CN105681042B

CN105681042B - A kind of group's authentication method and equipment

Info

Publication number: CN105681042B
Application number: CN201410660786.XA
Authority: CN
Inventors: 殷佳欣; 高莹; 张永靖; 吴加明
Original assignee: Huawei Technologies Co Ltd
Current assignee: Shenzhen Huawei Cloud Computing Technology Co ltd
Priority date: 2014-11-18
Filing date: 2014-11-18
Publication date: 2019-05-24
Anticipated expiration: 2034-11-18
Also published as: CN105681042A

Abstract

The invention discloses a kind of group's authentication method and equipment, are related to field of communication technology, it is possible to reduce to the occupancy of channel width, reduce the traffic overhead of Platform Server.The specific scheme is that the certification request of the billing information of the mark for carrying the application being mounted in terminal device and the application that gateway receiving terminal apparatus is sent；What gateway receiving platform server was sent carries the group creating request of the authentication information of certification group；Gateway obtains challenge key, and using challenge key and the billing information for authenticating the application in group, the first challenge result is calculated by default hash function；Gateway sends the group creating response for carrying the first challenge result to Platform Server；What receiving platform server was sent carries the authentication response message of the authentication result of certification group.

Description

A kind of group's authentication method and equipment

Technical field

The present invention relates to field of communication technology more particularly to a kind of group's authentication methods and equipment.

Background technique

In machine-to-machine communication (Machine-To-Machine, M2M) system, in order to guarantee to install on the terminal device Using the legitimacy of access M2M system, terminal device needs to be linked into M2M system platform by M2M system gateway, realizes installation The certification for being applied to M2M system platform on the terminal device.

Wherein, terminal device accesses M2M system platform, is applied to M2M system to realize to be mounted on the terminal device The detailed process of the certification of platform, which may include: terminal device, carries the application being mounted on the terminal device to gateway transmission Mark and application billing information certification request；Gateway forwards the certification request to Platform Server；Platform Server Authentication processing is carried out to application according to the mark of the application carried in certification request and application billing information, and passes through gateway To terminal device return authentication result.

But the problem is that: when the terminal device for carrying out application authorization by gateway accessing Platform Server is more When, gateway needs the certification request received from terminal device being transmitted to Platform Server one by one, gateway and Platform Server it Between data interaction number increase, transmitted data amount increase, occupy more channel width；Also, Platform Server needs pair Each application carries out authentication processing one by one, and the traffic overhead of Platform Server is larger.

Summary of the invention

The embodiment of the present invention provides a kind of group's authentication method and equipment, and the terminal to solve to carry out application authorization is set When standby more, transmitted data amount increases between gateway and Platform Server, occupies more channel width, and Platform Server The larger problem of traffic overhead.

In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that

The embodiment of the present invention in a first aspect, providing a kind of group's authentication method, comprising:

The certification request that gateway receiving terminal apparatus is sent carries in the certification request and is mounted on the terminal device In application mark and the application billing information；

The group creating that the gateway receiving platform server is sent is requested, and carries certification in the group creating request The authentication information of group, it is described certification group authentication information in comprising constitute it is described certification group application mark, it is described Certification group is made of at least two applications；

The gateway obtains challenge key, and using the bill letter of the application in the challenge key and the certification group The first challenge result is calculated by default hash function in breath；

The gateway sends the group creating response for carrying the first challenge result to Platform Server, so that institute Platform Server is stated from the application searched in the certification group in the billing information of the application saved in the Platform Server Mark indicated by application billing information so that the Platform Server is using the challenge key and finds The second challenge is calculated by the default hash function as a result, and making the Platform Server in the billing information of application The authentication result of the certification group is obtained by comparing the first challenge result and the second challenge result；

The certification that the gateway receives the authentication result for carrying the certification group that the Platform Server is sent is rung Answer message.

With reference to first aspect, in the first possible implementation, the gateway is using the challenge key and described The first challenge result is calculated by default hash function in the billing information for authenticating the application in group, comprising:

The gateway merges the billing information of the application in the certification group using default bill consolidation strategy, described Default bill consolidation strategy includes at least: by the billing information of the application in the certification group according in the certification group The mark of application successively sorts and head and the tail splice；

Billing information using the challenge key and after merging, is calculated described the by the default hash function One challenge result.

It is in the second possible implementation, described with reference to first aspect or in the first possible implementation The mark for the application being mounted in the terminal device and the billing information of the application are carried in certification request, specifically Are as follows:

It is secret with the application that identifying for the application being mounted in the terminal device is carried in the certification request Confidential information, the secret information of the application are that the terminal device is described in installation in application, by subscribed services device using random The identity verification key of generation encrypts the mark of the application and the billing information of the application obtains.

In conjunction with second of possible implementation, in the third possible implementation, the certification of the certification group The identity verification key of challenge threshold value and the application in information also comprising the certification group, the identity verification of the application Key is the Platform Server received from the subscribed services device；

Before the gateway obtains challenge key, the method also includes:

The gateway is after receiving the certification request, according to the mark of the application carried in the certification request Know, the identity verification key of the application is determined from the authentication information of the certification group；

The gateway decrypts the secret information of the application using the identity verification key of the application, to obtain described answer The billing information of mark and the application；

If in the mark for the application that the secret information that the gateway decrypts the application obtains and the certification request The mark of the application carried is identical, and the gateway then determines that the application passes through identity verification；

When being greater than the challenge threshold value of the certification group by the number of the application of identity verification in the certification group, The gateway then sends group's authentication notification to the Platform Server, and group's authentication notification is used to indicate the certification group The application in group is ready for receiving authentication challenge；

Wherein, when the application being less than in the certification group by the number of the application of identity verification in the certification group Sum when, the mark of the application by identity verification is carried in group creating response.

In conjunction in the third possible implementation, in the fourth possible implementation, the gateway obtains challenge Key, comprising:

The gateway receives the challenge key that the Platform Server is sent；

Wherein, the challenge key is the Platform Server after receiving group's authentication notification, random to generate And sent to the gateway.

It is in a fifth possible implementation, described with reference to first aspect with any of the above-described kind of possible implementation Group's authentication method further include:

If the authentication result of the certification group indicates that certification group authentification failure, the gateway obtain new choose War key, and the billing information of the application using the new challenge key and composition certification subgroup, pass through the default Kazakhstan Third challenge is calculated for uncommon function as a result, at least two certification subgroups constitute the certification group；

The gateway sends the application in the third challenge result and the certification subgroup to the Platform Server Mark so that bill of the Platform Server using the application in the new challenge key and the certification subgroup The 4th challenge is calculated by the default hash function as a result, and making the Platform Server according to described the in information Three challenge results and the 4th challenge result obtain the authentication result of the certification subgroup；

The gateway receives the certification for the authentication result for carrying the certification subgroup that the Platform Server is sent Response message.

In conjunction with the 5th kind of possible implementation, in a sixth possible implementation, if the certification group is recognized It demonstrate,proves result and indicates certification group authentification failure, then in the authentication response message for carrying the authentication result of the certification group Also carry constitute it is described certification group the certification subgroup authentication information, it is described certification subgroup authentication information in The mark of the application of the certification subgroup of challenge threshold value and composition comprising the certification subgroup.

With reference to first aspect, in the 7th kind of possible implementation, when the first challenge result is chosen with described second When result of fighting is identical, the authentication result of the certification group indicates that the certification group authenticates successfully；

When the first challenge result and the second challenge result difference, the authentication result instruction of the certification group Certification group authentification failure.

The second aspect of the embodiment of the present invention provides a kind of group's authentication method, comprising:

Platform Server obtains the signing information with the application of subscribed services device signing, and the signing information includes: described The mark of application and the billing information of the application；

The Platform Server sends group creating request to gateway, carries certification group in the group creating request Authentication information, it is described certification group authentication information in comprising constitute it is described certification group application mark, the certification Group is made of at least two applications；

The Platform Server receives the group creating response for carrying the first challenge result that the gateway is sent, described First challenge result is billing information of the gateway using the application in challenge key and the certification group, is breathed out by default What uncommon function was calculated；

The Platform Server from searched in the signing information it is described certification group in application mark indicated by The billing information of application, and using the billing information of the challenge key and the application found, pass through the default Hash letter The second challenge result is calculated in number；

The Platform Server obtains certification group by comparing the first challenge result and the second challenge result Authentication result, and to the gateway send carry it is described certification group authentication result authentication response message.

In conjunction with second aspect, in the first possible implementation, when the first challenge result is chosen with described second When result of fighting is identical, the authentication result of the certification group indicates that the certification group authenticates successfully；

In conjunction with the first possible implementation, in the second possible implementation, the Platform Server is used The billing information of the challenge key and the application in the certification group, is calculated second by the default hash function Challenge result, comprising:

The Platform Server merges the bill letter of the application in the certification group using default bill consolidation strategy Breath, the default bill consolidation strategy include at least: by the billing information of the application in the certification group according to the certification The mark of application in group successively sorts and head and the tail splice；

Billing information of the Platform Server using the challenge key and after merging, passes through the default hash function The second challenge result is calculated.

In conjunction with the first possible implementation or second of possible implementation, the signing information further include: The identity verification key of the application；

The identity verification key of the application subscribed services device generates at random, for encrypting the mark of the application Know the key with the billing information of the application.

In conjunction in the third possible implementation, in the fourth possible implementation, the certification group is recognized Demonstrate,prove the challenge threshold value in information also comprising the certification group and the identity verification key of the application；

The group creating for carrying the first challenge result that the gateway is sent, which is received, in the Platform Server responds it Before, the method also includes:

The Platform Server receives group's authentication notification that the gateway is sent, and group's authentication notification is the net It closes and determines that the application in the certification group is ready for receiving authentication challenge according to the authentication information of the certification group It is sent afterwards to the Platform Server.

In conjunction with the 4th kind of possible implementation, in a fifth possible implementation, connect in the Platform Server Before receiving the first challenge result that gateway is sent and the mark of the application in the certification group that at least two applications are constituted, the side Method further include:

The Platform Server generates the challenge key after receiving group's authentication notification at random, and to institute It states gateway and sends the challenge key.

In conjunction in any of the above-described kind of possible implementation, in a sixth possible implementation, if the certification group The authentication result of group indicates certification group authentification failure, then carries the authentication response of the authentication result of the certification group The authentication information for constituting the certification subgroup of the certification group, the certification of the certification subgroup are also carried in message The mark of the application of the certification subgroup of challenge threshold value and composition comprising the certification subgroup in information.

In conjunction with the 6th kind of possible implementation, in the 7th kind of possible implementation, group's authentication method, also Include:

If the authentication result of the certification group indicates that certification group authentification failure, the Platform Server are random New challenge key is generated, and sends the new challenge key to the gateway, so that the gateway is using described new It challenges key and constitutes the billing information of the application of certification subgroup, third challenge is calculated by the default hash function As a result, at least two certification subgroups constitute the certification group；

The Platform Server receives in third challenge result and the certification subgroup that the gateway is sent The mark of application；

The Platform Server is right using the mark institute of the application in the new challenge key and the certification subgroup The 4th challenge result is calculated by the default hash function in the billing information answered；

The Platform Server challenges result according to the third and the 4th challenge result obtains the certification subgroup The authentication result of group, and the authentication response message for carrying the authentication result of the certification subgroup is sent to the gateway.

The third aspect of the embodiment of the present invention provides a kind of gateway, comprising:

First receiving unit carries installation in the certification request for the certification request that receiving terminal apparatus is sent The mark of an application in the terminal device and the billing information of the application；

Second receiving unit, for the group creating request that receiving platform server is sent, in the group creating request The authentication information of certification group is carried, the application comprising the composition certification group in the authentication information of the certification group Mark, the certification group are made of at least two applications；

Acquiring unit, for obtaining challenge key；

Computing unit, the challenge key and second receiving unit for being obtained using the acquiring unit are received The certification group authentication information instruction the composition certification group application billing information, pass through default Hash letter The first challenge result is calculated in number；

First transmission unit, for sending the group creating sound for carrying the first challenge result to Platform Server It answers, so that the Platform Server searches the certification group from the billing information of the application saved in the Platform Server The billing information of application indicated by the mark of application in group, so that the Platform Server uses the challenge key With the billing information of the application found, the second challenge is calculated by the default hash function as a result, and making described Platform Server obtains the certification knot of the certification group by comparing the first challenge result and the second challenge result Fruit；

Second receiving unit, be also used to receive the Platform Server transmission carries recognizing for the certification group Demonstrate,prove the authentication response message of result.

In conjunction with the third aspect, in the first possible implementation, the computing unit, comprising:

Synthesis module, for merging the billing information of the application in the certification group using default bill consolidation strategy, The default bill consolidation strategy includes at least: by the billing information of the application in the certification group according to the certification group In application mark successively sort and head and the tail splice；

Computing module, after the challenge key and the synthesis module for being got using the acquiring unit are merged Billing information, by the default hash function be calculated it is described first challenge result.

It is in the second possible implementation, described in conjunction in the third aspect or the first possible implementation The mark for the application being mounted in the terminal device and the billing information of the application are carried in certification request, specifically:

The mark for the application being mounted in the terminal device and the secret of the application are carried in the certification request Information, the secret information of the application are that the terminal device is described in installation in application, by subscribed services device using random raw At identity verification key encrypt the mark of the application and the billing information of the application obtains.

The gateway further include:

First determination unit, for after the first receiving unit receives the certification request, according to the certification request The mark of the application of middle carrying determines the identity verification key of the application from the authentication information of the certification group；

Decryption unit, for described in the identity verification key decryption using the determining application of first determination unit The secret information of application, to obtain the mark of the application and the billing information of the application；

Second determination unit, if the application obtained for the secret information that the decryption unit decrypts the application It identifies identical as the mark of the application carried in the received certification request of first receiving unit, it is determined that described Using passing through identity verification；

Second transmission unit, for working as in the certification group that second determination unit determines through identity verification When the number of application is greater than the challenge threshold value of the received certification group of second receiving unit, then to the platform service Device sends group's authentication notification, and the application that group's authentication notification is used to indicate in the certification group is ready for connecing By authentication challenge；

In conjunction in the third possible implementation, in the fourth possible implementation, second receiving unit, It is also used to receive the challenge key that the Platform Server is sent；

It is in a fifth possible implementation, described in conjunction with the third aspect and any of the above-described kind of possible implementation Acquiring unit, if the authentication result for being also used to the received certification group of second receiving unit indicates the certification group Authentification failure then obtains new challenge key；

The computing unit, the new challenge key and composition certification subgroup for being obtained using the acquiring unit The billing information of the application of group, is calculated third challenge by the default hash function as a result, at least two certifications Subgroup constitutes the certification group；

First transmission unit is chosen for sending the third that the computing unit calculates to the Platform Server The mark of result of fighting and the application in the certification subgroup, so that the Platform Server uses the new challenge key With it is described certification subgroup in application billing information, by the default hash function be calculated the 4th challenge as a result, And the Platform Server is made to challenge result and the 4th challenge result acquisition certification subgroup according to the third Authentication result；

Second receiving unit carries recognizing for the certification subgroup for receive that the Platform Server sends Demonstrate,prove the authentication response message of result.

In conjunction with the third aspect, in the 7th kind of possible implementation, when the first challenge result is chosen with described second When result of fighting is identical, the authentication result of the certification group indicates that the certification group authenticates successfully；

The fourth aspect of the embodiment of the present invention provides a kind of Platform Server, comprising:

Acquiring unit, for obtaining the signing information with the application of subscribed services device signing, the signing information includes: institute State the mark of application and the billing information of the application；

Transmission unit carries certification group in the group creating request for sending group creating request to gateway Authentication information, it is described certification group authentication information in comprising constitute it is described certification group application mark, the certification Group is made of at least two applications；

Receiving unit, the group creating response for carrying the first challenge result sent for receiving the gateway are described First challenge result is billing information of the gateway using the application in challenge key and the certification group, is breathed out by default What uncommon function was calculated；

Computing unit, the application in the certification group for being obtained using the challenge key and the acquiring unit Billing information, the second challenge result is calculated by the default hash function；

Authentication unit, for being calculated according to the received first challenge result of the receiving unit and the computing unit To it is described second challenge result obtain it is described certification group authentication result；

The transmission unit is also used to send the certification group for carrying the authentication unit and obtaining to the gateway Authentication result authentication response message.

In conjunction with fourth aspect, in the first possible implementation, when the first challenge result is chosen with described second When result of fighting is identical, the authentication result of the certification group indicates that the certification group authenticates successfully；

In conjunction with the first possible implementation, in the second possible implementation, the computing unit, comprising:

Synthesis module, for merging the received certification group of the receiving unit using default bill consolidation strategy In application billing information, the default bill consolidation strategy includes at least: by the bill of the application in the certification group Information successively sorts according to the mark of the application in the certification group and head and the tail splice；

Computing module, for the billing information after being merged using the challenge key and the synthesis module, by described The second challenge result is calculated in default hash function.

In conjunction with the first possible implementation or second of possible implementation, in the third possible realization side In formula, the signing information of the acquiring unit acquisition further include: the identity verification key of the application；

The receiving unit is also used to before receiving the group creating response that the gateway is sent, described in reception Group's authentication notification that gateway is sent, group's authentication notification are that the gateway is true according to the authentication information of the certification group What the application in the fixed certification group was ready for receiving sending to the Platform Server after authentication challenge；

In conjunction with the 4th kind of possible implementation, in a fifth possible implementation, the Platform Server is also wrapped It includes:

Generation unit, for generating the challenge at random after the receiving unit receives group's authentication notification Key；

The transmission unit is also used to send the challenge key to the gateway.

In conjunction in any of the above-described kind of possible implementation, in a sixth possible implementation, if the certification is single The authentication result for the certification group that member obtains indicates certification group authentification failure, then what the transmission unit was sent takes The certification for constituting the certification group is also carried in the authentication response message of authentication result with the certification group The authentication information of subgroup, it is described certification subgroup authentication information in comprising it is described certification subgroup challenge threshold value and composition The certification subgroup application mark.

In conjunction with the 6th kind of possible implementation, in the 7th kind of possible implementation, the generation unit is also used to If the authentication result for the certification group that the authentication unit obtains indicates certification group authentification failure, random to generate New challenge key；

The transmission unit, for sending the new challenge key that the generation unit generates to the gateway, with So that billing information of the gateway using the new challenge key and the application for constituting certification subgroup, by described default Third challenge is calculated for hash function as a result, at least two certification subgroups constitute the certification group；

The receiving unit, for receiving in the third challenge result and the certification subgroup that the gateway is sent Application mark；

The computing unit, new the challenge key and the receiving unit for being generated using the generation unit Billing information corresponding to the mark of application in the received certification subgroup, is calculated by the default hash function To the 4th challenge result；

The authentication unit, the third challenge result and the calculating for being received according to the receiving unit are single The 4th challenge result that member is calculated obtains the authentication result of the certification subgroup；

The transmission unit is also used to send the certification for the authentication result for carrying the certification subgroup to the gateway Response message.

Group's authentication method and equipment provided in an embodiment of the present invention, what gateway receiving terminal apparatus was sent carries installation The certification request of the billing information of the mark and application of application in terminal device；Gateway receiving platform server is sent Carry certification group authentication information group creating request, authenticate in the authentication information of group comprising constitute certification group Application mark；Gateway obtains challenge key, and using challenge key and the billing information for authenticating the application in group, passes through The first challenge result is calculated in default hash function；Gateway sends the group for carrying the first challenge result to Platform Server Creation response, so that Platform Server uses challenge key and authenticates bill letter corresponding to the mark of the application in group The second challenge is calculated by default hash function as a result, and making Platform Server according to the first challenge result and the in breath Two challenge results obtain the authentication result of certification group；What receiving platform server was sent carries the authentication result of certification group Authentication response message.

With in the prior art, when the terminal device for carrying out application authorization is more, transmitted between gateway and Platform Server Data volume increases, and occupies more channel width, and Platform Server traffic overhead it is larger compare, pass through this programme, gateway Multiple applications can be merged and constitute a certification group, be then made of to Platform Server transmission multiple applications The authentication information (the first challenge result and the mark for authenticating the application in group) of certification group, can reduce gateway in this way and put down Data interaction number between platform server reduces transmitted data amount, and then reduces the occupancy to channel width；Also, gateway The first challenge sent to Platform Server is the result is that default hash function, the bill for authenticating the application in group according to one are believed What breath was calculated, Platform Server can be by similarly presetting hash function, according to the ticket of the application in the certification group It is believed that the second challenge is calculated as a result, then according to the first challenge result and the second challenge result in the certification group in breath Using progress authentication processing, it can the primary authentication processing for completing all applications in a certification group, it is possible to reduce flat Platform server carries out the number of authentication processing to application, reduces the traffic overhead of Platform Server.

Detailed description of the invention

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art To obtain other drawings based on these drawings.

Fig. 1 is one of embodiment of the present invention group's authentication method flow diagram；

Fig. 2 is one of embodiment of the present invention service contracting method flow schematic diagram；

Fig. 3 is another group's authentication method flow diagram in the embodiment of the present invention；

Fig. 4 is another group's authentication method flow diagram in the embodiment of the present invention；

Fig. 5 is the structure composition schematic diagram of one of embodiment of the present invention gateway；

Fig. 6 is the structure composition schematic diagram of another gateway in the embodiment of the present invention；

Fig. 7 is the structure composition schematic diagram of another gateway in the embodiment of the present invention；

Fig. 8 is the structure composition schematic diagram of one of embodiment of the present invention Platform Server；

Fig. 9 is the structure composition schematic diagram of another Platform Server in the embodiment of the present invention；

Figure 10 is the structure composition schematic diagram of another gateway in the embodiment of the present invention；

Figure 11 is the structure composition schematic diagram of another Platform Server in the embodiment of the present invention.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.

Various aspects are described herein in connection with terminal and/or base station and/or base station controller.

Terminal device can be wireless terminal and be also possible to catv terminal, and wireless terminal can be directed to user and provide language The equipment of sound and/or data connectivity has the handheld device of wireless connecting function or is connected to radio modem Other processing equipments.Wireless terminal can through wireless access network (for example, RAN, Radio Access Network) with one or Multiple cores net is communicated, and wireless terminal can be mobile terminal, such as mobile phone (or be " honeycomb " phone) and is had The computer of mobile terminal, for example, it may be portable, pocket, hand-held, built-in computer or vehicle-mounted mobile dress It sets, they exchange language and/or data with wireless access network.For example, personal communication service (PCS, Personal Communication Service) phone, wireless phone, Session initiation Protocol (SIP) phone, wireless local loop (WLL, Wireless Local Loop) it stands, the equipment such as personal digital assistant (PDA, Personal Digital Assistant).Nothing Line terminal is referred to as system, subscriber unit (Subscriber Unit), subscriber station (Subscriber Station), moves Dynamic station (Mobile Station), mobile station (Mobile), distant station (Remote Station), access point (Access Point), remote terminal (Remote Terminal), access terminal (Access Terminal), user terminal (User Terminal), user agent (User Agent), user equipment (User Device) or user equipment (User Equipment)。

In addition, the terms " system " and " network " are often used interchangeably herein.The terms " and/ Or ", only a kind of incidence relation for describing affiliated partner, indicates may exist three kinds of relationships, for example, A and/or B, it can be with table Show: individualism A exists simultaneously A and B, these three situations of individualism B.In addition, character "/" herein, typicallys represent front and back Affiliated partner is a kind of relationship of "or".

Embodiment 1

The embodiment of the present invention provides a kind of group's authentication method, as shown in Figure 1, comprising:

The certification request that S101, gateway receiving terminal apparatus are sent, carries in certification request and is mounted in terminal device Application mark and application billing information.

It should be noted that can at least be equipped with an application on terminal device, each application, which has, is uniquely answered The billing information of mark and application, terminal device are mounted on the terminal device in realization and are applied to machine-to-machine communication When the certification of (Machine-To-Machine, M2M) system platform, it can carry and be mounted in terminal device to gateway transmission One application mark and application billing information certification request.

The group creating that S102, gateway receiving platform server are sent is requested, and carries certification group in group creating request The authentication information of group.

Wherein, it authenticates in the authentication information of group comprising the mark for constituting the application of certification group, authenticates group by least Two applications are constituted.

S103, gateway obtain challenge key, and using challenge key and the billing information for authenticating the application in group, pass through The first challenge result is calculated in default hash function.

Wherein, gateway can receive the challenge key of Platform Server transmission, and challenge key is that Platform Server is given birth at random At.

Illustratively, gateway is passed through using the billing information of the application in challenge key and certification group and is preset Hash letter The method that the first challenge result is calculated in number may include: gateway using default bill consolidation strategy, merge in certification group Application billing information；Billing information using challenge key and after merging is calculated first by default hash function Challenge result.Wherein, it presets bill consolidation strategy to include at least: the billing information of the application in group will be authenticated according to certification group The mark of application in group successively sorts and head and the tail splice.

It should be noted that default Hash letter used by the first challenge result is calculated in gateway in the embodiment of the present invention Number with reference to the hash function that provides in the prior art, can preset the particular content embodiment of the present invention of hash function here no longer It repeats.

S104, gateway send the group creating response for carrying the first challenge result to Platform Server, so that Platform Server is signified from the mark for searching the application in certification group in the billing information of the application saved in Platform Server The billing information for the application shown, so that billing information of the Platform Server using challenge key and the application found, leads to It crosses default hash function and the second challenge is calculated as a result, and making Platform Server by comparing the first challenge result and second Challenge the authentication result that result obtains certification group.

What S105, gateway receiving platform server were sent carries the authentication response message of the authentication result of certification group.

Wherein, when the first challenge result is identical as the second challenge result, the authentication result instruction certification group of group is authenticated Group authenticates successfully；When the first challenge result is with the second challenge result difference, the authentication result instruction certification group of group is authenticated Authentification failure.

When the authentication result instruction certification group for authenticating group authenticates successfully, gateway then can be to the composition certification group At least two the installed terminal devices of application send certification success message；As the authentication result instruction certification group of certification group When group authentification failure, gateway then needs to re-start recognizing at least two applications for constituting the certification group on Platform Server Card.

Further, gateway is received from carrying one be mounted in the terminal device in the certification request of terminal device The mark of application and the billing information of the application, are specifically as follows: carrying and be mounted in terminal device in certification request The mark of one application and the secret information of application, the secret information of application are that terminal device is described in application, by contracting in installation Server is obtained using the mark of identity verification key encryption application and the billing information of the application that generate at random.

Correspondingly, the identity verification of challenge threshold value and application in the authentication information of certification group also comprising certification group is close Key, the identity verification key of application are Platform Server received from subscribed services device；Before gateway obtains challenge key, this The method of inventive embodiments can also include: gateway after receiving certification request, according to the application carried in certification request Mark determines the identity verification key of application from the authentication information of certification group；Gateway is using the identity verification key applied The secret information of application is decrypted, with the billing information of the mark and application that are applied；If the secret information of gateway decryption application The mark of application carried in the mark of obtained application and certification request is identical, and gateway then determines that application passes through identity verification； When the number for authenticating the application for passing through identity verification in group is greater than the challenge threshold value of certification group, gateway is then to the platform Server sends group's authentication notification, and the application that group's authentication notification is used to indicate in certification group is ready for receiving to authenticate choosing War.Wherein, challenge key is Platform Server after receiving group's authentication notification, random to generate and send to gateway.

Wherein, the identity verification key subscribed services device applied in Platform Server is contracted in application to Platform Server It is sent to Platform Server in the process；The secret information of the application carried in certification request, be subscribed services device application to During Platform Server is contracted, believed using the mark of identity verification key encryption application and the bill of application that generate at random Breath obtains and is sent to terminal device.

Illustratively, as shown in Fig. 2, for one of embodiment of the present invention service contracting method flow schematic diagram, the industry Business contracting method is shown using the detailed process contracted to Platform Server: S201: terminal device is sent to subscribed services device Carry the identity of the mark for the application being mounted on the terminal device, the billing information of application and Platform Server (IDentity, ID) contracts with subscribed services device；S202: subscribed services device is that the random generation identity verification of the application is close Key；S203: subscribed services device is according to the ID of Platform Server to the mark of Platform Server sending application, the billing information of application With identity verification key；S204: subscribed services device is using the mark of identity verification key encryption application and the bill letter of application Cease the secret information being applied；S205: secret information of the subscribed services device to terminal device sending application.

Group's authentication method provided in an embodiment of the present invention, carrying for gateway receiving terminal apparatus transmission are mounted on terminal The certification request of the billing information of the mark and application of application in equipment；The carrying that gateway receiving platform server is sent There is the group creating request of the authentication information of certification group, authenticates the application in the authentication information of group comprising constituting certification group Mark；Gateway obtains challenge key, and using challenge key and the billing information for authenticating the application in group, is breathed out by default The first challenge result is calculated in uncommon function；Gateway sends the group creating sound for carrying the first challenge result to Platform Server It answers, so that billing information corresponding to mark of the Platform Server using the application in challenge key and certification group, passes through The second challenge is calculated as a result, and tying Platform Server according to the first challenge result and the second challenge in default hash function Fruit obtains the authentication result of certification group；What receiving platform server was sent carries the certification sound of the authentication result of certification group Answer message.

Embodiment 2

The embodiment of the present invention provides a kind of group's authentication method, as shown in Figure 3, comprising:

S301, Platform Server obtain the signing information with the application of subscribed services device signing, and signing information includes: application Mark and application billing information.

Wherein, terminal device can send the signing for carrying the application being mounted on the terminal device to subscribed services device Information (mark of application and the billing information of application), contracts with subscribed services device；Subscribed services device can be by signing The signing information of application is sent to Platform Server, so that the signing information that the application can be used in Platform Server is somebody's turn to do The certification of application.

S302, Platform Server send group creating request to gateway, and certification group is carried in group creating request Authentication information.

S303, Platform Server receive the group creating response for carrying the first challenge result that gateway is sent, and first chooses Result of fighting is gateway using challenge key and the billing information for authenticating the application in group, is calculated by default hash function 's.

The ticket of application indicated by the mark of S304, Platform Server from the application in signing information in lookup certification group It is believed that breath, and using the billing information of challenge key and the application found, second, which is calculated, by default hash function chooses War result.

S305, Platform Server obtain recognizing for certification group by comparing the first challenge result and the second challenge result Card is as a result, and send the authentication response message for carrying the authentication result of certification group to gateway.

Group's authentication method provided in an embodiment of the present invention, Platform Server obtain and the application of subscribed services device signing Signing information, signing information include: the mark of application and the billing information of application；Platform Server is carried to gateway transmission to be recognized The group creating request for demonstrate,proving the authentication information of group, authenticates the mark in the authentication information of group comprising constituting the application of certification group Know；Platform Server receives the group creating response for carrying the first challenge result that gateway is sent, and the first challenge result is net Pass is calculated using the billing information of the application in challenge key and certification group by default hash function；Platform clothes Business device is from the billing information for obtaining application corresponding to the mark for authenticating the application in group in signing information, and use is chosen The second challenge result is calculated by default hash function in war key and the billing information for authenticating the application in group；Platform Server obtains the authentication result of certification group according to the first challenge result and the second challenge result, and carries to gateway transmission Authenticate the authentication response message of the authentication result of group.

With in the prior art, when the terminal device for carrying out application authorization is more, transmitted between gateway and Platform Server Data volume increases, and occupies more channel width, and Platform Server traffic overhead it is larger compare, pass through this programme, platform The authentication information (the first challenge result and the mark for authenticating the application in group) of the received application of server is that multiple applications are closed And the authentication information of a certification group is constituted together, the data interaction between gateway and Platform Server can be reduced in this way Number reduces transmitted data amount, and then reduces the occupancy to channel width；Also, Platform Server receives that gateway is sent The result is that gateway is by presetting hash function, the billing information for authenticating the application in group according to one is calculated for one challenge , Platform Server can be calculated by similarly presetting hash function according to the billing information of the application in the certification group The second challenge is obtained as a result, then recognizing according to the first challenge result and the second challenge result the application in the certification group Card processing, it can the primary authentication processing for completing all applications in a certification group, it is possible to reduce Platform Server pair Using the number for carrying out authentication processing, the traffic overhead of Platform Server is reduced.

Embodiment 3

The embodiment of the present invention provides a kind of group's authentication method, as shown in Figure 4, comprising:

S401, terminal device send the ticket of the mark for the application being mounted in terminal device, application to subscribed services device It is believed that the ID of breath and Platform Server.

S402, subscribed services device, which are that application is random, generates identity verification key, and encrypts using using identity verification key By the billing information of the mark of application and application, the secret information that is applied.

Wherein, subscribed services device is that can refer to generate in the prior art using the random method for generating identity verification key The correlation technique of random parameter, identity verification key can be a random number or random sequence.The embodiment of the present invention is to label About server is no longer to be described in detail using the random specific method for generating identity verification key.

S403, subscribed services device are to the mark of terminal device sending application and the secret information of application.

S404, subscribed services device are according to the ID of Platform Server to the mark of Platform Server sending application, the ticket of application It is believed that the identity verification key of breath and application.

S405, Platform Server send group creating request to gateway.

Wherein, the authentication information that at least one certification group is carried in group creating request authenticates the certification letter of group The mark of the application of challenge threshold value, composition certification group comprising certification group in breath and the identity verification key of application.

Specifically, platform is close in the mark for the N number of application for receiving the transmission of subscribed services device, billing information and identity verification After key, this N number of application can be divided to at least one certification group, then to gateway transmission carry it is described at least one recognize Demonstrate,prove the authentication information of group, N >=2.

Illustratively, N number of application random division can be authenticated group at least one by platform, and certainly, platform is answered N number of Method with random division at least one certification group includes but is not limited to the method for above-mentioned random division, and platform is answered N number of With the other methods embodiment of the present invention of random division at least one certification group, which is not described herein again.

For example, it is assumed that Platform Server receive subscribed services device transmission 10 application (using A, using B, using C, Using D, using E, using F, using G, using H, using I and apply J) mark, billing information and identity verification key, platform Server then can at random by 10 application in 6 application (using A, using B, using C, using D, using E and apply F) draw Point to certification group (certification group 1), four additional application (is divided to one using G, using H, using I and using J) A certification group (certification group 2), then sent to gateway the authentication information that certification group 1 is carried in group creating request and Authenticate the group creating request of the authentication information of group 2.

S406, terminal device send certification request to gateway.

Wherein, the mark for the application being mounted in terminal device and the billing information of application are carried in certification request.

S407, gateway are according to the mark of the application carried in certification request, and determination is answered from the authentication information of certification group Identity verification key.

Wherein, the application for authenticating the challenge threshold value comprising certification group in the authentication information of group, constituting the certification group Mark.

Illustratively, the mark of the application for the composition certification group that gateway can include from the authentication information of certification group In, the mark with the identical application of mark of the application carried in certification request is searched, then from the authentication information of certification group The identity verification key of application indicated by the mark for the application that middle determination is found.

For example, being based on examples detailed above, it is assumed that carry the mark using B in certification request, gateway then can be from certification group Group 1 authentication information in include composition certification group 1 application (apply A, using B, using C, using D, using E and application F mark) and authenticate the composition certification group 2 for including in the authentication information of group 2 application (apply G, using H, using I and Using J) mark in, search the mark with the identical application of mark using B carried in certification request；Gateway can determine It authenticates comprising the mark using B in the authentication information of group 1, gateway can then answer in determination from the authentication information of certification group 1 With the identity verification key of B.

S408, gateway using the identity verification key decryption application of application secret information, with the mark that is applied and The billing information of application.

Wherein, since the secret information of application is the mark that subscribed services device is applied using the identity verification key encryption of application What the billing information of knowledge and application obtained；Therefore, gateway, then can be using application after the identity verification key for determining application The secret information of identity verification key decryption application, with the billing information of the mark and application that are applied.

For example, being based on examples detailed above, gateway, then can be using the mark using B after determining the identity verification key using B The secret information that B is applied in authentication secret decryption is known, with the billing information of the mark for the B that is applied and application B.

If the application carried in the mark and certification request of the application that the secret information of S409, gateway decryption application obtains Identify it is identical, gateway then determine application passes through identity verification.

Further, if what is carried in the mark and certification request of the application that the secret information of gateway decryption application obtains answers Mark is not identical, and gateway then determines that application does not pass through identity verification.

S410, the challenge threshold value for being greater than the certification group in group by the number of the application of identity verification is authenticated when one When, gateway then sends group's authentication notification to Platform Server.

Wherein, the application that group's authentication notification is used to indicate in certification group is ready for receiving authentication challenge.

S411, Platform Server generate challenge key at random, and send challenge key to gateway.

S412, gateway merge the billing information of the application in certification group using default bill consolidation strategy, and use and choose The first challenge result is calculated by default hash function in billing information after war key and merging.

Illustratively, preset bill consolidation strategy at least may include: by authenticate group in application billing information by It successively sorts according to the mark of the application in certification group and head and the tail splices.

It should be noted that the default bill consolidation strategy in the embodiment of the present invention includes but is not limited to that will authenticate in group The billing information of application successively sort according to the mark of the application in certification group and head and the tail splice, default bill consolidation strategy Can be with are as follows: extract the keyword in the billing information of the application in certification group, by the keyword for the application extracted according to The mark of application in certification group successively sorts and head and the tail splice.

For example, it is assumed that the billing information using G in certification group 2 is " hasfc151 ", is using the billing information of H " i2hefas54 ", be " dguf5eys4 " using the billing information of I, using the billing information of J be " 6hidHuowes4 ", then net Close can will authenticate the billing information " hasfc151 " of application in group 2, " i2hefas54 ", " dguf5eys4 " and " 6hidHuowes4 " the mark application G of the application in group, successively sort simultaneously head and the tail using H, using I and application J according to authenticating Splicing, to obtain " hasfc151i2hefas54dguf5eys46hidHuowes4 "；Then by default hash function to " ha Sfc151i2hefas54dguf5eys46hidHuowes4 " carries out Hash operation, obtains the challenge result (first of certification group 2 Challenge result).

S413, gateway send the group creating response for carrying the first challenge result to Platform Server.

It should be noted that when the number of the application in certification group by identity verification is equal to answering in the certification group When sum, then it represents that all applications in the certification group pass through identity verification.

It is further alternative, when the number of the application in certification group by identity verification is less than the application authenticated in group Sum when, the mark of application by identity verification is carried in group creating response.

For example, gateway can send the challenge result of certification group 2 to Platform Server and authenticate the application in group 2 Mark: using G, using H, using I and apply J.

Using default bill consolidation strategy, the mark institute for merging the application in the certification group is right for S414, Platform Server The billing information answered, and the billing information using challenge key and after merging, are calculated second by default hash function and choose War result.

Based on examples detailed above, when the number of the application in certification group by identity verification is equal to answering in the certification group When sum, then it represents that all applications in the certification group pass through identity verification, at this point, Platform Server can connect Receive the challenge result of certification group 2 and the mark of the application in certification group 2: using G, using H, using I and using after J, According to the mark of the application in certification group 2: using G, using H, using I and apply J, the application sent from subscribed services devices The billing information using G, the billing information using H are found out in billing information, using the billing information of I and the bill of application J Information；Wherein, if the billing information of all applications in certification group 2 is all not tampered with, the certification group 2 retained in gateway The billing information and Platform Server of middle application are identical received from the billing information applied in the certification group 2 of subscribed services device , i.e., Platform Server can find the billing information " hasfc151 " using G, using the billing information of H " i2hefas54 ", using the billing information " dguf5eys4 " of I and the billing information " 6hidHuowes4 " of application J；Platform service Device will authenticate the billing information " hasfc151 " of application in group 2, " i2hefas54 ", " dguf5eys4 " and " 6hidHuowes4 " the mark application G of the application in group, successively sort simultaneously head and the tail using H, using I and application J according to authenticating Splicing, to obtain " hasfc151i2hefas54dguf5eys46hidHuowes4 "；Then by default hash function to " ha Sfc151i2hefas54dguf5eys46hidHuowes4 " carries out Hash operation, obtains the challenge result (second of certification group 2 Challenge result).

Further, when the number in certification group by the application of identity verification is total less than the application in certification group When number, the mark of the application by identity verification is carried in group creating response.At this point, S414 is specifically as follows:

Using bill consolidation strategy is preset, what is carried in merging group creating response passes through mark for S414a, Platform Server Billing information corresponding to the mark of the application of verifying, and the billing information using challenge key and after merging, are breathed out by default The second challenge result is calculated in uncommon function.

S415, Platform Server compare the certification knot that the first challenge result obtains the certification group with the second challenge result Fruit.

Wherein, if the billing information of all applications in certification group 2 is all not tampered with, the certification group retained in gateway The billing information applied in 2 and Platform Server, which are organized, received from the billing information applied in the certification group 2 of subscribed services device is It is identical, then the first challenge result also should be identical, the authentication result instruction institute of authentication authorization and accounting group with the second challenge result Certification group is stated to authenticate successfully.

If the billing information of at least one application is tampered in certification group 2, answered in the certification group 2 retained in gateway Billing information and Platform Server are different received from the billing information applied in the certification group 2 of subscribed services device, So first challenge result should be also different with the second challenge result, and the authentication result instruction certification group of authentication authorization and accounting group is recognized Card failure.

S416, Platform Server send the authentication response message for carrying the authentication result of certification group to gateway.

If S417, the authentication result instruction certification group's authentification failure for authenticating group, gateway obtain new challenge key.

S418, gateway are breathed out using the billing information of new challenge key and the application for constituting certification subgroup by default Third challenge result is calculated in uncommon function.

S419, gateway send third challenge result to Platform Server and authenticate the mark of the application in subgroup.

S420, Platform Server are using the new billing information challenged key and authenticate the application in subgroup, by pre- If the 4th challenge is calculated as a result, and challenging result and the 4th challenge result acquisition certification subgroup according to third in hash function Authentication result.

The authentication response that S421, Platform Server send the authentication result for carrying the certification subgroup to gateway disappears Breath.

Wherein, at least two certification subgroups constitute certification group；For example, certification group 2 can be divided into two certifications Subgroup: by application G and using the H certification subgroup 21 constituted and by application I and the certification subgroup 22 constituted using J；Or Person, which authenticates group 2, can be divided into two certification subgroups: by application G, using H and 23 and of certification subgroup constituted using I By the certification subgroup 24 constituted using J.To " will authenticate group division is at least two certification subgroups in the embodiment of the present invention The specific method of group " is with no restrictions.

It should be noted that being interacted between gateway and Platform Server in the embodiment of the present invention, to carry out certification subgroup The detailed process of certification can be with reference to being interacted between gateway and Platform Server in the embodiment of the present invention, to carry out certification group Certification detailed process, the embodiment of the present invention is interacted between gateway and Platform Server here, to carry out certification subgroup The detailed process of certification be no longer described in detail.

Embodiment 5

The embodiment of the present invention provides a kind of gateway, as shown in Figure 5, comprising: the first receiving unit 51, the second receiving unit 52, acquiring unit 53, computing unit 54 and the first transmission unit 55.

First receiving unit 51 carries peace in the certification request for the certification request that receiving terminal apparatus is sent The mark of an application in the terminal device and the billing information of the application.

Second receiving unit 52, for the group creating request that receiving platform server is sent, the group creating request In carry certification group authentication information, it is described certification group authentication information in comprising constitute it is described certification group application Mark, the certification group by least two application constitute.

Acquiring unit 53, for obtaining challenge key.

Computing unit 54, the challenge key and second receiving unit for being obtained using the acquiring unit 53 The billing information of the application of the composition certification group of the authentication information instruction of the 52 received certification groups, by default The first challenge result is calculated in hash function.

First transmission unit 55, for being carried described in the computing unit 54 is calculated to Platform Server transmission The group creating response of first challenge result, so that the application that the Platform Server is saved from the Platform Server The billing information of application indicated by the mark of the application in the certification group is searched in billing information, so that described flat Platform server is calculated using the billing information of the challenge key and the application found by the default hash function Second challenge is as a result, and obtain the Platform Server by comparing the first challenge result and the second challenge result Obtain the authentication result of the certification group.

Second receiving unit 52, is also used to receive that the Platform Server sends carries the certification group The authentication response message of authentication result.

Further, as shown in fig. 6, the computing unit 54, may include: synthesis module 541 and computing module 542.

Synthesis module 541, for merging the bill letter of the application in the certification group using default bill consolidation strategy Breath, the default bill consolidation strategy include at least: by the billing information of the application in the certification group according to the certification The mark of application in group successively sorts and head and the tail splice.

Computing module 542, the challenge key and the synthesis module for being got using the acquiring unit 53 The first challenge result is calculated by the default hash function in billing information after merging.

Further, the mark and described for the application being mounted in the terminal device is carried in the certification request The billing information of application, specifically: the mark for the application being mounted in the terminal device is carried in the certification request With the secret information of the application, the secret information of the application is that the terminal device is described in application, by contracting in installation Server encrypts the mark of the application using the identity verification key that generates at random and the billing information of the application obtains.

Further, it the challenge threshold value in the authentication information of the certification group also comprising the certification group and described answers Identity verification key, the identity verification key of the application are the Platform Server received from the subscribed services device 's.

As shown in fig. 7, the gateway, can also include: the first determination unit 56, decryption unit 57, the second determination unit 58 and second transmission unit 59.

First determination unit 56, for after the first receiving unit 51 receives the certification request, according to the certification The mark of the application carried in request, from the authentication information of the received certification group of second receiving unit 52 Determine the identity verification key of the application.

Decryption unit 57, the identity verification key decryption of the application for being determined using first determination unit 56 The secret information of the application, to obtain the mark of the application and the billing information of the application.

Second determination unit 58, if for the secret information that the decryption unit 57 decrypts the application obtain described in answer Mark is identical as the mark of the application carried in the received certification request of first receiving unit 51, then really The fixed application passes through identity verification.

Second transmission unit 59 is tested for working as in the certification group that second determination unit 58 determines by mark When the number of the application of card is greater than the challenge threshold value of the received certification group of second receiving unit 52, then to described flat Platform server sends group's authentication notification, and the application that group's authentication notification is used to indicate in the certification group is quasi- It gets ready and receives authentication challenge.

Further, it is close to be also used to receive the challenge that the Platform Server is sent for second receiving unit 52 Key.

Further, the acquiring unit 53, if being also used to the received certification group of second receiving unit 52 Authentication result indicate certification group authentification failure, then obtain new challenge key.

The computing unit 54, the new challenge key and composition certification for being obtained using the acquiring unit 53 Third challenge is calculated as a result, described at least two by the default hash function in the billing information of the application of subgroup It authenticates subgroup and constitutes the certification group.

First transmission unit 55, described for sending that the computing unit 54 calculates to the Platform Server The mark of three challenge results and the application in the certification subgroup, so that the Platform Server uses the new challenge The billing information of key and the application in the certification subgroup is calculated the 4th challenge by the default hash function and ties Fruit, and the Platform Server is made to challenge result and the 4th challenge result acquisition certification subgroup according to the third The authentication result of group.

Second receiving unit 52, the certification subgroup that carries for receiving that the Platform Server sends The authentication response message of authentication result.

Further, it if the authentication result of the certification group indicates certification group authentification failure, carries State the certification subgroup for also carrying in the authentication response message of the authentication result of certification group and constituting the certification group Authentication information, it is described certification subgroup authentication information in comprising it is described certification subgroup challenge threshold value and composition it is described Authenticate the mark of the application of subgroup.

Further, when the first challenge result is identical as the second challenge result, the certification group is recognized Card result indicates that the certification group authenticates successfully.

It should be noted that the specific descriptions of part functional module can be with reference to this in gateway provided in an embodiment of the present invention Corresponding content in inventive method embodiment, the present embodiment are no longer described in detail here.

Gateway provided in an embodiment of the present invention can receive carrying for terminal device transmission and be mounted in terminal device The certification request of the billing information of the mark and application of application；What gateway receiving platform server was sent carries certification group The group creating request of the authentication information of group, authenticates the mark in the authentication information of group comprising constituting the application of certification group； Gateway obtains challenge key, and using challenge key and the billing information for authenticating the application in group, by presetting hash function The first challenge result is calculated；Gateway sends the group creating response for carrying the first challenge result to Platform Server, with So that billing information corresponding to mark of the Platform Server using the application in challenge key and certification group, is breathed out by default The second challenge is calculated as a result, and obtaining Platform Server according to the first challenge result and the second challenge result in uncommon function Authenticate the authentication result of group；The authentication response of the authentication result for carrying certification group of receiving platform server transmission disappears Breath.

Embodiment 6

The embodiment of the present invention provides a kind of Platform Server, as shown in Figure 8, comprising: acquiring unit 61, transmission unit 62, Receiving unit 63, computing unit 64 and authentication unit 65.

Acquiring unit 61, for obtaining the signing information with the application of subscribed services device signing, the signing information includes: The mark of the application and the billing information of the application.

Transmission unit 62 carries certification group in the group creating request for sending group creating request to gateway Group authentication information, it is described certification group authentication information in comprising constitute it is described certification group application mark, it is described to recognize Card group is made of at least two applications.

Receiving unit 63, the group creating response for carrying the first challenge result sent for receiving the gateway, institute Stating the first challenge result is billing information of the gateway using the application in challenge key and the certification group, by default What hash function was calculated.

Computing unit 64, for using in the certification group of the challenge key and the acquisition of the acquiring unit 61 The second challenge result is calculated by the default hash function in the billing information of application.

Authentication unit 65, for according to the received first challenge result of the receiving unit 63 and the computing unit 64 the second challenge results calculated obtain the authentication result of the certification group.

The transmission unit 62 is also used to send the certification for carrying the authentication unit 65 and obtaining to the gateway The authentication response message of the authentication result of group.

Further, the computing unit 64, may include: synthesis module and computing module.

Synthesis module, for merging the received certification group of the receiving unit using default bill consolidation strategy In application billing information, the default bill consolidation strategy includes at least: by the bill of the application in the certification group Information successively sorts according to the mark of the application in the certification group and head and the tail splice.

Further, the signing information that the acquiring unit obtains further include: the identity verification key of the application.

Further, it the challenge threshold value in the authentication information of the certification group also comprising the certification group and described answers Identity verification key.

The receiving unit 63 is also used to before receiving the group creating response that the gateway is sent, receives institute Group's authentication notification of gateway transmission is stated, group's authentication notification is authentication information of the gateway according to the certification group It determines and is sent to the Platform Server after the application in the certification group is ready for receiving authentication challenge.

Further, as shown in figure 9, the Platform Server, can also include: generation unit 66.

Generation unit 66, described in being generated after the receiving unit 63 receives group's authentication notification at random Challenge key.

The transmission unit 62 is also used to send the challenge key that the generation unit 66 generates to the gateway.

Further, if the authentication result for the certification group that the authentication unit 65 obtains indicates the certification group Authentification failure, then what the transmission unit 62 was sent carries in the authentication response message of the authentication result of the certification group also The authentication information for constituting the certification subgroup of the certification group is carried, is wrapped in the authentication information of the certification subgroup The mark of the application of the certification subgroup of challenge threshold value and composition containing the certification subgroup.

Further, the generation unit 66, if being also used to recognizing for the certification group that the authentication unit 65 obtains It demonstrate,proves result and indicates certification group authentification failure, then generate new challenge key at random.

The transmission unit 62, it is close for sending the new challenge that the generation unit 66 generates to the gateway Key, so that the gateway passes through institute using the billing information of the new challenge key and the application for constituting certification subgroup It states default hash function and third challenge result is calculated.

The receiving unit 63, for receiving the third challenge result and the certification subgroup that the gateway is sent In application mark.

The computing unit 64, the new challenge key and the reception for being generated using the generation unit 66 Billing information corresponding to the mark of application in the received certification subgroup of unit 63, passes through the default hash function The 4th challenge result is calculated.

The authentication unit 65, by being received according to the receiving unit 63 the third challenge result and it is described based on Calculate the authentication result that the 4th challenge result that unit 64 is calculated obtains the certification subgroup.

The transmission unit 62 is also used to send recognizing for the authentication result for carrying the certification subgroup to the gateway Demonstrate,prove response message.

It should be noted that in the Platform Server provided in an embodiment of the present invention part functional module specific descriptions It can be no longer described in detail here with reference to the corresponding content in embodiment of the method, the present embodiment.

Platform Server provided in an embodiment of the present invention obtains the signing information with the application of subscribed services device signing, label About information includes: the mark of application and the billing information of application；Platform Server sends to gateway and carries recognizing for certification group The group creating request for demonstrate,proving information, authenticates the mark in the authentication information of group comprising constituting the application of certification group；Platform clothes Business device receives the group creating response for carrying the first challenge result that gateway is sent, and the first challenge result is gateway using challenge The billing information of key and the application in certification group is calculated by default hash function；Platform Server is from signing The billing information of application corresponding to the mark of the application in the certification group is obtained in information, and using challenge key and is recognized The second challenge result is calculated by default hash function in the billing information for demonstrate,proving the application in group；Platform Server according to First challenge result and the second challenge result obtain the authentication result of certification group, and send to gateway and carry certification group The authentication response message of authentication result.

Embodiment 7

The embodiment of the present invention provides a kind of gateway, as shown in Figure 10, comprising: receiver 71, processor 72 and transmitter 73.

Receiver 71 carries in the certification request for the certification request that receiving terminal apparatus is sent and is mounted on institute State the mark of the application in terminal device and the billing information of the application；The group creating that receiving platform server is sent is asked It asks, the authentication information of certification group is carried in the group creating request, includes structure in the authentication information of the certification group At the mark of the application of the certification group, the certification group is made of at least two applications.

Processor 72, for obtaining challenge key, and it is received described using the challenge key and the receiver 71 The first challenge result is calculated by default hash function in the billing information for authenticating the application in group.

Transmitter 73, for sending the group creating response for carrying the first challenge result to Platform Server, with So that the Platform Server in the billing information of the application saved in the Platform Server from searching in the certification group Application mark indicated by application billing information so that the Platform Server is using the challenge key and looking into The second challenge is calculated by the default hash function as a result, and making the platform in the billing information for the application found Server obtains the authentication result of the certification group by comparing the first challenge result and the second challenge result.

The receiver 71 is also used to receive the certification knot for carrying the certification group that the Platform Server is sent The authentication response message of fruit.

Further, the processor 72 is also used to merge in the certification group using default bill consolidation strategy The billing information of application, the default bill consolidation strategy include at least: by the billing information of the application in the certification group It successively sorts according to the mark of the application in the certification group and head and the tail splices；Ticket using the challenge key and after merging It is believed that breath, is calculated the first challenge result by the default hash function.

The processor 72 is also used to after the receiver 71 receives the certification request, is asked according to the certification The mark for asking the application of middle carrying determines that the identity verification of the application is close from the authentication information of the certification group Key；The secret information of the application is decrypted, using the identity verification key of the application to obtain mark and the institute of the application State the billing information of application；If the mark for the application that the secret information that the gateway decrypts the application obtains is recognized with described The mark of the application carried in card request is identical, it is determined that the application passes through identity verification.

The processor 72 is also used to judge whether be greater than in the certification group by the number of the application of identity verification The challenge threshold value of the certification group.

The transmitter 73 is also used to obtain in the certification group when the processor 72 judgement through identity verification When the number of application is greater than the challenge threshold value of the certification group, Xiang Suoshu Platform Server sends group's authentication notification, described The application that group's authentication notification is used to indicate in the certification group is ready for receiving authentication challenge.

Further, the receiver 71 is also used to receive the challenge key that the Platform Server is sent.

Further, the processor 72, if being also used to recognizing for the certification group that the receiving unit 71 receives It demonstrate,proves result and indicates certification group authentification failure, then obtain new challenge key, and use new the challenge key and structure At the billing information of the application of certification subgroup, third challenge is calculated by the default hash function as a result, at least two A certification subgroup constitutes the certification group.

The transmitter 73 is also used to send the third that the processor 72 is calculated to the Platform Server The mark for challenging result and the application in the certification subgroup, so that the Platform Server is close using the new challenge The billing information of key and the application in the certification subgroup is calculated the 4th challenge by the default hash function and ties Fruit, and the Platform Server is made to challenge result and the 4th challenge result acquisition certification subgroup according to the third The authentication result of group.

The receiver 73 is also used to receive the certification for carrying the certification subgroup that the Platform Server is sent As a result authentication response message.

In embodiments of the present invention, receiver 71, processor 72 are connected by bus with transmitter 73 and are completed each other Communication.

Wherein, bus can be industry standard architecture (Industry Standard Architecture, ISA) Always, external equipment interconnection (Peripheral Component Interconnect, PCI) bus or extension Industry Standard Architecture Structure (Extended Industry Standard Architecture, EISA) bus etc..It is total that the bus can be divided into address Line, data/address bus, control bus etc..Only to be indicated with a thick line in Figure 10 convenient for indicating, it is not intended that only one total Line or a type of bus.

Processor 72 can be central processing unit (Central Processing Unit, CPU), or CPU, number Control chip (such as base band core in word signal processor (Digital Signal Processor, DSP) and communication unit Piece) combination.In embodiments of the present invention, CPU can be single operation core, also may include multioperation core.

Receiver 71 and transmitter 73 can be the device that wireless signal is sent and received by antenna, or other The device that signal sends and receives interface is provided.

It should be noted that the specific descriptions of part functional module can join in the gateway provided in an embodiment of the present invention The corresponding content in embodiment of the present invention method is examined, the present embodiment is no longer described in detail here.

Gateway provided in an embodiment of the present invention, what receiving terminal apparatus was sent carries the application being mounted in terminal device Mark and the application billing information certification request；What gateway receiving platform server was sent carries certification group The group creating of authentication information is requested, and the mark in the authentication information of group comprising constituting the application of certification group is authenticated；Gateway Challenge key is obtained, and using challenge key and the billing information for authenticating the application in group, is calculated by default hash function Obtain the first challenge result；Gateway sends the group creating response for carrying the first challenge result to Platform Server, so that Billing information corresponding to mark of the Platform Server using the application in challenge key and certification group, passes through and presets Hash letter The second challenge is calculated as a result, and authenticating Platform Server according to the first challenge result and the second challenge result in number The authentication result of group；What receiving platform server was sent carries the authentication response message of the authentication result of certification group.

Embodiment 8

The embodiment of the present invention also provides a kind of Platform Server, as shown in figure 11, comprising: processor 81,82 and of transmitter Receiver 83.

Processor 81, for obtaining the signing information with the application of subscribed services device signing, the signing information includes: institute State the mark of application and the billing information of the application.

Transmitter 82 carries certification group in the group creating request for sending group creating request to gateway Authentication information, it is described certification group authentication information in comprising constitute it is described certification group application mark, the certification Group is made of at least two applications.

Receiver 83, the group creating response for carrying the first challenge result sent for receiving the gateway are described First challenge result is billing information of the gateway using the application in challenge key and the certification group, is breathed out by default What uncommon function was calculated.

The processor 81, it is right from the mark institute of the application obtained in the certification group in the signing information to be also used to The billing information for the application answered, and using the billing information of the application in the challenge key and the certification group, pass through institute It states default hash function and the second challenge result is calculated；According to the received first challenge result of the receiver 83 and institute State the authentication result that the second challenge result obtains the certification group.

Transmitter 82, for sending the certification for carrying the certification group that the processor 82 obtains to the gateway As a result authentication response message.

Further, the processor 81 is also used to merge in the certification group using default bill consolidation strategy The billing information of application, the default bill consolidation strategy include at least: by the billing information of the application in the certification group It successively sorts according to the mark of the application in the certification group and head and the tail splices；Ticket using the challenge key and after merging It is believed that breath, is calculated the second challenge result by the default hash function.

Further, the signing information further include: the identity verification key of the application；The identity verification of the application The key subscribed services device generates at random, close with the billing information of the application for encrypting identifying for the application Key.

The receiver 83 is also used to ring in the group creating for carrying the first challenge result for receiving the gateway transmission Before answering, group's authentication notification that the gateway is sent is received, group's authentication notification is the gateway according to the certification The authentication information of group determines that the application in the certification group is ready for taking after receiving authentication challenge to the platform It is engaged in what device was sent.

Further, the processor 81 is also used to carry described the what the receiver 83 received that gateway sends It is random to generate after the receiver 83 receives group's authentication notification before the group creating response of one challenge result The challenge key, and the challenge key is sent to the gateway.

Further, the processor 81, if the authentication result for being also used to the certification group indicates the certification group Authentification failure then generates new challenge key at random.

The transmitter 82 is also used to send the new challenge key to the gateway, so that the gateway uses The billing information of the new challenge key and the application for constituting certification subgroup, is calculated by the default hash function Third challenges result.

The receiver 83 is also used to receive third challenge result and the certification subgroup that the gateway is sent In application mark.

The processor 81 is also used to the mark using the application in the new challenge key and the certification subgroup The 4th challenge result is calculated by the default hash function in corresponding billing information；According to the third challenge knot Fruit and the 4th challenge result obtain the authentication result of the certification subgroup.

The transmitter 82 is also used to send the certification subgroup for carrying the processor 81 and obtaining to the gateway The authentication response message of the authentication result of group.

In embodiments of the present invention, processor 81, receiver 83 are connected by bus with transmitter 82 and are completed each other Communication.

Wherein, bus can be industry standard architecture (Industry Standard Architecture, ISA) Always, external equipment interconnection (Peripheral Component Interconnect, PCI) bus or extension Industry Standard Architecture Structure (Extended Industry Standard Architecture, EISA) bus etc..It is total that the bus can be divided into address Line, data/address bus, control bus etc..Only to be indicated with a thick line in Figure 11 convenient for indicating, it is not intended that only one total Line or a type of bus.

Processor 81 can be central processing unit (Central Processing Unit, CPU), or CPU, number Control chip (such as base band core in word signal processor (Digital Signal Processor, DSP) and communication unit Piece) combination.In embodiments of the present invention, CPU can be single operation core, also may include multioperation core.

Receiver 83 and transmitter 82 can be the device that wireless signal is sent and received by antenna, or other The device that signal sends and receives interface is provided.

Through the above description of the embodiments, it is apparent to those skilled in the art that, for description It is convenienct and succinct, only the example of the division of the above functional modules, in practical application, can according to need and will be upper It states function distribution to be completed by different functional modules, i.e., the internal structure of device is divided into different functional modules, to complete All or part of function described above.The specific work process of the system, apparatus, and unit of foregoing description, before can referring to The corresponding process in embodiment of the method is stated, details are not described herein.

In several embodiments provided herein, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the module or The division of unit, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units Or component can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, institute Display or the mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, device or unit Indirect coupling or communication connection can be electrical property, mechanical or other forms.

The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.

It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.

If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention The all or part of the steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk Etc. the various media that can store program code.

The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims

1. a kind of group's authentication method characterized by comprising

The certification request that gateway receiving terminal apparatus is sent is carried in the certification request and is mounted in the terminal device The mark of application and the billing information of the application；

The group creating that the gateway receiving platform server is sent is requested, and carries certification group in the group creating request Authentication information, it is described certification group authentication information in comprising constitute it is described certification group application mark, the certification Group is made of at least two applications；

The gateway obtains challenge key, and challenges key and the billing information for authenticating the application in group using described, The first challenge result is calculated by default hash function；

The gateway sends the group creating response for carrying the first challenge result to Platform Server, so that described flat Platform server from searched in the billing information of the application saved in the Platform Server it is described certification group in application mark The billing information of indicated application is known, so that the Platform Server is using the challenge key and the application found Billing information, the second challenge is calculated by the default hash function as a result, and passing through the Platform Server Compare the first challenge result and the second challenge result obtains the authentication result of the certification group；

The authentication response that the gateway receives the authentication result for carrying the certification group that the Platform Server is sent disappears Breath.

2. the method according to claim 1, wherein the gateway uses the challenge key and the certification group The first challenge result is calculated by default hash function in the billing information of application in group, comprising:

The gateway merges the billing information of the application in the certification group using default bill consolidation strategy, described default Bill consolidation strategy includes at least: by the billing information of the application in the certification group according to the application in the certification group Mark successively sort and head and the tail splice；

Billing information using the challenge key and after merging, is calculated described first by the default hash function and chooses War result.

3. according to the method described in claim 2, being set it is characterized in that, being carried in the certification request and being mounted on the terminal The mark of application in standby and the billing information of the application, specifically:

The mark for the application being mounted in the terminal device and the secret information of the application are carried in the certification request, The secret information of the application is that the terminal device is described in installation in application, by subscribed services device using the mark generated at random Know that authentication secret encrypts the mark of the application and the billing information of the application obtains.

4. according to the method described in claim 3, it is characterized in that, also recognizing comprising described in the authentication information of the certification group The challenge threshold value of group and the identity verification key of the application are demonstrate,proved, the identity verification key of the application is the platform service Device is received from the subscribed services device；

Before the gateway obtains challenge key, the method also includes:

The gateway is after receiving the certification request, according to the mark of the application carried in the certification request, from The identity verification key of the application is determined in the authentication information of the certification group；

The gateway decrypts the secret information of the application using the identity verification key of the application, to obtain the application The billing information of mark and the application；

If being carried in the mark for the application that the secret information that the gateway decrypts the application obtains and the certification request The application mark it is identical, the gateway then determines that the application passes through identity verification；

It is described when being greater than the challenge threshold value of the certification group by the number of the application of identity verification in the certification group Gateway then sends group's authentication notification to the Platform Server, and group's authentication notification is used to indicate in the certification group The application be ready for receiving authentication challenge；

Wherein, when the number in the certification group by the application of identity verification is total less than the application in the certification group When number, the mark of the application by identity verification is carried in the group creating response.

5. according to the method described in claim 4, it is characterized in that, the gateway obtains challenge key, comprising:

The gateway receives the challenge key that the Platform Server is sent；

Wherein, the challenge key is the Platform Server after receiving group's authentication notification, it is random generate and to What the gateway was sent.

6. method according to any one of claims 1-5, which is characterized in that further include:

If the authentication result of the certification group indicates certification group authentification failure, it is close that the gateway obtains new challenge Key, and using the billing information of the new challenge key and the application for constituting certification subgroup, pass through the default Hash letter Third challenge is calculated for number as a result, at least two certification subgroups constitute the certification group；

The gateway sends the mark of the application in the third challenge result and the certification subgroup to the Platform Server Know, so that bill letter of the Platform Server using the application in the new challenge key and the certification subgroup The 4th challenge is calculated as a result, and making the Platform Server according to the third by the default hash function in breath Challenge result and the 4th challenge result obtain the authentication result of the certification subgroup；

The gateway receives the authentication response for the authentication result for carrying the certification subgroup that the Platform Server is sent Message.

7. according to the method described in claim 6, it is characterized in that, if the authentication result of the certification group indicates the certification Group's authentification failure then carries also to carry in the authentication response message of the authentication result of the certification group and recognize described in composition The authentication information of the certification subgroup of group is demonstrate,proved, includes the certification subgroup in the authentication information of the certification subgroup Challenge threshold value and composition the certification subgroup application mark.

8. the method according to claim 1, wherein when the first challenge result and the second challenge result When identical, the authentication result of the certification group indicates that the certification group authenticates successfully；

When the first challenge result and the second challenge result difference, described in the authentication result instruction of the certification group Authenticate group's authentification failure.

9. a kind of group's authentication method characterized by comprising

Platform Server obtains the signing information with the application of subscribed services device signing, and the signing information includes: the application Mark and the application billing information；

The Platform Server sends group creating request to gateway, carries recognizing for certification group in the group creating request Information is demonstrate,proved, the mark of the application comprising the composition certification group, the certification group in the authentication information of the certification group It is made of at least two applications；

The Platform Server receives the group creating for carrying the first challenge result that the gateway is sent and responds, and described first Challenging result is billing information of the gateway using the application in challenge key and the certification group, by presetting Hash letter What number was calculated；

The Platform Server from searched in the signing information it is described certification group in application mark indicated by application Billing information pass through the default hash function meter and using the challenge key and the billing information of application found Calculation obtains the second challenge result；

The Platform Server obtains recognizing for certification group by comparing the first challenge result and the second challenge result Card is as a result, and send the authentication response message for carrying the authentication result of the certification group to the gateway.

10. according to the method described in claim 9, it is characterized in that, when the first challenge result and second challenge are tied When fruit is identical, the authentication result of the certification group indicates that the certification group authenticates successfully；

11. according to the method described in claim 10, it is characterized in that, the Platform Server uses the challenge key and institute The billing information for stating the application in certification group, is calculated the second challenge result by the default hash function, comprising:

The Platform Server merges the billing information of the application in the certification group, institute using default bill consolidation strategy It states default bill consolidation strategy to include at least: by the billing information of the application in the certification group according in the certification group Application mark successively sort and head and the tail splice；

Billing information of the Platform Server using the challenge key and after merging, is calculated by the default hash function Obtain the second challenge result.

12. according to the method for claim 11, which is characterized in that the signing information further include: the mark of the application Authentication secret.

13. according to the method for claim 12, which is characterized in that also comprising described in the authentication information of the certification group Authenticate the challenge threshold value of group and the identity verification key of the application；

Before the group creating response for carrying the first challenge result that the Platform Server receives that the gateway is sent, institute State method further include:

The Platform Server receives group's authentication notification that the gateway is sent, and group's authentication notification is the gateway root It is backward to determine that the application in the certification group is ready for receiving authentication challenge according to the authentication information of the certification group What the Platform Server was sent；

Wherein, when the number in the certification group by the application of identity verification is total less than the application in the certification group When number, the mark of the application by identity verification is carried in the group creating response；

The application carried in the certification request that the application by identity verification sends for the gateway according to terminal device Mark determines the identity verification key of the application from the authentication information of the certification group, answers described in the gateway use The secret information of identity verification key decryption application, obtains the mark of the application and the billing information of the application, institute The mark for stating application is identical as the mark of the application carried in the certification request, wherein the secret information of the application It is described in application, being encrypted by the subscribed services device using the identity verification key generated at random in installation for the terminal device What the mark of the application and the billing information of the application obtained.

14. according to the method for claim 13, which is characterized in that receive first that gateway is sent in the Platform Server Before the mark for challenging the application in the certification group of result and at least two application compositions, the method also includes:

The Platform Server generates the challenge key after receiving group's authentication notification at random, and to the net It closes and sends the challenge key.

15. method described in any one of 0-14 according to claim 1, which is characterized in that if the certification knot of the certification group Fruit indicates certification group authentification failure, then carries and also take in the authentication response message of the authentication result of the certification group With the authentication information for constituting the certification subgroup for authenticating group, comprising described in the authentication information of the certification subgroup Authenticate the mark of the application of the challenge threshold value of subgroup and the certification subgroup of composition.

16. according to the method for claim 15, which is characterized in that further include:

If the authentication result of the certification group indicates that certification group authentification failure, the Platform Server generate at random New challenge key, and the new challenge key is sent to the gateway, so that the gateway uses the new challenge The billing information of the application of key and composition certification subgroup, is calculated third challenge knot by the default hash function Fruit, at least two certification subgroups constitute the certification group；

The Platform Server receives the application in the third challenge result that the gateway is sent and the certification subgroup Mark；

Corresponding to mark of the Platform Server using the application in the new challenge key and the certification subgroup The 4th challenge result is calculated by the default hash function in billing information；

The Platform Server challenges result according to the third and the 4th challenge result obtains the certification subgroup Authentication result, and the authentication response message for carrying the authentication result of the certification subgroup is sent to the gateway.

17. a kind of gateway characterized by comprising

First receiving unit carries in the certification request for the certification request that receiving terminal apparatus is sent and is mounted on institute State the mark of the application in terminal device and the billing information of the application；

Second receiving unit carries in the group creating request for the group creating request that receiving platform server is sent There is the authentication information of certification group, the mark of the application comprising the composition certification group in the authentication information of the certification group Know, the certification group is made of at least two applications；

Acquiring unit, for obtaining challenge key；

Computing unit, the challenge key and the received institute of second receiving unit for being obtained using the acquiring unit The billing information for stating the application of the composition certification group of the authentication information instruction of certification group, by presetting hash function meter Calculation obtains the first challenge result；

First transmission unit, for sending the group creating response for carrying the first challenge result to Platform Server, with So that the Platform Server in the billing information of the application saved in the Platform Server from searching in the certification group Application mark indicated by application billing information so that the Platform Server is using the challenge key and looking into The second challenge is calculated by the default hash function as a result, and making the platform in the billing information for the application found Server obtains the authentication result of the certification group by comparing the first challenge result and the second challenge result；

Second receiving unit is also used to receive the certification knot for carrying the certification group that the Platform Server is sent The authentication response message of fruit.

18. gateway according to claim 17, which is characterized in that the computing unit, comprising:

Synthesis module, it is described for merging the billing information of the application in the certification group using default bill consolidation strategy Default bill consolidation strategy includes at least: by the billing information of the application in the certification group according in the certification group The mark of application successively sorts and head and the tail splice；

Computing module, the ticket after the challenge key and synthesis module merging for being got using the acquiring unit It is believed that breath, is calculated the first challenge result by the default hash function.

19. gateway according to claim 18, which is characterized in that carried in the certification request and be mounted on the terminal The mark of application in equipment and the billing information of the application, specifically:

20. gateway according to claim 19, which is characterized in that also comprising described in the authentication information of the certification group The challenge threshold value of group and the identity verification key of the application are authenticated, the identity verification key of the application is platform clothes Device be engaged in received from the subscribed services device；

The gateway further include:

First determination unit, for being taken according in the certification request after the first receiving unit receives the certification request The mark of the application of band determines the identity verification key of the application from the authentication information of the certification group；

The identity verification key of decryption unit, the application for being determined using first determination unit decrypts the application Secret information, with obtain the application mark and the application billing information；

Second determination unit, if the mark of the application obtained for the secret information that the decryption unit decrypts the application It is identical as the mark of the application carried in the received certification request of first receiving unit, it is determined that the application Pass through identity verification；

Second transmission unit, for when the application in the certification group that second determination unit determines by identity verification Number be greater than second receiving unit it is received it is described certification group challenge threshold value when, then to the Platform Server send out Group's authentication notification is sent, the application that group's authentication notification is used to indicate in the certification group is ready for receiving to recognize Card challenge；

21. gateway according to claim 20, which is characterized in that second receiving unit is also used to receive described flat The challenge key that platform server is sent；

22. gateway described in any one of 7-21 according to claim 1, which is characterized in that the acquiring unit, if being also used to institute The authentication result instruction certification group authentification failure for stating the received certification group of the second receiving unit, then obtain newly Challenge key；

The computing unit, for authenticating subgroup using new the challenging key and constitute of acquiring unit acquisition Third challenge is calculated by the default hash function as a result, at least two certification subgroups in the billing information of application Group constitutes the certification group；

First transmission unit, for sending the third challenge knot that the computing unit calculates to the Platform Server The mark of fruit and the application in the certification subgroup, so that the Platform Server uses new the challenge key and institute The 4th challenge is calculated as a result, and making by the default hash function in the billing information for stating the application in certification subgroup It obtains the Platform Server and recognizing for the certification subgroup is obtained according to third challenge result and the 4th challenge result Demonstrate,prove result；

Second receiving unit, the certification knot for carrying the certification subgroup sent for receiving the Platform Server The authentication response message of fruit.

23. gateway according to claim 22, which is characterized in that if recognizing described in the authentication result instruction of the certification group Group's authentification failure is demonstrate,proved, then carries and is also carried described in composition in the authentication response message of the authentication result of the certification group The authentication information of the certification subgroup of group is authenticated, includes the certification subgroup in the authentication information of the certification subgroup The mark of the application of the certification subgroup of the challenge threshold value and composition of group.

24. gateway according to claim 17, which is characterized in that when the first challenge result and second challenge are tied When fruit is identical, the authentication result of the certification group indicates that the certification group authenticates successfully；

25. a kind of Platform Server characterized by comprising

Acquiring unit, for obtaining the signing information with the application of subscribed services device signing, the signing information includes: described answers The billing information of mark and the application；

Transmission unit carries recognizing for certification group in the group creating request for sending group creating request to gateway Information is demonstrate,proved, the mark of the application comprising the composition certification group, the certification group in the authentication information of the certification group It is made of at least two applications；

Receiving unit, the group creating response for carrying the first challenge result sent for receiving the gateway, described first Challenging result is billing information of the gateway using the application in challenge key and the certification group, by presetting Hash letter What number was calculated；

Computing unit, the ticket of the application in the certification group for being obtained using the challenge key and the acquiring unit It is believed that breath, is calculated the second challenge result by the default hash function；

Authentication unit, for what is calculated according to the received first challenge result of the receiving unit and the computing unit The second challenge result obtains the authentication result of the certification group；

The transmission unit is also used to send recognizing for the certification group for carrying that the authentication unit obtains to the gateway Demonstrate,prove the authentication response message of result.

26. Platform Server according to claim 25, which is characterized in that when the first challenge result and described second When challenge result is identical, the authentication result of the certification group indicates that the certification group authenticates successfully；

27. Platform Server according to claim 26, which is characterized in that the computing unit, comprising:

Synthesis module, for merging in the received certification group of the receiving unit using default bill consolidation strategy The billing information of application, the default bill consolidation strategy include at least: by the billing information of the application in the certification group It successively sorts according to the mark of the application in the certification group and head and the tail splices；

Computing module, for the billing information after being merged using the challenge key and the synthesis module, by described default The second challenge result is calculated in hash function.

28. Platform Server according to claim 27, which is characterized in that the signing letter that the acquiring unit obtains Breath further include: the identity verification key of the application.

29. Platform Server according to claim 28, which is characterized in that also wrapped in the authentication information of the certification group The identity verification key of challenge threshold value and the application containing the certification group；

The receiving unit is also used to before receiving the group creating response that the gateway is sent, receives the gateway Group's authentication notification of transmission, group's authentication notification determine institute according to the authentication information of the certification group for the gateway State what the application in certification group was ready for receiving sending to the Platform Server after authentication challenge；

30. Platform Server according to claim 29, which is characterized in that further include:

Generation unit, for generating the challenge key at random after the receiving unit receives group's authentication notification；

The transmission unit is also used to send the challenge key to the gateway.

31. the Platform Server according to any one of claim 26-30, which is characterized in that if the authentication unit obtains The authentication result of the certification group obtained indicates certification group authentification failure, then what the transmission unit was sent carries The certification subgroup for constituting the certification group is also carried in the authentication response message of the authentication result of the certification group Authentication information, it is described certification subgroup authentication information in comprising it is described certification subgroup challenge threshold value and constitute described in recognize Demonstrate,prove the mark of the application of subgroup.

32. Platform Server according to claim 31, which is characterized in that generation unit, if it is single to be also used to the certification The authentication result for the certification group that member obtains indicates certification group authentification failure, then it is close to generate new challenge at random Key；

The transmission unit, for sending the new challenge key that the generation unit generates to the gateway, so that The gateway passes through the default Hash using the billing information of the new challenge key and the application for constituting certification subgroup Third challenge is calculated for function as a result, at least two certification subgroups constitute the certification group；

The receiving unit, for receiving answering in the third challenge result and the certification subgroup that the gateway is sent Mark；

The computing unit, the new challenge key and the receiving unit for being generated using the generation unit are received The certification subgroup in application mark corresponding to billing information, be calculated by the default hash function Four challenge results；

The authentication unit, the third by being received according to the receiving unit are challenged based on result and the computing unit Obtained the 4th challenge result obtains the authentication result of the certification subgroup；

The transmission unit is also used to send the authentication response for the authentication result for carrying the certification subgroup to the gateway Message.