CN114070559A - Industrial Internet of things session key negotiation method based on multiple factors - Google Patents

Industrial Internet of things session key negotiation method based on multiple factors Download PDF

Info

Publication number
CN114070559A
CN114070559A CN202111621015.6A CN202111621015A CN114070559A CN 114070559 A CN114070559 A CN 114070559A CN 202111621015 A CN202111621015 A CN 202111621015A CN 114070559 A CN114070559 A CN 114070559A
Authority
CN
China
Prior art keywords
user
server
message
private key
things
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111621015.6A
Other languages
Chinese (zh)
Other versions
CN114070559B (en
Inventor
崔杰
程方正
杨明
张庆阳
顾成杰
仲红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui University
Original Assignee
Anhui University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui University filed Critical Anhui University
Priority to CN202111621015.6A priority Critical patent/CN114070559B/en
Publication of CN114070559A publication Critical patent/CN114070559A/en
Application granted granted Critical
Publication of CN114070559B publication Critical patent/CN114070559B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a multi-factor-based session key negotiation method for an industrial Internet of things. The invention is more realistic based on the environment of a semi-trusted management center, simultaneously the pseudonym of the user is generated by the user and the server together, and the pseudonym of the user is updated in real time after each key negotiation process, thereby ensuring that the identity information of the user cannot be leaked, ensuring the anonymity of the user, ensuring the unlinkability and the untraceability and improving the safety. The invention adopts a method of pre-distributing the key, and is based on a multi-factor authentication mode, namely, biological characteristics, passwords and smart cards, the main encryption operation is bit operation and a hash function, and the calculation cost and the communication cost of the key agreement scheme are reduced.

Description

Industrial Internet of things session key negotiation method based on multiple factors
Technical Field
The invention belongs to the industrial Internet of things communication technology, and particularly relates to a multi-factor-based session key agreement method for the industrial Internet of things.
Background
Internet of things (IoT), world wide web, refers to an internet-based extension and expanded network. It consists of many information sensing devices, wherever they are located, that can be remotely accessed and controlled over the internet at any time and place to achieve interconnection between users, machines and objects. Industrial internet of things (IIoT) is one of the main applications of the internet of things. In the internet of things environment, most internet of things devices or nodes have the capability of processing information and communication and have a locatable internet protocol address (IP address), but the resources are limited. For internet of things devices in different internet of things environments, users can access and control them through a network.
Industry 4.0 refers to the fourth industrial revolution dominated by smart manufacturing. The plant integrates production equipment, wireless signal connections and sensors into one ecosystem to autonomously monitor the entire production process and execute decisions. The high autonomy and resource limitations of industrial internet of things networks pose challenges to the security of industrial internet of things. Identity authentication and key establishment are important components of the industrial Internet of things, and factors such as safety, performance and the like must be considered in key agreement.
As shown in fig. 1, the existing industrial system model includes a user, an industrial Server, a regional gateway, and a smart device. The gateway serves as area management equipment and is deployed in a corresponding working environment together with the area intelligent equipment. Both the gateway and the device are semi-trusted. Industrial Server servers are deployed in physical secure environments that we consider fully trusted. The legal user can send an access request to the Server and establish contact with the intelligent device through the Server. During the authentication and key agreement process, the user and the device may obtain a session key. Privacy, message integrity and user authentication are critical in the IIoT environment because an adversary can eavesdrop, modify and forge communication messages. In the industrial internet of things, a user communicates with a Server, and the Server communicates with a device in an open wireless network environment, so that the Server is easily attacked by an attacker, and user information (such as user identity, password, location information and the like) is leaked. Therefore, it is necessary to employ an appropriate security scheme to protect the communication link.
In most key agreement schemes, either the key agreement flow is not light enough and cannot meet the requirements of equipment or sensor nodes with more resource constraints, or the key agreement flow cannot meet the sufficient security in the environment of the internet of things. In terms of functionality, most solutions fail to meet more desirable functional features, such as revoking users, dynamically adding devices, dynamically changing personally relevant key information (including biometrics and passwords), and the like.
Disclosure of Invention
The purpose of the invention is as follows: the invention aims to solve the defects in the prior art and provides a multi-factor-based session key agreement method for the industrial Internet of things.
The technical scheme is as follows: the invention discloses a multi-factor-based industrial Internet of things session key agreement method, which comprises the steps of initialization of an industrial Internet of things system, authentication, key agreement and system updating;
step (1), initialization of industrial Internet of things system
(1.1) Server initialization: selecting a biological characteristic probability generating function Gen (-) and a deterministic recovery function Rep (-) to set a Server private key S with the length of 160bit for each working environment of the Internet of things and establish a private key list; meanwhile, various information tables such as an equipment information table and a user information table are established for the working environments of the Internet of things; selecting a one-way hash function H (·);
(1.2) device registration: in an offline state, the device provides registration information including a device identification ID to the Server ServerjAnd the like; the Server generates a randomMechanical value rjComputing device pseudonym RIDj=h(IDj||rj) (ii) a The Server Server calculates the private key Ksd of the device using the private key S of the device' S work areaj=h(RIDj| S); the Server adds the device information into the device list SDList of the area; various information of the Server Server storage device including pseudonym RIDj=h(IDj||rj),Ksdj=h(RIDj||S);
(1.3) user registration: in a secure registration environment, user UiGenerating a random value riAnd calculates its own pseudonym RIDi=h(IDi||ri) Sending the pseudonym to a Server; the Server checks the validity of the user identity and calculates the user private key Ksu using the private key S of the registration areai=h(RIDi| S); sending the private key and the device list information in the area to the user; user Generation of probability function Gen (BIO) Using fuzzy extractioni)=(σii) Obtaining a biometric Key sigmaiAnd a common recovery parameter taui(ii) a User UiSetting password PWi(ii) a The smart card calculates and stores (user's digital signature TPW)iEncrypted user private key KsuiEncrypted user pseudonym RIDiEncrypted device information list SDList, τi);σiAnd τiAre respectively a user UiThe biometric key and the public revocation parameter of (c);
Figure BDA0003438016130000021
step (2), authentication and key agreement process:
(2.1) user login: a user logs in and carries out identity authentication with the aid of the smart card; user UiInput identity IDiPassword PWiAnd using τiAnd fuzzy extracting a deterministic recovery function Rep (-) to recover the biometric key sigma of the user within a threshold ti(ii) a The smart card calculates to be verifiedUser digital signature TPWi’=h(IDi||PWi||σi) TPWi' AND TPW in storageiAnd comparing and verifying the user identity.
(2.2) the user initiates a request: after the user has been authenticated, the smart card calculates the encrypted stored information,
Figure BDA0003438016130000031
Figure BDA0003438016130000032
m1 is an encrypted message of the user's random value, M2 is an authentication message of the user, M3 is a pseudonym encrypted message of the device and M4 is a verifiable digital signature of the user.
The smart card then generates a random value riGenerating a current time stamp T1(ii) a The smart card calculates the following parameters:
Figure BDA0003438016130000033
M2=h(Ksui||T1);
Figure BDA0003438016130000034
M4=h(RIDi||ru||Ksui||T1||RIDj||M3);
the user sends a request queue MQ1 to the Server Server, MQ1 ═ RIDi,M1,M2,M3,M4,T1}。
(2.3) Server response request: after receiving the message MQ1, the Server firstly verifies the message time; the Server generates a current timestamp T2If | T2-T1|>Δ T, then authentication operation will not be performed and the Server discards the message MQ 1; if the time meets the maximum transmission delay, the Server first uses its own information to calculate M2 ═ h (Ksu)i||T1) Verifying whether the message queues M2 and M2 are equal and checking the RIDiJudging whether the message source is legal or not, and judging whether the message source belongs to a legal user or not;
after the Server verifies the validity of the message, the Server calculates the message queue by using the private key S of the region to which the Server belongs
Figure BDA0003438016130000035
M4’=h(RIDi||ru’||Ksui’||T1||RIDj' | M3); here, Ksui' As the private key of the user to be authenticated, ru' random value of user to be authenticated, RIDj' is a device pseudonym to be verified;
the Server verifies the calculated message to be verified M4 ', compares M4 with M4', and if equal, proves that the message is not modified;
the Server sends a new user pseudonym
Figure BDA0003438016130000041
Updating user information; server generates random value rsComputing temporary authentication credentials
