CN113591103B - Identity authentication method and system between intelligent terminals of electric power Internet of things - Google Patents

Identity authentication method and system between intelligent terminals of electric power Internet of things Download PDF

Info

Publication number
CN113591103B
CN113591103B CN202110729057.5A CN202110729057A CN113591103B CN 113591103 B CN113591103 B CN 113591103B CN 202110729057 A CN202110729057 A CN 202110729057A CN 113591103 B CN113591103 B CN 113591103B
Authority
CN
China
Prior art keywords
node
intelligent terminal
platform
public key
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110729057.5A
Other languages
Chinese (zh)
Other versions
CN113591103A (en
Inventor
刘宣
唐悦
任毅
李然
张海龙
郑国权
苏涛
林航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electric Power Research Institute Co Ltd CEPRI
Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd
Original Assignee
China Electric Power Research Institute Co Ltd CEPRI
Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electric Power Research Institute Co Ltd CEPRI, Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd filed Critical China Electric Power Research Institute Co Ltd CEPRI
Priority to CN202110729057.5A priority Critical patent/CN113591103B/en
Publication of CN113591103A publication Critical patent/CN113591103A/en
Application granted granted Critical
Publication of CN113591103B publication Critical patent/CN113591103B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/35Utilities, e.g. electricity, gas or water
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y20/00Information sensed or collected by the things
    • G16Y20/40Information sensed or collected by the things relating to personal data, e.g. biometric data, records or preferences
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Small-Scale Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an identity authentication method and system between intelligent terminals of an electric power Internet of things, wherein a safe main platform is built in the electric power Internet of things, a safe sub-platform and an intelligent terminal node are provided with three-layer authentication structures, a chip I D number is configured for each node of an access network, a I D public-private key pair is configured according to I D numbers, information distribution and transmission are completed based on I D public-private key pairs, intelligent terminal nodes register on the sub-platform to become registered nodes, then a mapping algorithm is adopted to extract a node private key and a node public key from a public key factor matrix and a private key factor matrix of the safe main platform based on node identification, and finally identity authentication is completed between the registered nodes based on the node private key and the node public key. The authentication mechanism designed based on the combined public key system can well overcome the defects of the PKI scheme in the prior art, solves the problem of reduced CA authority and efficiency of PKI, and has strong engineering practicability.

