WO2014173357A1 - Authentication method and device for use in ubiquitous terminal networks - Google Patents

Authentication method and device for use in ubiquitous terminal networks Download PDF

Info

Publication number
WO2014173357A1
WO2014173357A1 PCT/CN2014/078755 CN2014078755W WO2014173357A1 WO 2014173357 A1 WO2014173357 A1 WO 2014173357A1 CN 2014078755 W CN2014078755 W CN 2014078755W WO 2014173357 A1 WO2014173357 A1 WO 2014173357A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
central node
collaborative
nodes
security
Prior art date
Application number
PCT/CN2014/078755
Other languages
French (fr)
Chinese (zh)
Inventor
陈继刚
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014173357A1 publication Critical patent/WO2014173357A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to an authentication method and apparatus for a ubiquitous terminal network. Background technique
  • terminals such as mobile phones, computers, and personal digital assistants (PDAs) are becoming more and more popular.
  • PDAs personal digital assistants
  • the central node When the terminal is connected to the network, the central node needs to be elected among multiple peer nodes, so that multiple terminals form a certain network architecture to support the upper layer service. Since the central node is at the center of the network, the security of the central node is critical to the overall security of the ubiquitous terminal network.
  • a central node of a ubiquitous terminal network can be directly specified in multiple cooperative nodes of a peer-to-peer network, and then the central node performs security for each collaborative node that wants to join the ubiquitous terminal network. Authentication, the authenticated collaborative node and the central node together form a ubiquitous terminal network. However, the security of the central node itself is not guaranteed by appropriate methods or mechanisms. Summary of the invention
  • the embodiments of the present invention are directed to providing an authentication method and apparatus for a ubiquitous terminal network, which at least solves the problem of insufficient security of a central node of a ubiquitous terminal network in the prior art.
  • An embodiment of the present invention provides an authentication method for a ubiquitous terminal network, including: a pre-central node sends a request for authenticating the pre-central node to each coordinated node; and the pre-center node receives the collation node Determining authentication information of the pre-center node; determining the number of coordinating nodes that approve the pre-center node;
  • the pre-central node When the number of the cooperative nodes that the pre-central node is recognized is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, and the ubiquitous terminal network is successfully formed.
  • the method further includes:
  • the pre-central node When the number of the cooperative nodes that recognize the pre-center node is smaller than the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a cooperative node, and the ubiquitous terminal network formation fails.
  • the pre-center node calculates the number of coordinating nodes that recognize the pre-center node.
  • the method further includes:
  • the pre-central node calculates a security indicator of the pre-central node according to a security level of the pre-central node authentication by the coordinating node that recognizes the pre-central node, where the security level is carried in the authentication information. Send to the pre-center node.
  • the security indicator of the pre-central node is equal to a weighted sum of the security levels of the pre-central node authentication by the coordinating node that recognizes the pre-central node.
  • the method further includes: when the central node determines that a new cooperative node applies to join the ubiquitous terminal network, The central node determines that the new collaborative node approves the central node, and the central node updates the security indicator, and sends the updated security indicator to each of the coordinated nodes.
  • the method further includes: when the central node determines whether a coordinated node exits the ubiquitous terminal network, the central node updates the security indicator, And sending the updated security indicator to each of the coordinated nodes as historical authentication information of each of the coordinated nodes to the central node.
  • the method further includes:
  • An embodiment of the present invention further provides an authentication method for a ubiquitous terminal network, including: each cooperative node receiving a request for authenticating a pre-center node;
  • Each of the collaborative nodes authenticates the pre-center node
  • Each of the collaborative nodes sends the authentication information obtained by the authentication to the pre-center node.
  • the method further includes:
  • Each of the cooperative nodes shares the history authentication information of the pre-center node with each other; and the authentication of the pre-center node by each of the coordinated nodes includes:
  • Each of the collaborative nodes authenticates the pre-center node according to the shared historical authentication information and the security settings of each of the collaborative nodes themselves.
  • the each of the collaboration nodes performs the authentication on the pre-central node according to the shared historical authentication information and the security settings of each of the collaboration nodes, including:
  • the historical security level in the historical authentication information is weighted and summed to obtain a reference security level;
  • the cooperative node recognizes the pre-center node
  • the collaboration node does not approve the pre-center node.
  • the method further includes:
  • the embodiment of the present invention further provides an authentication device for a ubiquitous terminal network, including: a transceiver unit, configured to send a request for authenticating a pre-center node to each coordinated node, and receive the cooperative node to receive the pre-node Authentication information of the central node;
  • a determining unit configured to determine, according to the authentication information received by the transceiver unit, a number of coordinated nodes that approve the pre-center node;
  • a first converting unit configured to convert the pre-central node into a central node when the number of cooperative nodes that recognize the pre-central node is greater than or equal to a minimum number of nodes required to form the ubiquitous terminal network
  • the ubiquitous terminal network was successfully formed.
  • the first converting unit is further configured to: when the determining unit determines that the number of the cooperative nodes that approve the pre-central node is smaller than the minimum number of nodes required to form the ubiquitous terminal network, the pre-center The node is converted to a collaborative node.
  • the determining unit includes:
  • a determining module configured to determine, according to the authentication information, whether each of the collaborative nodes approves the pre-center node
  • a calculating module configured to determine, according to the authentication information, when each of the collaborative nodes approves the pre-central node, calculate a number of cooperative nodes that approve the pre-central node.
  • the calculating module is further configured to calculate, according to each security node that approves the pre-central node, a security level of the pre-central node, and a security level of the pre-central node authentication.
  • the security level is carried in the authentication information and sent to the pre-center node.
  • the security indicator of the pre-central node is equal to a weighted sum of the security levels of the pre-central node authentication by the coordinating node that recognizes the pre-central node.
  • the determining module is further configured to: determine, when a new cooperative node applies to join the ubiquitous terminal network, determine whether the new collaborative node approves the central node;
  • the calculating module is further configured to: when the determining module determines that the new collaboration node approves the central node, updating the security indicator;
  • the transceiver unit is further configured to send the updated security indicator to each of the collaboration nodes.
  • the determining module is further configured to determine whether a cooperative node exits the ubiquitous terminal network
  • the calculating module is further configured to: when it is determined that the cooperative node exits the ubiquitous terminal network, update the security indicator;
  • the transceiver unit is further configured to send the updated security indicator to each of the collaboration nodes as historical authentication information of each of the coordinated nodes to the pre-center node.
  • the transceiver unit is further configured to send a message that the ubiquitous terminal network is successfully formed to the coordinated nodes.
  • the embodiment of the present invention further provides an authentication device for a ubiquitous terminal network, including: a receiving unit, configured to receive a request for authenticating a pre-center node;
  • An authentication unit configured to authenticate the pre-center node
  • the sending unit is configured to send the authentication information obtained by the authentication unit to the pre-center node.
  • the device further includes:
  • a sharing unit configured to share historical authentication information of each of the cooperative nodes with the pre-center node;
  • the authentication unit is configured to authenticate the pre-center node according to the historical authentication information shared by the sharing unit and the security setting of each of the collaboration nodes themselves.
  • the authentication unit includes:
  • a weighting module configured to perform weighted summation on a historical security level in the historical authentication information shared by the shared unit to obtain a reference security level
  • the authentication module is configured to: when the reference security level is greater than or equal to the security setting of the collaboration node, the collaboration node approves the pre-center node; the reference security level is less than the security setting of the collaboration node itself The cooperative node does not approve the pre-center node.
  • the receiving unit is further configured to receive a message that the ubiquitous terminal network is successfully formed
  • the apparatus also includes a second conversion unit configured to convert the coordinating node into a terminal node.
  • the pre-central node sends a request for authenticating the pre-center node to other coordinating nodes, and receives authentication information of each pre-center node by each coordinating node, when When the number of the cooperative nodes of the pre-central node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, and the ubiquitous terminal network is successfully formed.
  • the pre-central node is to establish a ubiquitous terminal network with itself as the center node, each co-node needs to authenticate the pre-center node, and only a certain number of cooperating nodes can authenticate through the pre-center node.
  • the networking is successful, which effectively ensures the security of the central node of the ubiquitous terminal network.
  • Figure 5 is a schematic diagram of another structure
  • Figure 6 is a schematic diagram of another structure
  • Figure 7 is a schematic view showing another structure of the arrangement
  • Figure 8 is a schematic view showing another structure of the arrangement
  • Fig. 9 is a schematic view showing another structure of the embodiment.
  • the present invention provides an authentication method and apparatus for a ubiquitous terminal network.
  • the present invention will be further described in detail below with reference to the accompanying drawings. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
  • an embodiment of the present invention provides an authentication method for a ubiquitous terminal network, including:
  • Step S11 The pre-central node sends a request for authenticating the pre-center node to each coordinated node, and receives authentication information of the pre-center node by each coordinated node.
  • Step S12 Determine, according to the received authentication information, a number of coordinated nodes that approve the pre-center node;
  • Step S13 if the number of the cooperative nodes that approve the pre-center node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, and the ubiquitous terminal network The formation was successful.
  • the pre-central node to be the central node sends a request for authenticating the pre-centre node to other coordinating nodes, and receives authentication information of each pre-center node by each co-node, when the co-node of the pre-central node is recognized
  • the pre-central node is converted into a central node, and the ubiquitous terminal network is successfully established.
  • each co-node needs to authenticate the pre-center node, and only a certain number of cooperating nodes can authenticate through the pre-center node.
  • the networking is successful, which effectively ensures the security of the central node of the ubiquitous terminal network.
  • the communication between the pre-central node and each coordinated node may be implemented by using various known communication methods, but in consideration of the fact that the networking has not been successful, in order to improve the communication efficiency between the nodes, Preferably, each node sends a message, data, or authentication request to other nodes in a broadcast manner.
  • the authentication information represents an evaluation of the security or trust level of the pre-center node by a collaborative node, and may include two pieces of information: an authentication result and a security level.
  • the authentication result indicates whether the pre-center node is recognized by the coordinating node after authentication, and if it is approved, the cooperating node is trusted by the pre-center node, and may join the ubiquitous terminal network formed by the pre-center node; If it is approved, it means that the collaborative node does not trust the pre-center node and does not join the ubiquitous terminal network formed by the pre-central node.
  • the security level indicates the security of the collaborative node to the pre-center node. The higher the security level, the better the security. Related association How the same node obtains the authentication information will be described in detail in the collaborative node section below.
  • the authentication result and the security level are only used to exemplify the features that the authentication information needs to include.
  • the authentication information may further describe the degree of trust of the cooperative node to the pre-center node by using other parameters. Whether or not the pre-center node is approved, the embodiment of the present invention does not limit this.
  • step S12 determining, according to the received authentication information, the number of the cooperative nodes that approve the pre-center node may include:
  • the pre-center node calculates the number of coordinating nodes that recognize the pre-center node.
  • Each method is required to authenticate the central node, and the method may further include: after the pre-central node determines, according to the authentication information, whether each of the coordinated nodes approves the pre-centre node, the method may further include: The pre-central node calculates the security indicator of the pre-central node according to the security level of the pre-central node authentication by the coordinating node that recognizes the pre-central node. The security level is carried in the authentication information and sent to the pre-center node.
  • the security indicator is a function of each security level of the collaboration node that recognizes the pre-center node.
  • the security indicator may be an average of the foregoing security levels, or may be after each security level is assigned a different weight factor.
  • the weighted sum may also be other functional relationships, which are not limited by the embodiments of the present invention.
  • step S13 if the number of the cooperative nodes that approve the pre-central node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, The ubiquitous terminal network is successfully formed. After the pre-center node is converted into a central node, after the ubiquitous terminal network is successfully formed, the central node may further A message that the ubiquitous terminal network is successfully formed is sent to the coordinated nodes, so that the coordinated nodes are ready to join the ubiquitous terminal network.
  • the pre-central node is converted to a cooperating node, and the ubiquitous terminal network formation fails.
  • many cooperating nodes may not recognize the pre-central node, and the number of coordinating nodes that authenticate through the pre-central node is insufficient to form a ubiquitous terminal network, thereby preventing The establishment of the network effectively maintains the security of the ubiquitous terminal network.
  • each node in the network can work together with each other, effectively improving the working efficiency of each node.
  • the network is allowed to dynamically adjust.
  • Each node can exit the network as needed, or a new collaborative node can join.
  • the central node determines whether the new coordinating node approves the central node; optionally, in this step, the central node
  • the security indicator can be directly sent to the new collaboration node for reference by the new collaboration node, so that the new collaboration node can authenticate the central node according to the security indicator of the central node, and determine whether to join the ubiquitous terminal. Come in the network.
  • the new cooperative node may also use other methods, such as referencing the historical authentication information of the central node to other coordinated nodes (ie, terminal nodes) in the network, and authenticating the central node, and the embodiment of the present invention does not Make restrictions.
  • the central node determines that the new collaborative node approves the central node, and the central node updates the security indicator, and sends the updated security indicator to each of the coordinated nodes. This is because the security index of the central node is related to the authentication of the central node by all the cooperative nodes in the network. When the new cooperative node joins the ubiquitous terminal network, the number of nodes in the network is sent. Changes have occurred and the central node needs to update its security metrics accordingly.
  • the central node determines whether there is a cooperative node exiting the ubiquitous terminal network
  • the central node updates the security indicator, and sends the updated security indicator to each of the coordinated nodes as historical authentication information of each of the coordinated nodes to the central node.
  • the historical authentication information can be used as a reference for other nodes to authenticate the central node.
  • an embodiment of the present invention further provides an authentication method for a ubiquitous terminal network, including the following steps:
  • Step S21 Each coordinated node receives a request for performing authentication on the pre-center node
  • Step S22 Each of the collaborative nodes performs authentication on the pre-center node.
  • Step S23 Each of the collaboration nodes sends the authentication information obtained by the authentication to the pre-center node. Both can authenticate the pre-central node that will form the ubiquitous terminal network and send the authentication information to the pre-central node, so that the pre-central node can determine whether it can be securely networked, thereby effectively ensuring the security of the central node of the ubiquitous terminal network. Sex.
  • a request for authenticating the pre-center node is generally sent to each coordinated node by means of broadcast. Accordingly, in step S21, each of the cooperating nodes also receives the request.
  • each coordinated node needs to authenticate the pre-central node, and the specific authentication method is not limited.
  • the security of the central node of the ubiquitous terminal network is further improved.
  • the method The method may further include: the cooperative nodes are shared with each other The historical authentication information of the pre-central node, that is, the authentication information that each of the co-nodes has had for the pre-central node; step S22 may specifically be, for each of the cooperating nodes, according to the shared historical authentication information and each The security setting of the collaboration node itself authenticates the pre-center node.
  • the collaboration node may perform weighted summation on the historical security level in the shared historical authentication information, thereby obtaining a reference security level, and comparing the reference security level with the security setting of the collaborative node itself. If the reference security level is greater than or equal to the security setting of the collaboration node, it indicates that the security requirement of the collaboration node for the network is not high, and the security of the pre-center node can meet the security requirement of the collaboration node, The cooperative node recognizes the pre-center node; on the contrary, if the reference security level is smaller than the security setting of the collaborative node itself, it indicates that the security requirement of the cooperative node is relatively high, and the security of the pre-central node cannot meet the coordination.
  • the coordination node does not approve the pre-center node. Because the authentication is based on the historical authentication information sharing of each coordinated node, the security and reliability of the central node elected in the collaborative networking process are fully authenticated, which ensures the security of the cooperative node in the process of participating in the collaborative task.
  • the recognition of the pre-center node by a single cooperative node does not necessarily guarantee the success of the networking. Therefore, it is not necessary to convert the cooperative node into a terminal node at this time. Only when the coordinating node recognizes the pre-central node and receives the message that the ubiquitous terminal network is successfully formed, the cooperating node is converted into the terminal node and joins the ubiquitous terminal network.
  • a notebook is selected as a pre-center node by mutual discovery and the like.
  • the authentication request is initiated by the notebook to each collaborative terminal, and each collaborative terminal shares its own security requirements through the sharing of historical authentication information, for example, the mobile phone has special security requirements. High, the authentication result may regard the notebook as an unreliable central node and will not join the collaborative network (ubiquitous terminal network).
  • the notebook After the notebook collects the authentication results of all the cooperative nodes, after calculation, if the number of cooperative nodes that recognize the notebook as the central node meets the minimum number of nodes required for data sharing and link aggregation, then the notebook initiates a role conversion request, and the notebook becomes the collaboration.
  • Network center node other devices become collaborative nodes.
  • the notebook broadcasts its own security indicators to all the cooperative nodes.
  • the newly joined node obtains the security index of the central node, determines whether to join the collaborative network according to its own security requirements, and implements the central node.
  • Certification When a collaborative node exits from the network, it needs to obtain the latest security indicator value of the notebook as the basis for the central node authentication when it is coordinated again. Whether there is a new node join or a node exit, the central node notebook needs to update its security metric value.
  • the certification method #zhang detailed description.
  • the authentication method for the ubiquitous terminal network mainly includes the following steps:
  • Step 101 The pre-center node broadcasts the authentication.
  • the ubiquitous terminal In this step, in the peer-to-peer scenario, the ubiquitous terminal generates a pre-central node for better collaborative election, and other nodes act as cooperative nodes. To ensure security, the pre-central node broadcasts a message to all the cooperative nodes to initiate authentication. request.
  • Step 102 Each coordinated node broadcasts and collects historical authentication information.
  • each coordinated node shares the historical authentication information of the pre-center node stored in the peer-to-peer mode to other coordinated nodes, and collects other cooperative nodes.
  • the shared history authentication information is used by step 103.
  • Step 103 The collaboration node gives the authentication information in combination with its own security settings.
  • the collaborative node uses the historical authentication information of the pre-center node of the other cooperative nodes obtained in step 102 as a reference, and combines the security setting requirements of the user, that is, the given security.
  • the full threshold determines whether the pre-authentication center meets the security requirements of the collaborative node. Please refer to the previous article for details.
  • Step 104 The pre-center node collects the authentication information of each coordinated node.
  • each of the cooperative terminals transmits the authentication information given in step 103 to the pre-center node, and the authentication information includes the authentication result and the security level.
  • the authentication result is also whether the pre-center node meets the security requirement of the coordinating node, that is, whether the coordinating node approves the pre-center node; the security level is a parameter describing the degree of trust of the cooperating node to the pre-central node.
  • Step 105 The pre-center node calculates a security indicator and initiates a role transition.
  • the pre-central node performs statistical analysis on the authentication information obtained in step 104, including calculating the security requirements of how many coordinated nodes are met, and if the number of nodes passing is less than the minimum number of nodes required by the collaborative network, The role is converted, canceled as the central node; if the number of nodes passing through meets the minimum number of nodes required by the collaborative network, the average value of the security level of the coordinated node that recognizes the pre-central node is calculated as the security indicator of the pre-central node, and is initiated.
  • the pre-center node is converted into the central node of the collaborative network, and the cooperative node is converted into the terminal node to join the collaborative network, and other cooperative nodes exit the network because of high security requirements.
  • Step 106 The central node broadcasts the calculated security indicator.
  • the central node needs to broadcast the result of the calculation in step 105, that is, the security indicator, for reference by the newly joined collaborative node, and may also be saved as the historical authentication information in the coordinated node when the coordinated node exits, for Collaborate again in the future.
  • Step 107 A new node joins, and the central node obtains the newly added node authentication information.
  • the newly added collaborative node obtains the security indicator calculation result of the central node, and determines whether to join the collaborative network according to its own security configuration requirement, and gives the authentication information of the central node.
  • Step 108 The central node updates the security indicator and broadcasts.
  • the central node recalculates its security index and updates the calculation result.
  • Step 109 A node exits, and the exit node obtains the latest security indicator as historical authentication information.
  • the exiting collaborative node stores the latest security indicator of the obtained central node locally, as the basis for the next authentication, as the historical authentication information for re-establishing the collaborative network.
  • Step 110 The central node updates the security indicator and broadcasts.
  • the central node recalculates its security index, updates the calculation result, and broadcasts.
  • the high-efficiency authentication of the central node in the process of joining the collaborative network can be realized, which not only realizes the sharing of historical authentication information of each coordinated terminal, but also combines the security requirements of the user, and ensures the reliability of the central node. .
  • an embodiment of the present invention further provides an authentication apparatus for a ubiquitous terminal network, including:
  • the transceiver unit 11 is configured to send a request for authenticating the pre-center node to each coordinated node, and receive authentication information of the pre-center node by each coordinated node;
  • the determining unit 12 is configured to determine, according to the authentication information received by the transceiver unit 11, the number of the cooperative nodes that approve the pre-center node;
  • the first converting unit 13 is configured to convert the pre-center node into a central node if the number of the cooperative nodes that approve the pre-central node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network. Sending, by the transceiver unit 11, a request for authenticating the pre-center node to other coordinating nodes, and receiving authentication information of each pre-center node by each cooperating node, when determining unit 12 determines the When the number of the cooperative nodes of the pre-center node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-center node can be converted into a central node by the first converting unit 13, thereby The ubiquitous terminal network was successfully formed.
  • each co-node needs to authenticate the pre-center node, and only a certain number of cooperating nodes can authenticate through the pre-center node.
  • the networking is successful, which effectively ensures the security of the central node of the ubiquitous terminal network.
  • the first conversion unit 13 is further configured to convert the pre-center node to the minimum number of nodes required to form the ubiquitous terminal network if the number determined by the determining unit 12 to approve the pre-center node is Collaborative node.
  • the determining unit 12 may include:
  • the determining module 121 is configured to determine, according to the authentication information, that each of the collaborative nodes is a denial of the pre-center node;
  • the calculating module 122 is configured to calculate the number of the cooperative nodes that approve the pre-central node.
  • the calculating module 122 is further configured to calculate a security indicator of the pre-central node according to a security level that is recognized by the coordinating node of the pre-central node.
  • the security indicator of the pre-center node may be equal to a weighted sum of the security levels of the pre-central node authentication by the coordinating node that recognizes the pre-center node.
  • the determining module 121 is further configured to determine whether a new cooperative node applies to join the ubiquitous terminal network; if yes, the determining module 121 is further configured to determine the new Whether the collaborative node approves the central node;
  • the calculating module 122 is further configured to: if the determining module 121 determines that the new collaborative node recognizes the central node, updating the security indicator;
  • the transceiver unit 11 is further configured to send the updated security indicator to each of the coordinated nodes.
  • the determining module 121 is further configured to determine whether a cooperating node exits the ubiquitous terminal network; and the calculating module 122 is further configured to determine that there is a collaboration.
  • the node exits the ubiquitous terminal network, and updates the security indicator.
  • the transceiver unit 11 is further configured to send the updated security indicator to each of the coordinated nodes, as each of the coordinated nodes and the pre-central node. Historical certification information.
  • the transceiver unit 11 is further configured to send a message that the ubiquitous terminal network is successfully formed to each of the coordinated nodes.
  • an embodiment of the present invention further includes an authentication device configured to be a ubiquitous terminal network, including:
  • the receiving unit 21 is configured to receive a request for authenticating the pre-center node
  • the authentication unit 22 is configured to authenticate the pre-center node
  • the sending unit 23 is configured to send the authentication information obtained by the authentication unit to the pre-center node.
  • each of the cooperative nodes can authenticate the pre-central node that will form the ubiquitous terminal network and send the authentication information to the pre-central node, so that the pre-center node can determine whether the network can be securely networked. Therefore, the security of the central node of the ubiquitous terminal network is effectively guaranteed.
  • the apparatus may further include: a sharing unit 24 configured to share historical authentication information of each of the coordinated nodes with the pre-center node; the authentication unit 22 is specifically configured to be according to the sharing The historical authentication information shared by the unit and the security settings of each of the collaborative nodes themselves authenticate the pre-center node.
  • a sharing unit 24 configured to share historical authentication information of each of the coordinated nodes with the pre-center node
  • the authentication unit 22 is specifically configured to be according to the sharing The historical authentication information shared by the unit and the security settings of each of the collaborative nodes themselves authenticate the pre-center node.
  • the authentication unit 22 may include:
  • the weighting module 221 is configured to perform weighted summation of the historical security level in the historical authentication information shared by the sharing unit to obtain a reference security level;
  • the authentication module 222 is configured to: if the reference security level is greater than or equal to the security setting of the collaboration node itself, the collaboration node approves the pre-center node; The full level is smaller than the security setting of the collaborative node itself, and the collaborative node does not approve the pre-central node.
  • the receiving unit 21 is further configured to receive the message that the ubiquitous terminal network is successfully formed.
  • the apparatus further includes a second converting unit 25 configured to approve the pre-center at the authenticating unit 22. After receiving the message that the ubiquitous terminal network is successfully formed, the receiving unit 21 converts the coordinated node into a terminal node.
  • the pre-central node sends a request for authenticating the pre-center node to other coordinating nodes, and receives authentication information of each pre-center node by each cooperating node, when the cooperation of the pre-central node is recognized
  • the pre-central node is converted into a central node, and the ubiquitous terminal network is successfully established.
  • each co-node needs to authenticate the pre-center node, and only a certain number of cooperating nodes can authenticate through the pre-center node.
  • the networking is successful, which effectively ensures the security of the central node of the ubiquitous terminal network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed is an authentication method and device for use in ubiquitous terminal networks, relates to the technical field of network communications, and solves the problem of the prior art wherein a central node of an ubiquitous terminal network is insufficiently secure. The method comprises: a pre-central node sends, to each terminal node, a request to engage in the authentication of said pre-central node, and receives, from each said terminal node, information regarding the authentication of said pre-central node; in accordance with the received authentication information, the number of terminal nodes which approve said pre-central node is determined; if the number of terminal nodes which approve said pre-central node is greater than or equal to the minimum number of nodes necessary to form said ubiquitous terminal network, said pre-central node becomes a central node and the establishment of the ubiquitous terminal network is successful. The present invention can be used in ubiquitous terminal networks.

Description

一种用于泛在终端网络的认证方法和装置 技术领域  Authentication method and device for ubiquitous terminal network
本发明涉及网络通信技术领域, 特别是涉及一种用于泛在终端网络的 认证方法和装置。 背景技术  The present invention relates to the field of network communication technologies, and in particular, to an authentication method and apparatus for a ubiquitous terminal network. Background technique
随着通信技术的不断发展,手机、 电脑、个人数字助理(PDA, Personal Digital Assistant )等终端也越来越多、 越来越普及。 将这些终端相互联系形 成泛在终端网络, 多个终端就可以协同工作, 从而大大提高终端的工作效 率、 令终端的使用更加便捷。  With the continuous development of communication technologies, terminals such as mobile phones, computers, and personal digital assistants (PDAs) are becoming more and more popular. By connecting these terminals to each other to form a ubiquitous terminal network, multiple terminals can work together, thereby greatly improving the working efficiency of the terminal and making the terminal more convenient to use.
上述终端组网时, 需要在多个对等的节点中选举出中心节点, 从而使 多个终端形成一定的网络架构来为上层服务提供支持。 由于中心节点处于 该网络的中心位置, 因此中心节点的安全性对泛在终端网络的整体安全性 至关重要。  When the terminal is connected to the network, the central node needs to be elected among multiple peer nodes, so that multiple terminals form a certain network architecture to support the upper layer service. Since the central node is at the center of the network, the security of the central node is critical to the overall security of the ubiquitous terminal network.
现有技术中, 一般可以在对等的网络的多个协同节点中直接指定出泛 在终端网络的中心节点, 再由该中心节点对每一个欲加入该泛在终端网络 的协同节点进行安全性认证, 通过认证的协同节点和中心节点一起形成泛 在终端网络。 然而, 中心节点本身的安全性却没有适当的方法或机制来保 证。 发明内容  In the prior art, a central node of a ubiquitous terminal network can be directly specified in multiple cooperative nodes of a peer-to-peer network, and then the central node performs security for each collaborative node that wants to join the ubiquitous terminal network. Authentication, the authenticated collaborative node and the central node together form a ubiquitous terminal network. However, the security of the central node itself is not guaranteed by appropriate methods or mechanisms. Summary of the invention
有鉴于此, 本发明实施例希望提供一种用于泛在终端网络的认证方法 和装置, 至少解决了现有技术中泛在终端网络的中心节点安全性不足的问 题。 本发明实施例提供了一种用于泛在终端网络的认证方法, 包括: 预中心节点向各协同节点发送对所述预中心节点进行认证的请求; 预中心节点接收所述各协同节点对所述预中心节点的认证信息; 确定认可所述预中心节点的协同节点的数量; In view of this, the embodiments of the present invention are directed to providing an authentication method and apparatus for a ubiquitous terminal network, which at least solves the problem of insufficient security of a central node of a ubiquitous terminal network in the prior art. An embodiment of the present invention provides an authentication method for a ubiquitous terminal network, including: a pre-central node sends a request for authenticating the pre-central node to each coordinated node; and the pre-center node receives the collation node Determining authentication information of the pre-center node; determining the number of coordinating nodes that approve the pre-center node;
所述认可所述预中心节点的协同节点的数量大于或等于形成所述泛在 终端网络所需的最少节点数时, 所述预中心节点转换为中心节点, 所述泛 在终端网络组建成功。  When the number of the cooperative nodes that the pre-central node is recognized is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, and the ubiquitous terminal network is successfully formed.
优选地, 在所述确定认可所述预中心节点的协同节点的数量之后, 所 述方法还包括:  Preferably, after the determining the number of the cooperative nodes that approve the pre-central node, the method further includes:
认可所述预中心节点的协同节点的数量小于形成所述泛在终端网络所 需的最少节点数时, 所述预中心节点转换为协同节点, 所述泛在终端网络 组建失败。  When the number of the cooperative nodes that recognize the pre-center node is smaller than the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a cooperative node, and the ubiquitous terminal network formation fails.
具体的, 所述确定认可所述预中心节点的协同节点的数量包括: 所述预中心节点根据所述认证信息确定每个所述协同节点是否认可所 述预中心节点;  Specifically, the determining, by the number of the coordinated nodes of the pre-central node, the determining, by the pre-central node, determining, according to the authentication information, whether each of the cooperative nodes approves the pre-center node;
所述预中心节点计算认可所述预中心节点的协同节点的数量。  The pre-center node calculates the number of coordinating nodes that recognize the pre-center node.
可选的, 在所述预中心节点根据所述认证信息确定每个所述协同节点 是否认可所述预中心节点之后, 所述方法还包括:  Optionally, after the pre-central node determines, according to the authentication information, whether each of the collaboration nodes approves the pre-center node, the method further includes:
所述预中心节点根据各个认可所述预中心节点的协同节点对所述预中 心节点认证的安全等级计算所述预中心节点的安全性指标, 其中, 所述安 全等级携带在所述认证信息中发送至所述预中心节点。  The pre-central node calculates a security indicator of the pre-central node according to a security level of the pre-central node authentication by the coordinating node that recognizes the pre-central node, where the security level is carried in the authentication information. Send to the pre-center node.
可选的, 所述预中心节点的安全性指标等于各个认可所述预中心节点 的协同节点对所述预中心节点认证的安全等级的加权之和。  Optionally, the security indicator of the pre-central node is equal to a weighted sum of the security levels of the pre-central node authentication by the coordinating node that recognizes the pre-central node.
优选地, 在所述泛在终端网络组建成功之后, 所述方法还包括: 所述中心节点确定有新的协同节点申请加入所述泛在终端网络时, 所 述中心节点确定所述新的协同节点认可所述中心节点, 所述中心节点更新 所述安全性指标, 将更新后的安全性指标发送给各所述协同节点。 Preferably, after the ubiquitous terminal network is successfully formed, the method further includes: when the central node determines that a new cooperative node applies to join the ubiquitous terminal network, The central node determines that the new collaborative node approves the central node, and the central node updates the security indicator, and sends the updated security indicator to each of the coordinated nodes.
可选的, 在所述泛在终端网络组建成功之后, 所述方法还包括: 所述中心节点确定是否有协同节点退出所述泛在终端网络时, 所述中 心节点更新所述安全性指标, 将更新后的安全性指标发送给各所述协同节 点, 作为各所述协同节点对所述中心节点的历史认证信息。  Optionally, after the ubiquitous terminal network is successfully configured, the method further includes: when the central node determines whether a coordinated node exits the ubiquitous terminal network, the central node updates the security indicator, And sending the updated security indicator to each of the coordinated nodes as historical authentication information of each of the coordinated nodes to the central node.
优选地, 在所述预中心节点转换为中心节点, 所述泛在终端网络组建 成功之后, 所述方法还包括:  Preferably, after the pre-center node is converted into a central node, and the ubiquitous terminal network is successfully formed, the method further includes:
将所述泛在终端网络组建成功的消息发送给所述各协同节点。  Sending a message that the ubiquitous terminal network is successfully formed to the coordinated nodes.
本发明实施例还提供了一种用于泛在终端网络的认证方法, 包括: 各协同节点接收对预中心节点进行认证的请求;  An embodiment of the present invention further provides an authentication method for a ubiquitous terminal network, including: each cooperative node receiving a request for authenticating a pre-center node;
每个所述协同节点对所述预中心节点进行认证;  Each of the collaborative nodes authenticates the pre-center node;
每个所述协同节点将认证得到的认证信息发送给所述预中心节点。 优选地, 在所述各协同节点接收对预中心节点进行认证的请求之后, 在所述每个所述协同节点对所述预中心节点进行认证之前, 所述方法还包 括:  Each of the collaborative nodes sends the authentication information obtained by the authentication to the pre-center node. Preferably, after the each cooperative node receives the request for authenticating the pre-central node, before the each of the cooperative nodes authenticates the pre-central node, the method further includes:
所述各协同节点彼此共享各自对所述预中心节点的历史认证信息; 所述每个所述协同节点对所述预中心节点进行认证包括:  Each of the cooperative nodes shares the history authentication information of the pre-center node with each other; and the authentication of the pre-center node by each of the coordinated nodes includes:
每个所述协同节点根据共享的所述历史认证信息以及每个所述协同节 点自身的安全性设置, 对所述预中心节点进行认证。  Each of the collaborative nodes authenticates the pre-center node according to the shared historical authentication information and the security settings of each of the collaborative nodes themselves.
可选的, 所述每个所述协同节点根据共享的所述历史认证信息以及每 个所述协同节点自身的安全性设置, 对所述预中心节点进行认证包括: 协同节点对共享的所述历史认证信息中的历史安全等级进行加权求和 获得参考安全等级;  Optionally, the each of the collaboration nodes performs the authentication on the pre-central node according to the shared historical authentication information and the security settings of each of the collaboration nodes, including: The historical security level in the historical authentication information is weighted and summed to obtain a reference security level;
所述参考安全等级大于或等于所述协同节点自身的安全性设置时, 所 述协同节点认可所述预中心节点; When the reference security level is greater than or equal to the security setting of the collaboration node itself, The cooperative node recognizes the pre-center node;
所述参考安全等级小于所述协同节点自身的安全性设置时, 所述协同 节点不认可所述预中心节点。  When the reference security level is less than the security setting of the collaboration node itself, the collaboration node does not approve the pre-center node.
优选地, 在所述每个所述协同节点将认证得到的认证信息发送给所述 预中心节点之后, 所述方法还包括:  Preferably, after the each of the collaboration nodes sends the authentication information obtained by the authentication to the pre-center node, the method further includes:
接收所述泛在终端网络组建成功的消息;  Receiving a message that the ubiquitous terminal network is successfully formed;
将所述协同节点转换为终端节点。  Converting the collaborative node to a terminal node.
本发明实施例还提供了一种用于泛在终端网络的认证装置, 包括: 收发单元, 配置为向各协同节点发送对预中心节点进行认证的请求和 接收所述各协同节点对所述预中心节点的认证信息;  The embodiment of the present invention further provides an authentication device for a ubiquitous terminal network, including: a transceiver unit, configured to send a request for authenticating a pre-center node to each coordinated node, and receive the cooperative node to receive the pre-node Authentication information of the central node;
确定单元, 配置为根据所述收发单元接收的所述认证信息, 确定认可 所述预中心节点的协同节点的数量;  a determining unit, configured to determine, according to the authentication information received by the transceiver unit, a number of coordinated nodes that approve the pre-center node;
第一转换单元, 配置为所述认可所述预中心节点的协同节点的数量大 于或等于形成所述泛在终端网络所需的最少节点数时, 将所述预中心节点 转换为中心节点, 所述泛在终端网络组建成功。  a first converting unit, configured to convert the pre-central node into a central node when the number of cooperative nodes that recognize the pre-central node is greater than or equal to a minimum number of nodes required to form the ubiquitous terminal network The ubiquitous terminal network was successfully formed.
优选地, 所述第一转换单元还配置为所述确定单元确定的认可所述预 中心节点的协同节点的数量小于形成所述泛在终端网络所需的最少节点数 时, 将所述预中心节点转换为协同节点。  Preferably, the first converting unit is further configured to: when the determining unit determines that the number of the cooperative nodes that approve the pre-central node is smaller than the minimum number of nodes required to form the ubiquitous terminal network, the pre-center The node is converted to a collaborative node.
可选的, 所述确定单元包括:  Optionally, the determining unit includes:
确定模块, 配置为根据所述认证信息确定每个所述协同节点是否认可 所述预中心节点;  a determining module, configured to determine, according to the authentication information, whether each of the collaborative nodes approves the pre-center node;
计算模块, 配置为根据所述认证信息确定每个所述协同节点认可所述 预中心节点时, 计算认可所述预中心节点的协同节点的数量。  And a calculating module, configured to determine, according to the authentication information, when each of the collaborative nodes approves the pre-central node, calculate a number of cooperative nodes that approve the pre-central node.
可选的, 所述计算模块还配置为根据各个认可所述预中心节点的协同 节点对所述预中心节点认证的安全等级计算所述预中心节点的安全性指 标, 其中, 所述安全等级携带在所述认证信息中发送至所述预中心节点。 可选的, 所述预中心节点的安全性指标等于各个认可所述预中心节点 的协同节点对所述预中心节点认证的安全等级的加权之和。 Optionally, the calculating module is further configured to calculate, according to each security node that approves the pre-central node, a security level of the pre-central node, and a security level of the pre-central node authentication. The security level is carried in the authentication information and sent to the pre-center node. Optionally, the security indicator of the pre-central node is equal to a weighted sum of the security levels of the pre-central node authentication by the coordinating node that recognizes the pre-central node.
可选的, 所述确定模块, 还配置为确定有新的协同节点申请加入所述 泛在终端网络时, 确定所述新的协同节点是否认可所述中心节点;  Optionally, the determining module is further configured to: determine, when a new cooperative node applies to join the ubiquitous terminal network, determine whether the new collaborative node approves the central node;
可选的, 所述计算模块, 还配置为所述确定模块确定所述新的协同节 点认可所述中心节点时, 更新所述安全性指标;  Optionally, the calculating module is further configured to: when the determining module determines that the new collaboration node approves the central node, updating the security indicator;
优选地, 所述收发单元, 还配置为将更新后的安全性指标发送给各所 述协同节点。  Preferably, the transceiver unit is further configured to send the updated security indicator to each of the collaboration nodes.
优选地, 所述确定模块, 还配置为确定是否有协同节点退出所述泛在 终端网络;  Preferably, the determining module is further configured to determine whether a cooperative node exits the ubiquitous terminal network;
所述计算模块, 还配置为确定有协同节点退出所述泛在终端网络时, 更新所述安全性指标;  The calculating module is further configured to: when it is determined that the cooperative node exits the ubiquitous terminal network, update the security indicator;
所述收发单元, 还配置为将更新后的安全性指标发送给各所述协同节 点, 作为各所述协同节点对所述预中心节点的历史认证信息。  The transceiver unit is further configured to send the updated security indicator to each of the collaboration nodes as historical authentication information of each of the coordinated nodes to the pre-center node.
优选地, 所述收发单元, 还配置为将所述泛在终端网络组建成功的消 息发送给所述各协同节点。  Preferably, the transceiver unit is further configured to send a message that the ubiquitous terminal network is successfully formed to the coordinated nodes.
本发明实施例还提供了一种用于泛在终端网络的认证装置, 包括: 接收单元, 配置为接收对预中心节点进行认证的请求;  The embodiment of the present invention further provides an authentication device for a ubiquitous terminal network, including: a receiving unit, configured to receive a request for authenticating a pre-center node;
认证单元, 配置为对所述预中心节点进行认证;  An authentication unit, configured to authenticate the pre-center node;
发送单元, 配置为将所述认证单元认证得到的认证信息发送给所述预 中心节点。  The sending unit is configured to send the authentication information obtained by the authentication unit to the pre-center node.
优选地, 所述装置还包括:  Preferably, the device further includes:
共享单元, 配置为彼此共享各协同节点对所述预中心节点的历史认证 信息; 所述认证单元, 配置为根据所述共享单元共享的所述历史认证信息以 及每个所述协同节点自身的安全性设置, 对所述预中心节点进行认证。 a sharing unit configured to share historical authentication information of each of the cooperative nodes with the pre-center node; The authentication unit is configured to authenticate the pre-center node according to the historical authentication information shared by the sharing unit and the security setting of each of the collaboration nodes themselves.
可选的, 所述认证单元包括:  Optionally, the authentication unit includes:
加权模块, 配置为对所述共享单元共享的所述历史认证信息中的历史 安全等级进行加权求和获得参考安全等级;  a weighting module, configured to perform weighted summation on a historical security level in the historical authentication information shared by the shared unit to obtain a reference security level;
认证模块, 配置为所述参考安全等级大于或等于所述协同节点自身的 安全性设置时, 所述协同节点认可所述预中心节点; 所述参考安全等级小 于所述协同节点自身的安全性设置时, 所述协同节点不认可所述预中心节 点。  The authentication module is configured to: when the reference security level is greater than or equal to the security setting of the collaboration node, the collaboration node approves the pre-center node; the reference security level is less than the security setting of the collaboration node itself The cooperative node does not approve the pre-center node.
优选地, 所述接收单元, 还配置为接收所述泛在终端网络组建成功的 消息;  Preferably, the receiving unit is further configured to receive a message that the ubiquitous terminal network is successfully formed;
所述装置还包括第二转换单元, 配置为将所述协同节点转换为终端节 点。  The apparatus also includes a second conversion unit configured to convert the coordinating node into a terminal node.
本发明实施例有益效果如下: 程中, 预中心节点会向其他协同节点发送对所述预中心节点进行认证的请 求, 并接收各协同节点对所述预中心节点的认证信息, 当认可所述预中心 节点的协同节点的数量大于或等于形成所述泛在终端网络所需的最少节点 数时, 所述预中心节点转换为中心节点, 所述泛在终端网络组建成功。 这 样, 当一个预中心节点将要以自己为中心节点组建一个泛在终端网络时, 还需要各个协同节点对该预中心节点进行认证, 只有一定数量的协同节点 都认证通过该预中心节点时, 才能组网成功, 从而有效保证了泛在终端网 络的中心节点的安全性。 附图说明  The beneficial effects of the embodiments of the present invention are as follows: In the process, the pre-central node sends a request for authenticating the pre-center node to other coordinating nodes, and receives authentication information of each pre-center node by each coordinating node, when When the number of the cooperative nodes of the pre-central node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, and the ubiquitous terminal network is successfully formed. In this way, when a pre-central node is to establish a ubiquitous terminal network with itself as the center node, each co-node needs to authenticate the pre-center node, and only a certain number of cooperating nodes can authenticate through the pre-center node. The networking is successful, which effectively ensures the security of the central node of the ubiquitous terminal network. DRAWINGS
一种流程 图 2 ^ 一种 程图; a process Figure 2 ^ A process diagram;
图 3 是  Figure 3 is
的流程图; Flow chart
图 4 是
Figure imgf000009_0001
Figure 4 is
Figure imgf000009_0001
示意图; Schematic diagram
图 5是 -置的另一种结 构示意图  Figure 5 is a schematic diagram of another structure
图 6是 -置的另一种结 构示意图  Figure 6 is a schematic diagram of another structure
图 7是 -置的另一种结 构示意图;  Figure 7 is a schematic view showing another structure of the arrangement;
图 8是 -置的另一种结 构示意图;  Figure 8 is a schematic view showing another structure of the arrangement;
图 9是 -置的另一种结 构示意图 具体实施方式  Fig. 9 is a schematic view showing another structure of the embodiment.
本发明提供了一种用于泛在终端网络的认证方法和装置, 以下结合附 图对本发明进行进一步详细说明。 应当理解, 此处所描述的具体实施例仅 仅用以解释本发明, 并不限定本发明。  The present invention provides an authentication method and apparatus for a ubiquitous terminal network. The present invention will be further described in detail below with reference to the accompanying drawings. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
如图 1所示, 本发明的实施例提供一种用于泛在终端网络的认证方法, 包括:  As shown in FIG. 1, an embodiment of the present invention provides an authentication method for a ubiquitous terminal network, including:
步骤 S11, 预中心节点向各协同节点发送对所述预中心节点进行认证的 请求和接收所述各协同节点对所述预中心节点的认证信息; 步骤 S12, 根据接收的所述认证信息, 确定认可所述预中心节点的协同 节点的数量; Step S11: The pre-central node sends a request for authenticating the pre-center node to each coordinated node, and receives authentication information of the pre-center node by each coordinated node. Step S12: Determine, according to the received authentication information, a number of coordinated nodes that approve the pre-center node;
步骤 S13, 如果所述认可所述预中心节点的协同节点的数量大于或等于 形成所述泛在终端网络所需的最少节点数, 所述预中心节点转换为中心节 点, 所述泛在终端网络组建成功。 将要成为中心节点的预中心节点会向其他协同节点发送对所述预中心节点 进行认证的请求, 并接收各协同节点对所述预中心节点的认证信息, 当认 可所述预中心节点的协同节点的数量大于或等于形成所述泛在终端网络所 需的最少节点数时, 所述预中心节点转换为中心节点, 所述泛在终端网络 组建成功。 这样, 当一个预中心节点将要以自己为中心节点组建一个泛在 终端网络时, 还需要各个协同节点对该预中心节点进行认证, 只有一定数 量的协同节点都认证通过该预中心节点时, 才能组网成功, 从而有效保证 了泛在终端网络的中心节点的安全性。  Step S13, if the number of the cooperative nodes that approve the pre-center node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, and the ubiquitous terminal network The formation was successful. The pre-central node to be the central node sends a request for authenticating the pre-centre node to other coordinating nodes, and receives authentication information of each pre-center node by each co-node, when the co-node of the pre-central node is recognized When the number of nodes is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, and the ubiquitous terminal network is successfully established. In this way, when a pre-central node is to establish a ubiquitous terminal network with itself as the center node, each co-node needs to authenticate the pre-center node, and only a certain number of cooperating nodes can authenticate through the pre-center node. The networking is successful, which effectively ensures the security of the central node of the ubiquitous terminal network.
可选的, 在步骤 S11中, 预中心节点与各个协同节点之间的通信可以釆 用各种已知的通信方式实现, 但考虑到组网尚未成功, 为了提高各节点之 间的通信效率, 优选的, 各节点釆用广播方式向其他节点发送信息、 数据 或认证请求等。  Optionally, in step S11, the communication between the pre-central node and each coordinated node may be implemented by using various known communication methods, but in consideration of the fact that the networking has not been successful, in order to improve the communication efficiency between the nodes, Preferably, each node sends a message, data, or authentication request to other nodes in a broadcast manner.
需要说明的是, 认证信息代表了一个协同节点对预中心节点的安全性 或信任程度的一种评价, 可以包括两项信息: 认证结果和安全等级。 其中, 认证结果表示协同节点经过认证后, 是否认可该预中心节点, 如果认可则 表示该协同节点对该预中心节点是信任的, 可以加入由该预中心节点组建 的泛在终端网络; 如果不认可, 则表示该协同节点对该预中心节点不信任, 不加入该预中心节点组建的泛在终端网络。 而安全等级则表示该协同节点 对该预中心节点的安全性的评级, 安全等级越高说明安全性越好。 有关协 同节点是如何获得认证信息的, 将在后文的协同节点部分详细介绍。 It should be noted that the authentication information represents an evaluation of the security or trust level of the pre-center node by a collaborative node, and may include two pieces of information: an authentication result and a security level. The authentication result indicates whether the pre-center node is recognized by the coordinating node after authentication, and if it is approved, the cooperating node is trusted by the pre-center node, and may join the ubiquitous terminal network formed by the pre-center node; If it is approved, it means that the collaborative node does not trust the pre-center node and does not join the ubiquitous terminal network formed by the pre-central node. The security level indicates the security of the collaborative node to the pre-center node. The higher the security level, the better the security. Related association How the same node obtains the authentication information will be described in detail in the collaborative node section below.
需要说明的是, 认证结果和安全等级只是用来举例说明认证信息需要 包括的特征, 在本发明的其他实施例中, 认证信息还可以用其他参数来描 述协同节点对预中心节点的信任程度以及是否认可该预中心节点, 本发明 的实施例对此不^限定。  It should be noted that the authentication result and the security level are only used to exemplify the features that the authentication information needs to include. In other embodiments of the present invention, the authentication information may further describe the degree of trust of the cooperative node to the pre-center node by using other parameters. Whether or not the pre-center node is approved, the embodiment of the present invention does not limit this.
具体的, 步骤 S12中, 根据接收的所述认证信息, 确定认可所述预中心 节点的协同节点的数量可以包括:  Specifically, in step S12, determining, according to the received authentication information, the number of the cooperative nodes that approve the pre-center node may include:
所述预中心节点根据所述认证信息确定每个所述协同节点是否认可所 述预中心节点;  Determining, by the pre-central node, whether each of the cooperative nodes approves the pre-center node according to the authentication information;
所述预中心节点计算认可所述预中心节点的协同节点的数量。  The pre-center node calculates the number of coordinating nodes that recognize the pre-center node.
由于泛在终端网络内部各个节点之间以及泛在终端网络与网络外的节 点之间常常需要进行数据交换或者是安全性认证, 为了使预中心节点的安 全性有一个参考性的标准, 而不用经常要求各个协同节点对该中心节点进 行认证, 优选的, 在所述预中心节点根据所述认证信息确定每个所述协同 节点是否认可所述预中心节点之后, 该方法还可以包括: 所述预中心节点 根据各个认可所述预中心节点的协同节点对预中心节点认证的安全等级计 算所述预中心节点的安全性指标。 其中, 所述安全等级携带在所述认证信 息中发送至所述预中心节点。 该安全性指标是各个认可所述预中心节点的 协同节点的安全等级的函数, 例如, 安全性指标可以是上述各安全等级的 平均数, 也可以是各个安全等级配以不同的权重因子后的加权和, 当然还 可以是其他函数关系, 本发明的实施例对此不做限定。  Since the ubiquitous terminal network and the ubiquitous terminal network and the nodes outside the network often need data exchange or security authentication, in order to make the security of the pre-center node have a reference standard, without using Each method is required to authenticate the central node, and the method may further include: after the pre-central node determines, according to the authentication information, whether each of the coordinated nodes approves the pre-centre node, the method may further include: The pre-central node calculates the security indicator of the pre-central node according to the security level of the pre-central node authentication by the coordinating node that recognizes the pre-central node. The security level is carried in the authentication information and sent to the pre-center node. The security indicator is a function of each security level of the collaboration node that recognizes the pre-center node. For example, the security indicator may be an average of the foregoing security levels, or may be after each security level is assigned a different weight factor. The weighted sum, of course, may also be other functional relationships, which are not limited by the embodiments of the present invention.
本实施例中, 在步骤 S13中, 如果认可所述预中心节点的协同节点的数 量大于或等于形成所述泛在终端网络所需的最少节点数, 则所述预中心节 点转换为中心节点, 所述泛在终端网络组建成功。 在所述预中心节点转换 为中心节点, 所述泛在终端网络组建成功之后, 所述中心节点还可将所述 泛在终端网络组建成功的消息发送给所述各协同节点, 以使所述各协同节 点做好加入该泛在终端网络的准备。 In this embodiment, in step S13, if the number of the cooperative nodes that approve the pre-central node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, The ubiquitous terminal network is successfully formed. After the pre-center node is converted into a central node, after the ubiquitous terminal network is successfully formed, the central node may further A message that the ubiquitous terminal network is successfully formed is sent to the coordinated nodes, so that the coordinated nodes are ready to join the ubiquitous terminal network.
相反, 如果认可所述预中心节点的协同节点的数量小于形成所述泛在 终端网络所需的最少节点数, 则所述预中心节点转换为协同节点, 所述泛 在终端网络组建失败。 这样, 当一个预中心节点的安全性较差时, 很多协 同节点可能都不会认可该预中心节点, 认证通过该预中心节点的协同节点 的数量不足以组建一个泛在终端网络, 从而阻止了该网络的组建, 有效维 护了泛在终端网络的安全性。  Conversely, if the number of coordinating nodes that recognize the pre-center node is less than the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted to a cooperating node, and the ubiquitous terminal network formation fails. In this way, when the security of a pre-central node is poor, many cooperating nodes may not recognize the pre-central node, and the number of coordinating nodes that authenticate through the pre-central node is insufficient to form a ubiquitous terminal network, thereby preventing The establishment of the network effectively maintains the security of the ubiquitous terminal network.
泛在终端网络组建以后, 网络中的各个节点就可以相互协同工作, 有 效地提高了各节点的工作效率。 该网络建成后是允许进行动态调整的, 各 个节点可以根据需要退出该网络, 也可以有新的协同节点加入进来。  After the ubiquitous terminal network is formed, each node in the network can work together with each other, effectively improving the working efficiency of each node. After the network is built, it is allowed to dynamically adjust. Each node can exit the network as needed, or a new collaborative node can join.
在本发明的一个实施例中, 当有新的协同节点要加入时, 可以执行如 下步骤:  In an embodiment of the present invention, when a new collaborative node is to join, the following steps may be performed:
预中心节点确定是否有新的协同节点申请加入所述泛在终端网络; 如果是, 所述中心节点确定所述新的协同节点是否认可所述中心节点; 可选的, 本步骤中, 中心节点可以直接将自己的安全性指标发送给新 的协同节点供新的协同节点参考, 以使新的协同节点可以根据中心节点的 安全性指标对该中心节点进行认证, 确定是否加入到该泛在终端网络中来。 当然, 新的协同节点也可以釆用其他方法, 如参考网络中的其他协同节点 (即终端节点)对该中心节点的历史认证信息, 对该中心节点进行认证, 本发明的实施例对此不做限制。  Determining, by the pre-center node, whether a new coordinating node applies to join the ubiquitous terminal network; if yes, the central node determines whether the new coordinating node approves the central node; optionally, in this step, the central node The security indicator can be directly sent to the new collaboration node for reference by the new collaboration node, so that the new collaboration node can authenticate the central node according to the security indicator of the central node, and determine whether to join the ubiquitous terminal. Come in the network. Of course, the new cooperative node may also use other methods, such as referencing the historical authentication information of the central node to other coordinated nodes (ie, terminal nodes) in the network, and authenticating the central node, and the embodiment of the present invention does not Make restrictions.
所述中心节点确定所述新的协同节点认可所述中心节点, 所述中心节 点更新所述安全性指标, 将更新后的安全性指标发送给各所述协同节点。 这是因为中心节点的安全性指标与该网络中的所有协同节点对该中心节点 的认证都相关, 当新的协同节点加入泛在终端网络后, 网络中的节点数发 生了变化, 中心节点需要相应地更新其安全性指标。 The central node determines that the new collaborative node approves the central node, and the central node updates the security indicator, and sends the updated security indicator to each of the coordinated nodes. This is because the security index of the central node is related to the authentication of the central node by all the cooperative nodes in the network. When the new cooperative node joins the ubiquitous terminal network, the number of nodes in the network is sent. Changes have occurred and the central node needs to update its security metrics accordingly.
在本发明的另一个实施例中, 泛在终端网络组建成功之后, 本发明实 所述中心节点确定是否有协同节点退出所述泛在终端网络;  In another embodiment of the present invention, after the ubiquitous terminal network is successfully formed, the central node determines whether there is a cooperative node exiting the ubiquitous terminal network;
如果是, 所述中心节点更新所述安全性指标, 将更新后的安全性指标 发送给各所述协同节点, 作为各所述协同节点对所述中心节点的历史认证 信息。 该历史认证信息可以作为其他节点对中心节点进行认证时的参考依 据。  If yes, the central node updates the security indicator, and sends the updated security indicator to each of the coordinated nodes as historical authentication information of each of the coordinated nodes to the central node. The historical authentication information can be used as a reference for other nodes to authenticate the central node.
相应地, 如图 2所示, 本发明的实施例还提供一种用于泛在终端网络的 认证方法, 包括以下步骤:  Correspondingly, as shown in FIG. 2, an embodiment of the present invention further provides an authentication method for a ubiquitous terminal network, including the following steps:
步骤 S21, 各协同节点接收对预中心节点进行认证的请求;  Step S21: Each coordinated node receives a request for performing authentication on the pre-center node;
步骤 S22, 每个所述协同节点对所述预中心节点进行认证;  Step S22: Each of the collaborative nodes performs authentication on the pre-center node.
步骤 S23, 每个所述协同节点将认证得到的认证信息发送给所述预中心 节点。 都能够对即将组建泛在终端网络的预中心节点进行认证并将认证信息发送 给预中心节点, 以供预中心节点确定是否能够安全组网, 从而有效保证了 泛在终端网络的中心节点的安全性。  Step S23: Each of the collaboration nodes sends the authentication information obtained by the authentication to the pre-center node. Both can authenticate the pre-central node that will form the ubiquitous terminal network and send the authentication information to the pre-central node, so that the pre-central node can determine whether it can be securely networked, thereby effectively ensuring the security of the central node of the ubiquitous terminal network. Sex.
具体而言, 当一个预中心节点要组建一个泛在终端网络时, 一般釆用 广播的方式向各个协同节点发送对预中心节点进行认证的请求。 相应地, 在步骤 S21中, 各协同节点也会接收该请求。  Specifically, when a pre-central node is to form a ubiquitous terminal network, a request for authenticating the pre-center node is generally sent to each coordinated node by means of broadcast. Accordingly, in step S21, each of the cooperating nodes also receives the request.
在步骤 S22中, 每个协同节点需要对所述预中心节点进行认证, 具体认 证方法不限。 但为了克服单个节点对中心节点认证的片面性和局限性, 进 一步提高了泛在终端网络的中心节点的安全性, 在本发明的一个实施例中, 在步骤 S21和步骤 S22之间, 所述方法还可包括: 所述各协同节点彼此共享 各自对所述预中心节点的历史认证信息, 即每个协同节点对该预中心节点 曾经的认证信息; 则步骤 S22具体可以为每个所述协同节点根据共享的所述 历史认证信息以及每个所述协同节点自身的安全性设置, 对所述预中心节 点进行认证。 In step S22, each coordinated node needs to authenticate the pre-central node, and the specific authentication method is not limited. However, in order to overcome the one-sidedness and limitation of the single node to the central node authentication, the security of the central node of the ubiquitous terminal network is further improved. In an embodiment of the present invention, between steps S21 and S22, the method The method may further include: the cooperative nodes are shared with each other The historical authentication information of the pre-central node, that is, the authentication information that each of the co-nodes has had for the pre-central node; step S22 may specifically be, for each of the cooperating nodes, according to the shared historical authentication information and each The security setting of the collaboration node itself authenticates the pre-center node.
可选的, 协同节点可以对共享的所述历史认证信息中的历史安全等级 进行加权求和, 从而获得参考安全等级, 再将所述参考安全等级与该协同 节点自身的安全性设置相比较, 如果所述参考安全等级大于或等于所述协 同节点自身的安全性设置, 说明协同节点对网络的安全性要求不算高, 该 预中心节点的安全性可以满足协同节点的安全性要求, 所述协同节点认可 所述预中心节点; 相反, 如果所述参考安全等级小于所述协同节点自身的 安全性设置, 说明协同节点对网络的安全性要求比较高, 该预中心节点的 安全性不能满足协同节点的安全性要求, 所述协同节点不认可所述预中心 节点。 由于该认证基于各个协同节点的历史认证信息共享, 对协同组网过 程中选举产生的中心节点的安全性和可靠性进行了充分的认证, 保证了协 同节点在参与协同任务过程中的安全性。  Optionally, the collaboration node may perform weighted summation on the historical security level in the shared historical authentication information, thereby obtaining a reference security level, and comparing the reference security level with the security setting of the collaborative node itself. If the reference security level is greater than or equal to the security setting of the collaboration node, it indicates that the security requirement of the collaboration node for the network is not high, and the security of the pre-center node can meet the security requirement of the collaboration node, The cooperative node recognizes the pre-center node; on the contrary, if the reference security level is smaller than the security setting of the collaborative node itself, it indicates that the security requirement of the cooperative node is relatively high, and the security of the pre-central node cannot meet the coordination. The security requirement of the node, the coordination node does not approve the pre-center node. Because the authentication is based on the historical authentication information sharing of each coordinated node, the security and reliability of the central node elected in the collaborative networking process are fully authenticated, which ensures the security of the cooperative node in the process of participating in the collaborative task.
需要说明的是, 在泛在终端网络的组网阶段, 单个协同节点对预中心 节点的认可并不能必然保证组网的成功, 因此, 此时不需要将协同节点转 换为终端节点。 只有当协同节点认可预中心节点, 并且接收到泛在终端网 络组建成功的消息后, 所述协同节点才转换为终端节点, 加入该泛在终端 网络。  It should be noted that, in the networking stage of the ubiquitous terminal network, the recognition of the pre-center node by a single cooperative node does not necessarily guarantee the success of the networking. Therefore, it is not necessary to convert the cooperative node into a terminal node at this time. Only when the coordinating node recognizes the pre-central node and receives the message that the ubiquitous terminal network is successfully formed, the cooperating node is converted into the terminal node and joins the ubiquitous terminal network.
举例说明, 在一个由笔记本、 手机和平板电脑组成的泛在终端网络中, 需要进行终端协同以完成数据共享及链路聚合等, 假设之前通过互发现等 机制选出了笔记本作为预中心节点, 为了保证中心节点的安全性, 需要对 其进行认证。 由笔记本向各协同终端发起认证请求, 各协同终端通过历史 认证信息的共享, 结合自身对安全的需求, 比如, 手机对安全性要求特别 高,认证结果可能将笔记本视为不可靠中心节点,将不会加入协同网络(泛 在终端网络)。 当笔记本收集到所有协同节点的认证结果后, 经过计算, 如 果认可笔记本作为中心节点的协同节点数符合数据共享及链路聚合要求的 最少节点数, 那么笔记本就发起角色转换请求, 笔记本成为该协同网络中 心节点, 其它设备成为协同节点。 笔记本向所有协同节点广播自身的安全 性指标, 当有新的手机加入时, 新加入的节点通过获取中心节点的安全性 指标, 对照自身的安全需求确定是否加入协同网络, 实现了对中心节点的 认证。 当有协同节点从网络中退出时, 需要获取笔记本最新的安全性指标 值, 作为再次协同时中心节点认证的依据。 无论是有新节点加入还是节点 退出, 中心节点笔记本都需要更新其安全性指标值。 的认证方法#丈详细的说明。 For example, in a ubiquitous terminal network composed of a notebook, a mobile phone, and a tablet, terminal cooperation is required to complete data sharing and link aggregation, etc., assuming that a notebook is selected as a pre-center node by mutual discovery and the like. In order to ensure the security of the central node, it needs to be authenticated. The authentication request is initiated by the notebook to each collaborative terminal, and each collaborative terminal shares its own security requirements through the sharing of historical authentication information, for example, the mobile phone has special security requirements. High, the authentication result may regard the notebook as an unreliable central node and will not join the collaborative network (ubiquitous terminal network). After the notebook collects the authentication results of all the cooperative nodes, after calculation, if the number of cooperative nodes that recognize the notebook as the central node meets the minimum number of nodes required for data sharing and link aggregation, then the notebook initiates a role conversion request, and the notebook becomes the collaboration. Network center node, other devices become collaborative nodes. The notebook broadcasts its own security indicators to all the cooperative nodes. When a new mobile phone joins, the newly joined node obtains the security index of the central node, determines whether to join the collaborative network according to its own security requirements, and implements the central node. Certification. When a collaborative node exits from the network, it needs to obtain the latest security indicator value of the notebook as the basis for the central node authentication when it is coordinated again. Whether there is a new node join or a node exit, the central node notebook needs to update its security metric value. The certification method #zhang detailed description.
如图 3所示, 本实施例提供的用于泛在终端网络的认证方法, 主要包括 以下步骤:  As shown in FIG. 3, the authentication method for the ubiquitous terminal network provided by this embodiment mainly includes the following steps:
步骤 101、 预中心节点广播发起认证。  Step 101: The pre-center node broadcasts the authentication.
该步骤中, 在对等网场景中, 泛在终端为了更好地进行协同选举产生 了预中心节点, 其它节点作为协同节点, 为了确保安全性, 预中心节点向 所有协同节点广播消息, 发起认证请求。  In this step, in the peer-to-peer scenario, the ubiquitous terminal generates a pre-central node for better collaborative election, and other nodes act as cooperative nodes. To ensure security, the pre-central node broadcasts a message to all the cooperative nodes to initiate authentication. request.
步骤 102、 各协同节点广播和收集历史认证信息。  Step 102: Each coordinated node broadcasts and collects historical authentication information.
该步骤中, 各协同节点在收到预中心节点的认证请求后, 在对等网的 模式下将自身存储的对该预中心节点的历史认证信息共享给其它协同节 点, 并收集来自其它协同节点共享的历史认证信息, 供步骤 103使用。  In this step, after receiving the authentication request of the pre-central node, each coordinated node shares the historical authentication information of the pre-center node stored in the peer-to-peer mode to other coordinated nodes, and collects other cooperative nodes. The shared history authentication information is used by step 103.
步骤 103、 协同节点结合自己的安全性设置给出认证信息。  Step 103: The collaboration node gives the authentication information in combination with its own security settings.
该步骤中, 协同节点利用步骤 102中获得的其它协同节点的对该预中心 节点的历史认证信息作为参考, 结合用户的安全性设置要求, 即给定的安 全阈值, 确定该预认证中心是否符合该协同节点的安全要求。 详细说明请 参考前文。 In this step, the collaborative node uses the historical authentication information of the pre-center node of the other cooperative nodes obtained in step 102 as a reference, and combines the security setting requirements of the user, that is, the given security. The full threshold determines whether the pre-authentication center meets the security requirements of the collaborative node. Please refer to the previous article for details.
步骤 104、 预中心节点收集各协同节点的认证信息。  Step 104: The pre-center node collects the authentication information of each coordinated node.
该步骤中, 各协同终端将步骤 103中给出的认证信息发送至预中心节 点, 认证信息包括认证结果和安全等级。 其中, 认证结果也就是该预中心 节点是否符合协同节点对安全性的要求, 即协同节点是否认可所述预中心 节点; 安全等级即描述协同节点对预中心节点的信任程度的参数。  In this step, each of the cooperative terminals transmits the authentication information given in step 103 to the pre-center node, and the authentication information includes the authentication result and the security level. The authentication result is also whether the pre-center node meets the security requirement of the coordinating node, that is, whether the coordinating node approves the pre-center node; the security level is a parameter describing the degree of trust of the cooperating node to the pre-central node.
步骤 105、 预中心节点计算安全性指标并发起角色转换。  Step 105: The pre-center node calculates a security indicator and initiates a role transition.
该步骤中, 预中心节点利用步骤 104获得的认证信息, 对其进行统计分 析, 包括计算符合多少协同节点的安全性要求, 如果通过的节点数少于协 同网络要求的最低节点数要求, 则发起角色转换, 取消作为中心节点; 如 果通过的节点数符合协同网络要求的最低节点数, 则计算认可所述预中心 节点的协同节点的安全等级平均值作为该预中心节点的安全性指标, 并发 起角色转换, 预中心节点转为协同网络的中心节点, 该协同节点转换为终 端节点加入该协同网络, 其它协同节点由于对安全性要求较高而退出该网 络。  In this step, the pre-central node performs statistical analysis on the authentication information obtained in step 104, including calculating the security requirements of how many coordinated nodes are met, and if the number of nodes passing is less than the minimum number of nodes required by the collaborative network, The role is converted, canceled as the central node; if the number of nodes passing through meets the minimum number of nodes required by the collaborative network, the average value of the security level of the coordinated node that recognizes the pre-central node is calculated as the security indicator of the pre-central node, and is initiated. In the role transition, the pre-center node is converted into the central node of the collaborative network, and the cooperative node is converted into the terminal node to join the collaborative network, and other cooperative nodes exit the network because of high security requirements.
步骤 106、 中心节点广播计算得到的安全性指标。  Step 106: The central node broadcasts the calculated security indicator.
该步骤中, 中心节点需要将步骤 105中的计算的结果, 即安全性指标广 播出去, 供新加入的协同节点参考, 同时也可以在协同节点退出时作为历 史认证信息保存在协同节点中, 供以后再次协同参考。  In this step, the central node needs to broadcast the result of the calculation in step 105, that is, the security indicator, for reference by the newly joined collaborative node, and may also be saved as the historical authentication information in the coordinated node when the coordinated node exits, for Collaborate again in the future.
步骤 107、 有新节点加入, 中心节点获得新加入节点认证信息。  Step 107: A new node joins, and the central node obtains the newly added node authentication information.
在该步骤中, 新加入的协同节点获得中心节点的安全性指标计算结果, 并对照自身安全配置需求确定是否加入该协同网络, 给出对该中心节点的 认证信息。  In this step, the newly added collaborative node obtains the security indicator calculation result of the central node, and determines whether to join the collaborative network according to its own security configuration requirement, and gives the authentication information of the central node.
步骤 108、 中心节点更新安全性指标并广播。 该步骤中, 根据步骤 107中给出的结果, 如果该新协同节点加入了, 结 合新加入协同节点对中心节点认证的认证信息, 中心节点重新计算其安全 性指标, 更新计算结果。 Step 108: The central node updates the security indicator and broadcasts. In this step, according to the result given in step 107, if the new cooperative node joins, combined with the authentication information newly added by the collaborative node to the central node authentication, the central node recalculates its security index and updates the calculation result.
步骤 109、 有节点退出, 退出节点获得最新的安全性指标作为历史认证 信息。  Step 109: A node exits, and the exit node obtains the latest security indicator as historical authentication information.
该步骤中, 退出的协同节点将获得的中心节点的最新安全性指标存储 在本地, 作为下次认证的依据, 作为再次组建协同网络的历史认证信息。  In this step, the exiting collaborative node stores the latest security indicator of the obtained central node locally, as the basis for the next authentication, as the historical authentication information for re-establishing the collaborative network.
步骤 110、 中心节点更新安全性指标并广播。  Step 110: The central node updates the security indicator and broadcasts.
该步骤中, 将退出的协同节点对中心节点的认证和评价信息删除后, 中心节点重新计算其安全性指标, 更新计算结果并广播。  In this step, after the exiting collaborative node deletes the authentication and evaluation information of the central node, the central node recalculates its security index, updates the calculation result, and broadcasts.
通过上述方法, 可以对实现终端加入协同网络过程中的中心节点的高 效认证, 既实现了对各协同终端历史认证信息共享, 同时又结合了用户对 安全性的需求, 保证了中心节点的可靠性。  Through the above method, the high-efficiency authentication of the central node in the process of joining the collaborative network can be realized, which not only realizes the sharing of historical authentication information of each coordinated terminal, but also combines the security requirements of the user, and ensures the reliability of the central node. .
如图 4所示, 与前述的用于泛在终端网络的认证方法相对应, 本发明的 实施例还提供一种用于泛在终端网络的认证装置, 包括:  As shown in FIG. 4, in accordance with the foregoing authentication method for a ubiquitous terminal network, an embodiment of the present invention further provides an authentication apparatus for a ubiquitous terminal network, including:
收发单元 11, 配置为向各协同节点发送对预中心节点进行认证的请求 和接收所述各协同节点对所述预中心节点的认证信息;  The transceiver unit 11 is configured to send a request for authenticating the pre-center node to each coordinated node, and receive authentication information of the pre-center node by each coordinated node;
确定单元 12, 配置为根据收发单元 11接收的所述认证信息确定认可所 述预中心节点的协同节点的数量;  The determining unit 12 is configured to determine, according to the authentication information received by the transceiver unit 11, the number of the cooperative nodes that approve the pre-center node;
第一转换单元 13, 配置为如果所述认可所述预中心节点的协同节点的 数量大于或等于形成所述泛在终端网络所需的最少节点数, 将所述预中心 节点转换为中心节点。 通过收发单元 11向其他协同节点发送对所述预中心节点进行认证的请求, 并接收各协同节点对所述预中心节点的认证信息, 当确定单元 12确定所述 认可所述预中心节点的协同节点的数量大于或等于形成所述泛在终端网络 所需的最少节点数时, 能通过第一转换单元 13将所述预中心节点转换为中 心节点, 从而使所述泛在终端网络组建成功。 这样, 当一个预中心节点将 要以自己为中心节点组建一个泛在终端网络时, 还需要各个协同节点对该 预中心节点进行认证, 只有一定数量的协同节点都认证通过该预中心节点 时, 才能组网成功, 从而有效保证了泛在终端网络的中心节点的安全性。 The first converting unit 13 is configured to convert the pre-center node into a central node if the number of the cooperative nodes that approve the pre-central node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network. Sending, by the transceiver unit 11, a request for authenticating the pre-center node to other coordinating nodes, and receiving authentication information of each pre-center node by each cooperating node, when determining unit 12 determines the When the number of the cooperative nodes of the pre-center node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-center node can be converted into a central node by the first converting unit 13, thereby The ubiquitous terminal network was successfully formed. In this way, when a pre-central node is to establish a ubiquitous terminal network with itself as the center node, each co-node needs to authenticate the pre-center node, and only a certain number of cooperating nodes can authenticate through the pre-center node. The networking is successful, which effectively ensures the security of the central node of the ubiquitous terminal network.
此外, 第一转换单元 13还配置为如果确定单元 12确定的认可所述预中 心节点的协同节点的数量小于形成所述泛在终端网络所需的最少节点数, 将所述预中心节点转换为协同节点。  Furthermore, the first conversion unit 13 is further configured to convert the pre-center node to the minimum number of nodes required to form the ubiquitous terminal network if the number determined by the determining unit 12 to approve the pre-center node is Collaborative node.
具体的, 如图 5所示, 确定单元 12可以包括:  Specifically, as shown in FIG. 5, the determining unit 12 may include:
确定模块 121, 配置为根据所述认证信息确定每个所述协同节点是否认 可所述预中心节点;  The determining module 121 is configured to determine, according to the authentication information, that each of the collaborative nodes is a denial of the pre-center node;
计算模块 122, 配置为计算认可所述预中心节点的协同节点的数量。 可选的, 计算模块 122还配置为根据各个认可所述预中心节点的协同节 点对所述预中心节点认证的安全等级计算所述预中心节点的安全性指标。  The calculating module 122 is configured to calculate the number of the cooperative nodes that approve the pre-central node. Optionally, the calculating module 122 is further configured to calculate a security indicator of the pre-central node according to a security level that is recognized by the coordinating node of the pre-central node.
其中, 所述预中心节点的安全性指标可以等于各个认可所述预中心节 点的协同节点对所述预中心节点认证的安全等级的加权和。  The security indicator of the pre-center node may be equal to a weighted sum of the security levels of the pre-central node authentication by the coordinating node that recognizes the pre-center node.
在本发明的一个实施例中, 可选的, 确定模块 121, 还配置为确定是否 有新的协同节点申请加入所述泛在终端网络; 如果是, 确定模块 121进一步 配置为确定所述新的协同节点是否认可所述中心节点;  In an embodiment of the present invention, the determining module 121 is further configured to determine whether a new cooperative node applies to join the ubiquitous terminal network; if yes, the determining module 121 is further configured to determine the new Whether the collaborative node approves the central node;
则计算模块 122, 还配置为如果确定模块 121确定所述新的协同节点认 可所述中心节点, 更新所述安全性指标;  Then, the calculating module 122 is further configured to: if the determining module 121 determines that the new collaborative node recognizes the central node, updating the security indicator;
收发单元 11, 还配置为将更新后的安全性指标发送给各所述协同节点。 在本发明的另一个实施例中, 可选的, 确定模块 121, 还配置为确定是 否有协同节点退出所述泛在终端网络; 计算模块 122, 还配置为确定有协同 节点退出所述泛在终端网络, 更新所述安全性指标; 收发单元 11, 还配置 为将更新后的安全性指标发送给各所述协同节点, 作为各所述协同节点对 所述预中心节点的历史认证信息。 The transceiver unit 11 is further configured to send the updated security indicator to each of the coordinated nodes. In another embodiment of the present invention, the determining module 121 is further configured to determine whether a cooperating node exits the ubiquitous terminal network; and the calculating module 122 is further configured to determine that there is a collaboration. The node exits the ubiquitous terminal network, and updates the security indicator. The transceiver unit 11 is further configured to send the updated security indicator to each of the coordinated nodes, as each of the coordinated nodes and the pre-central node. Historical certification information.
优选地, 收发单元 11, 还配置为将所述泛在终端网络组建成功的消息 发送给各所述协同节点。  Preferably, the transceiver unit 11 is further configured to send a message that the ubiquitous terminal network is successfully formed to each of the coordinated nodes.
相应地, 如图 6所示, 本发明的实施例还一种配置为泛在终端网络的认 证装置, 包括:  Correspondingly, as shown in FIG. 6, an embodiment of the present invention further includes an authentication device configured to be a ubiquitous terminal network, including:
接收单元 21, 配置为接收对预中心节点进行认证的请求;  The receiving unit 21 is configured to receive a request for authenticating the pre-center node;
认证单元 22, 配置为对所述预中心节点进行认证;  The authentication unit 22 is configured to authenticate the pre-center node;
发送单元 23, 配置为将所述认证单元认证得到的认证信息发送给所述 预中心节点。  The sending unit 23 is configured to send the authentication information obtained by the authentication unit to the pre-center node.
21、 认证单元 22、 发送单元 23, 每个协同节点都能够对即将组建泛在终端 网络的预中心节点进行认证并将认证信息发送给预中心节点, 以供预中心 节点确定是否能够安全组网, 从而有效保证了泛在终端网络的中心节点的 安全性。 21. The authentication unit 22 and the sending unit 23, each of the cooperative nodes can authenticate the pre-central node that will form the ubiquitous terminal network and send the authentication information to the pre-central node, so that the pre-center node can determine whether the network can be securely networked. Therefore, the security of the central node of the ubiquitous terminal network is effectively guaranteed.
可选的, 如图 7所示, 所述装置还可包括: 共享单元 24, 配置为彼此共 享各协同节点对所述预中心节点的历史认证信息; 认证单元 22, 具体配置 为根据所述共享单元共享的所述历史认证信息以及每个所述协同节点自身 的安全性设置, 对所述预中心节点进行认证。  Optionally, as shown in FIG. 7, the apparatus may further include: a sharing unit 24 configured to share historical authentication information of each of the coordinated nodes with the pre-center node; the authentication unit 22 is specifically configured to be according to the sharing The historical authentication information shared by the unit and the security settings of each of the collaborative nodes themselves authenticate the pre-center node.
具体的, 如图 8所示, 认证单元 22可包括:  Specifically, as shown in FIG. 8, the authentication unit 22 may include:
加权模块 221, 配置为对所述共享单元共享的所述历史认证信息中的历 史安全等级进行加权求和获得参考安全等级;  The weighting module 221 is configured to perform weighted summation of the historical security level in the historical authentication information shared by the sharing unit to obtain a reference security level;
认证模块 222, 配置为如果所述参考安全等级大于或等于所述协同节点 自身的安全性设置, 所述协同节点认可所述预中心节点; 如果所述参考安 全等级小于所述协同节点自身的安全性设置, 所述协同节点不认可所述预 中心节点。 The authentication module 222 is configured to: if the reference security level is greater than or equal to the security setting of the collaboration node itself, the collaboration node approves the pre-center node; The full level is smaller than the security setting of the collaborative node itself, and the collaborative node does not approve the pre-central node.
优选地, 接收单元 21, 还配置为接收所述泛在终端网络组建成功的消 息; 如图 9所示, 所述装置还包括第二转换单元 25, 配置为在认证单元 22认 可所述预中心节点, 且接收单元 21接收所述泛在终端网络组建成功的消息 后, 将所述协同节点转换为终端节点。  Preferably, the receiving unit 21 is further configured to receive the message that the ubiquitous terminal network is successfully formed. As shown in FIG. 9, the apparatus further includes a second converting unit 25 configured to approve the pre-center at the authenticating unit 22. After receiving the message that the ubiquitous terminal network is successfully formed, the receiving unit 21 converts the coordinated node into a terminal node.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。 工业实用性 程中, 预中心节点会向其他协同节点发送对所述预中心节点进行认证的请 求, 并接收各协同节点对所述预中心节点的认证信息, 当认可所述预中心 节点的协同节点的数量大于或等于形成所述泛在终端网络所需的最少节点 数时, 所述预中心节点转换为中心节点, 所述泛在终端网络组建成功。 这 样, 当一个预中心节点将要以自己为中心节点组建一个泛在终端网络时, 还需要各个协同节点对该预中心节点进行认证, 只有一定数量的协同节点 都认证通过该预中心节点时, 才能组网成功, 从而有效保证了泛在终端网 络的中心节点的安全性。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention. In the industrial utility process, the pre-central node sends a request for authenticating the pre-center node to other coordinating nodes, and receives authentication information of each pre-center node by each cooperating node, when the cooperation of the pre-central node is recognized When the number of nodes is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, and the ubiquitous terminal network is successfully established. In this way, when a pre-central node is to establish a ubiquitous terminal network with itself as the center node, each co-node needs to authenticate the pre-center node, and only a certain number of cooperating nodes can authenticate through the pre-center node. The networking is successful, which effectively ensures the security of the central node of the ubiquitous terminal network.

Claims

权利要求书 claims
1、 一种用于泛在终端网络的认证方法, 包括: 1. An authentication method for ubiquitous terminal networks, including:
预中心节点向各协同节点发送对所述预中心节点进行认证的请求; 预中心节点接收所述各协同节点对所述预中心节点的认证信息; 预中心节点根据接收的所述认证信息, 确定认可所述预中心节点的协 同节点的数量; The pre-central node sends a request for authentication of the pre-central node to each collaborative node; the pre-central node receives the authentication information of the pre-central node from each collaborative node; the pre-central node determines based on the received authentication information The number of collaborative nodes that recognize the pre-central node;
所述认可所述预中心节点的协同节点的数量大于或等于形成所述泛在 终端网络所需的最少节点数时, 所述预中心节点转换为中心节点, 所述泛 在终端网络组建成功。 When the number of collaborative nodes that approve the pre-central node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a central node, and the ubiquitous terminal network is successfully established.
2、 如权利要求 1所述的方法, 其中, 在所述确定认可所述预中心节点 的协同节点的数量之后, 所述方法还包括: 2. The method of claim 1, wherein, after determining the number of collaborative nodes that approve the pre-central node, the method further includes:
认可所述预中心节点的协同节点的数量小于形成所述泛在终端网络所 需的最少节点数时, 所述预中心节点转换为协同节点, 所述泛在终端网络 组建失败。 When the number of collaborative nodes recognized by the pre-central node is less than the minimum number of nodes required to form the ubiquitous terminal network, the pre-central node is converted into a collaborative node, and the establishment of the ubiquitous terminal network fails.
3、 如权利要求 1所述的方法, 其中, 所述确定认可所述预中心节点的 协同节点的数量包括: 3. The method of claim 1, wherein the determining the number of collaborative nodes that approve the pre-central node includes:
所述预中心节点根据所述认证信息确定每个所述协同节点是否认可所 述预中心节点; The pre-central node determines whether each of the collaborative nodes recognizes the pre-central node based on the authentication information;
所述预中心节点计算认可所述预中心节点的协同节点的数量。 The pre-central node calculates the number of cooperating nodes that approve the pre-central node.
4、 如权利要求 3所述的方法, 其中, 在所述预中心节点根据所述认证 信息确定每个所述协同节点是否认可所述预中心节点之后, 所述方法还包 括: 4. The method of claim 3, wherein, after the pre-central node determines whether each of the collaborative nodes recognizes the pre-central node based on the authentication information, the method further includes:
所述预中心节点根据各个认可所述预中心节点的协同节点对所述预中 心节点认证的安全等级计算所述预中心节点的安全性指标, 其中, 所述安 全等级携带在所述认证信息中发送至所述预中心节点。 The pre-central node calculates the security index of the pre-central node based on the security level authenticated by each collaborative node that recognizes the pre-central node, wherein the security level is carried in the authentication information. Sent to the pre-central node.
5、 如权利要求 4所述的方法, 其中, 所述预中心节点的安全性指标等 于各个认可所述预中心节点的协同节点对所述预中心节点认证的安全等级 的力口权之和。 5. The method according to claim 4, wherein the security index of the pre-central node is equal to the sum of the power of the security level certified by the pre-central node by each collaborative node that recognizes the pre-central node.
6、 如权利要求 5所述的方法, 其中, 在所述泛在终端网络组建成功之 后, 所述方法还包括: 6. The method of claim 5, wherein after the ubiquitous terminal network is successfully established, the method further includes:
所述中心节点确定有新的协同节点申请加入所述泛在终端网络时, 所 述中心节点确定所述新的协同节点认可所述中心节点, 所述中心节点更新 所述安全性指标, 将更新后的安全性指标发送给各所述协同节点。 When the central node determines that a new collaborative node applies to join the ubiquitous terminal network, the central node determines that the new collaborative node recognizes the central node, and the central node updates the security indicator and updates The final security indicators are sent to each of the collaborative nodes.
7、 如权利要求 5所述的方法, 其中, 在所述泛在终端网络组建成功之 后, 所述方法还包括: 7. The method of claim 5, wherein after the ubiquitous terminal network is successfully established, the method further includes:
所述中心节点确定有协同节点退出所述泛在终端网络时, 所述中心节 点更新所述安全性指标, 将更新后的安全性指标发送给各所述协同节点, 作为各所述协同节点对所述中心节点的历史认证信息。 When the central node determines that a collaborative node exits the ubiquitous terminal network, the central node updates the security indicator and sends the updated security indicator to each collaborative node as a pair of each collaborative node. Historical authentication information of the central node.
8、 如权利要求 1-7中任一项所述的方法, 其中, 在所述预中心节点转换 为中心节点, 所述泛在终端网络组建成功之后, 所述方法还包括: 8. The method according to any one of claims 1 to 7, wherein, after the pre-central node is converted into a central node and the ubiquitous terminal network is successfully established, the method further includes:
将所述泛在终端网络组建成功的消息发送给所述各协同节点。 A message indicating that the ubiquitous terminal network is successfully established is sent to each collaborative node.
9、 一种用于泛在终端网络的认证方法, 包括: 9. An authentication method for ubiquitous terminal networks, including:
各协同节点接收对预中心节点进行认证的请求; Each collaborative node receives a request for authentication of the pre-central node;
每个所述协同节点对所述预中心节点进行认证; Each of the collaborative nodes authenticates the pre-central node;
每个所述协同节点将认证得到的认证信息发送给所述预中心节点。 Each cooperative node sends the authentication information obtained through authentication to the pre-central node.
10、 如权利要求 9所述的方法, 其中, 在所述各协同节点接收对预中心 节点进行认证的请求之后, 在所述每个所述协同节点对所述预中心节点进 行认证之前, 所述方法还包括: 10. The method of claim 9, wherein, after each coordinated node receives a request to authenticate a pre-central node, and before each coordinated node authenticates the pre-central node, The above methods also include:
所述各协同节点彼此共享各自对所述预中心节点的历史认证信息; 所述每个所述协同节点对所述预中心节点进行认证包括: 每个所述协同节点根据共享的所述历史认证信息以及每个所述协同节 点自身的安全性设置, 对所述预中心节点进行认证。 The collaborative nodes share their historical authentication information for the pre-central node with each other; the authentication of the pre-central node by each of the collaborative nodes includes: Each collaborative node authenticates the pre-central node based on the shared historical authentication information and each collaborative node's own security settings.
11、 如权利要求 10所述的方法, 其中, 所述每个所述协同节点根据共 享的所述历史认证信息以及每个所述协同节点自身的安全性设置, 对所述 预中心节点进行认证包括: 11. The method of claim 10, wherein each of the collaborative nodes authenticates the pre-central node based on the shared historical authentication information and each collaborative node's own security settings. include:
协同节点对共享的所述历史认证信息中的历史安全等级进行加权求和 获得参考安全等级; The collaborative node performs a weighted sum of the historical security levels in the shared historical authentication information to obtain a reference security level;
所述参考安全等级大于或等于所述协同节点自身的安全性设置时, 所 述协同节点认可所述预中心节点; When the reference security level is greater than or equal to the security setting of the collaborative node itself, the collaborative node recognizes the pre-central node;
所述参考安全等级小于所述协同节点自身的安全性设置时, 所述协同 节点不认可所述预中心节点。 When the reference security level is smaller than the security setting of the collaborative node itself, the collaborative node does not recognize the pre-central node.
12、 如权利要求 9-11任一项所述的方法, 其中, 在所述每个所述协同节 点将认证得到的认证信息发送给所述预中心节点之后, 所述方法还包括: 接收所述泛在终端网络组建成功的消息; 12. The method according to any one of claims 9-11, wherein, after each of the collaborative nodes sends the authenticated authentication information to the pre-center node, the method further includes: receiving all Describes the news that the ubiquitous terminal network has been successfully established;
将所述协同节点转换为终端节点。 Convert the collaborative node into a terminal node.
13、 一种用于泛在终端网络的认证装置, 包括: 13. An authentication device for ubiquitous terminal networks, including:
收发单元, 配置为向各协同节点发送对预中心节点进行认证的请求和 接收所述各协同节点对所述预中心节点的认证信息; A transceiver unit configured to send a request for authentication of the pre-central node to each collaborative node and receive authentication information of the pre-central node from each collaborative node;
确定单元, 配置为根据所述收发单元接收的所述认证信息, 确定认可 所述预中心节点的协同节点的数量; A determining unit configured to determine the number of collaborative nodes that approve the pre-central node based on the authentication information received by the transceiver unit;
第一转换单元, 配置为所述认可所述预中心节点的协同节点的数量大 于或等于形成所述泛在终端网络所需的最少节点数时, 将所述预中心节点 转换为中心节点, 所述泛在终端网络组建成功。 The first conversion unit is configured to convert the pre-central node into a central node when the number of collaborative nodes that approve the pre-central node is greater than or equal to the minimum number of nodes required to form the ubiquitous terminal network, so The ubiquitous terminal network is successfully established.
14、 如权利要求 13所述的装置, 其中, 所述第一转换单元还配置为所 述确定单元确定的认可所述预中心节点的协同节点的数量小于形成所述泛 在终端网络所需的最少节点数时, 将所述预中心节点转换为协同节点, 所 述泛在终端网络组建失败。 14. The apparatus according to claim 13, wherein the first conversion unit is further configured to determine that the number of collaborative nodes that approve the pre-central node determined by the determining unit is less than the number of collaborative nodes that form the ubiquitous node. When the minimum number of nodes required by the terminal network is reached, the pre-central node is converted into a collaborative node, and the establishment of the ubiquitous terminal network fails.
15、 如权利要求 13所述的装置, 其中, 所述确定单元包括: 15. The device according to claim 13, wherein the determining unit includes:
确定模块, 配置为根据所述认证信息确定每个所述协同节点是否认可 所述预中心节点; Determining module, configured to determine whether each of the collaborative nodes recognizes the pre-center node according to the authentication information;
计算模块, 配置为根据所述认证信息确定每个所述协同节点认可所述 预中心节点时, 计算认可所述预中心节点的协同节点的数量。 The calculation module is configured to calculate the number of collaborative nodes that recognize the pre-central node when determining that each of the collaborative nodes recognizes the pre-central node according to the authentication information.
16、 如权利要求 15所述的装置, 其中, 所述计算模块还配置为根据各 个认可所述预中心节点的协同节点对所述预中心节点认证的安全等级计算 所述预中心节点的安全性指标, 其中, 所述安全等级携带在所述认证信息 中发送至所述预中心节点。 16. The apparatus according to claim 15, wherein the calculation module is further configured to calculate the security of the pre-central node according to the security level of the pre-central node authentication by each collaborative node that approves the pre-central node. Indicator, wherein the security level is carried in the authentication information and sent to the pre-center node.
17、 如权利要求 16所述的装置, 其中, 所述预中心节点的安全性指标 等于各个认可所述预中心节点的协同节点对所述预中心节点认证的安全等 级的加权之和。 17. The apparatus according to claim 16, wherein the security index of the pre-central node is equal to the weighted sum of the security levels of the pre-central node authentication by each collaborative node that recognizes the pre-central node.
18、 如权利要求 17所述的装置, 其中, 18. The device of claim 17, wherein,
所述确定模块, 还配置为确定有新的协同节点申请加入所述泛在终端 网络时, 确定所述新的协同节点是否认可所述中心节点; The determination module is also configured to determine whether a new collaborative node applies to join the ubiquitous terminal network, and determines whether the new collaborative node recognizes the central node;
所述计算模块, 还配置为所述确定模块确定所述新的协同节点认可所 述中心节点时, 更新所述安全性指标; The computing module is further configured to update the security index when the determining module determines that the new collaborative node recognizes the central node;
所述收发单元, 还配置为将更新后的安全性指标发送给各所述协同节 点。 The transceiver unit is also configured to send the updated security index to each of the collaborative nodes.
19、 如权利要求 17所述的装置, 其中, 19. The device of claim 17, wherein,
所述确定模块, 还配置为确定有协同节点退出所述泛在终端网络; 所述计算模块, 还配置为确定有协同节点退出所述泛在终端网络时, 更新所述安全性指标; 所述收发单元, 还配置为将更新后的安全性指标发送给各所述协同节 点, 作为各所述协同节点对所述预中心节点的历史认证信息。 The determination module is further configured to determine that a collaborative node exits the ubiquitous terminal network; the calculation module is further configured to update the security index when it is determined that a collaborative node exits the ubiquitous terminal network; The transceiver unit is also configured to send the updated security index to each of the collaborative nodes as historical authentication information of each of the collaborative nodes to the pre-central node.
20、 如权利要求 13-19中任一项所述的装置, 其中, 所述收发单元, 还 配置为将所述泛在终端网络组建成功的消息发送给所述各协同节点。 20. The device according to any one of claims 13 to 19, wherein the transceiver unit is further configured to send a message indicating that the ubiquitous terminal network is successfully established to each collaborative node.
21、 一种用于泛在终端网络的认证装置, 包括: 21. An authentication device for ubiquitous terminal networks, including:
接收单元, 配置为接收对预中心节点进行认证的请求; a receiving unit configured to receive a request for authentication of the pre-central node;
认证单元, 配置为对所述预中心节点进行认证; An authentication unit, configured to authenticate the pre-center node;
发送单元, 配置为将所述认证单元认证得到的认证信息发送给所述预 中心节点。 The sending unit is configured to send the authentication information obtained by the authentication unit to the pre-center node.
22、 如权利要求 21所述的装置, 其中, 还包括: 22. The device of claim 21, further comprising:
共享单元, 配置为彼此共享各协同节点对所述预中心节点的历史认证 信息; A sharing unit configured to share historical authentication information of each collaborative node for the pre-central node with each other;
所述认证单元, 配置为根据所述共享单元共享的所述历史认证信息以 及每个所述协同节点自身的安全性设置, 对所述预中心节点进行认证。 The authentication unit is configured to authenticate the pre-center node according to the historical authentication information shared by the sharing unit and the security settings of each collaborative node itself.
23、 如权利要求 22所述的装置, 其中, 所述认证单元包括: 23. The device of claim 22, wherein the authentication unit includes:
加权模块, 配置为对所述共享单元共享的所述历史认证信息中的历史 安全等级进行加权求和获得参考安全等级; A weighting module configured to perform a weighted summation of historical security levels in the historical authentication information shared by the sharing unit to obtain a reference security level;
认证模块, 配置为所述参考安全等级大于或等于所述协同节点自身的 安全性设置时, 所述协同节点认可所述预中心节点; 所述参考安全等级小 于所述协同节点自身的安全性设置时, 所述协同节点不认可所述预中心节 点。 Authentication module, configured such that when the reference security level is greater than or equal to the security setting of the collaborative node itself, the collaborative node recognizes the pre-center node; the reference security level is less than the security setting of the collaborative node itself , the cooperative node does not recognize the pre-central node.
24、 如权利要求 21-23中任一项所述的装置, 其中, 24. The device according to any one of claims 21-23, wherein,
所述接收单元, 还配置为接收所述泛在终端网络组建成功的消息; 所述装置还包括第二转换单元, 配置为将所述协同节点转换为终端节 The receiving unit is also configured to receive a message that the ubiquitous terminal network is successfully established; the device further includes a second conversion unit configured to convert the collaborative node into a terminal node.
PCT/CN2014/078755 2013-08-30 2014-05-29 Authentication method and device for use in ubiquitous terminal networks WO2014173357A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310390398.XA CN104426874B (en) 2013-08-30 2013-08-30 A kind of authentication method and device for ubiquitous terminal network
CN201310390398.X 2013-08-30

Publications (1)

Publication Number Publication Date
WO2014173357A1 true WO2014173357A1 (en) 2014-10-30

Family

ID=51791087

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/078755 WO2014173357A1 (en) 2013-08-30 2014-05-29 Authentication method and device for use in ubiquitous terminal networks

Country Status (2)

Country Link
CN (1) CN104426874B (en)
WO (1) WO2014173357A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104780535A (en) * 2014-01-14 2015-07-15 中兴通讯股份有限公司 Method and device for authenticating safe center node in multi-terminal cooperative process
CN108243477B (en) * 2016-12-27 2020-09-25 辰芯科技有限公司 Central node dynamic selection method, node and wireless self-organizing network
CN113065152A (en) * 2020-09-07 2021-07-02 沈建锋 Cloud service interaction method and system based on cloud computing and information digitization

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100281521A1 (en) * 2008-01-18 2010-11-04 Fujitsu Limited Authentication system, authentication device and recording medium
CN102023999A (en) * 2009-09-10 2011-04-20 华东师范大学 P2P file sharing system with high defense
CN102916928A (en) * 2011-08-01 2013-02-06 航天信息股份有限公司 Method for protecting safety of nodes in P2P (peer-to-peer) system
CN103152434A (en) * 2013-03-27 2013-06-12 江苏辰云信息科技有限公司 Leader node replacing method of distributed cloud system
WO2013104147A1 (en) * 2012-01-13 2013-07-18 中兴通讯股份有限公司 Mobility management method, system and equipment for group terminals

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222331B (en) * 2007-01-09 2013-04-24 华为技术有限公司 Authentication server, method and system for bidirectional authentication in mesh network
CN102487397B (en) * 2010-12-02 2016-08-10 山东智慧生活数据系统有限公司 Data based on node underlying security grade storage and method for routing and node
US8769697B2 (en) * 2011-10-05 2014-07-01 Zynga Inc. Methods and systems for automated network scanning in dynamic virtualized environments

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100281521A1 (en) * 2008-01-18 2010-11-04 Fujitsu Limited Authentication system, authentication device and recording medium
CN102023999A (en) * 2009-09-10 2011-04-20 华东师范大学 P2P file sharing system with high defense
CN102916928A (en) * 2011-08-01 2013-02-06 航天信息股份有限公司 Method for protecting safety of nodes in P2P (peer-to-peer) system
WO2013104147A1 (en) * 2012-01-13 2013-07-18 中兴通讯股份有限公司 Mobility management method, system and equipment for group terminals
CN103152434A (en) * 2013-03-27 2013-06-12 江苏辰云信息科技有限公司 Leader node replacing method of distributed cloud system

Also Published As

Publication number Publication date
CN104426874A (en) 2015-03-18
CN104426874B (en) 2019-01-29

Similar Documents

Publication Publication Date Title
US10051469B2 (en) Schedule selection and connection setup between devices participating in a NAN data link
US7970933B2 (en) Ad hoc network, node, routing control method and routing control program
EP3017562B1 (en) A method and apparatus for anonymous authentication on trust in social networking
US9756036B2 (en) Mechanisms for certificate revocation status verification on constrained devices
US20110225305A1 (en) System and method for determining group owner intent
WO2009094941A1 (en) A method, device and system of id based wireless multi-hop network autentication access
JP2007535257A (en) Method and system for providing security in proximity and ad hoc networks
US8661510B2 (en) Topology based fast secured access
WO2012000271A1 (en) Method for terminal access and wireless communication network
WO2015106509A1 (en) Method and device for authenticating security central node in multi-terminal cooperation
CN105451368B (en) Communication method and device
CN102420642B (en) Bluetooth device and communication method thereof
WO2014173357A1 (en) Authentication method and device for use in ubiquitous terminal networks
CN114208108A (en) Secure path discovery in mesh networks
EP1894379B1 (en) Method and system for managing authentication of a mobile terminal in a communications network, corresponding network and computer-program product
JP2005182145A (en) Method for authenticating communication terminal device and communication terminal device
CN101820626A (en) Wireless MESH network ID based partially blind signature method without credible PKG (Private Key Generator)
CN106912049B (en) Method for improving user authentication experience
Shukla et al. Double layer cryptographic protocol for mobile ad-hoc networks (MANETs) by commitment scheme
Teranishi et al. MONAC: SNS message dissemination over smartphone-based DTN and cloud
WO2014124561A1 (en) Method and method for realizing communication in wlan
JP4757591B2 (en) Password authentication key exchange apparatus, system, method, and computer program
Fayad et al. A blockchain-based lightweight authentication solution for IoT
Urama et al. Dynamic social trust associations over D2D communications: An implementation perspective
KR102598119B1 (en) Apparatus and method for authenticating in communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14788717

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14788717

Country of ref document: EP

Kind code of ref document: A1