical Field The disclosure relates to the field of end-to-end encryption technologies, and in particular, to a device authentication method, a device, an electronic device and a storage medium. Background As users store more and more personal data on electronic devices and synchronize on the cloud, how to ensure the security of the data in the synchronization process and the cloud storage becomes an increasingly concerned problem for users. In the related art, an end-to-end encryption technology is adopted to realize encrypted transmission of data. Different electronic devices in the end-to-end encryption technology are trusted devices after passing authentication, and aiming at new devices, the new devices can be used as trusted devices and added to the device trust and support end-to-end encryption after the new devices are authenticated and pass the authentication. Disclosure of Invention In order to overcome the problems in the related art, the present disclosure provides a device authentication method, apparatus, electronic device, and storage medium. According to a first aspect of the embodiment of the present disclosure, there is provided a device authentication method, including generating, by a first device, a first FIDO key and a first FIDO public key corresponding to each other according to a verification result of the first biometric verification in response to completion of account verification and first biometric verification by the first device, the account verification including a verification manner based on a user account, the first biometric verification including a verification manner based on user biometric information, and generating, by a second device, by the first device, a first signature key according to the first signature key received by the second device from the first device and transmitted to the second device, in a case that authentication of the first device by the second device is completed, and the first signature key transmitted by the first device is received by the second device and stored by the second device. In some possible implementations, the method further includes, in response to selecting the second device on the first device, the first device establishing a first communication connection with the second device, the first device sending the first FIDO public key to the second device over the first communication connection. In some possible implementations, the method further includes establishing a second communication connection with the first server by the first device if the first server verifies the signature information according to a second FIDO public key, the first server stores the first FIDO public key to the second server, and the second server sends a result of the first device authentication to the first device, where the second communication connection is an end-to-end encrypted communication connection. In some possible embodiments, in the case that the system ecology corresponding to the first device and the system ecology corresponding to the second server are the same system ecology, the first device receives an encryption key sent by the first server through the second communication connection, where the encryption key is used to implement end-to-end encryption communication between the first device and the second server under the same system ecology, and the method further includes storing the encryption key in response to receiving the encryption key sent by the first server. In some possible implementations, the first biometric authentication includes one or more of a authentication based on user fingerprint information, a authentication based on user facial information, a authentication based on user iris information, and a authentication based on user voiceprint information. According to a second aspect of the embodiment of the present disclosure, there is provided a device authentication method, including, when a first device completes account number authentication and first biometric authentication and generates a first FIDO key and a first FIDO public key corresponding to each other according to a result of the first biometric authentication, receiving, by a second device, authentication information and a first FIDO public key sent by the first device, completing authentication of the first device according to the authentication information, the account number authentication including an authentication manner based on a user account number, the first biometric authentication including an authentication manner based on user biometric information, signing the first FIDO public key according to a second FIDO key, generating signature information, and sending the first FIDO public key and the signature information to a first service end, where the signature information is used to complete authentication of the second device at the first service end, and the