Description

Identity authentication method and system between intelligent terminals of electric power Internet of things
Technical Field
The invention relates to the field of electric power Internet of things, in particular to an identity authentication method and system between intelligent terminals of the electric power Internet of things.
Background
The intelligent terminal of the electric power Internet of things is an important infrastructure in the intelligent power grid, and is widely applied to the fields of power grid infrastructure monitoring, power production, power grid operation and maintenance, power service data acquisition, intelligent service application and the like. Because the electric power system has higher requirements on reliability, real-time performance and safety, the electric power Internet of things has higher requirements on safety protection compared with the conventional Internet of things system.
Identity authentication is a method and mechanism for confirming whether an entity has access rights to a certain resource or service in an information system through a cryptographic means. Along with the progress of science and technology, the number of intelligent terminal nodes in the electric power internet of things is increased, and the demand for identity authentication is also urgent.
Since the first time it was proposed in the 70 s of the last century, public key cryptography has evolved rapidly, and various identity authentication schemes and protocol layers based thereon have emerged. In the field of electric power Internet of things, PKI public key system is a mainstream public key cryptographic solution at present, but the public key cryptographic solution still has the problems that the trust relationship is unreliable, the public key cryptographic solution is easily attacked by a third party and the information transfer efficiency is low due to multi-layer message transfer.
Disclosure of Invention
In order to solve the technical problems that in the prior art, when a public key cryptography technology is adopted to carry out identity authentication between intelligent terminals of the electric power Internet of things, a trust relationship is unreliable and is easy to suffer from a third party attack due to multi-layer information transfer, and the information transfer efficiency is low, the invention provides an identity authentication method between intelligent terminals of the electric power Internet of things, which comprises the following steps:
Registration node a uses node private key K PRIA Signature node identification N A Generating a signature S A2 After that, the node is identified N A And signature S A2 The method comprises the steps of sending the information to a registration node B, wherein the registration node A and the registration node B are intelligent terminal nodes which are successfully registered on a security sub-platform of the electric power Internet of things, and obtain a node private key, a node identifier and a public key factor matrix sent by the security sub-platform, and the public key factor matrix is generated by a security main platform of the electric power Internet of things;
node identification N based on registration node A A Registration node A's node public key K PUBA The registered node B is extracted from the public key factor matrix and based on the public key K of the registered node A PUBA Verification signature S A2 When verifying the signature S A2 When successful, the registration node A is authenticated by the registration node B;
the registration node A receives the node identification N sent by the registration node B B And signature S B2 Wherein the signature S B2 Use of node private key K by registered node B PRIB Signature node identification N B Generating;
the registration node A receives the node identification N of the registration node B B Extracting node public key K of registered node B from public key factor matrix PUBB Registration node A uses the public key K of registration node B PUBB Verification signature S B2 When verifying the signature S B2 And when successful, the authentication of the registration node A to the registration node B is passed, and the two-way authentication of the registration node A and the registration node B is completed.
Further, the node private key K is used at the registration node A PRIA Signature node identification N A Generating a signature S A2 After that, the node is identified N A And signature S A2 The method also comprises the following steps before being sent to the registration node B:
the security sub-platform of the electric power internet of things, to which the intelligent terminal node A and the intelligent terminal node B belong, receives a signature S sent by the intelligent terminal node A when the electric power internet of things is accessed for the first time A1 And node information M A With node ID public key K IDPUBA Verification signature S A1 And review the node information M A When signature S A1 Verification pass and node information M A When the auditing passes, generating a node identifier N A The method comprises the steps of carrying out a first treatment on the surface of the According to the node identification N A Calculating a node private key K of the intelligent terminal node A from a public key factor matrix PUB and a private key factor matrix PRI generated by a security main platform of the electric power Internet of things PRIA Public key K of node PUBA The method comprises the steps of carrying out a first treatment on the surface of the Receiving signature S sent by intelligent terminal node B when power internet of things is accessed for the first time B1 And node information M B With node ID public key K IDPUBB Verification signature S B1 And review the node information M B When signature S B1 Verification pass and node information M B When the auditing passes, generating a node identifier N B According to the node identification N B Calculating node private key K of intelligent terminal node B from public key factor matrix PUB and private key factor matrix PRI generated by electric power internet of things security main platform PRIB Public key K of node PUBB The method comprises the steps of carrying out a first treatment on the surface of the Wherein the signature S A1 Is the ID private key K of the intelligent terminal node A IDPRIA Node information M A Signature performed, signature S B1 Is the ID private key K of the intelligent terminal node B IDPRIB Node information M B A signature performed;
electric power internet of things safety main platform ID public key K for electric power internet of things safety sub-platform to which intelligent terminal node A and intelligent terminal node B belong IDPUB2 Encrypting the node identification N A 、N B Node public key K PUBA 、K PUBB With node private key K PRIA 、K PRIB After generating the second encryption information, the second encryption information is sent to the electric power internet of things security main platform, so that the electric power internet of things security main platform uses the ID private key K thereof IDPRI2 Decrypting the describedObtaining node identification N of the intelligent terminal node A by the second encryption information A Node public key K PUBA With node private key K PRIA And node identification N of intelligent terminal node B B Node public key K PUBB With node private key K PRIB Storing;
node ID public key K for electric power Internet of things security sub-platform to which intelligent terminal node A and intelligent terminal node B belong IDPUBA Encryption node private key K PRIA Public key factor matrix PUB, node identification N A Generating third encryption information, and sending the third encryption information to the intelligent terminal node A, so that the intelligent terminal node A applying for registration becomes a registration node A, and utilizing the node ID private key K IDPRIA Decrypting the third encrypted information to obtain a node private key K PRIA Public key factor matrix PUB, node identification N A The method comprises the steps of carrying out a first treatment on the surface of the Using node ID public key K IDPUBB Encryption node private key K PRIB Public key factor matrix PUB, node identification N B After generating the third encryption information, sending the third encryption information to the intelligent terminal node B applying for registration, so that the intelligent terminal node B applying for registration becomes the registered node B, and utilizing the node ID private key K IDPRIB Decrypting the third encrypted information to obtain a node private key K PRIB Public key factor matrix PUB, node identification N B
Further, when the intelligent terminal node A accesses the electric power Internet of things for the first time, the node ID private key K of the intelligent terminal node A is used IDPRIA Node information M A Signature and sign S A1 And node information M A The power Internet of things security sub-platform is sent to the power Internet of things security sub-platform to which the node belongs; the node B of the intelligent terminal uses the node ID private key K of the node B when the electric power internet of things is accessed for the first time IDPRIB Node information M B Signature and sign S B1 And node information M B Before being sent to the security sub-platform of the electric power Internet of things to which the node belongs, the method further comprises the following steps:
configuring chip ID numbers for an intelligent terminal node A and an intelligent terminal node B which are connected to the electric power Internet of things, and configuring a node ID private key K according to the chip ID numbers of the intelligent terminal node A IDPRIA And node ID public key K IDPUBA According toThe chip ID number of the intelligent terminal node B configures a node ID private key K IDPRIB And node ID public key K IDPUBB Recording node ID public and private key pairs of an intelligent terminal node A and an intelligent terminal node B on an electric power Internet of things security sub-platform to which the intelligent terminal node belongs;
configuring a sub-platform ID number for the security sub-platform of the electric power Internet of things, and configuring a sub-platform ID private key K according to the sub-platform ID number IDPRI1 Sub-platform ID public key K IDPUB1 Recording the sub-platform ID public and private key pair in a safe main platform of the electric power Internet of things;
configuring a main platform ID number for a security main platform of the electric power Internet of things, and configuring a main platform ID private key K according to the main platform ID number IDPRI2 And a master platform ID public key K IDPUB2 And recording the ID public and private key pair of the main platform on a security sub-platform of the electric power Internet of things.
Further, the electric power internet of things comprises a safety main platform and at least two safety sub-platforms belonging to the safety main platform.
Further, one intelligent terminal node may belong to a plurality of security sub-platforms, and one time period may belong to only one security sub-platform.
According to another aspect of the present invention, there is provided an identity authentication system between intelligent terminals of an electric power internet of things, the system comprising:
The security main platform is used for generating a public key factor matrix and sending the public key factor matrix to the security sub-platform for storage;
the security sub-platform is used for receiving signatures and node information sent by subordinate intelligent terminal nodes A and intelligent terminal nodes B, registering the intelligent terminal nodes A and the intelligent terminal nodes B according to the signatures and the node information, and after the intelligent terminal nodes A and the intelligent terminal nodes B are successfully registered to become registered nodes A and registered nodes B, sending node private keys, node identifiers and public key factor matrixes of the registered nodes A and the registered nodes B to the intelligent terminal nodes, wherein the signatures are the signatures of the intelligent terminal nodes A and the intelligent terminal nodes B to the node information by using node ID private keys of the intelligent terminal nodes A and the intelligent terminal nodes B when the electric power internet of things is accessed for the first time;
the intelligent terminal node A and the intelligent terminal node B are used for registering when the electric power Internet of things security sub-platform to which the node belongs is accessed for the first time, becoming a registered node A and a registered node B when the registration is successful, receiving a node private key, a node identifier and a public key factor matrix sent by the electric power Internet of things security sub-platform to which the node belongs, and completing identity authentication according to the node private key, the node identifier and the public key factor matrix, wherein the registered node A uses a node private key K PRIA Signature node identification N A Generating a signature S A2 After that, the node is identified N A And signature S A2 Transmitting to a registration node B; node identification N based on registration node A A Registration node A's node public key K PUBA The registered node B is extracted from the public key factor matrix and based on the public key K of the registered node A PUBA Verification signature S A2 When verifying the signature S A2 When successful, the registration node A is authenticated by the registration node B; the registration node A receives the node identification N sent by the registration node B B And signature S B2 Wherein the signature S B2 Use of node private key K by registered node B PRIB Signature node identification N B Generating; the registration node A receives the node identification N of the registration node B B Extracting node public key K of registered node B from public key factor matrix PUBB Registration node A uses the public key K of registration node B PUBB Verification signature S B2 When verifying the signature S B2 And when successful, the authentication of the registration node A to the registration node B is passed, and the two-way authentication of the registration node A and the registration node B is completed.
Further, the electric power internet of things security main platform is further used for generating a private key factor matrix PRIB and using a sub-platform ID public key K IDPUB1 After encrypting the public key factor matrix PUB and the private key factor matrix PRI to generate first encrypted information, distributing the first encrypted information to a security sub-platform; private key K with its ID IDPRIB2 Decrypting the second encryption information to obtain a node identifier N of the intelligent terminal node A A Node public key K PUBA And section (C)Point private key K PRIA And node identification N of intelligent terminal node B B Node public key K PUBB With node private key K PRIB Storing;
the electric power internet of things security sub-platform is also used for using an ID private key K thereof IDPRI1 Decrypting the first encryption information to obtain a public key factor matrix PUB and a private key factor matrix PRI; receiving signature S of intelligent terminal node A A1 And node information M A And signature S with intelligent terminal node B B1 And node information M B The method comprises the steps of carrying out a first treatment on the surface of the Using node ID public key K IDPUBA Verification signature S A1 And review the node information M A When signature S A1 Verification pass and node information M A When the auditing passes, generating a node identifier N A The method comprises the steps of carrying out a first treatment on the surface of the Using node ID public key K IDPUBB Verification signature S B1 And review the node information M B When signature S B1 Verification pass and node information M B When the auditing passes, generating a node identifier N B The method comprises the steps of carrying out a first treatment on the surface of the According to the node identification N A Calculating a node private key K of the intelligent terminal node from a public key factor matrix PUB and a private key factor matrix PRI generated by a security main platform of the electric power Internet of things PRIA Public key K of node PUBA According to the node identification N B Calculating a node private key K of the intelligent terminal node from a public key factor matrix PUB and a private key factor matrix PRI generated by a security main platform of the electric power Internet of things PRIB Public key K of node PUBB Electric power internet of things security main platform ID public key K IDPUB2 Encrypting the node identification N A 、N B Node public key K PUBA 、K PUBB With node private key K PRIA 、K PRIB After generating second encryption information, sending the second encryption information to a security main platform of the electric power Internet of things; using node ID public key K IDPUBA Encryption node private key K PRIA Public key factor matrix PUB, node identification N A After generating third encryption information, sending the third encryption information to an intelligent terminal node A applying for registration, and using a node ID public key K IDPUBB Encryption node private key K PRIB Public key factor matrix PUB, node identification N B After generating third encryption information, sending the third encryption information to an intelligent terminal node B applying for registration;
the intelligent terminal node A is also used for using the node ID private key K when the electric power internet of things is accessed for the first time IDPRIA Node information M A Signature and sign S A1 And node information M A The method comprises the steps of sending the power to a security sub-platform of the electric power Internet of things to which the node belongs for registration; when the intelligent terminal node A is successfully registered to become a registered node A, the intelligent terminal node A is also used for utilizing the node ID private key K IDPRIA Decrypting the third encrypted information to obtain a node private key K PRIA Public key factor matrix PUB, node identification N A
The intelligent terminal node B is also used for using the node ID private key K when the electric power internet of things is accessed for the first time IDPRIB Node information M B Signature and sign S B1 And node information M B The power Internet of things security sub-platform is sent to the power Internet of things security sub-platform to which the node belongs; when the intelligent terminal node B is successfully registered to become the registered node B, the intelligent terminal node B is also used for utilizing the node ID private key K IDPRIB Decrypting the third encrypted information to obtain a node private key K PRIB Public key factor matrix PUB, node identification N B
Further, the system also comprises a configuration unit for configuring chip ID numbers for the intelligent terminal node A and the intelligent terminal node B which access the electric power Internet of things, and configuring a node ID private key K according to the chip ID numbers of the intelligent terminal node A IDPRIA And node ID public key K IDPUBA Node ID private key K is configured according to chip ID number of intelligent terminal node B IDPRIB And node ID public key K IDPUBB And recording node ID public and private key pairs of the intelligent terminal node A and the intelligent terminal node B on a security sub-platform of the electric power Internet of things to which the intelligent terminal node belongs.
Further, the system comprises a security main platform and at least two security sub-platforms belonging to the security main platform.
Further, one intelligent terminal node may belong to a plurality of security sub-platforms, and one time period may belong to only one security sub-platform.
According to the identity authentication method and system between the intelligent terminals of the electric power Internet of things, a safe main platform is built on the electric power Internet of things, a safe sub-platform and three-layer authentication structure of the intelligent terminal nodes are provided, chip ID numbers are configured for the nodes of each access network, ID public and private key pairs are configured according to the ID numbers, information distribution and transmission are completed based on the ID public and private key pairs, the intelligent terminal nodes register on the sub-platform to be registered nodes, then based on node identification, a mapping algorithm is adopted to extract node private keys and node public keys from a public key factor matrix and a private key factor matrix of the safe main platform, and finally, identity authentication is completed between the registered nodes based on the node private keys and the node public keys. The method and the system can well overcome the defects of a PKI scheme in the prior art based on an authentication mechanism designed by a combined public key system (CPK), and the structure of the CPK system can be understood to be a single-layer CA mode aiming at the problem of PKI third party attack, so that identity authentication is completed immediately after key pair generation, the process that information is transmitted layer by layer through a multi-level trust chain is omitted, and the problem of reduction of the authority and efficiency of the PKI CA is solved. The CPK generates a large number of keys by virtue of a small amount of resources, is very suitable for the identity authentication scene of mass power grid terminal equipment, is easy to adapt to a complex intelligent power Internet of things terminal due to the lightweight characteristic, and has strong engineering practicability.
Drawings
Exemplary embodiments of the present invention may be more completely understood in consideration of the following drawings:
fig. 1 is a flowchart of an identity authentication method between intelligent terminals of an electric power internet of things according to a preferred embodiment of the present invention;
fig. 2 is a schematic structural diagram of an identity authentication system between intelligent terminals of an electric power internet of things according to a preferred embodiment of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the examples described herein, which are provided to fully and completely disclose the present invention and fully convey the scope of the invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, like elements/components are referred to by like reference numerals.
Unless otherwise indicated, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. In addition, it will be understood that terms defined in commonly used dictionaries should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Fig. 1 is a flowchart of an identity authentication method between intelligent terminals of an electric power internet of things according to a preferred embodiment of the present invention. As shown in fig. 1, in the preferred embodiment, a new energy automobile a and an intelligent charging pile B are taken as examples, and an identity authentication method between intelligent terminals of an electric power internet of things is specifically described. The identity authentication method 100 between the intelligent terminals of the electric power internet of things starts from step 101.
In step 101, chip ID numbers are configured for an intelligent terminal node A and an intelligent terminal node B accessing to the electric power Internet of things, and a node ID private key K is configured according to the chip ID numbers of the intelligent terminal node A IDPRIA And node ID public key K IDPUBA Node ID private key K is configured according to chip ID number of intelligent terminal node B IDPRIB And node ID public key K IDPUBB Recording node ID public and private key pairs of an intelligent terminal node A and an intelligent terminal node B on an electric power Internet of things security sub-platform to which the intelligent terminal node belongs; configuring a sub-platform ID number for the security sub-platform of the electric power Internet of things, and configuring a sub-platform ID private key K according to the sub-platform ID number IDPRI1 Sub-platform ID public key K IDPUB1 Recording the sub-platform ID public and private key pair in a safe main platform of the electric power Internet of things; configuring a main platform ID number for a security main platform of the electric power Internet of things, and configuring a main platform ID private key K according to the main platform ID number IDPRI2 And a master platform ID public key K IDPUB2 Recording the ID public and private key pair of the main platform in a security sub-platform of the electric power Internet of things; the electric power internet of things security main platform generates a public key factor matrix PUB and a private key factor matrix PRI, and uses the public key factor matrix PUB and the private key factor matrix PRIPlatform ID public key K IDPUB1 After encrypting the public key factor matrix PUB and the private key factor matrix PRI to generate first encrypted information, distributing the first encrypted information to a security sub-platform; the security sub-platform uses its ID private key K IDPRI1 And decrypting the first encryption information to obtain a public key factor matrix PUB and a private key factor matrix PRI.
In step 102, when the intelligent terminal node a first accesses to the power internet of things, it uses its node ID private key K IDPRIA Node information M A Signature and sign S A1 And node information M A The power Internet of things security sub-platform is sent to the power Internet of things security sub-platform to which the node belongs; the node B of the intelligent terminal uses the node ID private key K of the node B when the electric power internet of things is accessed for the first time IDPRIB Node information M B Signature and sign S B1 And node information M B The power Internet of things security sub-platform is sent to the power Internet of things security sub-platform to which the node belongs;
in step 103, the node ID public key K for the security sub-platform of the electric power internet of things to which the node belongs IDPUBA Verification signature S A1 And review the node information M A When signature S A1 Verification pass and node information M A When the auditing passes, generating a node identifier N A The method comprises the steps of carrying out a first treatment on the surface of the Using node ID public key K IDPUBB Verification signature S B1 And review the node information M B When signature S B1 Verification pass and node information M B When the auditing passes, generating a node identifier N B The method comprises the steps of carrying out a first treatment on the surface of the According to the node identification N A Calculating a node private key K of the intelligent terminal node A from a public key factor matrix PUB and a private key factor matrix PRI generated by a security main platform of the electric power Internet of things PRIA Public key K of node PUBA According to the node identification N B Calculating node private key K of intelligent terminal node B from public key factor matrix PUB and private key factor matrix PRI generated by electric power internet of things security main platform PRIB Public key K of node PUBB Electric power internet of things security main platform ID public key K IDPUB2 Encrypting the node identification N A 、N B Node public key K PUBA 、K PUBB With node private key K PRIA 、K PRIB Generating second encryption informationAnd then, the second encrypted information is sent to the electric power internet of things security main platform.
In the preferred embodiment, the node identifier is a variable, and the public key and the private key of the node can be extracted from the public key factor matrix and the private key factor matrix by inputting the node identifier value into a preset mapping algorithm.
In step 104, the security host platform of the electric power internet of things uses its ID private key K IDPRI2 Decrypting the second encryption information to obtain a node identifier N of the intelligent terminal node A A Node public key K PUBA With node private key K PRIA And node identification N of intelligent terminal node B B Node public key K PUBB With node private key K PRIB And storing.
In step 105, the node ID public key K for the security sub-platform of the electric power internet of things to which the intelligent terminal node a belongs IDPUBA Encryption node private key K PRIA Public key factor matrix PUB, node identification N A After generating third encryption information, sending the third encryption information to an intelligent terminal node A applying for registration, wherein the intelligent terminal node B belongs to a node ID public key K for a security sub-platform of the electric power Internet of things IDPUBB Encryption node private key K PRIB Public key factor matrix PUB, node identification N B After generating third encryption information, sending the third encryption information to an intelligent terminal node B applying for registration;
in step 106, the intelligent terminal node A applying for registration becomes the registration node A and uses the node ID private key K IDPRIA Decrypting the third encrypted information to obtain a node private key K PRIA Public key factor matrix PUB, node identification N A The method comprises the steps of carrying out a first treatment on the surface of the The intelligent terminal node B applying for registration becomes a registration node B and uses the node ID private key K IDPRIB Decrypting the third encrypted information to obtain a node private key K PRIB Public key factor matrix PUB, node identification N B
In step 107, registration node a uses node private key K PRIA Signature node identification N A Generating a signature S A2 After that, the node is identified N A And signature S A2 Sent to the registration node BA place;
in step 108, node identification N based on registered node A A Registration node A's node public key K PUBA The registered node B is extracted from the public key factor matrix and based on the public key K of the registered node A PUBA Verification signature S A2 When verifying the signature S A2 When successful, the registration node A is authenticated by the registration node B;
in step 109, the registration node A receives the node identification N sent by the registration node B B And signature S B2 Wherein the signature S B2 Use of node private key K by registered node B PRIB Signature node identification N B Generating;
in step 110, the registration node A receives the node identification N of the registration node B B Extracting node public key K of registered node B from public key factor matrix PUBB Registration node A uses the public key K of registration node B PUBB Verification signature S B2 When verifying the signature S B2 And when successful, the authentication of the registration node A to the registration node B is passed, and the two-way authentication of the registration node A and the registration node B is completed.
Preferably, the electric power internet of things comprises a safety main platform and at least two safety sub-platforms belonging to the safety main platform.
Further, one intelligent terminal node may belong to a plurality of security sub-platforms, and one time period may belong to only one security sub-platform. In this embodiment, the intelligent charging pile is not movable, and therefore belongs to one safety sub-platform before being removed, while the new energy automobile is movable, and therefore, in different time periods, when the intelligent charging pile is located at different positions, the intelligent charging pile may belong to different safety sub-platforms.
Fig. 2 is a schematic structural diagram of an identity authentication system between intelligent terminals of an electric power internet of things according to a preferred embodiment of the present invention. As shown in fig. 2, an identity authentication system 200 between intelligent terminals of the power internet of things according to the preferred embodiment includes:
configuration unit 201 is intelligent terminal node A and intelligent for accessing electric power Internet of thingsThe terminal node B can configure the chip ID number, and the node ID private key K is configured according to the chip ID number of the intelligent terminal node A IDPRIA And node ID public key K IDPUBA Node ID private key K is configured according to chip ID number of intelligent terminal node B IDPRIB And node ID public key K IDPUBB Recording node ID public and private key pairs of an intelligent terminal node A and an intelligent terminal node B on an electric power Internet of things security sub-platform to which the intelligent terminal node belongs;
configuring a sub-platform ID number for the security sub-platform of the electric power Internet of things, and configuring a sub-platform ID private key K according to the sub-platform ID number IDPRI1 Sub-platform ID public key K IDPUB1 Recording the sub-platform ID public and private key pair in a safe main platform of the electric power Internet of things; configuring a main platform ID number for a security main platform of the electric power Internet of things, and configuring a main platform ID private key K according to the main platform ID number IDPRI2 And a master platform ID public key K IDPUB2 Recording the ID public and private key pair of the main platform in a security sub-platform of the electric power Internet of things; generating a public key factor matrix PUB and a private key factor matrix PRI by the security main platform of the electric power Internet of things, and using a sub-platform ID public key K IDPUB1 After encrypting the public key factor matrix PUB and the private key factor matrix PRI to generate first encrypted information, distributing the first encrypted information to a security sub-platform; the security sub-platform uses its ID private key K IDPRI1 And decrypting the first encryption information to obtain a public key factor matrix PUB and a private key factor matrix PRI.
The security main platform 202 is configured to generate a public key factor matrix, and send the public key factor matrix to the security sub-platform for storage;
the security sub-platform 203 is configured to receive signatures and node information sent by a subordinate intelligent terminal node a and an intelligent terminal node B, register the intelligent terminal node a and the intelligent terminal node B according to the signatures and the node information, and send node private keys, node identifiers and public key factor matrices of the registration node a and the registration node B to the intelligent terminal node after the intelligent terminal node a and the intelligent terminal node B are successfully registered to become the registration node a and the registration node B, where the signatures are signatures of the intelligent terminal node a and the intelligent terminal node B on the node information by using their node ID private keys when the intelligent terminal node a and the intelligent terminal node B access the power internet of things for the first time, and the signatures are signatures of the intelligent terminal node a and the intelligent terminal node B on the node information by using the node ID private keys when the intelligent terminal node a and the intelligent terminal node B access the power internet of things for the first time.
The intelligent terminal node A and the intelligent terminal node B are used for registering when the electric power Internet of things security sub-platform to which the node belongs is accessed for the first time, becoming a registered node A and a registered node B when the registration is successful, receiving a node private key, a node identifier and a public key factor matrix sent by the electric power Internet of things security sub-platform to which the node belongs, and completing identity authentication according to the node private key, the node identifier and the public key factor matrix, wherein the registered node A uses a node private key K PRIA Signature node identification N A Generating a signature S A2 After that, the node is identified N A And signature S A2 Transmitting to a registration node B; node identification N based on registration node A A Registration node A's node public key K PUBA The registered node B is extracted from the public key factor matrix and based on the public key K of the registered node A PUBA Verification signature S A2 When verifying the signature S A2 When successful, the registration node A is authenticated by the registration node B; the registration node A receives the node identification N sent by the registration node B B And signature S B2 Wherein the signature S B2 Use of node private key K by registered node B PRIB Signature node identification N B Generating; the registration node A receives the node identification N of the registration node B B Extracting node public key K of registered node B from public key factor matrix PUBB Registration node A uses the public key K of registration node B PUBB Verification signature S B2 When verifying the signature S B2 And when successful, the authentication of the registration node A to the registration node B is passed, and the two-way authentication of the registration node A and the registration node B is completed.
Preferably, the electric power internet of things security main platform 202 is further configured to generate a private key factor matrix PRIB and use a sub-platform ID public key K IDPUB1 After encrypting the public key factor matrix PUB and the private key factor matrix PRIB to generate first encrypted information, distributing the first encrypted information toProviding a security sub-platform; private key K with its ID IDPRIB2 Decrypting the second encryption information to obtain a node identifier N of the intelligent terminal node A A Node public key K PUBA With node private key K PRIA And node identification N of intelligent terminal node B B Node public key K PUBB With node private key K PRIB Storing;
the electric power internet of things sub-platform 203 is further configured to use its ID private key K IDPRI1 Decrypting the first encryption information to obtain a public key factor matrix PUB and a private key factor matrix PRI; receiving signature S of intelligent terminal node A A1 And node information M A And signature S with intelligent terminal node B B1 And node information M B The method comprises the steps of carrying out a first treatment on the surface of the Using node ID public key K IDPUBA Verification signature S A1 And review the node information M A When signature S A1 Verification pass and node information M A When the auditing passes, generating a node identifier N A The method comprises the steps of carrying out a first treatment on the surface of the Using node ID public key K IDPUBB Verification signature S B1 And review the node information M B When signature S B1 Verification pass and node information M B When the auditing passes, generating a node identifier N B The method comprises the steps of carrying out a first treatment on the surface of the According to the node identification N A Calculating a node private key K of the intelligent terminal node from a public key factor matrix PUB and a private key factor matrix PRI generated by a security main platform of the electric power Internet of things PRIA Public key K of node PUBA According to the node identification N B Calculating a node private key K of the intelligent terminal node from a public key factor matrix PUB and a private key factor matrix PRI generated by a security main platform of the electric power Internet of things PRIB Public key K of node PUBB Electric power internet of things security main platform ID public key K IDPUB2 Encrypting the node identification N A 、N B Node public key K PUBA 、K PUBB With node private key K PRIA 、K PRIB After generating second encryption information, sending the second encryption information to a security main platform of the electric power Internet of things; using node ID public key K IDPUBA Encryption node private key K PRIA Public key factor matrix PUB, node identification N A After generating the third encryption information, the methodThe third encryption information is sent to the intelligent terminal node A applying for registration, and the node ID public key K is used IDPUBB Encryption node private key K PRIB Public key factor matrix PUB, node identification N B After generating third encryption information, sending the third encryption information to an intelligent terminal node B applying for registration;
The intelligent terminal node A is also used for using the node ID private key K when the electric power internet of things is accessed for the first time IDPRIA Node information M A Signature and sign S A1 And node information M A The method comprises the steps of sending the power to a security sub-platform of the electric power Internet of things to which the node belongs for registration; when the intelligent terminal node A is successfully registered to become a registered node A, the intelligent terminal node A is also used for utilizing the node ID private key K IDPRIA Decrypting the third encrypted information to obtain a node private key K PRIA Public key factor matrix PUB, node identification N A
The intelligent terminal node B is also used for using the node ID private key K when the electric power internet of things is accessed for the first time IDPRIB Node information M B Signature and sign S B1 And node information M B The power Internet of things security sub-platform is sent to the power Internet of things security sub-platform to which the node belongs; when the intelligent terminal node B is successfully registered to become the registered node B, the intelligent terminal node B is also used for utilizing the node ID private key K IDPRIB Decrypting the third encrypted information to obtain a node private key K PRIB Public key factor matrix PUB, node identification N B
Preferably, the system comprises one security master platform and at least two security sub-platforms belonging to the security master platform.
Preferably, one intelligent terminal node may belong to a plurality of security sub-platforms, and one time period may belong to only one security sub-platform.
The step of the identity authentication system between the intelligent terminals of the electric power internet of things for realizing the identity authentication between the registered intelligent terminal nodes is the same as the step adopted by the method for realizing the identity authentication between the intelligent terminals of the electric power internet of things, and the technical effects achieved are the same, and are not repeated here.
The invention has been described with reference to a few embodiments. However, as is well known to those skilled in the art, other embodiments than the above disclosed invention are equally possible within the scope of the invention, as defined by the appended patent claims.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise therein. All references to "a/an/the [ means, component, etc. ]" are to be interpreted openly as referring to at least one instance of said means, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.

Claims (10)

1. An identity authentication method between intelligent terminals of an electric power internet of things is characterized by comprising the following steps:
registration node a uses node private key K PRIA Signature node identification N A Generating a signature S A2 After that, the node is identified N A And signature S A2 The method comprises the steps of sending the information to a registration node B, wherein the registration node A and the registration node B are intelligent terminal nodes which are successfully registered on a security sub-platform of the electric power Internet of things, and obtain a node private key, a node identifier and a public key factor matrix sent by the security sub-platform, and the public key factor matrix is generated by a security main platform of the electric power Internet of things;
node identification N based on registration node A A Registration node A's node public key K PUBA The registered node B is extracted from the public key factor matrix and based on the public key K of the registered node A PUBA Verification signature S A2 When verifying the signature S A2 When successful, the registration node A is authenticated by the registration node B;
the registration node A receives the node identification N sent by the registration node B B And signature S B2 Wherein the signature S B2 Use of node private key K by registered node B PRIB Signature node identification N B Generating;
the registration node A receives the node identification N of the registration node B B Extracting node public key K of registered node B from public key factor matrix PUBB With node public key K of registered node B PUBB Verification signature S B2 When verifying the signature S B2 And when successful, the authentication of the registration node A to the registration node B is passed, and the two-way authentication of the registration node A and the registration node B is completed.
2. The method of claim 1, wherein the node private key K is used at the registration node a PRIA Signature node identification N A Generating a signature S A2 After that, the node is identified N A And signature S A2 The method also comprises the following steps before being sent to the registration node B:
the security sub-platform of the electric power internet of things, to which the intelligent terminal node A and the intelligent terminal node B belong, receives a signature S sent by the intelligent terminal node A when the electric power internet of things is accessed for the first time A1 And node information M A With node ID public key K IDPUBA Verification signature S A1 And review the node information M A When signature S A1 Verification pass and node information M A When the auditing passes, generating a node identifier N A The method comprises the steps of carrying out a first treatment on the surface of the According to the node identification N A Calculating a node private key K of the intelligent terminal node A from a public key factor matrix PUB and a private key factor matrix PRI generated by a security main platform of the electric power Internet of things PRIA Public key K of node PUBA The method comprises the steps of carrying out a first treatment on the surface of the Receiving signature S sent by intelligent terminal node B when power internet of things is accessed for the first time B1 And node information M B With node ID public key K IDPUBB Verification signature S B1 And review the node information M B When signature S B1 Verification pass and node information M B When the auditing passes, generating a node identifier N B According to the node identification N B Calculating node private key K of intelligent terminal node B from public key factor matrix PUB and private key factor matrix PRI generated by electric power internet of things security main platform PRIB Public key K of node PUBB The method comprises the steps of carrying out a first treatment on the surface of the Wherein the signature S A1 Is the ID private key K of the intelligent terminal node A IDPRIA Node information M A Signature performed, signature S B1 Is the ID private key K of the intelligent terminal node B IDPRIB Node information M B A signature performed;
electric power internet of things safety main platform ID public key K for electric power internet of things safety sub-platform to which intelligent terminal node A and intelligent terminal node B belong IDPUB2 Encrypting the node identification N A 、N B Node public key K PUBA 、K PUBB With node private key K PRIA 、K PRIB After generating the second encryption information, the second encryption information is sent to the electric power internet of things security main platform, so that the electric power internet of things security main platform uses the ID private key K thereof IDPRI2 Decrypting the second encryption information to obtain a node identifier N of the intelligent terminal node A A Node public key K PUBA With node private key K PRIA And node identification N of intelligent terminal node B B Node public key K PUBB With node private key K PRIB Storing;
node ID public key K for electric power Internet of things security sub-platform to which intelligent terminal node A and intelligent terminal node B belong IDPUBA Encryption node private key K PRIA Public key factor matrix PUB, node identification N A Generating third encryption information, and sending the third encryption information to the intelligent terminal node A, so that the intelligent terminal node A applying for registration becomes a registration node A, and utilizing the node ID private key K IDPRIA Decrypting the third encrypted information to obtain a node private key K PRIA Public key factor matrix PUB, node identification N A The method comprises the steps of carrying out a first treatment on the surface of the Using node ID public key K IDPUBB Encryption node private key K PRIB Public key factor matrix PUB, node identification N B After generating the third encryption information, encrypting the third encryption informationThe information is sent to the intelligent terminal node B applying for registration, so that the intelligent terminal node B applying for registration becomes the registration node B and utilizes the node ID private key K IDPRIB Decrypting the third encrypted information to obtain a node private key K PRIB Public key factor matrix PUB, node identification N B
3. The method according to claim 2, wherein the intelligent terminal node a uses its node ID private key K when first accessing the power internet of things IDPRIA Node information M A Signature and sign S A1 And node information M A The power Internet of things security sub-platform is sent to the power Internet of things security sub-platform to which the node belongs; the node B of the intelligent terminal uses the node ID private key K of the node B when the electric power internet of things is accessed for the first time IDPRIB Node information M B Signature and sign S B1 And node information M B Before being sent to the security sub-platform of the electric power Internet of things to which the node belongs, the method further comprises the following steps:
configuring chip ID numbers for an intelligent terminal node A and an intelligent terminal node B which are connected to the electric power Internet of things, and configuring a node ID private key K according to the chip ID numbers of the intelligent terminal node A IDPRIA And node ID public key K IDPUBA Node ID private key K is configured according to chip ID number of intelligent terminal node B IDPRIB And node ID public key K IDPUBB Recording node ID public and private key pairs of an intelligent terminal node A and an intelligent terminal node B on an electric power Internet of things security sub-platform to which the intelligent terminal node belongs;
configuring a sub-platform ID number for the security sub-platform of the electric power Internet of things, and configuring a sub-platform ID private key K according to the sub-platform ID number IDPRI1 Sub-platform ID public key K IDPUB1 Recording the sub-platform ID public and private key pair in a safe main platform of the electric power Internet of things;
configuring a main platform ID number for a security main platform of the electric power Internet of things, and configuring a main platform ID private key K according to the main platform ID number IDPRI2 And a master platform ID public key K IDPUB2 Recording the ID public and private key pair of the main platform in a security sub-platform of the electric power Internet of things;
public key factor matrix generated by electric power internet of things safety main platformPUB and private key factor matrix PRI, and sub-platform ID public key K IDPUB1 After encrypting the public key factor matrix PUB and the private key factor matrix PRI to generate first encrypted information, distributing the first encrypted information to a security sub-platform;
the security sub-platform uses its ID private key K IDPRI1 And decrypting the first encryption information to obtain a public key factor matrix PUB and a private key factor matrix PRI.
4. The method of claim 1, wherein the power internet of things comprises one secure master platform and no less than two secure sub-platforms belonging to the secure master platform.
5. The method of claim 4, wherein one intelligent terminal node can belong to a plurality of security sub-platforms, and one time period can only belong to one security sub-platform.
6. An identity authentication system between intelligent terminals of an electric power internet of things, which is characterized by comprising:
the security main platform is used for generating a public key factor matrix and sending the public key factor matrix to the security sub-platform for storage;
the security sub-platform is used for receiving signatures and node information sent by subordinate intelligent terminal nodes A and intelligent terminal nodes B, registering the intelligent terminal nodes A and the intelligent terminal nodes B according to the signatures and the node information, and after the intelligent terminal nodes A and the intelligent terminal nodes B are successfully registered to become registered nodes A and registered nodes B, sending node private keys, node identifiers and public key factor matrixes of the registered nodes A and the registered nodes B to the intelligent terminal nodes, wherein the signatures are the signatures of the intelligent terminal nodes A and the intelligent terminal nodes B to the node information by using node ID private keys of the intelligent terminal nodes A and the intelligent terminal nodes B when the electric power internet of things is accessed for the first time;
The intelligent terminal node A and the intelligent terminal node B are used for registering on the security sub-platform of the electric power Internet of things to which the node belongs when the electric power Internet of things is accessed for the first time, and registering successfullyThe method comprises the steps of becoming a registration node A and a registration node B, receiving a node private key, a node identifier and a public key factor matrix sent by a security sub-platform of the electric power Internet of things to which the registration node A belongs, and completing identity authentication according to the node private key, the node identifier and the public key factor matrix, wherein the registration node A uses a node private key K PRIA Signature node identification N A Generating a signature S A2 After that, the node is identified N A And signature S A2 Transmitting to a registration node B; node identification N based on registration node A A Registration node A's node public key K PUBA The registered node B is extracted from the public key factor matrix and based on the public key K of the registered node A PUBA Verification signature S A2 When verifying the signature S A2 When successful, the registration node A is authenticated by the registration node B; the registration node A receives the node identification N sent by the registration node B B And signature S B2 Wherein the signature S B2 Use of node private key K by registered node B PRIB Signature node identification N B Generating; the registration node A receives the node identification N of the registration node B B Extracting node public key K of registered node B from public key factor matrix PUBB Registration node A uses the public key K of registration node B PUBB Verification signature S B2 When verifying the signature S B2 And when successful, the authentication of the registration node A to the registration node B is passed, and the two-way authentication of the registration node A and the registration node B is completed.
7. The system of claim 6, wherein the power internet of things secure host platform is further configured to generate a private key factor matrix PRIB and use a split platform ID public key K IDPUB1 After encrypting the public key factor matrix PUB and the private key factor matrix PRI to generate first encrypted information, distributing the first encrypted information to a security sub-platform; with its ID private key K IDPRI2 Decrypting the second encryption information to obtain a node identifier N of the intelligent terminal node A A Node public key K PUBA With node private key K PRIA And node identification N of intelligent terminal node B B Node public key K PUBB Private key of nodeK PRIB Storing;
the electric power internet of things security sub-platform is further used for receiving a signature S of the intelligent terminal node A A1 And node information M A And signature S with intelligent terminal node B B1 And node information M B The method comprises the steps of carrying out a first treatment on the surface of the Using node ID public key K IDPUBA Verification signature S A1 And review the node information M A When signature S A1 Verification pass and node information M A When the auditing passes, generating a node identifier N A The method comprises the steps of carrying out a first treatment on the surface of the Using node ID public key K IDPUBB Verification signature S B1 And review the node information M B When signature S B1 Verification pass and node information M B When the auditing passes, generating a node identifier N B The method comprises the steps of carrying out a first treatment on the surface of the According to the node identification N A Calculating a node private key K of the intelligent terminal node from a public key factor matrix PUB and a private key factor matrix PRI generated by a security main platform of the electric power Internet of things PRIA Public key K of node PUBA According to the node identification N B Calculating a node private key K of the intelligent terminal node from a public key factor matrix PUB and a private key factor matrix PRI generated by a security main platform of the electric power Internet of things PRIB Public key K of node PUBB Electric power internet of things security main platform ID public key K IDPUB2 Encrypting the node identification N A 、N B Node public key K PUBA 、K PUBB With node private key K PRIA 、K PRIB After generating second encryption information, sending the second encryption information to a security main platform of the electric power Internet of things; using node ID public key K IDPUBA Encryption node private key K PRIA Public key factor matrix PUB, node identification N A After generating third encryption information, sending the third encryption information to an intelligent terminal node A applying for registration, and using a node ID public key K IDPUBB Encryption node private key K PRIB Public key factor matrix PUB, node identification N B After generating third encryption information, sending the third encryption information to an intelligent terminal node B applying for registration;
The intelligent terminal node A is also used for using the node ID private key K when the electric power internet of things is accessed for the first time IDPRIA Opposite jointPoint information M A Signature and sign S A1 And node information M A The method comprises the steps of sending the power to a security sub-platform of the electric power Internet of things to which the node belongs for registration; when the intelligent terminal node A is successfully registered to become a registered node A, the intelligent terminal node A is also used for utilizing the node ID private key K IDPRIA Decrypting the third encrypted information to obtain a node private key K PRIA Public key factor matrix PUB, node identification N A
The intelligent terminal node B is also used for using the node ID private key K when the electric power internet of things is accessed for the first time IDPRIB Node information M B Signature and sign S B1 And node information M B The power Internet of things security sub-platform is sent to the power Internet of things security sub-platform to which the node belongs; when the intelligent terminal node B is successfully registered to become the registered node B, the intelligent terminal node B is also used for utilizing the node ID private key K IDPRIB Decrypting the third encrypted information to obtain a node private key K PRIB Public key factor matrix PUB, node identification N B
8. The system according to claim 7, further comprising a configuration unit for configuring chip ID numbers for the intelligent terminal node A and the intelligent terminal node B accessing the power Internet of things, and configuring the node ID private key K according to the chip ID number of the intelligent terminal node A IDPRIA And node ID public key K IDPUBA Node ID private key K is configured according to chip ID number of intelligent terminal node B IDPRIB And node ID public key K IDPUBB Recording node ID public and private key pairs of an intelligent terminal node A and an intelligent terminal node B on an electric power Internet of things security sub-platform to which the intelligent terminal node belongs;
configuring a sub-platform ID number for the security sub-platform of the electric power Internet of things, and configuring a sub-platform ID private key K according to the sub-platform ID number IDPRI1 Sub-platform ID public key K IDPUB1 Recording the sub-platform ID public and private key pair in a safe main platform of the electric power Internet of things;
configuring a main platform ID number for a security main platform of the electric power Internet of things, and configuring a main platform ID private key K according to the main platform ID number IDPRI2 And a master platform ID public key K IDPUB2 And pairing the main platform ID public and private keysRecording on a security sub-platform of the electric power Internet of things;
generating a public key factor matrix PUB and a private key factor matrix PRI by the security main platform of the electric power Internet of things, and using a sub-platform ID public key K IDPUB1 After encrypting the public key factor matrix PUB and the private key factor matrix PRI to generate first encrypted information, distributing the first encrypted information to a security sub-platform; the security sub-platform uses its ID private key K IDPRI1 And decrypting the first encryption information to obtain a public key factor matrix PUB and a private key factor matrix PRI.
9. The system of claim 6, wherein the system comprises one secure master platform and no less than two secure sub-platforms belonging to the secure master platform.
10. The system of claim 9, wherein one intelligent terminal node can belong to a plurality of security sub-platforms, and one time period can only belong to one security sub-platform.
CN202110729057.5A 2021-06-29 2021-06-29 Identity authentication method and system between intelligent terminals of electric power Internet of things Active CN113591103B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110729057.5A CN113591103B (en) 2021-06-29 2021-06-29 Identity authentication method and system between intelligent terminals of electric power Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110729057.5A CN113591103B (en) 2021-06-29 2021-06-29 Identity authentication method and system between intelligent terminals of electric power Internet of things

Publications (2)

Publication Number Publication Date
CN113591103A CN113591103A (en) 2021-11-02
CN113591103B true CN113591103B (en) 2024-02-23

Family

ID=78245122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110729057.5A Active CN113591103B (en) 2021-06-29 2021-06-29 Identity authentication method and system between intelligent terminals of electric power Internet of things

Country Status (1)

Country Link
CN (1) CN113591103B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172742B (en) * 2021-12-23 2024-02-20 国网浙江省电力有限公司信息通信分公司 Hierarchical authentication method for electric power Internet of things terminal equipment based on node map and edge authentication
CN115549961A (en) * 2022-08-19 2022-12-30 海南视联通信技术有限公司 Terminal authentication method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019137030A1 (en) * 2018-01-11 2019-07-18 华为技术有限公司 Safety certification method, related device and system
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
CN111835752A (en) * 2020-07-09 2020-10-27 国网山西省电力公司信息通信分公司 Lightweight authentication method based on equipment identity and gateway
CN112887338A (en) * 2021-03-18 2021-06-01 南瑞集团有限公司 Identity authentication method and system based on IBC identification password
CN112948784A (en) * 2021-03-23 2021-06-11 中国信息通信研究院 Internet of things terminal identity authentication method, computer storage medium and electronic equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019137030A1 (en) * 2018-01-11 2019-07-18 华为技术有限公司 Safety certification method, related device and system
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
CN111835752A (en) * 2020-07-09 2020-10-27 国网山西省电力公司信息通信分公司 Lightweight authentication method based on equipment identity and gateway
CN112887338A (en) * 2021-03-18 2021-06-01 南瑞集团有限公司 Identity authentication method and system based on IBC identification password
CN112948784A (en) * 2021-03-23 2021-06-11 中国信息通信研究院 Internet of things terminal identity authentication method, computer storage medium and electronic equipment

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
PKI技术在质检机构客户身份认证系统中的应用;康剑萍;何曙;王沈敏;;质量与认证;20200210(第02期);全文 *
基于区块链技术的跨域身份认证机制研究;张昊迪;刘国荣;汪来富;王帅;;广东通信技术;20180715(第07期);全文 *
移动IPv6网络安全接入认证方案;张志;崔国华;;计算机科学;20091215(第12期);全文 *

Also Published As

Publication number Publication date
CN113591103A (en) 2021-11-02

Similar Documents

Publication Publication Date Title
Wang et al. B-TSCA: Blockchain assisted trustworthiness scalable computation for V2I authentication in VANETs
WO2020133655A1 (en) Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
CN110581854B (en) Intelligent terminal safety communication method based on block chain
CN113591103B (en) Identity authentication method and system between intelligent terminals of electric power Internet of things
CN109861956B (en) Data verification system, method, device and equipment based on state channel
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
CN105721153A (en) System and method for key exchange based on authentication information
CN113079215B (en) Block chain-based wireless security access method for power distribution Internet of things
CN113312608B (en) Electric power metering terminal identity authentication method and system based on time stamp
WO2024027070A1 (en) Terminal device authentication method and system based on identification public key, and computer-readable storage medium
CN114024698A (en) Power distribution Internet of things service safety interaction method and system based on state cryptographic algorithm
Li et al. Research on multidomain authentication of IoT based on cross-chain technology
Abdelfatah et al. Secure VANET authentication protocol (SVAP) using Chebyshev chaotic maps for emergency conditions
CN116388995A (en) Lightweight smart grid authentication method based on PUF
CN115695007A (en) Lightweight authentication key exchange method suitable for metachrosis electric power transaction
Zhang et al. Identity authentication based on domestic commercial cryptography with blockchain in the heterogeneous alliance network
CN113919846A (en) Block link point dynamic grouping method and device, computer equipment and storage medium
CN112926983A (en) Block chain-based deposit certificate transaction encryption system and method
CN110717760A (en) One-stop efficient PKI authentication service method based on block chain
CN116760530A (en) Lightweight authentication key negotiation method for electric power Internet of things terminal
CN114362998B (en) Network security protection method based on edge cloud system
CN115459975A (en) Certificate-free access authentication method for industrial edge equipment based on Chebyshev polynomial
CN101370012B (en) Equity computation faith mechanism construction method based on proxy
Yang et al. Authentication scheme for distributed industrial control system terminals
CN116506104B (en) Method and system for information security interaction of different departments based on cross-chain blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant