CN113472526B - Internet of things equipment line protection method based on security chip - Google Patents
Internet of things equipment line protection method based on security chip Download PDFInfo
- Publication number
- CN113472526B CN113472526B CN202110709360.9A CN202110709360A CN113472526B CN 113472526 B CN113472526 B CN 113472526B CN 202110709360 A CN202110709360 A CN 202110709360A CN 113472526 B CN113472526 B CN 113472526B
- Authority
- CN
- China
- Prior art keywords
- server
- equipment
- key
- algorithm
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a line protection method of an Internet of things device based on a security chip, which is a method for ensuring the secure transmission of data in a communication pipeline, and when the device is powered on, the validity of the device and a server is confirmed through the bidirectional authentication of an asymmetric algorithm without a certificate; after passing the authentication, adopting a second negotiation to generate a session key with high randomness and one-time pad; when data in the communication pipeline is transmitted, the session key and the symmetric algorithm are used for encrypting the data and calculating the MAC, so that confidentiality and integrity of line data are ensured, and the line transmission safety is ensured. The method fully considers the characteristics of simple, high-efficiency, low-power consumption and the like of the Internet of things equipment, does not need to establish a complex key management system, utilizes the high security of an asymmetric algorithm and the rapidity of a hash and a symmetric algorithm, increases the randomness of the key, is particularly suitable for a model of a cloud-pipe-end (server-communication pipeline-equipment end) in the Internet of things, and fully ensures the information security in the process of transmitting data from the equipment to the server.
Description
Technical Field
The invention relates to the field of information security of the Internet of things, in particular to a method for protecting a circuit of equipment of the Internet of things based on a security chip.
Background
With the rapid development of the internet of things and intelligent products, information security problems are also increasingly concerned. Many intelligent products are not separated from the cloud-pipe-end mode, namely, the cloud (server) -communication pipeline-equipment end, so that each link needs to have a complete security policy, and the security of data and keys is ensured. However, in the implementation, the server and the device may perform key and data filling in a physical environment isolation manner, so as to ensure the security of both ends, so that the security in the communication pipeline is particularly worth focusing. Since data transmission from a device end to a server end often uses wireless communication, how to ensure legal objects and data security is a key point of technical research. The prior art has the following defects of bidirectional authentication and data protection:
(1) In the two-way authentication, in order to ensure high confidentiality, an asymmetric algorithm is mostly adopted for data protection, complex key management, certificate management and complex system design are often introduced, but the Internet of things equipment is mostly based on communication modes such as LTE Cat-0, cat-1, M1, NB and the like, and the Internet of things equipment is characterized by simple design, low cost, low power consumption (long battery life), low flow, high efficiency and the like, and is not suitable for introducing a complex key management system;
(2) In the existing scheme in data protection, single negotiation is mostly adopted, and for the internet of things equipment with high safety, high efficiency and low power consumption, if asymmetric algorithm negotiation is adopted for each data exchange, the efficiency is low, the loss to a battery is large, if symmetric algorithm negotiation is adopted, the safety is poor, and a more balanced method needs to be found.
Disclosure of Invention
Aiming at the problems of the related technology, the invention provides a line protection method with balanced safety and performance, which can realize the multiplexing of data and methods of authentication and session key negotiation without building a complex key management system, can efficiently generate a session key with high randomness, and can carry out confidentiality and integrity protection on the data in transmission.
In order to achieve the technical purpose, the invention discloses a line protection method of an Internet of things device based on a security chip, wherein the legal authentication of the device and a server is realized through the two-way authentication of a certificate-free asymmetric algorithm, a session key is generated in a secondary negotiation mode after the authentication is passed, wherein the primary negotiation adopts the asymmetric algorithm to enhance the security, and is only carried out when the device is powered on again, the performance loss is reduced by reducing the use frequency, the secondary negotiation adopts a high-efficiency hash algorithm, the session key is obtained by hashing a master key and a random number of the primary negotiation, and the randomness of the key is increased, so that one-time encryption is realized. This secondary negotiation approach minimizes traffic and power consumption (especially battery life loss) and improves device operating efficiency. When the equipment and the server need to exchange data, the session key is used for encrypting the plaintext data and calculating the MAC, so that the confidentiality and the integrity of line transmission are ensured. The method specifically comprises the following steps:
(1) In a safe physical environment, presetting a public and private key pair of equipment, an equipment ID and a public key of a server side in a security chip, presetting the public and private key pair of the server side and the public key of the equipment by the server side, and binding the public key of the equipment side and the equipment ID by the server side.
(2) Acquiring a device ID of a security chip at a device end through a security SDK, sending the device ID to a server end for key matching, then generating a random number Rand1 at the device end, signing the random number by using a device private key through an SM2 algorithm, sending a signature original text and signature information to the server end, and carrying out SM2 algorithm signature verification by using a device public key at the server end, wherein the signature verification passes, namely, the device authentication passes; the server generates a random number Rand2, the random number is signed by an SM2 algorithm through a server private key, signature texts and signature information are sent to the equipment end, the equipment end calls a secure SDK to carry out SM2 algorithm signature verification through a server public key, and the signature verification passes through server authentication, so that bidirectional authentication is completed.
(3) After the two-way authentication is passed, a first-level session key negotiation is carried out when the equipment is electrified, the main method is that the equipment end obtains the equipment ID of the security chip through the security SDK and sends the equipment ID to the server end for key matching, then the server generates a random number as a master key MasterKey, the MasterKey is encrypted by an SM2 algorithm through the equipment public key to obtain Enc, the Enc is returned to the equipment end, the equipment carries out SM2 algorithm decryption through the security SDK and uses the equipment private key to obtain a MasterKey plaintext, and the MasterKey plaintext is stored in an NVM area of the security chip for a long time.
(4) And carrying out second-level session key negotiation and one-time encryption when the equipment end and the server end carry out data exchange each time. The device side generates random number Rand3 through the secure SDK and sends the random number Rand3 to the server through the communication module, the server carries out SM3 hash operation on the Master Key I Rand3 to obtain a negotiated session key SessionKey and informs the device side that negotiation is completed, at the moment, the device side uses the secure SDK to carry out SM3 hash operation on the Master Key I Rand3 to obtain the negotiated session key SessionKey and stores the negotiated session key SessionKey in a RAM area of the secure chip, and the session key SessionKey can be stored rapidly.
(5) After the second-level session key negotiation is generated, SM4 algorithm encryption and MAC processing are carried out on the data before the sensitive data are sent, SM4 algorithm decryption and MAC processing are carried out on the data after the data are received, and plaintext is obtained.
The method has the advantages that the high safety and the hash of the asymmetric algorithm and the rapidity of the symmetric algorithm are fully exerted, the randomness of the session key is increased, and the characteristics of high safety, high efficiency and low power consumption in the Internet of things equipment are balanced. Only when the equipment is powered on and is authenticated, a high-security asymmetric algorithm is adopted to carry out bidirectional authentication and primary session key negotiation, and the two operations can be carried out by multiplexing the stored key and a calculation method at regular intervals, so that the performance and the flow loss caused by the asymmetric algorithm are reduced by reducing the frequency; when the equipment and the server exchange data, a second-level session key negotiation is carried out, the randomness of the session key is increased based on the first-level session key and the random number, and one-time pad is realized through efficient hash calculation; and finally, the exchange data is encrypted and MAC-added by a symmetric algorithm with high efficiency by using the key obtained by the second negotiation, and double protection is realized, so that the data is effectively prevented from being leaked and destroyed in the transmission process.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are required to be used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings are only one embodiment of the present invention, and that other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a block diagram of an overall system according to an embodiment of the present invention
FIG. 2 is a flow chart of the mutual authentication according to the implementation of the present invention
FIG. 3 is a diagram of a first level negotiation process according to the implementation of the present invention
FIG. 4 is a diagram of a two-level negotiation process embodying the present invention
FIG. 5 is a diagram showing an example of sensitive information interaction according to an embodiment of the present invention
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the accompanying drawings. The implementations described in the following exemplary examples do not represent all implementations consistent with the invention. Rather, they are merely examples of methods consistent with aspects of the invention as detailed in the accompanying claims.
As shown in fig. 1, according to the method for protecting the line of the internet of things device based on the security chip, a cloud-pipe-end model needs to be satisfied, wherein the MCU and the security chip interact through the security SDK, the whole device and the server end are transmitted through the communication module, the device and the server can adopt physical environment security to ensure the security of filling key data, and therefore, the protection of the line data on the communication pipeline needs to be focused.
As shown in fig. 2, the mutual authentication according to the embodiment of the present invention is the basis for the subsequent line transmission in order to confirm the validity between the device and the server. Comprises the following steps:
s2001, presetting device public and private keys (pubK ey. Dev and Prikey. Dev) in a secure chip under a secure physical environment, presetting a server public key pubKey. Server and device ID. Dev in a server, presetting the server public and private keys (pubKey. Server and Prikey. Server) and the device public key pubKey. Dev in the server, and binding the device public key and the device ID in the server.
S2002, acquiring the device ID of the security chip through the security SDK at the device end, and carrying out PubKey dev key matching in the transmitted server.
S2003, the equipment side calls the secure SDK to generate a random number Rand1.
S2004, the device side signs Rand1 with Prkey.dev through an SM2 algorithm to obtain sign.dev, and sends the ID.dev I Rand 1I sign.dev to the server through a communication module.
S2005, carrying out SM2 algorithm signature verification on Rand1 Sign.dev by PubKey.dev in the server, and confirming that the signature verification is legal through the device.
S2006, carrying out SM2 algorithm signature on Rand2 of the random number generated by the server by using a PriKey.server of the server to obtain sign.server, and sending Rand 2I sign.dev to the equipment through a communication module.
S2007, the device side performs SM2 algorithm signature verification on Rand2 sign.dev through a secure SDK by using a PubKey.server, and the signature verification passes, namely, the server is confirmed to be legal, and both sides are legal and the two-way authentication passes.
As shown in fig. 3, the primary key negotiation according to the embodiment of the present invention considers the high security but low performance of the asymmetric algorithm, and only performs the primary negotiation when the device is turned on, thereby reducing the frequency of use. Comprises the following steps:
s3001, the device side obtains the device ID of the security chip through the security SDK, and performs PubKey dev key matching in the transmitted server.
S3002, the server generates a random number MasterKey, and SM2 algorithm encryption is carried out on the MasterKey by using PubKey.
S3003, the equipment end decrypts the SM2 algorithm through the secure SDK by using the Prike. Dev private key to obtain a MasterKey plaintext, and stores the MasterKey plaintext in an NVM area of the secure chip, so that the secure chip can be stored for a long time.
As shown in fig. 4, in consideration of the high efficiency of the hash algorithm, in order to increase the randomness of the key, a random number is added to a primary negotiation key as a basic key, hash computation is performed at both ends of a server and a device respectively, and a quick one-time one-secret is realized, which comprises the following steps:
s4001, firstly, generating a random number Rand3 by the equipment end through the secure SDK.
S4002, the random number Rand3 is sent to a server through a communication module, SM3 hash operation is carried out on the Master Key I Rand3 by the server to obtain a session key SessionKey after negotiation, and the device side is informed of the completion of negotiation.
S4003, the device side uses the secure SDK to perform SM3 hash operation on the MasterKey I Rand3 to obtain a negotiated session key SessionKey, and the session key SessionKey is stored in a RAM area of the secure chip, so that quick storage is realized.
As shown in fig. 5, according to the example of sensitive information transmission in the embodiment of the present invention, the internet of things device is assumed to be an intelligent door lock, and the specific steps are as follows:
s5001, when the device is powered on and started, two-way authentication is performed through a network and a server, first-level key negotiation is performed after the legitimacy of the two parties is ensured, then the first-level negotiation key is stored in the device, and meanwhile the same first-level negotiation key is stored in the server.
S5002, the equipment initiates a request for acquiring the temporary unlocking password, and the server receives the request from the equipment.
S5003, after receiving the request of the server for agreeing to apply for unlocking passwords, the equipment end generates random numbers through the secure SDK and sends the random numbers to the server end through a network. After the server receives the random number, the two parties start to carry out secondary key negotiation.
S5004, after the second-level negotiation is completed, the server generates a temporary password, encrypts the temporary password by using the second-level negotiation key and adds MAC, and transmits the temporary password back to the equipment end.
S5005, the equipment side invokes the secure SDK, uses the secondary negotiation key of the equipment side to remove the MAC and decrypt the password, and stores the temporary password plaintext into the secure chip.