Figure BDA0003438016130000042
And a new user private key
Figure BDA0003438016130000043
And saving the new private key of the user;
server computation message
Figure BDA0003438016130000044
Figure BDA0003438016130000045
The Server transmits the message queue MQ2 to the device, MQ2 ═ Mu5, M6, M7, M8, Mu51, T2};
Here, Mu5 is a new private key encryption message of a user whose device needs to be re-encrypted, M6 is a random value encryption message of the user, M7 is a random value encryption message of a server, M8 is a digital signature message of the server, and Mu51 is an encryption message used for verifying whether the private key of the user is tampered;
(2.4) device authentication and calculation of session key:
after the device receives the message queue MQ2, the time of the message is first validated, SDjGenerating a current timestamp T3If | T3-T2|>Δ T, then authentication operations will not be performed, then the device discards the message MQ 2;
the device utilizes the private key of the device to sequentially calculate the random value r of the user to be verifiedu' and server random value r to be verifieds’,
Figure BDA0003438016130000046
Calculate M8 ═ h (Mu5| | | h (r)u’||rs')) to verify whether M8 is equal to message M8' to be verified, to determine whether the message is altered; if not, the device SDjGenerating a random value rdCalculated by means of the private key of the device
Figure BDA0003438016130000047
The device calculates SK h (Mu9 r)u||h(rd||rs)),
Figure BDA0003438016130000048
Figure BDA0003438016130000049
M13=h(SK||h(rd||rs)||T3). SK is negotiated session key; the device transmits a message queue MQ3 to the user, MQ3 ═ Mu51, M10, M11, M12, M13, T3};
Mu9 is an encrypted message of a new private key that the user can decrypt, M10 is an encrypted message of a random value of the server and the device, M11 is a signed message of the server about the new private key of the user, M12 is an encrypted message of a random value of the server, and M13 is a digital signature of the device.
(2.5) user authentication and calculating a secret key:
after the user receives the MQ3, the message time is first verified. U shapeiGenerating a current timestamp T4If | T4-T3|>Δ T, then authentication operations will not continue to be performed and the user discards the message MQ 3;
the user calculates the signature decrypted by the user in turn
Figure BDA0003438016130000051
Figure BDA0003438016130000052
The user checks that if Mu 9' is not equal to Mu9 ", the message has been modified and discards the message; if the authentication message is normal, then calculate
Figure BDA0003438016130000053
SK’=h(SK’||h(rd||rs)’),M13’=h(SK’||h(rd||rs)’||T3);rs' secret value generated for the server to be authenticated,
Figure BDA0003438016130000054
for the temporary authentication credentials to be verified,
Figure BDA0003438016130000055
for the new private key 'of the user to be verified, Mu 9' calculates the signature to be verified for the user, h (r)d||rs) ' is an encrypted value of a random value to be verified, SK ' is a session key to be verified, and M13 ' is a signature message to be verified;
verifying M13 and M13 'to check if the calculation result is correct, and if the calculation result is passed, recognizing SK' as a session key and updating the private key of the user
Figure BDA0003438016130000056
Step (3) updating the industrial Internet of things system
(3.1) user password and biometric update:
in order to simplify user operation and reduce the use of a Server, a legal user can locally update passwords and biological characteristics at any time, and under a safe operating environment, the UiReading smart cards SC through card readersiAnd provides its own IDiOld password PWi oldAnd old biometric information
Figure BDA0003438016130000057
SCiComputing
Figure BDA0003438016130000058
Further calculation of
Figure BDA0003438016130000059
By verifying on the smart card
Figure BDA00034380161300000510
Whether equal to TPWiJudging whether the following operations need to be executed or not;
when the verification is completed, SCiComputing
Figure BDA00034380161300000511
Figure BDA00034380161300000512
User UiObtaining SCiAfter the next instruction, UiInputting new password PWi newAnd inputting new biometric information
Figure BDA00034380161300000513
Computing
Figure BDA00034380161300000514
SCiUsing new password PWi newAnd biometrics
Figure BDA00034380161300000515
Respectively calculate
Figure BDA00034380161300000516
Figure BDA00034380161300000517
Smart card SCiStoring Ksu in memoryi;RIDi;SDList;TPWi;τiIs changed into
Figure BDA00034380161300000518
SDListnew
Figure BDA0003438016130000061
At this point, the password and biometric updates have been completed. U shapeiOnly passwords or biometrics can be updated, but periodic updates of passwords and biometrics are recommended for security and biometric accuracy.
(3.2) device update:
registering Internet of things equipment of different manufacturers on a Server; the Server uses the random secret value generated by the Server
Figure BDA0003438016130000062
Unalterable identity of packaged SD
Figure BDA0003438016130000063
Obtaining a pseudo-name identifier different from the existing node
Figure BDA0003438016130000064
The Server uses the private key S of the working area where the IOT equipment is to be deployed to calculate the private key of the IOT equipment
Figure BDA0003438016130000065
The Server stores the registration information in the new Internet of thingsIn the memory of the equipment, the Server updates the equipment information to the equipment list of the area;
and deploying the Internet of things equipment in the working area, informing the legal user in the area to deploy new equipment, wherein the user update equipment list is safe, and the legal user can communicate with the new equipment to obtain access control and service.
(3.3) user revocation:
in practical application in a large-scale industrial environment, in order to ensure the traceability of specific implementation steps and record operation, the industrial Server registers and records legal users participating in session communication and authorized; for all registered executable users, the Server can modify the legality and revoke the executable authorization; the Server may re-encrypt and encapsulate the name of the revoked user using a direct long-term key
Figure BDA0003438016130000066
The packaged user ID is still stored in an authorization list of the Internet of things area as a record and a certificate;
in the session key agreement phase, when the user sends a request message MQ1 ═ RID to the Serveri,M1,M2,M3,M4,T1When the user is authorized, the Server verifies whether the user still has legal authorization, and retrieves whether the user is authorized by the authorized user list; if the user has been revoked, the Server will not retrieve the user's pseudonym information in the list at this time, and the request information sent by the revoked user will not receive a response.
Has the advantages that: compared with the prior art, the invention has the following advantages:
(1) the method is based on multi-factor authentication and is more realistic. Meanwhile, the pseudonyms of the users need to be more than one at a time, and are respectively calculated by the Server and the users, so that the anonymity of the users is ensured. In addition, the private key of the user is used for one time, and after a session key is negotiated every time, the Server and the user update the private key of the user respectively. The scheme ensures the anonymity and unlinkability of the user.
(2) According to the invention, a bilinear mapping operation or elliptic curve encryption method with more complicated calculation in cryptography is not adopted, but bit operation and a hash function with smaller calculation overhead are adopted, so that the calculation overhead and communication overhead of the session key in the industrial Internet of things are effectively improved.
(3) The invention combines the pre-distribution key method and the certificateless signature, and eliminates the revocation operation of the user and the updating operation of the equipment outside the key agreement process, thereby reducing the storage overhead, the calculation overhead and the searching time and improving the efficiency of the message authentication.
Drawings
FIG. 1 is a schematic diagram of a network structure of the system of the present invention;
FIG. 2 is a network schematic of stages of the inventive arrangements;
FIG. 3 is a process diagram of the main steps of authentication and key agreement of the present invention;
FIG. 4 is an overall flow chart of the solution of the present invention;
FIG. 5 is a flow chart of the response of the Server to receive the request message in the solution of the present invention;
fig. 6 is a flow chart of a response of a device to receive a request message in the solution of the present invention.
Detailed Description
The technical solution of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.
The related characters of the present embodiment have the following meanings:
Figure BDA0003438016130000071
Figure BDA0003438016130000081
as shown in fig. 1, the invention provides a multi-factor-based industrial internet of things session key negotiation method, which includes the following steps:
the system initialization comprises three stages of Server initialization, equipment registration and user registration;
step (2) authentication and key agreement including user login, user initiation request, server response request, equipment authentication and key calculation, user authentication and key calculation five stages;
and (3) updating the system by using the user password and the biological characteristics, updating the equipment and canceling the user.
Step (1) System initialization
The process mainly describes initialization of a server, registration of Internet of things equipment and registration of a legal user. The server distributes the private key and pseudonym to the device and the user.
The Server is a center of the industrial Internet of things, is a completely trusted third party, and has high computing capacity and capacity storage to be responsible for the operation of the whole industrial Internet of things. The method comprises the following specific steps:
1) the Server selects the biometric probability generation function Gen (-) and the deterministic recovery function Rep (-) to be loaded into the smart card, while selecting the one-way hash function H (-) to be used.
2) The Server randomly selects S as the system key, and it should be noted that, because the Server is a central Server, the selected key is a range key within the working range of a single internet of things, and the Server may select different keys for each area in the industrial internet of things.
3) In addition to establishing the area key list information in the industrial internet of things, the server establishes various standby information tables, such as a device information table, a user information table and the like. In case of user revocation and device connection failure, the query can be performed through the information tables.
Before the equipment is deployed in a specific working area, various Internet of things equipment and sensor nodes from different manufacturers need to be uniformly registered in a server to obtain standard equipment information, and the identification ID of the equipment is changedjAnd so on. The server registers for each registered device and assigns the private key of the device. The method comprises the following specific steps:
1) in the off-line state, the device registers with the server, provides device information including a device Identification (ID)jAnd so on.
2) The server generates a random value rjComputing device pseudonym RIDj=h(IDj||rj)。
3) The server computes the private key Ksd of the device using the private key S of the device' S work areaj=h(RIDj||S)
4) The server adds the device information to the device list SDList of the area.
5) Various information of server storage device, including pseudonym RIDj=h(IDj||rj),Ksdj=h(RIDj||S)。
Before participating in the operation of the industrial internet of things, a user needs to register himself in a server safely and obtain device information which can be used for session keys of the user from the server. In the key agreement stage, the user can carry out key agreement and communication on the internet of things equipment which can be communicated with the user, and the server can carry out validity verification on the user. The method comprises the following specific steps:
1) the user hides the identity information of the user in the RIDi=h(IDi||ri) A pseudonym is generated and transmitted to the server.
2) The server checks whether the registration of the user is legitimate and the registration unit of the user. The server sends the device list information in the area to the user and distributes the Ksu of the private key of the useri=h(RIDi||S)。
3) The user gets a smart card during registration, and the user uses the fuzzy extractor to extract his/her own biological information into Gen (BIO)i)=(σii) To obtain σiAnd τi. In the intelligent card, the user uses the password and the biological characteristics to encrypt the use information of the user, calculate and store the TPWi=h(IDi||PWi||σi),
Figure BDA0003438016130000101
Figure BDA0003438016130000102
Step (2) authentication and key agreement
In the authentication and key agreement process, the user needs to communicate with the internet of things device to obtain real-time device information.
First the user needs to log in locally and get the stored information from the smart card. The method comprises the following specific steps:
1) the user logs in and carries out identity authentication with the aid of the smart card. User UiInput identity IDiPassword PWiAnd using τiAnd fuzzy extracting a deterministic recovery function Rep (-) to recover the user characteristic key sigma within a threshold value ti
2) Calculating TPW by smart cardi’=h(IDi||PWi||σi) TPWi' AND TPW in storageiAnd comparing and verifying the user identity.
Then, after the user passes local authentication, a session request is initiated. The method comprises the following specific steps:
1) after the user has been authenticated, the smart card calculates the encrypted stored information,
Figure BDA0003438016130000103
Figure BDA0003438016130000104
2) the smart card generates a random value riGenerating a current time stamp T1
3) Smart card computing
Figure BDA0003438016130000105
M2=h(Ksui||T1),
Figure BDA0003438016130000106
Figure BDA0003438016130000107
M4=h(RIDi||ru||Ksui||T1||RIDj||M3)。
4) The user sends a request queue MQ1 to the server, MQ1 ═ RIDi,M1,M2,M3,M4,T1}。
After receiving the request of the user, the server verifies the message, including checking the communication delay of the message and whether the message is tampered. Meanwhile, the validity of the user is checked, including whether the user is logged off or not, and whether the user is a valid user in the area or not. The response message is then computed. Containing the user's new pseudonym and private key. The method comprises the following specific steps:
1) after the Server Server receives the MQ1, the message time is first validated. The Server generates a current timestamp T2If | T2-T1|>Δ T, the authentication operation is not continuously performed. The server discards the message MQ 1.
2) If the time meets the maximum transmission delay, the server first calculates M2 ═ h (Ksu) by using its own informationi||T1) Verifying whether the message queues M2 and M2 are equal, and checking the RIDiAnd judging whether the message source is legal or not, and judging whether the message source belongs to a legal user or not.
3) After the server verifies the validity of the message, the Ksu is calculated from the message queue in sequence by using the private key S of the region to which the server belongsi’=h(RIDi||S),
Figure BDA0003438016130000111
M4’=h(RIDi||ru’||Ksui’||T1||RIDj’||M3)。
4) The Server verifies the computed M4 ', compares M4 with M4'. If equal, the message is proved to have not been modified.
5) The Server sends a new user pseudonym
Figure BDA0003438016130000112
And updating user information.
6) The Server generates a random value rs and calculates a temporary authentication certificate
Figure BDA0003438016130000113
And a new user private key
Figure BDA0003438016130000114
The new private key of the user is saved.
7) Server computation message
Figure BDA0003438016130000115
Figure BDA0003438016130000116
M8=h(Mu5||h(ru||rs)),
Figure BDA0003438016130000117
Figure BDA0003438016130000118
8) The Server transmits the message queue MQ2 to the device, MQ2 ═ Mu5, M6, M7, M8, Mu51, T2}。
After receiving the response message of the server, the device judges the delay of the message, checks whether the message is modified or not, and verifies that the source of the message is reliable. Some of the key values will then be decrypted. Since the message of the device is not forwarded to the user again, the server contains in the message the updated information of the user, which the device cannot calculate, but in order to prevent that some values are inadvertently changed in the calculation, the server contains in the message a temporary message that can verify whether it has been changed. The method comprises the following specific steps:
1) after the device receives the MQ2, the message time is first verified. SDjGenerating a current timestamp T3If | T3-T2|>Δ T, the authentication operation is not continuously performed. The device discards the message MQ 2.
2) The device calculates r in turn by using the device private keyu' and rs’,
Figure BDA0003438016130000119
Figure BDA00034380161300001110
3) Calculate M8 ═ h (Mu5| | | h (r)u’||rs')) to verify that M8 and M8' are equal to each other, to determine if the message has been altered.
4) Device SDjGenerating a random value rdCalculated by means of the private key of the device
Figure BDA0003438016130000121
Figure BDA0003438016130000122
5) The device calculates SK h (Mu9 r)u||h(rd||rs)),
Figure BDA0003438016130000123
Figure BDA0003438016130000124
M13=h(SK||h(rd||rs)||T3). Where SK is the negotiated session key.
6) The device transmits a message queue MQ3 to the user, MQ3 ═ MU51, M10, M11, M12, M13, T3}。
After receiving the message from the device, the user calculates the hidden message transmitted from the server, and after the message of the device is verified for time delay and correctness, the device updates the identity of the device and the private key of the user.
The method comprises the following specific steps:
1) after the user receives the MQ3, the message time is first verified. U shapeiGenerating a current timestamp T4If | T4-T3|>Δ T, the authentication operation is not continuously performed. The user discards the message MQ 3.
2) By usingSequentially calculated by the family
Figure BDA0003438016130000125
Figure BDA0003438016130000126
3) The user checks that if Mu 9' is not equal to Mu9 ", the message has been modified and the message is discarded.
Figure BDA0003438016130000127
Figure BDA0003438016130000128
SK’=h(SK’||h(rd||rs)’),M13’=h(SK’||h(rd||rs)’||T3)。
5) The verifications M13 and M13' are used to check whether the calculation result is correct. If the check passes, SK' is approved as the session key. And updates the private key of the user
Figure BDA0003438016130000129
Step (3) system updating
In order to simplify the user operation and reduce the use of the server, the password and the biological characteristics can be updated locally by a legal user at any time. Under a secure operating environment, the user UiReading smart cards SC through card readersiAnd provides its own IDiOld password
Figure BDA00034380161300001210
And old biometric information
Figure BDA00034380161300001211
The method comprises the following specific steps:
1)SCicomputing
Figure BDA00034380161300001212
Further calculation of
Figure BDA00034380161300001213
2) By verifying on the smart card
Figure BDA00034380161300001214
Whether equal to TPWiIt is determined whether the following operation needs to be performed.
3) When the verification is completed, SCiComputing
Figure BDA00034380161300001215
Figure BDA0003438016130000131
4)UiObtaining SCiAfter the next instruction, UiInputting new password PWi newAnd inputting new biometric information
Figure BDA0003438016130000132
Computing
Figure BDA0003438016130000133
5)SCiUsing new password PWi newAnd biological characteristics
Figure BDA0003438016130000134
Respectively calculate
Figure BDA0003438016130000135
Figure BDA0003438016130000136
6) Smart card SCiStoring Ksu in memoryi;RIDi;SDList;TPWi;τiIs changed into
Figure BDA0003438016130000137
SDListnew;TPWi new
Figure BDA0003438016130000138
At this point, the password and biometric updates have been completed. User UiOnly passwords or biometrics can be updated, but periodic updates of passwords and biometrics are recommended for security and biometric accuracy.
In order to adapt to different internet of things devices, internet of things devices of different manufacturers need to be registered on the Server. The Server uses the random secret value generated by the Server
Figure BDA0003438016130000139
Unalterable identity of packaged SD
Figure BDA00034380161300001310
Obtaining a pseudo-name identifier different from the existing node
Figure BDA00034380161300001311
The Server uses the private key S of the working area where the IOT equipment is to be deployed to calculate the private key of the IOT equipment
Figure BDA00034380161300001312
Figure BDA00034380161300001313
And the server stores the registration information in the memory of the new Internet of things equipment. The server updates the device information to the device list of the area. And deploying the Internet of things equipment in the working area, informing the legal user in the area to deploy new equipment, wherein the user update equipment list is safe, and the legal user can communicate with the new equipment to obtain access control and service.
In practical application in a large-scale industrial environment, in order to ensure traceability of specific implementation steps and record operation, an industrial server registers and records a legal user participating in session communication and authorized. For all registered executable users, the Server can modify its legitimacy and revoke its executablesAnd (6) performing line authorization. The server may re-encrypt and encapsulate the name of the revoked user using a direct long-term key
Figure BDA00034380161300001314
Figure BDA00034380161300001315
The encapsulated user ID is still stored as a record and certificate in the authorization list of the internet of things zone. In the session key agreement phase, when the user sends a request message MQ1 ═ RID to the Serveri,M1,M2,M3,M4,T1When the user is authorized, the Server verifies whether the user still has legal authorization and retrieves whether the user is authorized by the authorized user list. If the user has been revoked, the Server will not retrieve the user's pseudonym information in the list at this time, and the request information sent by the revoked user will not receive a response.
Example (b):
the invention uses hash function, bit operation and fuzzy extraction and recovery function, and the specific implementation calculation steps are as follows:
the execution time of some symbols is defined as follows:
Th0.0001 ms: is the execution time of a one-way hash operation.
Tf0.442 ms: is the execution time of a fuzzy extractor restoration function operation.
In the process of login, bidirectional authentication and key agreement completion, the invention has 3 communication messages: MQ1 ═ RIDi,M1,M2,M3,M4,T1},MQ2={Mu5,M6,M7,M8,Mu51,T2},MQ3={M10,M11,M12,M13,M13,T3It needs (160+160+160+160+160+160+160+32) — 832 bits, (160+160+160+160+ 32) — 832 bits, respectively.
Therefore, the total communication cost of the present embodiment is 832+832+832 2496 bits.
Through the above analysis, the communication overhead results shown in table 2 can be obtained.
TABLE 2
Communication overhead (bits) of the invention
User' s 832
Device 832
Server 832
Total overhead 2496
The communication cost of the invention mainly considers the communication steps frequently used in the key protocol stage, and calculates the communication overhead of the scheme on the basis of uniformly assuming certain parameters. Assume that in a clock synchronization scheme, the timestamp has a size of 32 bits and the identities of all users, devices or nodes are 160 bits. All random secret values generated are 160 bits in size. In addition, assume that the output of the most common hash function is consistently 160 bits.
Through the above analysis, comparative results as shown in table 3 were obtained.
TABLE 3
General procedure Total overhead
The invention 35Th+Tf 0.4455ms
According to the embodiment and the experimental result analysis, the pseudonym of the user is generated by the user and the server together, and the pseudonym of the user is updated in real time after each key negotiation process, so that the identity information of the user is not leaked, the anonymity of the user is ensured, the unlinkability and the untraceability are ensured, and the safety is improved. The invention adopts a method of pre-distributing the key and adopts a multi-factor authentication mode, namely biological characteristics, passwords and intelligent cards, and the main encryption operation is bit operation and a hash function, thereby reducing the calculation overhead and the communication overhead of the key agreement scheme.

Claims (9)

1. A multi-factor based industrial Internet of things session key negotiation method is characterized by comprising the following steps: the method comprises the steps of initialization, authentication, key agreement and system updating of an industrial Internet of things system;
step (1), initialization of industrial Internet of things system
(1.1) Server initialization: generating a private key S for each Server and establishing a private key list through a biological characteristic probability generating function Gen (-) and a deterministic recovery function Rep (-);
(1.2) device registration: providing register information to Server when the equipment is in off-line state, and generating random value r by ServerjTo calculate the device pseudonym RIDjAnd device private key Ksdj,RIDj=h(IDj||rj),Ksdj=h(RIDjI S), H (-) is a one-way hash function, IDjThe equipment identifier is represented by | | which represents connection operation, and the equipment identifier, the equipment pseudonym and the equipment identifier are added into an equipment list SDList of the equipment working area and are stored by a Server;
(1.3) user registration: user UiGenerating a random value riCalculating the pseudonym RID of the useri=h(IDi||ri) The pseudonym RIDiSending the data to a Server; server checks user UiIdentity legality, if legal, calculating user private key Ksu by using private key S in registration areai=h(RIDi| S); sending the private key and the device list information in the area to the user; user UiGeneration of a function Gen (BIO) using fuzzy extraction probabilitiesi)=(σii) Obtaining a biometric Key sigmaiAnd a common recovery parameter taui(ii) a User UiSetting password PWi(ii) a The smart card calculates and stores (user's digital signature TPW)iEncrypted user private key KsuiEncrypted user pseudonym RIDiEncrypted device information list SDList, τi);σiAnd τiAre respectively a user UiThe biometric key and the public revocation parameter of (c);
step (2), authentication and key agreement process:
(2.1) logging in by the user, namely, logging in and authenticating the identity of the user with the aid of the smart card; user UiInput identity IDiAnd password PWiAnd using τiAnd fuzzy extracting a deterministic recovery function Rep (-) to recover the biometric key sigma of the user within a threshold ti(ii) a The smart card calculates the digital signature of the user to be verified
Figure FDA0003438016120000011
TPWi' AND TPW in storageiComparing and verifying the user identity;
(2.2) the user initiates a request: user passingAfter verification, the smart card decrypts and calculates the encrypted and stored information, and then generates the current time stamp T1And the smart card calculates each encrypted message: an encrypted message M1 of the user random value, an authentication message M2 of the user, a pseudonym encrypted message M3 of the device and a verifiable digital signature M4 of the user;
the user sends a session request queue MQ1 to the Server Server, MQ1 ═ RIDi,M1,M2,M3,M4,T1};
(2.3) Server response request: after receiving the message queue MQ1, the Server verifies the message time first, and if the verification is passed, the Server calculates M2 ═ h (Ksu)i||T1) Verifying whether the message queues M2 and M2 are equal and checking the RIDiWhether it is legal; if the Server verifies that the message is legal, the Server calculates the relevant parameters to be verified, namely the user private key Ksu to be verified in sequence from the message queuei', user random value r to be verifiedu', device pseudonym to be verified RIDj' and message to be verified M4 ', if M4 is equal to M4 ', then the message is proved not to have been modified; the Server then sends the new user pseudonym
Figure FDA0003438016120000021
Figure FDA0003438016120000022
Updating user information; server generates random value rsComputing temporary authentication credentials
Figure FDA0003438016120000023
And a new user private key
Figure FDA0003438016120000024
And saving the new private key of the user;
the Server calculates new private key encryption message Mu5 of the user that the message device needs to re-encrypt, random value encryption message M6 of the user, and random value encryption and decryption of the ServerThe message M7, the digital signature message M8 of the server and the encrypted message Mu51 for verifying whether the private key of the user is tampered; the Server transmits the message queue MQ2 to the device, MQ2 ═ Mu5, M6, M7, M8, Mu51, T2};T2Is the current timestamp;
(2.4) device authentication and calculation of session key:
after the device receives the message queue MQ2, the current timestamp T is passed3Time verification is carried out, after the verification is passed, the equipment utilizes the private key of the equipment to sequentially decrypt and calculate the user random value r to be verifiedu' and server random value r to be verifieds'; if the verification M8 is equal to the message M8' to be verified, then the message is determined not to have been altered; then device SDjGenerating a random value rdAn encrypted message Mu9 of a new private key which can be decrypted by the user, a negotiation session key SK calculated by the device, an encrypted message M10 of random values of the server and the device, a signature message M11 of the server about the new private key of the user, an encrypted message M12 of random values of the server and a digital signature M13 of the device are calculated; the device transmits a message queue MQ3 to the user, MQ3 ═ Mu51, M10, M11, M12, M13, T3};
(2.5) user authentication and calculating a secret key:
after the user receives the MQ3, the current timestamp T is passed4Time verification is carried out, and after the verification is passed, the user sequentially calculates the signature Mu 9' decrypted by the user and the secret value r generated by the server to be verifieds', temporary authentication credentials to be verified
Figure FDA0003438016120000025
New private key of user to be authenticated
Figure FDA0003438016120000026
And a signature Mu9 ' to be verified calculated by a user, if Mu9 ' is equal to Mu9 ', calculating an encrypted value h (r) of a random value to be verifiedd||rs) ', the session key SK ' to be verified, and the signature message M13 ' to be verified, if M13 is equal to M13 ', the SK ' is approved as the session key, and is updatedPrivate key of user
Figure FDA0003438016120000031
And (3) updating the industrial Internet of things system, which sequentially comprises user password and biological characteristic updating, equipment updating and user revocation.
2. The multi-factor based industrial internet of things session key agreement method according to claim 1, wherein: when the Server in the step (1) is initialized, firstly, a Server private key S with the length of 160bit is set for each working environment of the Internet of things through Gen (-) and Rep (-) and an equipment information table and a user information table are established for each working environment of the Internet of things;
device registration and user registration processes, the following parameters are calculated: TPWi=h(IDi||PWi||σi),
Figure FDA0003438016120000032
Figure FDA0003438016120000033
3. The multi-factor based industrial internet of things session key agreement method according to claim 1, wherein: when the user logs in the step (2), the intelligent card calculates the digital signature TPW of the user to be verifiedi’,TPWi’=h(IDi||PWi||σi) TPWi' AND TPW in storageiBy comparison, if TPWi' and TPWiVerifying the identity of the user;
when the user identity authentication in the step (2) passes and initiates a session request, the smart card calculates the encrypted and stored information,
Figure FDA0003438016120000034
Figure FDA0003438016120000035
the smart card then generates a random value riGenerating a current time stamp T1(ii) a The smart card calculates the following parameters:
Figure FDA0003438016120000036
M2=h(Ksui||T1);
Figure FDA0003438016120000037
M4=h(RIDi||ru||Ksui||T1||RIDj||M3);
the user sends a request queue MQ1 to the Server Server, MQ1 ═ RIDi,M1,M2,M3,M4,T1}。
4. The multi-factor based industrial internet of things session key agreement method according to claim 1, wherein: when the Server in the step (2) responds to the session request of the user, the specific process is as follows:
after receiving the message MQ1, the Server firstly verifies the message time; the Server generates a current timestamp T2If | T2-T1|>Δ T, then authentication operation will not be performed and the Server discards the message MQ 1; if the time verification passes the maximum transmission delay, the Server first uses its own information to calculate the correct message M2 ═ h (Ksu) for verifying M2i||T1) Verifying whether the message queues M2 and M2 are equal and checking the RIDiWhether the message source is legal or not is judged, and whether the message source belongs to a legal user or not is judged;
if the Server verifies the validity of the message, the Ksu is calculated from the message queue in sequence by using the private key S of the region to which the Server belongsi’=h(RIDi||S),
Figure FDA0003438016120000041
M4’=h(RIDi||ru’||Ksui’||T1||RIDj’||M3);
The Server verifies the computed M4 ', compares M4 with M4', and if equal, proves that the message has not been modified;
then the Server sends the new user pseudonym
Figure FDA0003438016120000042
Updating user information; server generates random value rsComputing temporary authentication credentials
Figure FDA0003438016120000043
And a new user private key
Figure FDA0003438016120000044
And saving the new private key of the user;
server computation message
Figure FDA0003438016120000045
Figure FDA0003438016120000046
The Server transmits the message queue MQ2 to the device, MQ2 ═ Mu5, M6, M7, M8, Mu51, T2}。
5. The multi-factor based industrial internet of things session key agreement method according to claim 1, wherein: the specific method for authenticating the device and calculating the session key in the step (2) comprises the following steps:
the device receives the message MQ2 ═ Mu5, M6, M7, M8, Mu51, T2After that, the time of the message is first verified, SDjGenerating a current timestamp T3If | T3-T2|>Δ T, then will not continue to executeAuthentication operation, the device discards the message MQ 2;
if the time verification is passed, the equipment utilizes the private key of the equipment to sequentially calculate the random value r generated by the user to be verifiedu' and random value r generated by the server to be authenticateds’,
Figure FDA0003438016120000047
Figure FDA0003438016120000048
The message to be verified M8' h (Mu5 h (r) is then verifiedu’||rs') is equal to verification M8, thereby determining whether the message was altered;
if not, the device SDjGenerating a random value rdCalculated by means of the private key of the device
Figure FDA0003438016120000051
The final device transmits a message queue MQ3 to the user, MQ3 ═ Mu51, M10, M11, M12, M13, T3};
Where SK h (Mu9 r)u||h(rd||rs)),
Figure FDA0003438016120000052
Figure FDA0003438016120000053
M13=h(SK||h(rd||rs)||T3)。
6. The multi-factor based industrial internet of things session key agreement method according to claim 1, wherein: the specific process of the user authentication and the session key calculation in the step (2) is as follows:
after the user receives the MQ3, the message time is first verified. U shapeiGenerating a current timestamp T4If | T4-T3|>Δ T, then authentication operations will not continue to be performed and the user discards the message MQ 3;
the user calculates in turn
Figure FDA0003438016120000054
Figure FDA0003438016120000055
The user checks that if Mu 9' is not equal to Mu9 ", the message has been modified and discards the message;
if the authentication message is normal, then calculate
Figure FDA0003438016120000056
SK’=h(SK’||h(rd||rs)’),M13’=h(SK’||h(rd||rs)’||T3);
Verifying M13 and M13 'to check if the calculation result is correct, and if the calculation result is passed, recognizing SK' as a session key and updating the private key of the user
Figure FDA0003438016120000057
7. The multi-factor based industrial internet of things session key agreement method according to claim 1, wherein: the specific process of updating the user password and the biological characteristics in the step (3) is as follows:
(3.1.1) user UiReading smart cards SC through card readersiAnd provides its own IDiOld password PWi oldAnd old biometric information
Figure FDA0003438016120000058
(3.1.2)SCiComputing
Figure FDA0003438016120000059
Further calculation of
Figure FDA00034380161200000510
Figure FDA00034380161200000511
(3.1.3) pass authentication of TPW on Smart cardi oldWhether equal to TPWiJudging whether the following operations need to be executed or not;
(3.1.4) when authentication is complete, SCiComputing
Figure FDA00034380161200000512
Figure FDA0003438016120000061
(3.1.5) user UiObtaining SCiAfter the next instruction, UiInputting new password PWi newAnd inputting new biometric information
Figure FDA0003438016120000062
Computing
Figure FDA0003438016120000063
(3.1.6)SCiUsing new password PWi newAnd a new biometric key
Figure FDA0003438016120000064
Respectively calculate
Figure FDA0003438016120000065
Figure FDA0003438016120000066
Figure FDA0003438016120000067
(3.1.7) Smart card SCiStoring Ksu in memoryi;RIDi;SDList;TPWi;τiIs changed into
Figure FDA0003438016120000068
RIDi new;SDListnew;TPWi new
Figure FDA0003438016120000069
At this point, the password and biometric updates have been completed;
user UiThe password and biometric are updated periodically.
8. The multi-factor based industrial internet of things session key agreement method according to claim 1, wherein: the specific process of updating the equipment in the step (3) is as follows:
(3.2.1) registering Internet of things equipment of different manufacturers on the Server; the Server uses the random secret value generated by the Server
Figure FDA00034380161200000610
Unalterable identity of packaged SD
Figure FDA00034380161200000611
Obtaining a pseudo-name identifier different from the existing node
Figure FDA00034380161200000612
(3.2.2) the Server calculates the private key of the IOT equipment by using the private key S of the working area where the IOT equipment is to be deployed
Figure FDA00034380161200000613
The Server stores the registration information in a memory of the new Internet of things equipment, and updates the equipment information to an equipment list of the area;
and (3.2.3) deploying the Internet of things equipment in the working area, informing the legal user in the area to deploy the new equipment, updating the equipment list by the user safely, and enabling the legal user to communicate with the new equipment to obtain access control and service.
9. The multi-factor based industrial internet of things session key agreement method according to claim 1, wherein: the specific method for user revocation in the step (3) is as follows:
(3.3.1) the industrial Server registers and records the legal user participating in the session communication and authorized; for all registered executable users, the Server can modify the legality and revoke the executable authorization; the Server may re-encrypt and encapsulate the name of the revoked user using a direct long-term key
Figure FDA00034380161200000614
The packaged user ID is still stored in an authorization list of the Internet of things area as a record and a certificate;
(3.3.2) in the session key agreement phase, when the user sends a request message MQ1 to the Server { RID }i,M1,M2,M3,M4,T1When the user is authorized, the Server verifies whether the user still has legal authorization, and retrieves whether the user is authorized by the authorized user list; if the user has been revoked, the Server will not retrieve the user's pseudonym information in the list at this time, and the request information sent by the revoked user will not receive a response.
CN202111621015.6A 2021-12-28 2021-12-28 Industrial Internet of things session key negotiation method based on multiple factors Active CN114070559B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111621015.6A CN114070559B (en) 2021-12-28 2021-12-28 Industrial Internet of things session key negotiation method based on multiple factors

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111621015.6A CN114070559B (en) 2021-12-28 2021-12-28 Industrial Internet of things session key negotiation method based on multiple factors

Publications (2)

Publication Number Publication Date
CN114070559A true CN114070559A (en) 2022-02-18
CN114070559B CN114070559B (en) 2024-03-08

Family

ID=80230525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111621015.6A Active CN114070559B (en) 2021-12-28 2021-12-28 Industrial Internet of things session key negotiation method based on multiple factors

Country Status (1)

Country Link
CN (1) CN114070559B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114401153A (en) * 2022-03-24 2022-04-26 科大天工智能装备技术(天津)有限公司 Authentication method and system of intelligent well lid equipment
CN114422106A (en) * 2022-03-28 2022-04-29 科大天工智能装备技术(天津)有限公司 Internet of things system security authentication method and system under multi-server environment
CN115085945A (en) * 2022-08-22 2022-09-20 北京科技大学 Authentication method and device for intelligent lamp pole equipment
CN117082514A (en) * 2023-10-17 2023-11-17 奥鼎智通(北京)科技有限公司 Device-to-device authentication method of 6G network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090074576A (en) * 2008-01-02 2009-07-07 고려대학교 산학협력단 Method and system for smart card based three party key exchange, and smart card and microprocessor used thereto
CN103916267A (en) * 2014-03-14 2014-07-09 兴唐通信科技有限公司 Network space identity management system of three-layer structure
CN106657124A (en) * 2017-01-03 2017-05-10 宜春学院 Pseudonym-based anonymous authentication and key negotiation optimization method and optimized authentication analysis method for Internet of Things
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090074576A (en) * 2008-01-02 2009-07-07 고려대학교 산학협력단 Method and system for smart card based three party key exchange, and smart card and microprocessor used thereto
CN103916267A (en) * 2014-03-14 2014-07-09 兴唐通信科技有限公司 Network space identity management system of three-layer structure
CN106657124A (en) * 2017-01-03 2017-05-10 宜春学院 Pseudonym-based anonymous authentication and key negotiation optimization method and optimized authentication analysis method for Internet of Things
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114401153A (en) * 2022-03-24 2022-04-26 科大天工智能装备技术(天津)有限公司 Authentication method and system of intelligent well lid equipment
CN114422106A (en) * 2022-03-28 2022-04-29 科大天工智能装备技术(天津)有限公司 Internet of things system security authentication method and system under multi-server environment
CN115085945A (en) * 2022-08-22 2022-09-20 北京科技大学 Authentication method and device for intelligent lamp pole equipment
CN115085945B (en) * 2022-08-22 2022-11-29 北京科技大学 Authentication method and device for intelligent lamp pole equipment
CN117082514A (en) * 2023-10-17 2023-11-17 奥鼎智通(北京)科技有限公司 Device-to-device authentication method of 6G network
CN117082514B (en) * 2023-10-17 2024-01-23 奥鼎智通(北京)科技有限公司 Device-to-device authentication method of 6G network

Also Published As

Publication number Publication date
CN114070559B (en) 2024-03-08

Similar Documents

Publication Publication Date Title
Mandal et al. Certificateless-signcryption-based three-factor user access control scheme for IoT environment
Wazid et al. Secure remote user authenticated key establishment protocol for smart home environment
Roy et al. Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things
Chatterjee et al. Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment
Das et al. Provably secure user authentication and key agreement scheme for wireless sensor networks
Chuang et al. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics
CN114070559B (en) Industrial Internet of things session key negotiation method based on multiple factors
Yu et al. Lightweight three-factor-based privacy-preserving authentication scheme for iot-enabled smart homes
CN111512608B (en) Trusted execution environment based authentication protocol
CN109359464B (en) Wireless security authentication method based on block chain technology
Jiang et al. Two-factor authentication protocol using physical unclonable function for IoV
US20170155647A1 (en) Method for setting up a secure end-to-end communication between a user terminal and a connected object
Kumar et al. An improved and secure multiserver authentication scheme based on biometrics and smartcard
US20210167963A1 (en) Decentralised Authentication
CN113395166B (en) Edge computing-based power terminal cloud edge terminal collaborative security access authentication method
CN113572765B (en) Lightweight identity authentication key negotiation method for resource-limited terminal
CN111817850B (en) Anonymous group authentication method based on industrial Internet of things
Das et al. A biometric-based user authentication scheme for heterogeneous wireless sensor networks
Sarvabhatla et al. A secure biometric-based user authentication scheme for heterogeneous WSN
CN113569210A (en) Distributed identity authentication method, equipment access method and device
CN116388995A (en) Lightweight smart grid authentication method based on PUF
Khan et al. Resource efficient authentication and session key establishment procedure for low-resource IoT devices
Ma et al. A robust authentication scheme for remote diagnosis and maintenance in 5G V2N
US20210367775A1 (en) Devices, Systems, And Methods For Providing Security To IoT Networks And Sensors
JPWO2020188679A1 (en) Communications system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant