CN102833260A - Password authentication method for internet of things by adopting security one-key management technology - Google Patents
Password authentication method for internet of things by adopting security one-key management technology Download PDFInfo
- Publication number
- CN102833260A CN102833260A CN2012103234064A CN201210323406A CN102833260A CN 102833260 A CN102833260 A CN 102833260A CN 2012103234064 A CN2012103234064 A CN 2012103234064A CN 201210323406 A CN201210323406 A CN 201210323406A CN 102833260 A CN102833260 A CN 102833260A
- Authority
- CN
- China
- Prior art keywords
- key
- sensing node
- authentication
- sensing
- node end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a password authentication method for an internet of things by adopting a security one-key management technology. According to the method, an internet of things security protocol is established by an authentication or a signature key, and the authentication or signature key is encrypted by transmission keys to ensure the security of the process of exchanging and transmitting the authentication or signature key; all transmission keys corresponding to a sensing node end are respectively encrypted by a storage key, to ensure the storage security of the transmission keys on the authentication center end; more encrypting cards are not required to be purchased to store a great amount of transmission keys when the quantity of the sensing node equipment is comparatively great, thereby greatly saving the cost of constructing the authentication center; a security one-key management method is adopted to solve a difficulty on the key updating and management of the one-key password algorithm in the internet of things security protocol, to reduce the cost of one-key updating and maintenance; meanwhile, the advantages of rapid encrypting and decrypting speeds of the one-key password algorithm are developed to effectively improve the operating speed of the internet of things security protocol, thereby establishing an internet of things password authentication system by adopting the security one-key management technology.
Description
Technical field:
The present invention relates to information security field; Be to utilize cryptographic technique to carry out the authentication of Internet of Things sensing node equipment and sensing data is encrypted and digital signature; Guarantee that sensing node equipment is true, credible, the TRANSEC transmission security of assurance sensing layer sensing data, secret and complete.
Background technology:
At present; The product of the Internet of Things sensing node equipment authentication based on cryptographic algorithm of some manufacturers produce both at home and abroad, the secret transmission of sensing layer sensing data and integrity verification; All be to adopt public-key technology like PKI, still, Internet of Things sensing node equipment quantity is 32 times that the Internet user measures; It is higher to adopt the PKI technology to set up the cost at CA digital authenticating center; And the sensing node equipment authentication is carried out at the ca authentication center, sensing data is encrypted and digital signature, and the speed of sensing data deciphering and signature verification is all slower, can not satisfy the market demand of concurrent authentication, sensing data deciphering and the signature verification of ultra-large (magnanimity) sensing node equipment; Thereby, influenced of the application of PKI technology in Internet of Things cipher authentication field.
Summary of the invention:
Adopting the Internet of Things cipher authentication method of the single key administrative skill of a kind of safety, is to adopt single key cryptographic algorithm, the single key administrative skill of safety and chip hardware technology, sets up the Internet of Things cipher authentication system; If adopting under single key administrative situation commonly used; In sensing node end intelligent card chip, write: the encryption and the digital signature protocol of the sign of single key cryptographic algorithm, digest algorithm, one group of transmission security key, sensing node end intelligent card chip, sensing node equipment authentication protocol, sensing data; In the certificate server encrypted card chip of authentication center's end; Write the sign and the corresponding transmission security key of the sensing node end intelligent card chip of single key cryptographic algorithm, digest algorithm, all corresponding authentication centers end, and the device authentication agreement of authentication center's end, sensing data deciphering and signature verification agreement; When the equipment amount of sensing node end was big, authentication center need dispose more encrypted card equipment, stores the transmission security key of a large amount of corresponding sensing node ends; In sensing node end intelligent card chip, encrypt another group random number S with one group of random number as authenticate key, generate the authenticate password of sensing node end; And after with transmission security key authenticate key being encrypted to ciphertext, send to authentication center's end with authenticate password and random number S, in authentication center's end encrypted card chip; Use the transmission security key of corresponding sensing node end; With the decrypt ciphertext of the authenticate key that receives,, generate the authenticate password of authentication center's end again with the authenticate key encrypted random number S after the deciphering; Through the authenticate password at contrast sensing node end and authentication center two ends, confirm whether the equipment of sensing node end is true, credible; In sensing node end intelligent card chip; Sensing data is encrypted and digital signature as signature key with one group of random number, and after with transmission security key signature key being encrypted to ciphertext, sent to authentication center's end with the ciphertext of sensing data and the digital signature of sensing data; In authentication center's end encrypted card chip; Use the transmission security key of corresponding sensing node end, with the decrypt ciphertext of the signature key that receives, again with the signature key after the deciphering; Decipher the ciphertext of sensing data; And the digital signature of sensing data carried out signature verification, the transmission of maintaining secrecy of the sensing data of realizing sensing layer is confirmed whether the sensing node end is complete to the signature of sensing data, is not distorted;
The present invention adopts single key cryptographic algorithm and the single key key management technology of a kind of safety; In the chip hardware of sensing node end and authentication center's end; Set up that sensing node equipment authentication, sensing data add, deciphering and digital signature system, the technical characterictic of its method is:
Adopting under the single key administrative situation of a kind of safety; In sensing node end intelligent card chip, write: the sign of single key cryptographic algorithm, digest algorithm, sensing node end intelligent card chip, one group of transmission security key, the device authentication agreement of sensing node end, sensing data are encrypted and digital signature protocol; In the encrypted card chip of authentication center's end certificate server, write: single key cryptographic algorithm, digest algorithm, one group of storage key, authentication center's end device authentication agreement, sensing data deciphering and signature verification agreement; Hard-disc storage district at authentication center's end certificate server stores the ciphertext that all sensing node end intelligent card chip identifications and transmission security key are held by corresponding authentication center; When the equipment amount of sensing node end is big, need not dispose more encrypted card equipment in authentication center, store the transmission security key of a large amount of corresponding sensing node ends; Adopt the single key administrative skill of a kind of safety, be meant and adopt three kinds of key management methods, wherein: first kind of key is: authentication or signature key, authenticate key are used for the apparatus for establishing authentication protocol, and signature key is used for setting up sensing data and encrypts and digital signature protocol; Second kind of key is: transmission security key, transmission security key are used for encrypting and authenticating or signature key, guarantee the safety of authentication or signature key exchange transmission course; The third key is: storage key, storage key are used for encrypting respectively the transmission security key of corresponding all sensing node ends, guarantee the storage security of transmission security key at authentication center's end; Use storage key encrypted transmission key; Use transmission security key encrypting and authenticating or signature key, encrypt one group of random number with authenticate key again and generate authenticate password, realize the device authentication of sensing node end; Or " summary " information of sensing data and sensing data is encrypted promptly: digital signature with signature key; Realize the secret transmission of sensing data and the integrity verification of sensing layer, thereby, the Internet of Things cipher authentication system that adopts the single key administrative skill of a kind of safety set up; All processes realizes that with the software and hardware combination concrete grammar is following:
1, the equipment of sensing node end; Comprise: transducer or RFID equipment and smart card device, transducer or RFID equipment are used to gather sensing data as sensing equipment; On transducer or RFID equipment, embed a smart card; With the encryption system hardware device of smart card as the sensing node end, the sensing equipment of sensing node end is connected with a smart card, and data between the two are transmitted in both directions; In sensing node end intelligent card chip; Set up the encryption system of sensing node end, that is: the Internet of Things security protocol that writes single key cryptographic algorithm, digest algorithm, sensing node end comprises: device authentication agreement, encryption and the digital signature protocol of sensing node end, and write data: the sign of sensing node end intelligent card chip and one group of transmission security key.
2, authentication center's end is made up of certificate server and encrypted card hardware device; On the pci interface of certificate server, insert encrypted card, with the encryption system hardware device of encrypted card as authentication center's end, Internet of Things data center is connected with authentication center; Data between Internet of Things data center and the authentication center are transmitted in both directions; In the chip of encrypted card, set up the encryption system of authentication center's end, that is: the Internet of Things security protocol that writes single key cryptographic algorithm, digest algorithm, authentication center's end comprises: device authentication agreement, deciphering and the signature verification agreement of authentication center's end; And write data: one group of storage key; Hard-disc storage district at authentication center's end certificate server writes data Z, and data Z comprises: corresponding all sensing node end intelligent card chip identifications and transmission security key SKi (i=1~n; N is the number of devices summation of sensing node end) ciphertext, that is: data Z is stored in the transmission security key database of authentication center end certificate server.
3, Internet of Things data center is made up of server or minicomputer; In Internet of Things data center, have two kinds in depositing: (1) deposit the collection of sensing node end sensing equipment sensing data, corresponding sensing node end intelligent card chip identification, receive the timestamp of sensing data and " result " of the complete checking of sensing data that receives; (2) storage equipment authentication " result ", corresponding sensing node end intelligent card chip identification, the timestamp of receiving equipment authentication " result ".
4, each sensing node end intelligent card chip all has unique sign; Each sensing node end intelligent card chip identification is different in twos; Sensing node end intelligent card chip identification adds English alphabet padding "-" by numeral or numeral and forms, and establishes: the data length of sensing node end intelligent card chip identification is C2 (C2=5~15), when sensing node end intelligent card chip identification is added English alphabet and formed by numeral; If during 8 letter and numbers in C2 position, as: CG-00017; When sensing node end intelligent card chip identification all is made up of numeral; When if C2 is 12 bit digital; As: 000000000026; One group of corresponding sensing node equipment of sensing node end intelligent card chip identification and one group of transmission security key, random number S length is 128~256 digital bits or English alphabet.
5, the encryption system at sensing node end and authentication center two ends; The single key cryptographic algorithm that uses, as: SM1, DES, RC5, SMS4, ASE, the digest algorithm of use; As: SHA-1, SM3, MD5; Key length M, M=128 bit or 210 bits, the summary info length of digest algorithm is: 128 bits or 256 bits.
6, single key management (that is: three kinds of key managements) method of safety and characteristic thereof are following:
(1) first kind of key is promptly: authentication or signature key; If: authentication or signature key are CK, when the device authentication agreement of sensing node end or encryption and digital signature protocol running, are produced the random number of a group 128 or 210 bits in real time by the randomizer in the sensing node end intelligent card chip; Organize random number as authentication or signature key CK with this; As CK during, encrypt another group random number S with CK and produce authenticate password, as CK during as signature key as authenticate key; With CK the sensing data of sensing node end is encrypted and digital signature; Authentication or signature key produce in sensing node end intelligent card chip, after being used in the intelligent card chip, and in intelligent card chip, are eliminated; The plaintext of authentication or signature key does not go out sensing node end intelligent card chip hardware, guarantees authentication or the signature key security of operation at the sensing node end;
Authentication or signature key are transferred to before authentication center's end from the sensing node end; In sensing node end intelligent card chip; After earlier authentication or signature key being encrypted to ciphertext with the transmission security key in the sensing node end intelligent card chip; In sensing node end intelligent card chip, export and pass to authentication center's end again; In authentication center's end encrypted card chip, use the decrypt ciphertext one-tenth plaintext of the transmission security key of corresponding sensing node end with authentication or signature key, guaranteed the exchange TRANSEC transmission security of authentication or signature key;
(2) second kinds of keys are promptly: transmission security key, and establish: transmission security key is SKi (i=1~n, n are the equipment summation of all sensing node ends of corresponding authentication center); In procedure for key initialization; By the randomizer in the authentication center end encrypted card chip, generate the random number of a group 128 or 210 bits, should organize random number as one group of transmission security key SKi (i=1~n); Be input to respectively in each corresponding sensing node end intelligent card chip; Simultaneously, in the chip of authentication center's end encrypted card, use one group of storage key; (i=1~n) encrypts respectively and generates ciphertext promptly: SKi ' (the back output encrypted card chip of i=1~n) with every group of transmission security key SKi of all corresponding sensing node ends; And with transmission security key SKi (i=1~n) promptly with ciphertext: the form of SK1 ', SK2 ' SKn ', (sign of the sensing node end intelligent card chip of i=1~n) is stored in the transmission security key database of authentication center's end certificate server together with corresponding transmission security key SKi respectively;
In sensing node end intelligent card chip; (i=1~n) comes encrypting and authenticating or signature key CK with transmission security key SKi; Generate authentication or signature key ciphertext promptly: CK '; And CK ' sent to authentication center end, the transmission security key SKi that each sensing node end is corresponding (i=1~n) all be stored in the sensing node end intelligent card chip, and in sensing node end intelligent card chip, be used; The plaintext of transmission security key does not go out sensing node end intelligent card chip, has guaranteed storage and the security of operation of sensing node end transmission security key at the sensing node end;
Hold in authentication center; The corresponding transmission security key of all sensing node ends; Be to leave in the transmission security key database of authentication center, guarantee the storage security of the corresponding transmission security key of all sensing node ends, when ciphertext the SKi ' (i=1~when n) being called of the transmission security key of corresponding sensing node end holds in authentication center at authentication center's end with the ciphertext form; Be in the encrypted card chip, to be decrypted into expressly; And in the encrypted card chip, being used the back removing, the plaintext of transmission security key does not go out the encrypted card chip, guarantees the security of operation of the corresponding transmission security key of all sensing node ends at authentication center's end;
(3) the third key promptly: storage key; If: storage key is K, and in procedure for key initialization, storage key is in advance by the randomizer in authentication center's end encrypted card chip; Produce the random number of a group 128 or 210 bits; Should organize random number as one group of storage key K, and be stored in the encrypted card chip, storage key K is one group of fixing single key; With storage key K respectively with the transmission security key SKi of all corresponding sensing node ends (i=1~n) be encrypted to ciphertext promptly: SK1 ', SK2 ' ..., SKn ' (behind the i=1~n), is stored in the transmission security key database of authentication center's end;
When sensing node end and authentication center end carries out authentication or signature key CK exchange; In authentication center's end encrypted card chip; Use storage key K with the ciphertext SKi ' of the transmission security key of the corresponding CK of encryption of authentication center's end (i=1~n) be decrypted into expressly, (i=1~n) is with receiving that the authentication that the sensing node end sends or the ciphertext CK ' of signature key are decrypted into expressly promptly: CK with the transmission security key SKi after the deciphering again; Storage key K produces in the chip of encrypted card; And being stored in the encrypted card chip, the plaintext of storage key K does not go out chip hardware in use, guarantees storage and the security of operation of storage key K;
(4) authentication or signature key are to be produced by the randomizer in the sensing node end intelligent card chip, have randomness, one time one change; And all belong to one group of mess code; With transmission security key SKi (authentication of i=1~n) will at every turn produce or signature key promptly: CK1, CK2 ..., CKm (m natural number), be encrypted to ciphertext respectively promptly: CK1 ', CK2 ' ..., CKm ', (m natural number); Also has randomness; One time one change also all belongs to one group of mess code, irregularities; The code breaker can't with CK1 ', CK2 ' ..., CKm ' (m natural number); As the decoding condition---" repeat newspaper " (using identical single key that many parts of different plaintext message encryptions are become the ciphertext message), decode authentication or signature key promptly: CK1, CK2 ..., CKm (m natural number), or decode transmission security key: SK1, SK2 ..., SKn (n is the summation of all sensing node end subscribers of corresponding authentication center);
(5) (i=1~n) is when key initialization, is produced by randomizer, all has randomness for every group of transmission security key SKi; And all belong to one group of mess code, with storage key K encrypt respectively each group transmission security key SKi (the transmission security key ciphertext of i=1~n) generate, that is: SK1 ', SK2 ' ..., SKn '; Also has randomness; One time one change also all belongs to one group of mess code, the code breaker can't with SK1 ', SK2 ' ..., SKn; As the decoding condition---" repeat newspaper " (using identical single key that many parts of different plaintext message encryptions are become the ciphertext message) decode transmission security key: SK1, SK2 ..., SKn, perhaps decode storage key K;
(6) adopt the single key management of safety (that is: three kinds of key managements) method; The storage security that all corresponding sensing node end transmission security keys are held by authentication center is left in assurance in; When customer volume is big; Need not purchase a large amount of encrypted card equipment and store a large amount of transmission security keys, can practice thrift the construction cost of authentication center greatly.
7, the device authentication agreement of sensing node end, by another group random number of sensing equipment generation of sensing node end, establish: this group random number is S; In random number S input sensing node end intelligent card chip, the randomizer in the intelligent card chip produces the random number of one group of 128 bit or 210 bits; This random number as authenticate key CK, is come encrypted random number S with CK, the ciphertext that obtains random number S promptly: authenticate password 1; Afterwards; In sensing node end intelligent card chip, with transmission security key SKi (i=1~n) authenticate key CK is encrypted to ciphertext promptly: CK ', last; With these 4 groups of verify datas of ciphertext CK ' of sign, random number S, authenticate password 1 and the authenticate key of sensing node end intelligent card chip, send to authentication center's end in the lump.
8, the device authentication agreement of authentication center's end; After authentication center end was received the verify data that the sensing node end sends, authentication center's end was according to the sign of sensing node end intelligent card chip, the record of location to identifying in the transmission security key database; The ciphertext of the transmission security key in will writing down again is promptly: and SKi ' (i=1~n); In the encrypted card chip of input authentication center-side, and in the encrypted card chip, use storage key K with SKi ' (i=1~n) be decrypted into expressly promptly: SKi (i=1~n); (i=1~n) the ciphertext CK ' with the authenticate key that receives is decrypted into expressly with SKi; That is: whether CK generates authenticate password 2 with CK encrypted random number S, identical with authenticate password 2 through contrast authenticate password 1? Whether the equipment of differentiating the sensing node end is credible.
9, in the device authentication protocol procedures that the device authentication agreement and the authentication center of sensing node end hold, be in sensing node end intelligent card chip, operate as follows: produce authenticate key; Generate authenticate password 1, with transmission security key encrypting and authenticating key, in authentication center's end encrypted card chip; Operate as follows: with the transmission security key decrypt ciphertext of storage key corresponding sensing node end; With the transmission security key after the deciphering ciphertext of authenticate key is deciphered again, generate authenticate password 2, and carry out the contrast authentication of authenticate password 1 and authenticate password 2; Therefore; The device authentication agreement of the device authentication agreement of sensing node end and authentication center's end is the device authentication agreement of " chip-scale ", and is safe.
10, the sensing data of sensing node end is encrypted and digital signature protocol, at the sensing node end, the sensing data that sensing node equipment is gathered is imported in the sensing node end intelligent card chip; In sensing node end intelligent card chip, use digest algorithm that sensing data is carried out " summary " information L1 that " summary " obtains sensing data, by the randomizer in the sensing node end intelligent card chip; Produce the random number of one group of 128 bit or 210 bits; This random number as signature key CK, is encrypted sensing data and " summary " information L1, obtain sensing data ciphertext and L1 ciphertext promptly: digital signature; Afterwards; Transmission security key with in the sensing node end intelligent card chip is encrypted to ciphertext promptly with signature key CK: CK ', and last; With the sign of sensing node end intelligent card chip, the ciphertext of sensing data, the digital signature of sensing data and these 4 groups of digital signature data of ciphertext CK ' of signature key, send to authentication center's end in the lump.
11, deciphering of the sensing data of authentication center end and signature verification agreement are after authentication center's end is received the digital signature data that the sensing node end sends, at first; Sign according to sensing node end intelligent card chip; The record of location to identifying in the transmission security key database, the ciphertext of the transmission security key in will writing down again be promptly: SKi ' (in the encrypted card chip of the input authentication center-side of i=1~n), and in the encrypted card chip; Use storage key K with SKi ' (i=1~n) be decrypted into expressly promptly: SKi (i=1~n); (i=1~n) the ciphertext CK ' with the signature key that receives is decrypted into expressly, that is: CK deciphers the ciphertext of sensing data and the digital signature of sensing data with CK with SKi; Obtain the plaintext of sensing data and " summary " information L1 of sensing data; With digest algorithm sensing data is carried out " summary " again, obtain " summary " information L2 of sensing data, whether L1 identical with L2 through contrast? Confirm whether the sensing node end is credible, complete to the signature of sensing data.
12, in the sensing data deciphering and signature verification protocol procedures of the sensing data encryption of sensing node end and digital signature protocol and authentication center's end, be in sensing node end intelligent card chip, operate as follows: produce signature key; With digest algorithm sensing data is carried out " summary ", obtain " summary " information L1 of file, with signature key sensing data is encrypted with " summary " information L1 and generated ciphertext; Wherein: to being encrypted as of " summary " information L1: digital signature; Generate the ciphertext of signature key again with transmission security key ciphering signature key, in authentication center's end encrypted card chip, operate as follows: the transmission security key ciphertext of deciphering corresponding sensing node end with storage key; With the transmission security key after the deciphering ciphertext of signature key is deciphered again; With deciphering sensing data of the signature key after the deciphering and digital signature, obtain the plaintext and " summary " information L1 of sensing data, with digest algorithm sensing data is carried out " summary "; Obtain " summary " information L2; Carry out the contrast of L1 and L2, therefore, the encryption and the digital signature protocol of sensing node end are the encryption and the digital signature protocol of " chip-scale "; Deciphering and signature verification agreement that the deciphering of authentication center's end and signature verification agreement also are " chip-scale ", safe.
13, sensing node end sensing equipment produces one group of random number S, in random number S input sensing node end intelligent card chip, in intelligent card chip; The device authentication agreement of sensing node end is encrypted to ciphertext with the random number S that receives; And, sending to the sensing equipment of sensing node end with the verify data that produces, the sensing equipment of sensing node end sends to Internet of Things data center through Internet of Things; Internet of Things data center is transmitted to authentication center again; The device authentication agreement of authentication center's end is in the encrypted card chip, behind the device authentication of completion to the sensing node end; And with device authentication " result " promptly: sensing node end intelligent card the chip identification whether equipment of sensing node end is credible, corresponding and current timestamp feed back to Internet of Things data center in the lump.
14, the sensing data of sensing node end sensing equipment collection; At first, be transferred in the sensing node end intelligent card chip, in intelligent card chip; Sensing node end sensing data is encrypted and digital signature protocol; The sensing data that receives is encrypted and digital signature, and, sent to the sensing equipment of sensing node end the digital signature data that produces; The sensing equipment of sensing node end sends to Internet of Things data center through Internet of Things; Internet of Things data center is transmitted to authentication center again, and the sensing data deciphering and the signature verification agreement of authentication center's end are after the deciphering and the signature verification to sensing data accomplished in the encrypted card chip the sensing data ciphertext; And, feed back to Internet of Things data center in the lump with the plaintext of sensing data, " result " of signature verification, the sensing node end intelligent card chip identification of correspondence and current timestamp.
15, sensing node end sensing equipment is responsible for verify data or the signed data with the smart card generation, and data center sends authentication center to through Internet of Things, and authentication center is according to the Internet of Things security protocol of authentication center's end; Result with device authentication or data integrity checking and deciphering feeds back to Internet of Things data center, thereby; Realize the Internet of Things security protocol of sensing node end and the Internet of Things security protocol of authentication center's end, the communication protocol that directly depends on Internet of Things is accomplished the transmission of data, need be between sensing node end intelligent card and authentication center's end encrypted card; Set up independent communication protocol again; This not only can be reduced in sensing node and the authentication center's two ends encryption system hardware device, rebulids the cost of communication protocol; And, the complexity of reduction Internet of Things cipher authentication system.
16, in chip; Because single key cryptographic algorithm adds, deciphering speed than conbined public or double key cryptographic algorithm fast 1000 times, adopts the single key management method of safety, solved the difficult problem of single key cryptographic algorithm key updating management in device authentication or digital signature system; Reduced the cost of single key updating maintenance; Simultaneously, bring into play single key cryptographic algorithm and added, deciphered fireballing advantage, effectively improved the speed of service of Internet of Things security protocol; Therefore; The device authentication agreement of the sensing node end of setting up based on single key cryptographic algorithm, the device authentication agreement of authentication center's end, the sensing data of sensing node end are encrypted and digital signature protocol, and the sensing data deciphering and the signature verification agreement of authentication center's end, and speed is fast, efficient is high.
Description of drawings:
Fig. 1: 3 kinds of single keys applicating flow chart in the Internet of Things security protocol
Fig. 2: the transfer of data flow process figure of 4 kinds of equipment of Internet of Things cipher authentication system
Embodiment:
Below in conjunction with description of drawings: 3 kinds of single key uses in the Internet of Things security protocol, and 4 kinds of data transfer between devices performing steps of Internet of Things cipher authentication system:
Fig. 1: the use of 3 kinds of single keys in the Internet of Things security protocol is described, at first, in sensing node end intelligent card chip; The Internet of Things security protocol of sensing node end, the control randomizer produces one group of random number, should organize random number as authentication or signature key CK; With the transmission security key SK in the sensing node end intelligent card chip, encrypting and authenticating or signature key CK, the ciphertext that generates authentication or signature key CK promptly: CK '; CK ' is sent to authentication center, and in authentication center, authentication center's end Internet of Things security protocol is from the transmission security key database of authentication center's end; Take out the transmission security key ciphertext SK ' of corresponding sensing node end intelligent card chip identification, in authentication center's encrypted card chip, SK ' is decrypted into expressly with storage key K; That is: obtain transmission security key SK; Use transmission security key SK that CK ' is decrypted into expressly again, that is: obtain authentication or signature key CK, thereby; Utilize transmission security key SK and storage key K, realize the transmission exchanging safety that authentication or signature key CK hold from the sensing node end to authentication center.
Fig. 2: the device authentication process with the sensing node end is an example, the data transmission procedure of 4 kinds of equipment of exponent networking cipher authentication system, at first; Sensing equipment by the sensing node end produces one group of random number S, in random number S input sensing node end intelligent card chip, in intelligent card chip, generates one group of authenticate key CK; Come encrypted random number S with CK, the ciphertext that obtains random number S promptly: authenticate password 1, in sensing node end intelligent card chip; With transmission security key SK authenticate key CK is encrypted to ciphertext promptly: CK ', last, with these 4 groups of verify datas of ciphertext CK ' of sign, random number S, authenticate password 1 and the authenticate key of sensing node end intelligent card chip; Send to the sensing equipment of sensing node end in the lump, the sensing equipment of sensing node end sends to Internet of Things data center through Internet of Things with verify data, and Internet of Things data center is transmitted to authentication center again; Authentication center end is according to the sign of sensing node end intelligent card chip, the record of location in the transmission security key database to identifying, the ciphertext of the transmission security key in will writing down again promptly: SK '; In the encrypted card chip of input authentication center-side; And in the encrypted card chip, use storage key K that SK ' is decrypted into expressly promptly: SK is decrypted into the ciphertext CK ' of the authenticate key that receives expressly with SK; That is: CK; Generate authenticate password 2 with CK encrypted random number S, whether identical through contrast authenticate password 1 with authenticate password 2? Whether the equipment of differentiating the sensing node end is credible, afterwards; Authentication center is with authentication " result " promptly: whether device authentication is credible, feeds back to Internet of Things data center.
Claims (10)
1. adopting the Internet of Things cipher authentication method of the single key administrative skill of a kind of safety, is to adopt single key cryptographic algorithm, the single key administrative skill of safety and chip hardware technology, sets up the Internet of Things cipher authentication system; If adopting under single key administrative situation commonly used; In sensing node end intelligent card chip, write: the encryption and the digital signature protocol of the sign of single key cryptographic algorithm, digest algorithm, one group of transmission security key, sensing node end intelligent card chip, sensing node equipment authentication protocol, sensing data; In the certificate server encrypted card chip of authentication center's end; Write the sign and the corresponding transmission security key of the sensing node end intelligent card chip of single key cryptographic algorithm, digest algorithm, all corresponding authentication centers end, and the device authentication agreement of authentication center's end, sensing data deciphering and signature verification agreement; When the equipment amount of sensing node end was big, authentication center need dispose more encrypted card equipment, stores the transmission security key of a large amount of corresponding sensing node ends; In sensing node end intelligent card chip, encrypt another group random number S with one group of random number as authenticate key, generate the authenticate password of sensing node end; And after with transmission security key authenticate key being encrypted to ciphertext, send to authentication center's end with authenticate password and random number S, in authentication center's end encrypted card chip; Use the transmission security key of corresponding sensing node end; With the decrypt ciphertext of the authenticate key that receives,, generate the authenticate password of authentication center's end again with the authenticate key encrypted random number S after the deciphering; Through the authenticate password at contrast sensing node end and authentication center two ends, confirm whether the equipment of sensing node end is true, credible; In sensing node end intelligent card chip; Sensing data is encrypted and digital signature as signature key with one group of random number, and after with transmission security key signature key being encrypted to ciphertext, sent to authentication center's end with the ciphertext of sensing data and the digital signature of sensing data; In authentication center's end encrypted card chip; Use the transmission security key of corresponding sensing node end, with the decrypt ciphertext of the signature key that receives, again with the signature key after the deciphering; Decipher the ciphertext of sensing data; And the digital signature of sensing data carried out signature verification, the transmission of maintaining secrecy of the sensing data of realizing sensing layer is confirmed whether the sensing node end is complete to the signature of sensing data, is not distorted;
The present invention adopts single key cryptographic algorithm and the single key key management technology of a kind of safety; In the chip hardware of sensing node end and authentication center's end; Set up that sensing node equipment authentication, sensing data add, deciphering and digital signature system, the technical characterictic of its method is:
Adopting under the single key administrative situation of a kind of safety; In sensing node end intelligent card chip, write: the sign of single key cryptographic algorithm, digest algorithm, sensing node end intelligent card chip, one group of transmission security key, the device authentication agreement of sensing node end, sensing data are encrypted and digital signature protocol; In the encrypted card chip of authentication center's end certificate server, write: single key cryptographic algorithm, digest algorithm, one group of storage key, authentication center's end device authentication agreement, sensing data deciphering and signature verification agreement; Hard-disc storage district at authentication center's end certificate server stores the ciphertext that all sensing node end intelligent card chip identifications and transmission security key are held by corresponding authentication center; When the equipment amount of sensing node end is big, need not dispose more encrypted card equipment in authentication center, store the transmission security key of a large amount of corresponding sensing node ends; Adopt the single key administrative skill of a kind of safety, be meant and adopt three kinds of key management methods, wherein: first kind of key is: authentication or signature key, authenticate key are used for the apparatus for establishing authentication protocol, and signature key is used for setting up sensing data and encrypts and digital signature protocol; Second kind of key is: transmission security key, transmission security key are used for encrypting and authenticating or signature key, guarantee the safety of authentication or signature key exchange transmission course; The third key is: storage key, storage key are used for encrypting respectively the transmission security key of corresponding all sensing node ends, guarantee the storage security of transmission security key at authentication center's end; Use storage key encrypted transmission key; Use transmission security key encrypting and authenticating or signature key, encrypt one group of random number with authenticate key again and generate authenticate password, realize the device authentication of sensing node end; Or " summary " information of sensing data and sensing data is encrypted promptly: digital signature with signature key; Realize the secret transmission of sensing data and the integrity verification of sensing layer, thereby, the Internet of Things cipher authentication system that adopts the single key administrative skill of a kind of safety set up.
2. according to the method for claim 1, it is characterized in that:
(1) first kind of key is promptly: authentication or signature key; If: authentication or signature key are CK, when the device authentication agreement of sensing node end or encryption and digital signature protocol running, are produced the random number of a group 128 or 210 bits in real time by the randomizer in the sensing node end intelligent card chip; Organize random number as authentication or signature key CK with this; As CK during, encrypt another group random number S with CK and produce authenticate password, as CK during as signature key as authenticate key; With CK the sensing data of sensing node end is encrypted and digital signature; Authentication or signature key produce in sensing node end intelligent card chip, after being used in the intelligent card chip, and in intelligent card chip, are eliminated; The plaintext of authentication or signature key does not go out sensing node end intelligent card chip hardware, guarantees authentication or the signature key security of operation at the sensing node end;
Authentication or signature key are transferred to before authentication center's end from the sensing node end; In sensing node end intelligent card chip; After earlier authentication or signature key being encrypted to ciphertext with the transmission security key in the sensing node end intelligent card chip; In sensing node end intelligent card chip, export and pass to authentication center's end again; In authentication center's end encrypted card chip, use the decrypt ciphertext one-tenth plaintext of the transmission security key of corresponding sensing node end with authentication or signature key, guaranteed the exchange TRANSEC transmission security of authentication or signature key;
(2) second kinds of keys are promptly: transmission security key, and establish: transmission security key is SKi (i=1~n, n are the equipment summation of all sensing node ends of corresponding authentication center); In procedure for key initialization; By the randomizer in the authentication center end encrypted card chip, generate the random number of a group 128 or 210 bits, should organize random number as one group of transmission security key SKi (i=1~n); Be input to respectively in each corresponding sensing node end intelligent card chip; Simultaneously, in the chip of authentication center's end encrypted card, use one group of storage key; (i=1~n) encrypts respectively and generates ciphertext promptly: SKi ' (the back output encrypted card chip of i=1~n) with every group of transmission security key SKi of all corresponding sensing node ends; And with transmission security key SKi (i=1~n) promptly with ciphertext: the form of SK1 ', SK2 ' SKn ', (sign of the sensing node end intelligent card chip of i=1~n) is stored in the transmission security key database of authentication center's end certificate server together with corresponding transmission security key SKi respectively;
In sensing node end intelligent card chip; (i=1~n) comes encrypting and authenticating or signature key CK with transmission security key SKi; Generate authentication or signature key ciphertext promptly: CK '; And CK ' sent to authentication center end, the transmission security key SKi that each sensing node end is corresponding (i=1~n) all be stored in the sensing node end intelligent card chip, and in sensing node end intelligent card chip, be used; The plaintext of transmission security key does not go out sensing node end intelligent card chip, has guaranteed storage and the security of operation of sensing node end transmission security key at the sensing node end;
Hold in authentication center; The corresponding transmission security key of all sensing node ends; Be to leave in the transmission security key database of authentication center, guarantee the storage security of the corresponding transmission security key of all sensing node ends, when ciphertext the SKi ' (i=1~when n) being called of the transmission security key of corresponding sensing node end holds in authentication center at authentication center's end with the ciphertext form; Be in the encrypted card chip, to be decrypted into expressly; And in the encrypted card chip, being used the back removing, the plaintext of transmission security key does not go out the encrypted card chip, guarantees the security of operation of the corresponding transmission security key of all sensing node ends at authentication center's end;
(3) the third key promptly: storage key; If: storage key is K, and in procedure for key initialization, storage key is in advance by the randomizer in authentication center's end encrypted card chip; Produce the random number of a group 128 or 210 bits; Should organize random number as one group of storage key K, and be stored in the encrypted card chip, storage key K is one group of fixing single key; With storage key K respectively with the transmission security key SKi of all corresponding sensing node ends (i=1~n) be encrypted to ciphertext promptly: SK1 ', SK2 ' ..., SKn ' (behind the i=1~n), is stored in the transmission security key database of authentication center's end;
When sensing node end and authentication center end carries out authentication or signature key CK exchange; In authentication center's end encrypted card chip, use the ciphertext SKi of storage key K, (i=1~n) be decrypted into expressly with the transmission security key of the corresponding CK of encryption of authentication center's end; Transmission security key SKi after usefulness is deciphered again (i=1~n); The ciphertext CK ' that receives authentication that the sensing node end sends or signature key is decrypted into expressly promptly: CK, storage key K produces in the chip of encrypted card, and is stored in the encrypted card chip; The plaintext of storage key K does not go out chip hardware in use, guarantees storage and the security of operation of storage key K.
3. according to the method for claim 2, it is characterized in that:
(1) authentication or signature key are to be produced by the randomizer in the sensing node end intelligent card chip, have randomness, one time one change; And all belong to one group of mess code, with transmission security key SKi (authentication of i=1~n) will at every turn produce or signature key promptly: CK1, CK2 ..., CKm (m natural number), be encrypted to ciphertext respectively promptly: CK1;, CK2, ..., CKm ', (m natural number); Also has randomness; One time one change also all belongs to one group of mess code, irregularities; The code breaker can't with CK1 ', CK2 ' ..., CKm ' (m natural number); As the decoding condition---" repeat newspaper " (using identical single key that many parts of different plaintext message encryptions are become the ciphertext message), decode authentication or signature key promptly: CK1, CK2 ..., CKm (m natural number), or decode transmission security key: SK1, SK2 ..., SKn (n is the summation of all sensing node end subscribers of corresponding authentication center);
(2) (i=1~n) is when key initialization, is produced by randomizer, all has randomness for every group of transmission security key SKi; And all belong to one group of mess code, with storage key K encrypt respectively each group transmission security key SKi (the transmission security key ciphertext of i=1~n) generate, that is: SK1 ', SK2 ' ..., SKn '; Also has randomness; One time one change also all belongs to one group of mess code, the code breaker can't with SK1 ', SK2 ' ..., SKn; As the decoding condition---" repeat newspaper " (using identical single key that many parts of different plaintext message encryptions are become the ciphertext message) decode transmission security key: SK1, SK2 ..., SKn, perhaps decode storage key K;
(3) adopt the single key management of safety (that is: three kinds of key managements) method; The storage security that all corresponding sensing node end transmission security keys are held by authentication center is left in assurance in; When customer volume is big; Need not purchase a large amount of encrypted card equipment and store a large amount of transmission security keys, can practice thrift the construction cost of authentication center greatly.
4. according to the method for claim 1, it is characterized in that:
(1) the device authentication agreement of sensing node end, by another group random number of sensing equipment generation of sensing node end, establish: this group random number is S; In random number S input sensing node end intelligent card chip, the randomizer in the intelligent card chip produces the random number of one group of 128 bit or 210 bits; This random number as authenticate key CK, is come encrypted random number S with CK, the ciphertext that obtains random number S promptly: authenticate password 1; Afterwards; In sensing node end intelligent card chip, with transmission security key SKi (i=1~n) authenticate key CK is encrypted to ciphertext promptly: CK ', last; With these 4 groups of verify datas of ciphertext CK ' of sign, random number S, authenticate password 1 and the authenticate key of sensing node end intelligent card chip, send to authentication center's end in the lump;
(2) the device authentication agreement of authentication center's end; After authentication center end was received the verify data that the sensing node end sends, authentication center's end was according to the sign of sensing node end intelligent card chip, the record of location to identifying in the transmission security key database; The ciphertext of the transmission security key in will writing down again is promptly: and SKi ' (i=1~n); In the encrypted card chip of input authentication center-side, and in the encrypted card chip, use storage key K with SKi ' (i=1~n) be decrypted into expressly promptly: SKi (i=1~n); (i=1~n) the ciphertext CK ' with the authenticate key that receives is decrypted into expressly with SKi; That is: whether CK generates authenticate password 2 with CK encrypted random number S, identical with authenticate password 2 through contrast authenticate password 1? Whether the equipment of differentiating the sensing node end is credible.
5. according to the method for claim 4, it is characterized in that:
In the device authentication protocol procedures that the device authentication agreement and the authentication center of sensing node end hold, be in sensing node end intelligent card chip, operate as follows: produce authenticate key; Generate authenticate password 1, with transmission security key encrypting and authenticating key, in authentication center's end encrypted card chip; Operate as follows: with the transmission security key decrypt ciphertext of storage key corresponding sensing node end; With the transmission security key after the deciphering ciphertext of authenticate key is deciphered again, generate authenticate password 2, and carry out the contrast authentication of authenticate password 1 and authenticate password 2; Therefore; The device authentication agreement of the device authentication agreement of sensing node end and authentication center's end is the device authentication agreement of " chip-scale ", and is safe.
6. according to the method for claim 1, it is characterized in that:
(1) sensing data of sensing node end is encrypted and digital signature protocol, at the sensing node end, the sensing data that sensing node equipment is gathered is imported in the sensing node end intelligent card chip; In sensing node end intelligent card chip, use digest algorithm that sensing data is carried out " summary " information L1 that " summary " obtains sensing data, by the randomizer in the sensing node end intelligent card chip; Produce the random number of one group of 128 bit or 210 bits; This random number as signature key CK, is encrypted sensing data and " summary " information L1, obtain sensing data ciphertext and L1 ciphertext promptly: digital signature; Afterwards; Transmission security key with in the sensing node end intelligent card chip is encrypted to ciphertext promptly with signature key CK: CK ', and last; With the sign of sensing node end intelligent card chip, the ciphertext of sensing data, the digital signature of sensing data and these 4 groups of digital signature data of ciphertext CK ' of signature key, send to authentication center's end in the lump;
(2) deciphering of the sensing data of authentication center end and signature verification agreement, when authentication center hold receive the digital signature data that the sensing node end sends after, at first; Sign according to sensing node end intelligent card chip; The record of location to identifying in the transmission security key database, the ciphertext of the transmission security key in will writing down again be promptly: SKi ' (in the encrypted card chip of the input authentication center-side of i=1~n), and in the encrypted card chip; Use storage key K with SKi ' (i=1~n) be decrypted into expressly promptly: SKi (i=1~n); (i=1~n) the ciphertext CK ' with the signature key that receives is decrypted into expressly, that is: CK deciphers the ciphertext of sensing data and the digital signature of sensing data with CK with SKi; Obtain the plaintext of sensing data and " summary " information L1 of sensing data; With digest algorithm sensing data is carried out " summary " again, obtain " summary " information L2 of sensing data, whether L1 identical with L2 through contrast? Confirm whether the sensing node end is credible, complete to the signature of sensing data.
7. according to the method for claim 6, it is characterized in that:
In the sensing data deciphering of the sensing data encryption of sensing node end and digital signature protocol and authentication center's end and signature verification protocol procedures, be in sensing node end intelligent card chip, operate as follows: the generation signature key; With digest algorithm sensing data is carried out " summary ", obtain " summary " information L1 of file, with signature key sensing data is encrypted with " summary " information L1 and generated ciphertext; Wherein: to being encrypted as of " summary " information L1: digital signature; Generate the ciphertext of signature key again with transmission security key ciphering signature key, in authentication center's end encrypted card chip, operate as follows: the transmission security key ciphertext of deciphering corresponding sensing node end with storage key; With the transmission security key after the deciphering ciphertext of signature key is deciphered again; With deciphering sensing data of the signature key after the deciphering and digital signature, obtain the plaintext and " summary " information L1 of sensing data, with digest algorithm sensing data is carried out " summary "; Obtain " summary " information L2; Carry out the contrast of L1 and L2, therefore, the encryption and the digital signature protocol of sensing node end are the encryption and the digital signature protocol of " chip-scale "; Deciphering and signature verification agreement that the deciphering of authentication center's end and signature verification agreement also are " chip-scale ", safe.
8. according to the method for claim 1, it is characterized in that:
(1) sensing node end sensing equipment produces one group of random number S, in random number S input sensing node end intelligent card chip, in intelligent card chip; The device authentication agreement of sensing node end is encrypted to ciphertext with the random number S that receives; And, sending to the sensing equipment of sensing node end with the verify data that produces, the sensing equipment of sensing node end sends to Internet of Things data center through Internet of Things; Internet of Things data center is transmitted to authentication center again; The device authentication agreement of authentication center's end is in the encrypted card chip, behind the device authentication of completion to the sensing node end; And with device authentication " result " promptly: sensing node end intelligent card the chip identification whether equipment of sensing node end is credible, corresponding and current timestamp feed back to Internet of Things data center in the lump;
(2) sensing data of sensing node end sensing equipment collection; At first, be transferred in the sensing node end intelligent card chip, in intelligent card chip; Sensing node end sensing data is encrypted and digital signature protocol; The sensing data that receives is encrypted and digital signature, and, sent to the sensing equipment of sensing node end the digital signature data that produces; The sensing equipment of sensing node end sends to Internet of Things data center through Internet of Things; Internet of Things data center is transmitted to authentication center again, and the sensing data deciphering and the signature verification agreement of authentication center's end are after the deciphering and the signature verification to sensing data accomplished in the encrypted card chip the sensing data ciphertext; And, feed back to Internet of Things data center in the lump with the plaintext of sensing data, " result " of signature verification, the sensing node end intelligent card chip identification of correspondence and current timestamp.
9. according to Claim 8 method is characterized in that:
Sensing node end sensing equipment is responsible for verify data or the signed data with the smart card generation, and data center sends authentication center to through Internet of Things, and authentication center is according to the Internet of Things security protocol of authentication center's end; Result with device authentication or data integrity checking and deciphering feeds back to Internet of Things data center, thereby; Realize the Internet of Things security protocol of sensing node end and the Internet of Things security protocol of authentication center's end, the communication protocol that directly depends on Internet of Things is accomplished the transmission of data, need be between sensing node end intelligent card and authentication center's end encrypted card; Set up independent communication protocol again; This not only can be reduced in sensing node and the authentication center's two ends encryption system hardware device, rebulids the cost of communication protocol; And, the complexity of reduction Internet of Things cipher authentication system.
10. according to the method for claim 1, it is characterized in that:
In chip; Because single key cryptographic algorithm adds, deciphering speed than conbined public or double key cryptographic algorithm fast 1000 times, adopts the single key management method of safety, solved the difficult problem of single key cryptographic algorithm key updating management in device authentication or digital signature system; Reduced the cost of single key updating maintenance; Simultaneously, bring into play single key cryptographic algorithm and added, deciphered fireballing advantage, effectively improved the speed of service of Internet of Things security protocol; Therefore; The device authentication agreement of the sensing node end of setting up based on single key cryptographic algorithm, the device authentication agreement of authentication center's end, the sensing data of sensing node end are encrypted and digital signature protocol, and the sensing data deciphering and the signature verification agreement of authentication center's end, and speed is fast, efficient is high.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103234064A CN102833260A (en) | 2012-09-05 | 2012-09-05 | Password authentication method for internet of things by adopting security one-key management technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103234064A CN102833260A (en) | 2012-09-05 | 2012-09-05 | Password authentication method for internet of things by adopting security one-key management technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102833260A true CN102833260A (en) | 2012-12-19 |
Family
ID=47336230
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012103234064A Pending CN102833260A (en) | 2012-09-05 | 2012-09-05 | Password authentication method for internet of things by adopting security one-key management technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102833260A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103237302A (en) * | 2013-03-28 | 2013-08-07 | 北京市科学技术情报研究所 | Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things |
| CN107094108A (en) * | 2016-02-18 | 2017-08-25 | 大众汽车有限公司 | The method for being connected to the part of data/address bus and encryption function being realized in the part |
| CN107231231A (en) * | 2017-06-16 | 2017-10-03 | 深圳市盛路物联通讯技术有限公司 | A kind of method and system of terminal device secure accessing Internet of Things |
| CN107257350A (en) * | 2017-07-28 | 2017-10-17 | 胡祥义 | The offline authentication or method of payment of a kind of " wearable " equipment or mobile phone |
| CN111062575A (en) * | 2019-11-21 | 2020-04-24 | 北京市燃气集团有限责任公司 | Gas industry operation platform, operation method and operation method based on Internet of things |
| CN113660659A (en) * | 2021-10-19 | 2021-11-16 | 华智生物技术有限公司 | Internet of things equipment identity identification method, system, equipment and computer readable medium |
| CN114124515A (en) * | 2021-11-19 | 2022-03-01 | 西部安全认证中心有限责任公司 | Bidding transmission method, key management method, user verification method and corresponding device |
| US11469906B2 (en) * | 2018-11-20 | 2022-10-11 | Motional Ad Llc | Systems and methods for implementing data security |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
-
2012
- 2012-09-05 CN CN2012103234064A patent/CN102833260A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
Non-Patent Citations (2)
| Title |
|---|
| 李峰: ""采用三级密钥体系实现校园卡密钥管理子系统"", 《网络安全技术与应用》 * |
| 胡祥义等: ""对称密码技术在网络认证系统中的应用"", 《网络安全技术与应用》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103237302B (en) * | 2013-03-28 | 2016-05-11 | 北京市科学技术情报研究所 | A kind of heat transfer agent safety protecting method of Internet of Things electronic tag |
| CN103237302A (en) * | 2013-03-28 | 2013-08-07 | 北京市科学技术情报研究所 | Sensing information safety protection method for RFID (radio frequency identification) tags in Internet of Things |
| CN107094108A (en) * | 2016-02-18 | 2017-08-25 | 大众汽车有限公司 | The method for being connected to the part of data/address bus and encryption function being realized in the part |
| CN107231231A (en) * | 2017-06-16 | 2017-10-03 | 深圳市盛路物联通讯技术有限公司 | A kind of method and system of terminal device secure accessing Internet of Things |
| WO2018227685A1 (en) * | 2017-06-16 | 2018-12-20 | 深圳市盛路物联通讯技术有限公司 | Method and system for secure access of terminal device to internet of things |
| CN107231231B (en) * | 2017-06-16 | 2020-09-25 | 深圳市盛路物联通讯技术有限公司 | Method and system for terminal equipment to safely access Internet of things |
| CN107257350A (en) * | 2017-07-28 | 2017-10-17 | 胡祥义 | The offline authentication or method of payment of a kind of " wearable " equipment or mobile phone |
| CN107257350B (en) * | 2017-07-28 | 2023-04-07 | 胡祥义 | Offline authentication or payment method of wearable equipment |
| US11469906B2 (en) * | 2018-11-20 | 2022-10-11 | Motional Ad Llc | Systems and methods for implementing data security |
| CN111062575A (en) * | 2019-11-21 | 2020-04-24 | 北京市燃气集团有限责任公司 | Gas industry operation platform, operation method and operation method based on Internet of things |
| CN111062575B (en) * | 2019-11-21 | 2021-03-30 | 北京市燃气集团有限责任公司 | Gas industry operation platform, operation method and operation method based on Internet of things |
| CN113660659A (en) * | 2021-10-19 | 2021-11-16 | 华智生物技术有限公司 | Internet of things equipment identity identification method, system, equipment and computer readable medium |
| CN114124515A (en) * | 2021-11-19 | 2022-03-01 | 西部安全认证中心有限责任公司 | Bidding transmission method, key management method, user verification method and corresponding device |
| CN114124515B (en) * | 2021-11-19 | 2024-05-28 | 西部安全认证中心有限责任公司 | Bidding transmission method, key management method, user verification method and corresponding devices |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102833260A (en) | Password authentication method for internet of things by adopting security one-key management technology | |
| CN102833075A (en) | Identity authentication and digital signature method based on three-layered overlapping type key management technology | |
| CN101447870B (en) | Safe storage method of private key based on technology of distributed password | |
| CN102802036B (en) | System and method for identifying digital television | |
| CN103152362B (en) | Based on the large data files encrypted transmission method of cloud computing | |
| CN101262341A (en) | A mixed encryption method in session system | |
| CN101631305B (en) | Encryption method and system | |
| RU2006147370A (en) | METHOD FOR DECRAMBLING A SCRUMBED CONTENT INFORMATION OBJECT | |
| CA2690755A1 (en) | System and method of per-packet keying | |
| CN107395368A (en) | Without the digital signature method in media environment and solution encapsulating method and decryption method | |
| CN112804205A (en) | Data encryption method and device and data decryption method and device | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN102447698A (en) | Encrypting and transmitting method for network communication information | |
| CN109861956B (en) | Data verification system, method, device and equipment based on state channel | |
| CN106685969A (en) | Hybrid-encrypted information transmission method and transmission system | |
| CN107005577A (en) | The processing method and processing unit of finger print data | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN101325483B (en) | Method and apparatus for updating symmetrical cryptographic key, symmetrical ciphering method and symmetrical deciphering method | |
| CN101826961A (en) | Method, device and system for data transmission encryption and decryption | |
| CN109104278A (en) | A kind of encrypting and decrypting method | |
| CN103237302B (en) | A kind of heat transfer agent safety protecting method of Internet of Things electronic tag | |
| CN103117850B (en) | A kind of method for building up of the cryptographic system based on random sequence database | |
| CN113312608A (en) | Electric power metering terminal identity authentication method and system based on timestamp | |
| CN100431297C (en) | Method for preventing user's pin from illegal use by double verification protocol | |
| CN114499857A (en) | Method for realizing data correctness and consistency in big data quantum encryption and decryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20121219 |