S5006, when the unlocking person receives the temporary password information sent by the server, the unlocking person inputs the temporary password information into the equipment end and then successfully unlocks the equipment through comparison with the secret key in the equipment end security chip.
S5007, in the example, the adopted asymmetric algorithm is an SM2 algorithm with the speed of 61.4kbps, the hash algorithm is SM3 with the speed of 519.3kbps, the symmetric algorithm is SM4 with the speed of 348.9kbps, and through calculation, the asymmetric algorithm and the hash algorithm are selected through secondary negotiation, and the transmission data adopts the symmetric algorithm to reduce power consumption and improve efficiency in the Internet of things equipment line, and the balancing method of safety is ensured.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
Claims (1)
1. The method is characterized in that a certificate-free asymmetric algorithm is adopted for bidirectional authentication, a session key is generated in a secondary negotiation mode after authentication is passed, wherein a high-security asymmetric algorithm is adopted for primary negotiation, a high-efficiency hash algorithm is adopted for secondary negotiation, and a secondary session key with high security and high randomness is generated; after the key agreement is successful, the data in the communication pipeline is encrypted by adopting a symmetric algorithm, and the double protection of the MAC is calculated on the data, and the specific steps are as follows:
step 1, presetting a public and private key pair of equipment, an equipment ID and a public key of a server side in a secure chip under a secure physical environment, presetting the public and private key pair of the server side and the public key of the equipment at the server side, and binding the public key of the equipment side and the equipment ID at the server side;
step 2, obtaining the equipment ID of the security chip through the security SDK at the equipment end, sending the equipment ID to the server end for key matching, then generating a random number Rand1 by the equipment end, signing the random number by using an SM2 algorithm with a private key of the equipment, sending signature text and signature information to the server end, and carrying out SM2 algorithm signature verification by using a public key of the equipment end by the server, wherein the signature verification passes, namely equipment authentication passes; the server generates a random number Rand2, the random number is signed by an SM2 algorithm by a server private key, signature texts and signature information are sent to the equipment end, the equipment end calls a secure SDK to carry out SM2 algorithm signature verification by a server public key, and the signature verification passes through the server authentication, so that the bidirectional authentication is completed;
step 3, after the two-way authentication is passed, performing a first-level session key negotiation when the equipment is powered on each time, specifically: the device end obtains the device ID of the security chip through the security SDK, sends the device ID to the server end for key matching, the server generates a random number as a master key MasterKey, encrypts the MasterKey by an SM2 algorithm with a device public key to obtain Enc, returns the Enc to the device end, decrypts the SM2 algorithm through the security SDK by using a device private key to obtain a MasterKey plaintext, and stores the MasterKey plaintext in an NVM area of the security chip;
step 4, when the equipment end and the server end exchange data, the second-stage session key negotiation is carried out, and one-time pad is specifically as follows: the device side generates a random number Rand3 through a secure SDK, sends the random number Rand3 to a server through a communication module, carries out SM3 hash operation on the MasterKey I Rand3 to obtain a negotiated session key SessionKey, informs the device side that negotiation is completed, and uses the secure SDK to carry out SM3 hash operation on the MasterKey I Rand3 to obtain the negotiated session key SessionKey and stores the negotiated session key SessionKey in a RAM area of the secure chip;
and 5, after the second-level session key negotiation is generated, carrying out SM4 algorithm encryption and MAC processing on the data before sending the sensitive data, and carrying out SM4 algorithm decryption and MAC processing on the received data to obtain a plaintext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110709360.9A CN113472526B (en) | 2021-06-25 | 2021-06-25 | Internet of things equipment line protection method based on security chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110709360.9A CN113472526B (en) | 2021-06-25 | 2021-06-25 | Internet of things equipment line protection method based on security chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113472526A CN113472526A (en) | 2021-10-01 |
| CN113472526B true CN113472526B (en) | 2023-06-30 |
Family
ID=77872856
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110709360.9A Active CN113472526B (en) | 2021-06-25 | 2021-06-25 | Internet of things equipment line protection method based on security chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113472526B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113660659B (en) * | 2021-10-19 | 2022-03-04 | 华智生物技术有限公司 | Internet of things equipment identity identification method, system, equipment and computer readable medium |
| CN114244509A (en) * | 2021-12-17 | 2022-03-25 | 北京国泰网信科技有限公司 | Method for carrying out SM2 one-time pad bidirectional authentication unlocking by using mobile terminal |
| CN114172745A (en) * | 2022-01-19 | 2022-03-11 | 中电华瑞技术有限公司 | Internet of things security protocol system |
| CN115529138A (en) * | 2022-08-29 | 2022-12-27 | 中国南方电网有限责任公司 | Transformer substation safety communication method and system based on digital authentication technology |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008053279A1 (en) * | 2006-11-01 | 2008-05-08 | Danske Bank A/S | Logging on a user device to a server |
| CN104158653A (en) * | 2014-08-14 | 2014-11-19 | 华北电力大学句容研究中心 | Method of secure communication based on commercial cipher algorithm |
| CN107733747A (en) * | 2017-07-28 | 2018-02-23 | 国网江西省电力公司上饶供电分公司 | Towards the common communication access system of multiple service supporting |
| CN110944327A (en) * | 2019-10-31 | 2020-03-31 | 卡斯柯信号(郑州)有限公司 | Information security method and device for rail transit zone controller |
| CN111314072A (en) * | 2020-02-21 | 2020-06-19 | 北京邮电大学 | Extensible identity authentication method and system based on SM2 algorithm |
| CN111614621A (en) * | 2020-04-20 | 2020-09-01 | 深圳奇迹智慧网络有限公司 | Internet of things communication method and system |
-
2021
- 2021-06-25 CN CN202110709360.9A patent/CN113472526B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008053279A1 (en) * | 2006-11-01 | 2008-05-08 | Danske Bank A/S | Logging on a user device to a server |
| CN104158653A (en) * | 2014-08-14 | 2014-11-19 | 华北电力大学句容研究中心 | Method of secure communication based on commercial cipher algorithm |
| CN107733747A (en) * | 2017-07-28 | 2018-02-23 | 国网江西省电力公司上饶供电分公司 | Towards the common communication access system of multiple service supporting |
| CN110944327A (en) * | 2019-10-31 | 2020-03-31 | 卡斯柯信号(郑州)有限公司 | Information security method and device for rail transit zone controller |
| CN111314072A (en) * | 2020-02-21 | 2020-06-19 | 北京邮电大学 | Extensible identity authentication method and system based on SM2 algorithm |
| CN111614621A (en) * | 2020-04-20 | 2020-09-01 | 深圳奇迹智慧网络有限公司 | Internet of things communication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113472526A (en) | 2021-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113472526B (en) | Internet of things equipment line protection method based on security chip | |
| CN110380852B (en) | Bidirectional authentication method and communication system | |
| US8239679B2 (en) | Authentication method, client, server and system | |
| CN110213044B (en) | Quantum-computation-resistant HTTPS signcryption communication method and system based on multiple asymmetric key pools | |
| CN101640590B (en) | Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof | |
| CN109150517B (en) | Secret key safety management system and method based on SGX | |
| CN102572817B (en) | Method and intelligent memory card for realizing mobile communication confidentiality | |
| US20030026433A1 (en) | Method and apparatus for cryptographic key establishment using an identity based symmetric keying technique | |
| CN110048849B (en) | Multi-layer protection session key negotiation method | |
| CN101129018A (en) | Small public-key based digital signatures for authentication | |
| CN105391734A (en) | Secure login system, secure login method, login server and authentication server | |
| CN102664898A (en) | Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system | |
| CN103444123A (en) | Shared key establishment and distribution | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN113630248B (en) | Session key negotiation method | |
| CN103701787A (en) | User name password authentication method implemented on basis of public key algorithm | |
| CN103117851A (en) | Encryption control method and device capable of achieving tamper-proofing and repudiation-proofing by means of public key infrastructure (PKI) | |
| CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
| CN104243493A (en) | Network identity authentication method and system | |
| CN108809936A (en) | A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN114650173A (en) | Encryption communication method and system | |
| CN106992866A (en) | It is a kind of based on wireless network access methods of the NFC without certificate verification | |
| CN113839786B (en) | Key distribution method and system based on SM9 key algorithm | |
| CN106330430B (en) | A kind of third party's method of mobile payment based on NTRU |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |