CN103166919A - Method and system for internet of things information transmission - Google Patents
Method and system for internet of things information transmission Download PDFInfo
- Publication number
- CN103166919A CN103166919A CN2011104133579A CN201110413357A CN103166919A CN 103166919 A CN103166919 A CN 103166919A CN 2011104133579 A CN2011104133579 A CN 2011104133579A CN 201110413357 A CN201110413357 A CN 201110413357A CN 103166919 A CN103166919 A CN 103166919A
- Authority
- CN
- China
- Prior art keywords
- authentication
- hash
- key
- internet
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method and a system for internet of things information transmission. Firstly, a public key infrastructure/certificate authority (PKI/CA) mechanism is established in the internet of things and an authentication key and an encryption key are distributed to an aggregation node of the internet of things; transmitted information is encrypted and authorized in an edge network of the internet of things; and key conversion is conducted after the encrypted and authorized information reaches the aggregation node of the internet of things and the information encrypted again is sent to an application management server of the internet of things. According to the method and the system for the internet of things information transmission, the internet of things can effectively resist interior attack, information safety transmission level is improved and complexity of encryption and safety authentication calculation in the edge network of the internet of things is reduced.
Description
Technical field
The present invention relates to network security and the cryptological technique field of Internet of Things, relate in particular to a kind of method and system of Internet of Things communication.
Background technology
Internet of Things development at present is very rapid, the demand for security of Internet of Things is also outstanding day by day, especially sensing layer and the transport layer at Internet of Things need to guarantee the complete and secret of data, object-object links and makes the consumption of sensor device be multiplied, following Internet of Things end system number of devices is all nearly hundred million, and Internet of Things is the application of future development maximum.Relate generally to the mobile network, wireless sensor network, RFID at present Internet of Things core internet, Internet of Things edge etc., therefore need the ultra-large internet of things equipment of safety certification management.The fusion fully of the development need information gathering of Internet of Things, information transmission and information processing these three aspects, and information gathering, transmission are the key foundation of Internet of Things development, because Internet of Things all needs wireless transmission in a lot of occasions, this signal that is exposed among open place is easy to be stolen, also easier to be disturbed, this will directly have influence on the safety of Internet of Things system.Safety certification provides safety, information acquiring technology easily for Internet of Things, has broad application prospects in the Internet of Things development.There is natural network advantage in mobile communication carrier in the Internet of Things access, can automatically identify easily destination object and obtain data and complete information gathering in conjunction with the Mobile Authentication technology, and send information to application platform, completes the Internet of Things access function.Therefore, mobile authentication is field one of the most effective technology that mobile communication carrier enters Internet of Things, is the basis that future mobile communications operator provides perfect, safe Internet of Things service.
Because the structure of Internet of Things relates generally to existing internet, mobile network and wireless sensor network (WSN) etc., therefore, existing key management technology relates generally to PKI/CA and the key management method in rfid system and WSN in the internet.
PKI (Public Key Infrastructure) is the infrastructure that information security services is provided of utilizing the PKI theory and technology to set up, and it is a kind of key management platform of following standard.The PKI architecture adopts the certificate management PKI, by third-party trust authority CA, other identification informations (as title, e-mail etc.) of user's PKI and user is bundled, in Internet line verification user's identity.The PKI architecture combines public key cryptography and symmetric cryptography, realizes the automatic management of key on the net at Internet, authenticity and the non repudiation of the confidentiality of the online digital information transmission of assurance, integrality, identity.Complete PKI is comprised of functional modules such as tactical management, certification authority, digital certificate storehouse, cipher key backup and recovery system, certificate calcellation treatment system, client certificate treatment systems.
Research for RFID safety mainly concentrates on cipher mechanism.Characteristics and limitation due to rfid system, traditional internet cryptographic algorithm is not suitable for rfid system, and at present, Chinese scholars is mainly taked the way of mutual authentication between label and reader, control the access to label, thereby strengthen fail safe and the privacy of rfid system.Comparatively typical security protocol has: Hash-Lock agreement, randomization Hash-Lock agreement, Hash chain agreement, change agreement, distributed challenge-response agreement etc. based on the ID of Hash.
WSN key management at present roughly can be divided into two large classes, based on the symmetric-key systems mode with based on the asymmetric key system mode.
The symmetric-key systems mode comprises: based on the key distribution center mode, based on master key mode, cipher key pre-distribution mode etc.Basic thought based on the key distribution center mode is that the session key that is used for communication between sensor node is responsible for generation by key distribution center.Each sensor node in key distribution center and network is shared an only key and all shared keys is stored.The advantage of this quasi-protocol is to realize that computing cost and the storage demand of simple and sensor node are all lower, and it is less that the operative sensor node is captured the rear impact that the safety of whole rest network is caused in addition.Basic thought based on the master key mode is key of all the sensors nodes sharing in wireless sensor network, and the key agreement between sensor node and authentication all rely on this key to complete.Obviously, the advantage of this quasi-protocol is realize simple and eliminated dependence to trusted third party.Eschenauer and Gligor propose random key pre-distribution scheme (being called for short the E-G scheme) at first in WSN.This scheme was comprised of 3 stages.The 1st stage was the cipher key pre-distribution stage.Before deployment, at first deployment server generates large pool of keys and the key identification that a key adds up to P, each node choose at random in the pool of keys k (k<<P) individual different key, this random preassignment mode makes any two nodes to exist shared key with certain probability.The 2nd stage was that shared key is found the stage. after random placement, if there is shared key in two adjacent nodes, just choose at random one of them as both sides' pair-wise key: otherwise, entered into for the 3rd stage.The 3rd stage was the cipher key path establishment stage, node by with other neighbor nodes that have a shared key through setting up both sides' a cipher key path after some jumpings.In the q-composite random key pre-distribution scheme that Chan proposes (being called for short the q-composite scheme), node adds up to from key | and choose at random in advance m different key in the pool of keys of S|, disposing latter two adjacent node needs shared q key could directly set up pair-wise key at least.If the cipher key number of sharing is t (t>=q), can use one-way hash function to set up pair-wise key K=hash (k1|| k2||.. kz) (Ciphering Key Sequence Number is arranged in advance).Perrig utilize Sink (aggregation node) as the trusted key Distribution Center of network be network node set up pair-wise key and realize to), the authentication of broadcast data packet.The SPINS agreement is comprised of two parts: SNEP (secure network encryption protocol) and μ TESLA (timed efficientstream loss-tolerant authentication).SNEP mainly realizes confidentiality and the data authentication of data by mechanism such as usage counter (counter), message authentication codes (message authentication code is called for short MAC).The pair-wise key of communicating pair and MAC key are all by using the master key and the pseudo-random function that obtain from Sink to generate.SNEP makes agreement reach semantic class safety (identical plaintext was encrypted in the different periods, and its ciphertext is not identical), and guaranteed the fresh and alive property of data: the MAC key length is fixed, and is only 8 space joints, does not increase too much traffic load.μ TESLA realizes the authentication to broadcast data.Sink at first use one-way hash function H generate an one-way key chain K0, K1 ..., Kn}, wherein, Ki=Hash (Ki+1) is easy to calculate Ki by Ki+1 and can't calculates Ki+1 by Ki.The network operation time is divided into several time slots (slot), uses a key corresponding in key chain at each time slot.In i time slot, Sink sends authentication data packet, announces key K i after then postponing a time.At first node is kept in buffering area after receiving this packet, and wait for the key K i receive up-to-date announcement, then use its key K V that preserves at present, and Ki=Hi-v (KV) whether make authentication secret Ki legal, if legal, use the packet in the Ki authentication buffer.
Based on the asymmetric key system mode: public-key cryptography scheme is widely used in the key managing project of legacy network due to advantages such as authentication property is good, Survivabilities of Networks strong, favorable expandability.The basic thought of IBE (Identity Based Encryption) cryptographic algorithm is that PKI can be any unique character string, as email address, identity card or other scalar products, its advantage is that PKI is discernible, the certificate issued that does not need common PKI system, be both and realize this algorithm with the elliptic curve form, but Boneh and Frank have provided the implementation method of a practical application.
The mode of existing PKI/CA or Key Distribution center (KDC) is implemented very complex, and the realization of PKI is faced with such as certificate management, verifies, cancels, many challenges such as cross-certification between the territory.Especially in the networks such as the mobile network at Internet of Things edge, wireless sensor network, RFID, because Internet of Things edge network node has the characteristics such as energy, computing capability, internal memory, limited bandwidth, can not advance complicated asymmetric-key encryption algorithm and then realize safety certification, and these networks have ambulant characteristics, authentication mode can not be set simply based on PKI/CA, thereby traditional authentication public key mode such as PKI/CA, KDC etc. can't be directly used in the Internet of Things edge network all.
Existing safety approach exists in the rfid system of Internet of Things needs label, reader to have stronger computing capability, there is obvious security vulnerabilities in agreement, and these authentication protocols all ignored from the legal reader of internal system and the forgery between legal label with distort problem, can not comparatively comprehensively take precautions against the problems such as attack.
To be that node is anti-capture poor ability to the shortcoming that adopts symmetric-key systems in the WSN of Internet of Things, do not support the authentication to neighbor node, more can't resist and pretend to be attack, and along with capturing increasing of node, more key information will come out.Because each communication node all needs and base station communication, network service too relies on the base station, and the communication overhead of network is very large, and the extensibility of network and the network size of support depend on the ability of base station.
Summary of the invention
the objective of the invention is for defective of the prior art, a kind of method and system of Internet of Things communication is proposed, adopt the present invention, can make the database in rfid system in Internet of Things, realize between reader and label that the tripartite authenticates mutually, effectively resist and internal attack, wireless sensor network in Internet of Things is adopted the IBE cryptographic algorithm, can improve information security and transmit rank, solved simultaneously the problem of entity authentication, adopt under PKI/CA combined sensor network the key management based on IBE under internet environment, make sensor node and aggregation node realize the privacy of Information Monitoring by the encryption method based on identify label, freshness and confirmability, reduced and encrypted the complexity of calculating with safety certification in WSN.
According to an aspect of the present invention, provide a kind of method of Internet of Things communication, comprised step:
A. set up PKI/CA mechanism in Internet of Things, the aggregation node in described Internet of Things and radio-frequency recognition system background data base are distributed authenticate key and encryption key;
B. the information to transmission is encrypted and authenticates in the edge network of described Internet of Things;
C. carry out the key conversion after the aggregation node of the described Internet of Things of the information of described encryption and authentication arrival, send the information of re-encrypted to the Internet of Things application management server.
Preferably, described step B further comprises:
When the edge network of described Internet of Things is radio-frequency recognition system, at background data base distribution authenticate key and the encryption key of described radio-frequency recognition system;
Utilize the radio-frequency recognition system bidirectional identification protocol based on variable update that information is authenticated and encrypts in described radio-frequency recognition system;
Background data base at described radio-frequency recognition system carries out the key conversion to the information of described authentication and encryption.
Preferably, described step B further comprises:
When the edge network of described Internet of Things is wireless sensor network, aggregation node at described Internet of Things arranges authentication center, and each sensor node in wireless sensor network utilizes the IBE algorithm to generate encryption key and completes encryption and the authentication of information by described authentication center.
Preferably, the described utilization in radio-frequency recognition system based on the radio-frequency recognition system bidirectional identification protocol of variable update completed the authentication of information and the step of encryption further comprises:
Be R (X, Y) and T (X, Y) to reader R and label T initialization assignment;
Reader sends request, judgement Hash
Whether equal Hash
Set up the authentication of completing reader R;
Judgement Hash
The Hash that whether equals to receive
Set up the authentication of completing label T;
Utilize R
idCalculate Hash
Whether equal Hash
Complete authentication and location X to reader R
n, calculate Hash
The Hash that whether equals to receive
Complete authentication and location T to label T
id
Utilize cipher key calculation
The ID that obtains label is T
id, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
Calculate Hash
The Hash that whether equals to receive
As set up the authentication of label database DB.
Preferably, technique scheme comprises that also reader R initiates request to the process that the correlated variables of database DB, reader R and label T upgrades, and specifically comprises step
When count-down device TTL=0, R in the calculated data storehouse
idCorresponding Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, more new variables (X
n, Y
n) be (M
n, N
n), (X, Y) be (A, B);
The Hash that calculating is received
Whether equal Hash
As establishment, the authentication of database DB, relevant variable (M is upgraded in reader R deciphering
n, N
n) be (X
n, Y
n), (A) be updated to (X);
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Utilize
Obtain A,
Obtain B, upgrading (A, B) is (X, Y), upgrades and finishes.
Preferably, comprise that also database D B initiates request to the process that the correlated variables of database DB, reader R and label T upgrades, and specifically comprises step
When count-down device TTL=0, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
R
idCalculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, database D B carries out variable update, with (X
n, Y
n) be updated to (M
n, N
n), (X, Y) is updated to (A, B);
The Hash that calculating is received
Whether equal Hash
As establishment, the authentication of database DB, reader R deciphering is with relevant variable (M
n, N
n) be updated to (X
n, Y
n), (A) be updated to (X);
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Utilize
Obtain A,
Obtain B, (A, B) is updated to (X, Y), upgrade and finish.
Preferably, at the aggregation node of described Internet of Things, authentication center is set, each sensor node in wireless sensor network utilizes the IBE algorithm to generate encryption key and further comprises by encryption and authenticating step that described authentication center completes information:
Calculate common parameter, and selection master key s, sign Id according to each sensor node, calculate HASH and utilize master key to generate corresponding node key K, sign Id and node key K with described parameter, sensor node, be written in the respective sensor node, make each node that oneself key and relevant common parameter be arranged;
To the sending node A in described wireless sensor network and receiving node B, and expressly the identity Id of m, receiving node B is PKI, and random number is got r, and the information that sends is carried out plain text encryption;
Receiving node B receives ciphertext, and the described ciphertext of application node key K deciphering obtains original text.
Preferably, described step C further comprises:
After private key maker PKG receives the enciphered message that wireless sensor network node sends, at first utilize the corresponding private key of preserving to be decrypted, restore information;
When system initialization, PKI/CA is private key maker PKG generating digital certificate and public/private key;
After dispose finishing, corresponding session key M can be consulted with private key maker PKG in the ca authentication center;
Private key maker PKG utilizes the PKG private key to sign and generates message digest, utilizes M that restore information, signature and message digest are encrypted, and by the internet, enciphered message is sent to the Internet of Things application management server.
Preferably, described step C also comprises:
The Internet of Things application management server sends to the ca authentication center with the digital certificate of private key maker PKG and authenticates;
The enciphered message that the Internet of Things application management server will be sent through the PKG of authentication utilizes session key M to be decrypted restore information, utilizes the PKG PKI to carry out signature verification, Nonrepudition;
Again information calculated message digest and contrasted the summary that PKG sends, as mating information completely;
The Internet of Things application management server is obtained wireless sensor network node and is forwarded via aggregation node the information of coming.
Preferably, described step C also comprises structure certificate and cancellation of doucment process, specifically comprises step:
Presetting the longest term of validity of certificate is L, and the time span of renewal is I;
Produce one-way hash chain by following formula
Hi (r)=H (Hi-1 (r)), (i=1,2 ..., j), wherein H0 (r)=r, and r is a random number of only having the user just to know;
(Hi (r), I, L) sent to private key maker PKG;
The request of private key maker PKG authentication of users;
Generate key to PKI and private key;
Generate Certificate;
Certificate is sent to the user;
When r and s reveal, announce the inefficacy certificate by private key maker PKG with certificate revocation list.
Preferably, above-mentioned structure certificate and cancellation of doucment process also comprise step:
The data (Hi (r), I, L) that described certificate is comprised are integrated advances extended field in certificate X.509v3.
According to a further aspect in the invention, also provide a kind of Internet of Things information transmission system, comprised key conversion equipment between PKI/CA device, the authentication of edge network transmission information and encryption device and edge network and Internet of Things, wherein
Described PKI/CA device is used for setting up PKI/CA mechanism at Internet of Things, and the aggregation node in described Internet of Things and radio-frequency recognition system background data base are distributed authenticate key and encryption key;
Described edge network transmission information authentication and encryption device are used at the edge network of described Internet of Things, the information of transmitting being encrypted and authenticating;
Between described edge network and Internet of Things, the key conversion equipment is used for carrying out the key conversion after aggregation node that information when described encryption and authentication arrives described Internet of Things, and the information that sends re-encrypted arrives the Internet of Things application management server.
Preferably, described edge network transmission information authentication and encryption device are specially RFID system authentication and encryption device, be used for when the edge network of described Internet of Things is radio-frequency recognition system,
Background data base at described radio-frequency recognition system distributes authenticate key and encryption key;
Utilize the radio-frequency recognition system bidirectional identification protocol based on variable update that information is authenticated and encrypts in described radio-frequency recognition system;
Background data base at described radio-frequency recognition system carries out the key conversion to the information of described authentication and encryption.
Preferably, described edge network transmission information authentication and encryption device are specially wireless sensor network and encrypt and authenticate device, are used for
When the edge network of described Internet of Things is wireless sensor network, aggregation node in described wireless sensor network arranges authentication center, and each sensor node in wireless sensor network utilizes the IBE algorithm to generate encryption key and completes encryption and the authentication of information by described authentication center.
Preferably, described RFID system authentication and encryption device further comprise:
Initialization module is used for database DB, reader R and label T initialization assignment, and wherein the database initial value is Reader ID (R
1, R
2..., R
n), the initial value R of each reader
1(X
1, Y
1) ... R
n(X
n, Y
n); System's initial value (X, Y); Label information and label ID (T
1, T
2... T
n), reader R initial value is Reader ID (R
n), reader R
nInitial value R
n(X
n, Y
n) be system's initial value (X), label T initial value is (X, Y);
Authentication module is used for reader and sends request, judgement Hash
Whether equal Hash
Set up the authentication of completing reader R;
Judgement Hash
The Hash that whether equals to receive
Set up the authentication of completing label T;
Utilize R
idCalculate Hash
Whether equal Hash
Complete authentication and location X to reader R
n, calculate Hash
The Hash that whether equals to receive
Complete authentication and location T to label T
id
Utilize cipher key calculation
The ID that obtains label is T
id, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
Calculate Hash
The Hash that whether equals to receive
As set up the authentication of label database DB.
Preferably, described RFID system authentication and encryption device also comprise reader requests variable update module, are used for
When TTL=0, R in the calculated data storehouse
idCorresponding Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, more new variables (X
n, Y
n) be (M
n, N
n); (X, Y) is (A, B);
The Hash that calculating is received
Whether equal Hash
As establishment, the authentication of database DB, relevant variable (M is upgraded in reader R deciphering
n, N
n) be (X
n, Y
n), (A) be (X);
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Utilize
Obtain A,
Obtain B, upgrading (A, B) is (X, Y), upgrades and finishes.
Preferably, described RFID system authentication and encryption device also comprise database request variable update module, are used for
When TTL=0, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
R
idCalculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, database D B carries out variable update, with (X
n, Y
n) be updated to (M
n, N
n), (X, Y) is updated to (A, B);
The Hash that calculating is received
Whether equal Hash
As establishment, the authentication of database DB, reader R deciphering is with relevant variable (M
n, N
n) be updated to (X
n, Y
n), (A) be updated to (X);
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Utilize
Obtain A,
Obtain B, (A, B) is updated to (X, Y), upgrade and finish.
Preferably, described wireless sensor network is encrypted and authenticate device further comprises initialization module, encrypting module and deciphering module, wherein
Described initialization module, be used for calculating common parameter, and selection master key s, sign Id according to each sensor node, calculate HASH and utilize master key to generate corresponding node key K, sign Id and node key K with described parameter, sensor node are written in the respective sensor node, make each node that oneself key and relevant common parameter be arranged;
Described encrypting module is used for sending node A and receiving node B to described wireless sensor network, and expressly the identity Id of m, receiving node B is PKI, and random number is got r, and the information that sends is carried out plain text encryption;
Described deciphering module is used for receiving node B and receives ciphertext, and the described ciphertext of application node key K deciphering obtains original text.
Preferably, between described edge network and Internet of Things, authentication and encryption device comprise that further system parameters sets up deciphering module, private key for user extraction module, encrypting module and transmission deciphering module, wherein
Described deciphering module is used for, and after private key maker PKG receives the enciphered message that wireless sensor network node sends, at first utilizes the corresponding private key of preserving to be decrypted, restore information;
Described private key for user extraction module is used for, and when system initialization, PKI/CA is private key maker PKG generating digital certificate and public/private key, and after dispose finishing, corresponding session key M can be consulted with private key maker PKG in the ca authentication center;
Described encrypted transmission module is used for, and private key maker PKG utilizes the PKG private key to sign and generates message digest, utilizes M that restore information, signature and message digest are encrypted, and by the internet, enciphered message is sent to the Internet of Things application management server.
Preferably, between described edge network and Internet of Things, authentication and encryption device also comprise authentication module, and described authentication module is used for,
The Internet of Things application management server sends to the ca authentication center with the digital certificate of private key maker PKG and authenticates;
The enciphered message that the Internet of Things application management server will be sent through the PKG of authentication utilizes session key M to be decrypted restore information, utilizes the PKG PKI to carry out signature verification, Nonrepudition;
Again information calculated message digest and contrasted the summary that PKG sends, as mating information completely;
The Internet of Things application management server is obtained wireless sensor network node and is forwarded via aggregation node the information of coming.
Preferably, between described edge network and Internet of Things, authentication and encryption device also comprise structure certificate and cancellation of doucment module, and described structure certificate and cancellation of doucment module are used for
Presetting the longest term of validity of certificate is L, and the time span of renewal is I;
Produce one-way hash chain by following formula
H
i(r)=H (H
i-1(r)), (i=1,2 ..., j), H wherein
0(r)=r, and r is a random number of only having the user just to know;
(H
i(r), I, L) send to private key maker PKG;
The request of private key maker PKG authentication of users;
Generate key to PKI and private key;
Generate Certificate;
Certificate is sent to the user;
When r and s reveal, announce the inefficacy certificate by private key maker PKG with certificate revocation list.
Preferably, described structure certificate and cancellation of doucment module are also for the data (H that described certificate is comprised
i(r), I, L) the integrated extended field that advances in certificate X.509v3.
Technique effect of the present invention is:
1, for the characteristics of rfid system in Internet of Things, adopt the RFID bidirectional identification protocol based on variable update, use the mode safe transmission ID of ciphertext between reader and label, the privacy of guarantee information.Realized that the tripartite authenticates mutually, solved the RFID safety authentication protocol and can not realize the problem of authentication mutually between label, reader and background data base, effectively resisted internal system and attack.The initializaing variable value is carried out periodically updating processing, improved the fail safe of rfid system.
2, for wireless sensor network in Internet of Things have disposal ability stronger fixedly collect the characteristics that movement a little less than node and disposal ability collects node, existing WSN key management has higher requirement to node, adopt the IBE cryptographic algorithm, set up cipher key center at aggregation node, can effectively reduce the requirement on the ordinary node performance, improve information security and transmit rank, solved simultaneously the problem of entity authentication.
3, have not yet to see the effective key management strategy under environment of internet of things, for the thing network sensing layer node due to energy, computing capability, internal memory, the limited bandwidth factor, traditional authentication public key mode such as PKI/CA, the problem that KDC etc. all can't directly use, the present invention is by adopting under the PKI/CA combining with wireless sensor network key management based on IBE under internet environment, make sensor node and aggregation node realize the privacy of Information Monitoring by the encryption method based on identify label, freshness and confirmability, reduced and encrypted the complexity of calculating with safety certification in WSN.Simultaneously, after information in WSN arrives aggregation node, at aggregation node, the WSN enciphered message is decrypted, authentication information and key by the distribution of internet PKI/CA mechanism, information is encrypted transmission, at the safe information transmission of Internet of Things transport layer, realized that Internet of Things unifies the demand of key management.Simultaneously, by providing public key certificate and certificate is expanded for each certificate server, solve the problem of internet and Internet of Things edge network safety certification and cross-domain authentication.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of writing, claims and accompanying drawing.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Accompanying drawing is used to provide a further understanding of the present invention, and consists of the part of specification, is used for together with embodiments of the present invention explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow chart of a kind of Internet of Things key management method of one embodiment of the invention.
Fig. 2 is the flow diagram of authentication procedures of the RFID bidirectional identification protocol in one embodiment of the invention.
Fig. 3 is the flow chart that the reader R in one embodiment of the invention initiates renewal.
Fig. 4 is the flow chart that the database D B in one embodiment of the invention initiates renewal.
Fig. 5 be in one embodiment of the invention in wireless sensor network inside based on the authenticated encryption flow chart of IBE algorithm.
Fig. 6 adopts improvement PKI authentication method flow chart based on IBE in one embodiment of the invention between WSN aggregation node (mobile node) and internet of things service processing platform.
Fig. 7 is structure certificate and the cancellation of doucment flow chart in one embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for description and interpretation the present invention, is not intended to limit the present invention.
Along with the development in an all-round way of Internet of Things, the basic network safety issue of all kinds of business of its carrying will solve with being difficult to than existing network system is more complicated.Authentication in Internet of Things mainly comprises authentication and message authentication.Authentication can make communicating pair be sure of the other side's identity and exchange session key.Confidentiality and promptness are two important problems in the cipher key change that authenticates.In heterogeneous network, different access authentication servers may not belong to same Virtual network operator, if each all shares a key to the access certificate server, is not easy reality; Each operator, may difference, the therefore very difficult safety that guarantees key to the attention degree of safety for different purposes simultaneously.
PKI is the infrastructure that security service is provided of utilizing the PKI theory and technology to set up, and the function that it has has: the obtaining of the recovery of the obtaining of generation, checking and distributed key, signature and checking, certificate, authentication certificate, preservation certificate, application that certificate is abrogated, key, CRL, key updating, cross-certification etc.The realization of PKI is faced with such as certificate management, verifies, cancels, many challenges such as cross-certification between the territory.
Based on the IBE system of the identity ciphering Framework as the new generation network system, be to have the PKI system model of identical function with PKI, it more is applicable to wireless sensor network.The PKI system of the centralized management that it is comprised of interconnected mechanism between key management, identity management, rights management and territory.IBE is a kind of novel public key encryption system, and the PKI of encrypting use does not obtain from public key certificate, but directly uses the character string that represents user identity, such as name, E-mail address, IP address etc.Private key is produced by the TA of trusted third party.Do not need public key certificate and associative operation based on identity ciphering, simplified use and the management of PKI.IBE has avoided a difficult problem relevant with certificate management in PKI, and this has caused these two kinds of mechanism difference structurally.Because to the memory requirement of certificate, identity and key information, if the actual performance of these information accesses checking, in the safety system of a lightweight of client exploitation, potential is not arranged more with IBE, as in mobile system or in wireless sensor network.
Therefore for the internet of a widely distributed Internet of things system, adopt PKI more suitable.Client has the right ability of key that generates oneself, has very large advantage in some environment.And at the inner authentication encryption method that adopts the IBE algorithm of wireless sensor network.
The characteristics that Sink node computational speed is slow, memory space is little for mobile terminal and WSN, in line with the principle that reduces the mobile terminal amount of calculation, saves memory space as far as possible, utilize comparatively ripe internet network security protocol, the scheme that adopts the cryptographic system based on identity ciphering to combine with the PKI authentication public key.For each certificate server is provided public key certificate, and utilize public-key cryptosystem to authenticate.
It is below a kind of embodiment of Internet of Things key management method of the present invention.
A kind of embodiment of the Internet of Things key management method of being combined with PKI based on IBE as shown in Figure 1, comprises that step is as follows:
Carry out the key conversion after the Sink node of step 104, wireless sensor network or the described Internet of Things of RFID enciphered message arrival or RFID background data base, send enciphered message to the Internet of Things application management server.
Need to prove, in Internet of Things, above-mentioned wireless sensor network, RFID network can exist simultaneously, also can individualism, also may also have other networks such as mobile network, wireless sensor network is similar to the mobile network, and whether also be applicable to step 102 and step 103 for the operation of sensor node in the present embodiment can select to adopt according to the internet of things structure that is specifically related to.
Utilize authentication and the encryption of completing information based on the RFID bidirectional identification protocol of variable update in rfid system for step 102, by adopt the RFID safety authentication protocol based on variable update in rfid system, utilize the one-way Hash function characteristic, transmission of information is encrypted processing, and carries out the internal system key management in background data base.
The verification process of RFID bidirectional identification protocol as shown in Figure 2.
Step 201: to database DB, reader R and label T initialization assignment;
Step 202: reader sends request, judgement Hash
Whether equal Hash
Set up the authentication of completing reader R;
Step 203: judgement Hash
The Hash that whether equals to receive
Set up the authentication of completing label T;
Step 204: utilize R
idCalculate Hash
Whether equal Hash
Complete authentication and location X to reader R
n, calculate Hash
The Hash that whether equals to receive
Complete authentication and location T to label T
id
Step 205: utilize cipher key calculation
The ID that obtains label is T
id, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
Step 206: calculate Hash
The Hash that whether equals to receive
As set up the authentication of label database DB.
The variable update process is that database DB, reader R, label T correlated variables are upgraded.Concrete renewal process is divided two kinds: initiated to upgrade and initiated to upgrade by database D B by reader R.
As shown in Figure 3, be to initiate to upgrade by reader R, then database DB, reader R and label T correlated variables are upgraded.
Step 301: when TTL=0, R in the calculated data storehouse
idCorresponding Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, more new variables (X
n, Y
n) be (M
n, N
n); (X, Y) is (A, B);
Step 302: calculate the Hash that receives
Whether equal Hash
As establishment, the authentication of database DB, relevant variable (M is upgraded in reader R deciphering
n, N
n) be (X
n, Y
n), (A) be (X);
Step 303: calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Step 304: calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Step 305: utilize
Obtain A,
Obtain B, upgrading (A, B) is (X, Y), upgrades and finishes.
As shown in Figure 4, be to initiate to upgrade by database D B, then database DB, reader R and label T correlated variables are upgraded.
Step 401: when TTL=0, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
Step 402:R
idCalculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, database D B carries out variable update, with (X
n, Y
n) be updated to (M
n, N
n), (X, Y) is updated to (A, B);
Step 403: calculate the Hash that receives
Whether equal Hash
As establishment, the authentication of database DB, reader R deciphering is with relevant variable (M
n, N
n) be updated to (X
n, Y
n), (A) be updated to (X);
Step 405: calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Step 406: calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Step 407: utilize
Obtain A,
Obtain B, (A, B) is updated to (X, Y), upgrade and finish.
In step 103, in wireless sensor network inside based on the Authenticated Encryption Schemes of IBE algorithm, based on the IBE algorithm, provide a kind of Key Establishing, distribution and encryption method that is applied to wireless sensor network, can realize comprising authentication, cryptographic services and internal system key management.
Specific implementation is comprised of three parts as shown in Figure 5, and concrete grammar is as follows:
Step 501: initialization procedure, comprise two parts, the one, calculate common parameter, the 2nd, the computing node key.At first calculate common parameter, and select master key s; According to the sign Id of each radio node, calculate HASH and utilize master key to generate corresponding key K; With parameter, Id and K, be written in radio node, make each node that oneself key and relevant common parameter be arranged.
Step 502: ciphering process, by to the sending node A in a wireless sensor network and receiving node B, and m expressly, the identity Id of B is PKI, random number is got r; Information is carried out plain text encryption.It is to be noted especially, encryption and authentication can be combined based on the IBE algorithm, complete simultaneously with little cost and encrypt and authentication.This is also the advantage that the IBE algorithm can further be applied to wireless sensor network.
Step 503: decrypting process: receiving node B receives ciphertext, uses key K deciphering original text.
Relevant with node in the WSN encryption method based on the IBE algorithm that provides in said method only have ciphering process and a decrypting process, only depends on Encrypt and Decrypt function in the IBE algorithm.
No matter be ciphering process, or decrypting process, the major part of algorithm efficiency determines by calculating bilinear map and hash function.The core of IBE algorithm is a bilinear map that has used on super unusual elliptic curve; The input data are carried out the limited number of time computing, and the Hash of use is SHA (Secure Hash Algorithm is called for short SHA).
In cipher key pre-distribution side and, can carry out before the wireless sensor network construction based on the pre-allocation process of IBE algorithm arrangement, on not impact of node.
Aspect the cipher key system robustness, in based on the IBE scheme, PKI is the other side's identify label ID, the key that generates only has node oneself to have, after a node is cracked, involve the safety less than other nodes, more do not affect the safety of the whole network, it is irrelevant with the scale of network, has guaranteed so the strong robustness of network.Compare with symmetric-key systems, because it has adopted cipher key pre-distributing method, all choose from a key subspace as the key of all nodes in random algorithm, choose at random although be, but unavoidably can cause many keys to node identical, particularly the node tree of general wireless sensor network is all larger, and the repetition possibility of key is just larger, and this brings hidden danger with regard to the safety of giving network.Therefore, have more superiority at the algorithm that provides aspect robustness and fail safe than present random algorithm.
In the method based on IBE, each radio node only needs to store common parameter, the identify label ID of oneself and the key K of oneself.And the scale of storage capability and network is irrelevant, and can guarantee key is arranged to communicating with any node.Rather than guarantee shared key pair between node with a kind of form of probability.In this, also shown superiority based on the encryption key method of IBE.
Sensor network nodes has that computing capability is lower, internal memory is little and the characteristics such as battery power is little.Traditional rivest, shamir, adelman has larger difficulty in the direct application of wireless sensor network, must effectively extend.Although the encryption method based on IBE is also asymmet-ric encryption method, it can realize with elliptic curve, and this point, make it both have the flexibility of asymmetric key system just, shown again the simplicity suitable with symmetric-key systems.In algorithm complexity side and, based on the method for IBE between symmetric-key systems and asymmetric key system, the RSA method in the asymmetric key system, the application for elliptic curve encryption algorithm in wireless sensor network provides new method.Aspect algorithm security, to compare with the method for pre-distributing of symmetric-key systems, the method for proposition has more fail safe, just sets up with the distribution of key, and is irrelevant with the scale of network.And the method for pre-distributing in symmetric-key systems is along with between network size, and the repetition rate that shared key is right rises, unless strengthen the key storage number of each radio node, but do like this and increased requirement to storage.Therefore, the wireless sensor network encryption method based on the IBE algorithm has certain advantage.
In step 104, adopt ID-based to encrypt and signature mechanism between WSN aggregation node (mobile node) and internet of things service processing platform, realize safety certification and key management.Employing does not need to be pre-existing in security association based on the improvement PKI authentication method of IBE between mobile terminal and access authentication server and between each access authentication server, without the need for identical PKI parameter, strengthens the expansion of system between certificate server yet.
Adopt the improvement PKI authentication method based on IBE between WSN aggregation node (mobile node) and internet of things service processing platform.
The IBE scheme is divided into 4 execution phases: system parameters is set up, private key for user extracts, encryption and decryption, and is as shown in Figure 6, specific as follows:
Step 601: system parameters is set up, and PKG (private key maker) initialization key server generates common parameter P and master key s, and wherein s is shared by secret by the mode of s*P.
Step 602: private key for user extracts, and PKG produces his private key s*PID with master key and user's ID (for example, this user's E-mail address) for the user.(PID is a point on elliptic curve, and is converted by hash function by this user's ID), and by the roll-over protective structure road, this private key is returned to this user.
Step 603: encrypt, the sender of the message calculates the PID of message recipient, then selects a random number r, calculates encryption key K, and K=Pair (r*PID, s*P) sends to message recipient with ciphertext together with r*P at last.
Step 604: deciphering, after message recipient is received ciphertext, utilize the character of bilinear map, calculate encryption key K with its private key, K=Pair (r*PID, s*P).
Have in IBE that serious problems--the third party manages on behalf of another.All users' private key is all generated by PKG, and master key s is in case leakage will cause immeasurable loss to the user.In order better to protect this master key; common way is that the shared method of secret in learning by threshold cryptography is shared on s between the PKG of trusted third party of n equity; it is any that (1<t<=n) individual PKG cooperates littlely of s, and this is namely (t, n) threshold secret sharing lower than t.The user must be to the own identity of any t PKG proof, and each PKG issues his a part of private key information, and the user is again with these partial informations " addition ", thereby obtains oneself real private key.In suc scheme, the user must to the identity of t PKG proof oneself, be very large burden to user and PKG.Therefore, scheme is by using one-way hash chain, the problem of having avoided the third party to manage on behalf of another.One-way hash chain is used widely in the high-performance aspect checking because of it, particularly when being the mobile device of resource-constrained or sensing network design safety agreement, has advantage.
As shown in Figure 7, structure certificate and the process of cancelling comprise:
Step 701: definition certificate parameter, (term of validity of certificate is evenly divided into the some time section, and under certificate holder's control, certificate can expire when any minor time slice finishes the length I of the time of the longest term of validity L of certificate, renewal.);
Step 702: produce one-way hash chain, Hi (r)=H (Hi-1 (r)), (i=1,2 ..., j), wherein H0 (r)=r, and r is a random number of only having the user just to know;
Step 703: (Hi (r), I, L) sent to PKG (private key maker);
Step 704: authentication of users request;
Step 705: generate key pair, i.e. PKI and private key;
Step 706: Generate Certificate;
Step 707: certificate is sent to the user;
Step 708: continue to use the certificate revocation method of conventional P KI, when r and s reveal, announce the inefficacy certificate by PKG with certificate revocation list.
Owing to being combined with one-way hash chain, avoided that in IBE, the third party manages on behalf of another the defective of bringing.Because if the master key s of PKG reveals, the assailant can't generate other users' digital signature in the situation that do not know r, also just can not pretend to be other users.From then on the user can no longer discharge cryptographic Hash, and certificate will upgrade point very near the phase at the next one like this.
If only have r to reveal, the user can stop using private key to sign.Consider safe problem, private key and r should separately preserve.R only just can use when new authentication more, so r can be preserved by off-line.The most direct method is to remember r (r is very short, only has 128 bits), artificial input r when new authentication more.After the cryptographic Hash that is used for upgrading produced, r was wiped from local system.May be down to minimum be broken the leakage that brings due to system.This shows, than IBE system and common PKI system, this improved PKI Security of the system is higher.
Crack the private key for user in the IBE system, be equivalent to find the solution the time complexity of elliptic curve logarithm problem.So the bit of the enough length much less of private key energy is obtained the peace individual character near RSA, brings great convenience for the storage and management of key.In addition, IBE makes communication one side in the situation that there is no the opposing party's certificate, also can send encrypting messages, has increased the flexibility that the PKI system uses.
Compare with common PKI system, although the introducing of one-way hash chain causes extra expense when generating signature, this expense is very little, because cryptographic Hash is easy to calculate, and only just needs calculating upgrading point.On the other hand, raising due to security of system, the certificate quantity that need to cancel reduces, renewal, transmission and the storage of certificate revocation list have fundamentally been facilitated in addition, the certificate holder regularly discharges cryptographic Hash, make the verifier not need to retrieve the revocation information of PKG, directly just can check certificate status, thereby reduced the expense (having reduced the number of times that checks certificate revocation list) of authentication certificate validity
Simultaneously, communication carries out format conversion processing between the internet of things service processing platform is to heterogeneous network, and carry out seamless switching between corresponding key management system, set up unified key management, rights management and cross-domain authentication, thereby ensure information privacy, integrality, availability, can differentiate and non repudiation, effectively prevent attack, satisfy the demand for security that internet of things service is processed.
In the time of will be with current PKI interoperability, only need the integrated extended field that advances in certificate X.509v3 of excessive data (Hi (r), I, L) that this type of certificate is comprised to get final product.
Adopt the Authenticated Encryption Schemes based on Boneh-Franklin IBE algorithm in the wireless sensor network of Internet of Things, than traditional symmetric-key systems mode and asymmetric key system mode, has lower complexity, algorithm complex is O (n)+O (log2q), (q is the key number), the algorithm complex RSA method in the asymmetric key system; Aspect the cipher key system robustness, guaranteed the strong robustness of network; In random preassignment q-composite method, each radio node must be preserved q symmetric key, shares same key in order to guarantee any two adjacent nodes with the probability of P, and the q number is generally greater than 250; In the method based on IBE, each radio node only needs to store common parameter, the identify label Id of oneself and the key K id of oneself.And the scale of storage capability and network is irrelevant, and can guarantee key is arranged to communicating with any node.So the memory space that this scheme takies is less.
Adopt the improvement PKI authentication method based on IBE to have higher fail safe between WSN aggregation node (mobile node) and internet of things service processing platform; Owing to being combined with one-way hash chain, avoided that in IBE, the third party manages on behalf of another the defective of bringing; The bit (128) of the enough length much less of private key energy is obtained the peace individual character near RSA, brings great convenience for the storage and management of key; Increased the flexibility that the PKI system uses; Reduced the expense of authentication certificate validity; Can realize that by the extended field in certificate X.509v3 heterogeneous network recognizes each other card.
An embodiment according to a kind of Internet of Things key management system of the present invention, described system comprises: key conversion equipment between PKI/CA device, RFID authentication and encryption device, wireless sensor network encryption and authenticate device and wireless sensor network and Internet of Things, wherein
Described PKI/CA device is used for setting up PKI/CA mechanism at Internet of Things, and the aggregation node in described Internet of Things and radio-frequency recognition system background data base are distributed authenticate key and encryption key;
Described RFID authentication and encryption device are used for when the edge network of described Internet of Things is radio-frequency recognition system, utilize the radio-frequency recognition system bidirectional identification protocol based on variable update that information is authenticated and encrypts in described radio-frequency recognition system;
Described wireless sensor network is encrypted and authenticate device, be used for when the edge network of described Internet of Things is wireless sensor network, aggregation node in described wireless sensor network arranges authentication center, and each sensor node in wireless sensor network utilizes the IBE algorithm to generate encryption key and completes encryption and the authentication of information by described authentication center;
Key conversion equipment between described wireless sensor network and Internet of Things, be used at radio-frequency recognition system and/or wireless sensor network is encrypted and the information of authentication is carried out the key conversion after arriving the aggregation node of described Internet of Things and/or radio-frequency recognition system background data base, send enciphered message to the Internet of Things application management server.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be completed by the hardware that program command is correlated with, aforesaid program can be stored in a computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: the above only is the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment, the present invention is had been described in detail, for a person skilled in the art, it still can be modified to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps part technical characterictic wherein is equal to replacement.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (22)
1. the method for an Internet of Things communication, is characterized in that, comprises step:
A. set up PKI/CA mechanism in Internet of Things, the aggregation node in described Internet of Things and radio-frequency recognition system background data base are distributed authenticate key and encryption key;
B. the information to transmission is encrypted and authenticates in the edge network of described Internet of Things;
C. carry out the key conversion after the aggregation node of the described Internet of Things of the information of described encryption and authentication arrival, send the information of re-encrypted to the Internet of Things application management server.
2. the method for claim 1, is characterized in that, described step B further comprises:
When the edge network of described Internet of Things is radio-frequency recognition system, at background data base distribution authenticate key and the encryption key of described radio-frequency recognition system;
Utilize the radio-frequency recognition system bidirectional identification protocol based on variable update that information is authenticated and encrypts in described radio-frequency recognition system;
Background data base at described radio-frequency recognition system carries out the key conversion to the information of described authentication and encryption.
3. the method for claim 1, is characterized in that, described step B further comprises:
When the edge network of described Internet of Things is wireless sensor network, aggregation node at described Internet of Things arranges authentication center, and each sensor node in wireless sensor network utilizes the IBE algorithm to generate encryption key and completes encryption and the authentication of information by described authentication center.
4. method as claimed in claim 2, is characterized in that, the described utilization in radio-frequency recognition system based on the radio-frequency recognition system bidirectional identification protocol of variable update completed the authentication of information and the step of encryption further comprises:
Be R (X, Y) and T (X, Y) to reader R and label T initialization assignment;
Reader sends request, judgement Hash
Whether equal Hash
Set up the authentication of completing reader R;
Judgement Hash
The Hash that whether equals to receive
Set up the authentication of completing label T;
Utilize R
idCalculate Hash
Whether equal Hash
Complete authentication and location X to reader R
n, calculate Hash
The Hash that whether equals to receive
Complete authentication and location T to label T
id
Utilize cipher key calculation
The ID that obtains label is T
id, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
Calculate Hash
The Hash that whether equals to receive
As set up the authentication of label database DB.
5. method as claimed in claim 4, is characterized in that, comprises that also reader R initiates request to the process that the correlated variables of database DB, reader R and label T upgrades, and specifically comprises step
When count-down device TTL=0, R in the calculated data storehouse
idCorresponding Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, more new variables (X
n, Y
n) be (M
n, N
n), (X, Y) be (A, B);
The Hash that calculating is received
Whether equal Hash
As establishment, the authentication of database DB, relevant variable (M is upgraded in reader R deciphering
n, N
n) be (X
n, Y
n), (A) be updated to (X);
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Utilize
Obtain A,
Obtain B, upgrading (A, B) is (X, Y), upgrades and finishes.
6. method as claimed in claim 4, is characterized in that, comprises that also database D B initiates request to the process that the correlated variables of database DB, reader R and label T upgrades, and specifically comprises step
When count-down device TTL=0, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
R
idCalculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, database D B carries out variable update, with (X
n, Y
n) be updated to (M
n, N
n), (X, Y) is updated to (A, B);
The Hash that calculating is received
Whether equal Hash
As establishment, the authentication of database DB, reader R deciphering is with relevant variable (M
n, N
n) be updated to (X
n, Y
n), (A) be updated to (X);
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Utilize
Obtain A,
Obtain B, (A, B) is updated to (X, Y), upgrade and finish.
7. method as claimed in claim 3, it is characterized in that, aggregation node at described Internet of Things arranges authentication center, and each sensor node in wireless sensor network utilizes the IBE algorithm to generate encryption key and further comprises by encryption and authenticating step that described authentication center completes information:
Calculate common parameter, and selection master key s, sign Id according to each sensor node, calculate HASH and utilize master key to generate corresponding node key K, sign Id and node key K with described parameter, sensor node, be written in the respective sensor node, make each node that oneself key and relevant common parameter be arranged;
To the sending node A in described wireless sensor network and receiving node B, and expressly the identity Id of m, receiving node B is PKI, and random number is got r, and the information that sends is carried out plain text encryption;
Receiving node B receives ciphertext, and the described ciphertext of application node key K deciphering obtains original text.
8. the method for claim 1, is characterized in that, described aggregation node at Internet of Things carries out the key conversion, sends enciphered message and further comprise to Internet of Things application management server step:
After private key maker PKG receives the enciphered message that wireless sensor network node sends, at first utilize the corresponding private key of preserving to be decrypted, restore information;
When system initialization, PKI/CA is private key maker PKG generating digital certificate and public/private key;
After dispose finishing, corresponding session key M can be consulted with private key maker PKG in the ca authentication center;
Private key maker PKG utilizes the PKG private key to sign and generates message digest, utilizes M that restore information, signature and message digest are encrypted, and by the internet, enciphered message is sent to the Internet of Things application management server.
9. method as claimed in claim 8, is characterized in that, described step also comprises:
The Internet of Things application management server sends to the ca authentication center with the digital certificate of private key maker PKG and authenticates;
The enciphered message that the Internet of Things application management server will be sent through the PKG of authentication utilizes session key M to be decrypted restore information, utilizes the PKG PKI to carry out signature verification, Nonrepudition;
Again information calculated message digest and contrasted the summary that PKG sends, as mating information completely;
The Internet of Things application management server is obtained wireless sensor network node and is forwarded via aggregation node the information of coming.
10. method as claimed in claim 8, is characterized in that, also comprises structure certificate and cancellation of doucment process, specifically comprises step:
Presetting the longest term of validity of certificate is L, and the time span of renewal is I;
Produce one-way hash chain by following formula
Hi (r)=H (Hi-1 (r)), (i=1,2 ..., j), wherein H0 (r)=r, and r is a random number of only having the user just to know;
(Hi (r), I, L) sent to private key maker PKG;
The request of private key maker PKG authentication of users;
Generate key to PKI and private key;
Generate Certificate;
Certificate is sent to the user;
When r and s reveal, announce the inefficacy certificate by private key maker PKG with certificate revocation list.
11. method as claimed in claim 10 is characterized in that, also comprises step:
The data (Hi (r), I, L) that described certificate is comprised are integrated advances extended field in certificate X.509v3.
12. an Internet of Things information transmission system is characterized in that, comprises key conversion equipment between PKI/CA device, the authentication of edge network transmission information and encryption device and edge network and Internet of Things, wherein
Described PKI/CA device is used for setting up PKI/CA mechanism at Internet of Things, and the aggregation node in described Internet of Things and radio-frequency recognition system background data base are distributed authenticate key and encryption key;
Described edge network transmission information authentication and encryption device are used at the edge network of described Internet of Things, the information of transmitting being encrypted and authenticating;
Between described edge network and Internet of Things, the key conversion equipment is used for carrying out the key conversion after aggregation node that information when described encryption and authentication arrives described Internet of Things, and the information that sends re-encrypted arrives the Internet of Things application management server.
13. system as claimed in claim 12 is characterized in that, described edge network transmission information authentication and encryption device are specially RFID system authentication and encryption device, be used for when the edge network of described Internet of Things is radio-frequency recognition system,
Background data base at described radio-frequency recognition system distributes authenticate key and encryption key;
Utilize the radio-frequency recognition system bidirectional identification protocol based on variable update that information is authenticated and encrypts in described radio-frequency recognition system;
Background data base at described radio-frequency recognition system carries out the key conversion to the information of described authentication and encryption.
14. system as claimed in claim 12 is characterized in that, described edge network transmission information authentication and encryption device are specially wireless sensor network and encrypt and authenticate device, are used for
When the edge network of described Internet of Things is wireless sensor network, aggregation node in described wireless sensor network arranges authentication center, and each sensor node in wireless sensor network utilizes the IBE algorithm to generate encryption key and completes encryption and the authentication of information by described authentication center.
15. system as claimed in claim 13 is characterized in that, described RFID system authentication and encryption device further comprise:
Initialization module is used for database DB, reader R and label T initialization assignment, and wherein the database initial value is Reader ID (R
1, R
2..., R
n), the initial value R of each reader
1(X
1, Y
1) ... R
n(X
n, Y
n); System's initial value (X, Y); Label information and label ID (T
1, T
2... T
n), reader R initial value is Reader ID (R
n), reader R
nInitial value R
n(X
n, Y
n) be system's initial value (X), label T initial value is (X, Y);
Authentication module is used for reader and sends request, judgement Hash
Whether equal Hash
Set up the authentication of completing reader R;
Judgement Hash
The Hash that whether equals to receive
Set up the authentication of completing label T;
Utilize R
idCalculate Hash
Whether equal Hash
Complete authentication and location X to reader R
n, calculate Hash
The Hash that whether equals to receive
Complete authentication and location T to label T
id
Utilize cipher key calculation
The ID that obtains label is T
id, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
Calculate Hash
The Hash that whether equals to receive
As set up the authentication of label database DB.
16. system as claimed in claim 13 is characterized in that, described RFID system authentication and encryption device also comprise reader requests variable update module, are used for
When TTL=0, R in the calculated data storehouse
idCorresponding Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, more new variables (X
n, Y
n) be (M
n, N
n); (X, Y) is (A, B);
The Hash that calculating is received
Whether equal Hash
As establishment, the authentication of database DB, relevant variable (M is upgraded in reader R deciphering
n, N
n) be (X
n, Y
n), (A) be (X);
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Utilize
Obtain A,
Obtain B, upgrading (A, B) is (X, Y), upgrades and finishes.
17. system as claimed in claim 13 is characterized in that, described RFID system authentication and encryption device also comprise database request variable update module, are used for
When TTL=0, calculate Hash
The Hash that whether equals to receive
As set up the authentication of database DB;
R
idCalculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R, database D B carries out variable update, with (X
n, Y
n) be updated to (M
n, N
n), (X, Y) is updated to (A, B);
The Hash that calculating is received
Whether equal Hash
As establishment, the authentication of database DB, reader R deciphering is with relevant variable (M
n, N
n) be updated to (X
n, Y
n), (A) be updated to (X);
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing reader R;
Calculate Hash
The Hash that whether equals to receive
As setting up the authentication of completing label T;
Utilize
Obtain A,
Obtain B, (A, B) is updated to (X, Y), upgrade and finish.
18. system as claimed in claim 14 is characterized in that, described wireless sensor network is encrypted and authenticate device further comprises initialization module, encrypting module and deciphering module, wherein
Described initialization module, be used for calculating common parameter, and selection master key s, sign Id according to each sensor node, calculate HASH and utilize master key to generate corresponding node key K, sign Id and node key K with described parameter, sensor node are written in the respective sensor node, make each node that oneself key and relevant common parameter be arranged;
Described encrypting module is used for sending node A and receiving node B to described wireless sensor network, and expressly the identity Id of m, receiving node B is PKI, and random number is got r, and the information that sends is carried out plain text encryption;
Described deciphering module is used for receiving node B and receives ciphertext, and the described ciphertext of application node key K deciphering obtains original text.
19. system as claimed in claim 12 is characterized in that, between described edge network and Internet of Things, authentication and encryption device comprise that further system parameters sets up deciphering module, private key for user extraction module, encrypting module and transmission deciphering module, wherein
Described deciphering module is used for, and after private key maker PKG receives the enciphered message that wireless sensor network node sends, at first utilizes the corresponding private key of preserving to be decrypted, restore information;
Described private key for user extraction module is used for, and when system initialization, PKI/CA is private key maker PKG generating digital certificate and public/private key, and after dispose finishing, corresponding session key M can be consulted with private key maker PKG in the ca authentication center;
Described encrypted transmission module is used for, and private key maker PKG utilizes the PKG private key to sign and generates message digest, utilizes M that restore information, signature and message digest are encrypted, and by the internet, enciphered message is sent to the Internet of Things application management server.
20. system as claimed in claim 19 is characterized in that, between described edge network and Internet of Things, authentication and encryption device also comprise authentication module, and described authentication module is used for,
The Internet of Things application management server sends to the ca authentication center with the digital certificate of private key maker PKG and authenticates;
The enciphered message that the Internet of Things application management server will be sent through the PKG of authentication utilizes session key M to be decrypted restore information, utilizes the PKG PKI to carry out signature verification, Nonrepudition;
Again information calculated message digest and contrasted the summary that PKG sends, as mating information completely;
The Internet of Things application management server is obtained wireless sensor network node and is forwarded via aggregation node the information of coming.
21. system as claimed in claim 19 is characterized in that, between described edge network and Internet of Things, authentication and encryption device also comprise structure certificate and cancellation of doucment module, and described structure certificate and cancellation of doucment module are used for
Presetting the longest term of validity of certificate is L, and the time span of renewal is I;
Produce one-way hash chain by following formula
H
i(r)=H (H
i-1(r)), (i=1,2 ..., j), H wherein
0(r)=r, and r is a random number of only having the user just to know;
(H
i(r), I, L) send to private key maker PKG;
The request of private key maker PKG authentication of users;
Generate key to PKI and private key;
Generate Certificate;
Certificate is sent to the user;
When r and s reveal, announce the inefficacy certificate by private key maker PKG with certificate revocation list.
22. system as claimed in claim 21 is characterized in that, described structure certificate and cancellation of doucment module are also for the data (H that described certificate is comprised
i(r), I, L) the integrated extended field that advances in certificate X.509v3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110413357.9A CN103166919B (en) | 2011-12-13 | A kind of method and system of Internet of Things information transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110413357.9A CN103166919B (en) | 2011-12-13 | A kind of method and system of Internet of Things information transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103166919A true CN103166919A (en) | 2013-06-19 |
| CN103166919B CN103166919B (en) | 2016-12-14 |
Family
ID=
Cited By (52)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283667A (en) * | 2013-07-01 | 2015-01-14 | 中国移动通信集团黑龙江有限公司 | Data transmission method, device and system thereof |
| CN104967517A (en) * | 2015-07-24 | 2015-10-07 | 电子科技大学 | Network data aggregation method for wireless sensor |
| CN104994085A (en) * | 2015-06-19 | 2015-10-21 | 浪潮(北京)电子信息产业有限公司 | Identity authentication method and system in wireless sensor network |
| CN105025020A (en) * | 2015-07-07 | 2015-11-04 | 成都英力拓信息技术有限公司 | Internet of Things implementation method |
| CN105207969A (en) * | 2014-06-10 | 2015-12-30 | 江苏大泰信息技术有限公司 | Lightweight stream encryption method for Internet of Things in low-consumption environment |
| CN105763321A (en) * | 2016-04-06 | 2016-07-13 | 深圳市奔迈科技有限公司 | Method and device for encrypting Internet of things communication |
| CN105978883A (en) * | 2016-05-17 | 2016-09-28 | 上海交通大学 | Large-scale IoV security data acquisition method |
| CN106412074A (en) * | 2016-10-13 | 2017-02-15 | 青海民族大学 | Periodic collection and storage and non-real time transmission system of information of Internet of Things |
| CN106936841A (en) * | 2017-03-29 | 2017-07-07 | 宁夏灵智科技有限公司 | Safety protecting method and system in smart home |
| CN107111515A (en) * | 2014-12-18 | 2017-08-29 | 阿费罗有限公司 | Platform of internet of things, apparatus and method |
| CN107241321A (en) * | 2017-05-26 | 2017-10-10 | 陕西科技大学 | A kind of personal medical information method for secret protection |
| CN107370735A (en) * | 2017-07-19 | 2017-11-21 | 深圳市盛路物联通讯技术有限公司 | The encryption method at times and device of a kind of Internet of Things REPEATER DATA |
| CN107370751A (en) * | 2017-08-18 | 2017-11-21 | 深圳市鑫宇鹏电子科技有限公司 | One kind session key update method in smart device communication |
| CN107637011A (en) * | 2015-06-09 | 2018-01-26 | 英特尔公司 | Self-configuring key management system for Internet of Things network |
| CN107707608A (en) * | 2017-07-26 | 2018-02-16 | 日照职业技术学院 | A kind of household Internet of Things network control system |
| CN107919956A (en) * | 2018-01-04 | 2018-04-17 | 重庆邮电大学 | End-to-end method for protecting under a kind of internet of things oriented cloud environment |
| CN108141717A (en) * | 2016-01-11 | 2018-06-08 | 环球互连及数据中心公司 | Co-locate the distributed edge processing of the internet of things equipment data in facility |
| CN108449322A (en) * | 2018-02-13 | 2018-08-24 | 环球鑫彩(北京)彩票投资管理有限公司 | Identity registration, authentication method, system and relevant device |
| CN108541367A (en) * | 2015-06-09 | 2018-09-14 | 英特尔公司 | For using the service of congregation and multiple key-distribution servers to carry out the systems, devices and methods of secure network bridge joint |
| CN108540287A (en) * | 2018-07-16 | 2018-09-14 | 铂讯(北京)科技有限公司 | Internet of Things safety management encryption method |
| CN108574699A (en) * | 2018-07-20 | 2018-09-25 | 广东工业大学 | A kind of communication connecting method, system and internet of things equipment system and storage medium |
| CN108632320A (en) * | 2017-03-22 | 2018-10-09 | 成都西谷曙光数字技术有限公司 | Internet of Things information service system, method, apparatus and terminal |
| CN108712742A (en) * | 2018-03-22 | 2018-10-26 | 创新维度科技(北京)有限公司 | Internet of Things network security optimization method, user terminal and network side equipment |
| CN108768660A (en) * | 2018-05-28 | 2018-11-06 | 北京航空航天大学 | Internet of things equipment identity identifying method based on physics unclonable function |
| CN108881021A (en) * | 2018-05-08 | 2018-11-23 | 常熟理工学院 | A kind of Internet of Things implementation method of high efficient and reliable |
| CN108965321A (en) * | 2018-08-10 | 2018-12-07 | 重庆工程学院 | A kind of Security Architecture of Internet of Things |
| CN108989309A (en) * | 2018-07-16 | 2018-12-11 | 苏州大学张家港工业技术研究院 | Encryption communication method and its encrypted communication device based on narrowband Internet of Things |
| CN109143948A (en) * | 2018-08-30 | 2019-01-04 | 四川创客知佳科技有限公司 | Intelligent safety and defence system based on Internet of Things |
| CN109246209A (en) * | 2018-08-30 | 2019-01-18 | 广元量知汇科技有限公司 | Forestry Internet of Things secure communication management method |
| WO2018222133A3 (en) * | 2017-06-01 | 2019-01-31 | 华为国际有限公司 | Data protection method, apparatus and system |
| CN109412790A (en) * | 2018-10-26 | 2019-03-01 | 重庆邮电大学 | A kind of user authentication of internet of things oriented and key agreement system and method |
| CN109413644A (en) * | 2018-12-06 | 2019-03-01 | 广州邦讯信息系统有限公司 | LoRa encryption certification communication means, storage medium and electric terminal |
| CN110635904A (en) * | 2019-09-16 | 2019-12-31 | 绍兴文理学院 | Remote attestation method and system for software-defined Internet of things node |
| CN110730063A (en) * | 2018-07-16 | 2020-01-24 | 中国电信股份有限公司 | Security verification method and system, Internet of things platform, terminal and readable storage medium |
| CN110945832A (en) * | 2017-04-28 | 2020-03-31 | 华为国际有限公司 | Symmetric group authentication method and system |
| CN110995432A (en) * | 2020-03-05 | 2020-04-10 | 杭州字节物联安全技术有限公司 | Internet of things sensing node authentication method based on edge gateway |
| CN111245834A (en) * | 2020-01-13 | 2020-06-05 | 北京科技大学 | Internet of things cross-domain access control method based on virtual identification |
| US10687212B2 (en) | 2017-04-07 | 2020-06-16 | At&T Mobility Ii Llc | Mobile network core component for managing security keys |
| CN111431841A (en) * | 2019-01-10 | 2020-07-17 | 北京普安信科技有限公司 | Internet of things security sensing system and Internet of things data security transmission method |
| US10798523B2 (en) | 2015-03-30 | 2020-10-06 | Afero, Inc. | System and method for accurately sensing user location in an IoT system |
| CN112217640A (en) * | 2020-10-15 | 2021-01-12 | 云南电网有限责任公司迪庆供电局 | Method and system for safely transmitting data of metering operation and maintenance system |
| CN112437158A (en) * | 2020-11-24 | 2021-03-02 | 国网四川省电力公司信息通信公司 | Network security identity authentication method based on power Internet of things |
| CN112713995A (en) * | 2021-02-08 | 2021-04-27 | 成都杰微科技有限公司 | Dynamic communication key distribution method and device for terminal of Internet of things |
| CN112788042A (en) * | 2021-01-18 | 2021-05-11 | 亚信科技(成都)有限公司 | Method for determining equipment identifier of Internet of things and Internet of things equipment |
| CN113132367A (en) * | 2021-04-09 | 2021-07-16 | 国网电力科学研究院有限公司 | Data transmission self-adaption method and device for engineering monitoring Internet of things acquisition terminal |
| CN113132105A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团四川有限公司 | Key processing system |
| US11122428B2 (en) | 2016-07-06 | 2021-09-14 | Huawei Technologies Co., Ltd. | Transmission data protection system, method, and apparatus |
| CN113497812A (en) * | 2020-03-18 | 2021-10-12 | 瑞昱半导体股份有限公司 | Internet of things network networking authentication system and method thereof |
| CN113783836A (en) * | 2021-08-02 | 2021-12-10 | 南京邮电大学 | Internet of things data access control method and system based on block chain and IBE algorithm |
| CN113923052A (en) * | 2015-07-03 | 2022-01-11 | 阿费罗有限公司 | Apparatus and method for establishing a secure communication channel in an internet of things (IoT) system |
| CN114710290A (en) * | 2022-06-06 | 2022-07-05 | 科大天工智能装备技术(天津)有限公司 | Safety certification method for intelligent greenhouse sensor equipment |
| CN116938596A (en) * | 2023-09-12 | 2023-10-24 | 四川科瑞软件有限责任公司 | Data security transmission method of heterogeneous network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020144109A1 (en) * | 2001-03-29 | 2002-10-03 | International Business Machines Corporation | Method and system for facilitating public key credentials acquisition |
| CN1818923A (en) * | 2006-03-17 | 2006-08-16 | 清华大学 | Enciphering authentication for radio-frequency recognition system |
| CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
| CN102036231A (en) * | 2010-09-07 | 2011-04-27 | 北京兵港科技发展有限公司 | Network architecture security system for Internet of Things and security method thereof |
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020144109A1 (en) * | 2001-03-29 | 2002-10-03 | International Business Machines Corporation | Method and system for facilitating public key credentials acquisition |
| CN1818923A (en) * | 2006-03-17 | 2006-08-16 | 清华大学 | Enciphering authentication for radio-frequency recognition system |
| CN102036231A (en) * | 2010-09-07 | 2011-04-27 | 北京兵港科技发展有限公司 | Network architecture security system for Internet of Things and security method thereof |
| CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
Cited By (77)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283667A (en) * | 2013-07-01 | 2015-01-14 | 中国移动通信集团黑龙江有限公司 | Data transmission method, device and system thereof |
| CN104283667B (en) * | 2013-07-01 | 2017-11-21 | 中国移动通信集团黑龙江有限公司 | A kind of data transmission method, apparatus and system |
| CN105207969A (en) * | 2014-06-10 | 2015-12-30 | 江苏大泰信息技术有限公司 | Lightweight stream encryption method for Internet of Things in low-consumption environment |
| CN107111515B (en) * | 2014-12-18 | 2020-11-10 | 阿费罗有限公司 | Internet of things platform, equipment and method |
| CN107111515A (en) * | 2014-12-18 | 2017-08-29 | 阿费罗有限公司 | Platform of internet of things, apparatus and method |
| US10798523B2 (en) | 2015-03-30 | 2020-10-06 | Afero, Inc. | System and method for accurately sensing user location in an IoT system |
| CN107637011A (en) * | 2015-06-09 | 2018-01-26 | 英特尔公司 | Self-configuring key management system for Internet of Things network |
| CN108541367B (en) * | 2015-06-09 | 2021-09-14 | 英特尔公司 | System, apparatus and method for secure network bridging using a rendezvous service and multiple key distribution servers |
| CN108541367A (en) * | 2015-06-09 | 2018-09-14 | 英特尔公司 | For using the service of congregation and multiple key-distribution servers to carry out the systems, devices and methods of secure network bridge joint |
| CN104994085B (en) * | 2015-06-19 | 2018-05-08 | 浪潮(北京)电子信息产业有限公司 | Identity identifying method and system in a kind of wireless sensor network |
| CN104994085A (en) * | 2015-06-19 | 2015-10-21 | 浪潮(北京)电子信息产业有限公司 | Identity authentication method and system in wireless sensor network |
| CN113923052A (en) * | 2015-07-03 | 2022-01-11 | 阿费罗有限公司 | Apparatus and method for establishing a secure communication channel in an internet of things (IoT) system |
| CN105025020B (en) * | 2015-07-07 | 2017-12-29 | 成都英力拓信息技术有限公司 | A kind of implementation method of Internet of Things |
| CN105025020A (en) * | 2015-07-07 | 2015-11-04 | 成都英力拓信息技术有限公司 | Internet of Things implementation method |
| CN104967517A (en) * | 2015-07-24 | 2015-10-07 | 电子科技大学 | Network data aggregation method for wireless sensor |
| CN104967517B (en) * | 2015-07-24 | 2018-03-20 | 电子科技大学 | A kind of network data convergence method for wireless senser |
| CN108141717A (en) * | 2016-01-11 | 2018-06-08 | 环球互连及数据中心公司 | Co-locate the distributed edge processing of the internet of things equipment data in facility |
| CN108141717B (en) * | 2016-01-11 | 2021-10-29 | 环球互连及数据中心公司 | Method and system for data processing |
| CN105763321B (en) * | 2016-04-06 | 2018-09-28 | 深圳市奔迈科技有限公司 | A kind of Internet of Things communication encryption method and device |
| CN105763321A (en) * | 2016-04-06 | 2016-07-13 | 深圳市奔迈科技有限公司 | Method and device for encrypting Internet of things communication |
| CN105978883B (en) * | 2016-05-17 | 2019-05-24 | 上海交通大学 | Safe collecting method under extensive car networking |
| CN105978883A (en) * | 2016-05-17 | 2016-09-28 | 上海交通大学 | Large-scale IoV security data acquisition method |
| US11122428B2 (en) | 2016-07-06 | 2021-09-14 | Huawei Technologies Co., Ltd. | Transmission data protection system, method, and apparatus |
| CN106412074A (en) * | 2016-10-13 | 2017-02-15 | 青海民族大学 | Periodic collection and storage and non-real time transmission system of information of Internet of Things |
| CN108632320A (en) * | 2017-03-22 | 2018-10-09 | 成都西谷曙光数字技术有限公司 | Internet of Things information service system, method, apparatus and terminal |
| CN106936841A (en) * | 2017-03-29 | 2017-07-07 | 宁夏灵智科技有限公司 | Safety protecting method and system in smart home |
| CN106936841B (en) * | 2017-03-29 | 2018-07-31 | 宁夏灵智科技有限公司 | Safety protecting method and system in smart home |
| US11461478B2 (en) | 2017-04-07 | 2022-10-04 | At&T Mobility Ii Llc | Mobile network core component for managing security keys |
| US10687212B2 (en) | 2017-04-07 | 2020-06-16 | At&T Mobility Ii Llc | Mobile network core component for managing security keys |
| CN110945832A (en) * | 2017-04-28 | 2020-03-31 | 华为国际有限公司 | Symmetric group authentication method and system |
| CN110945832B (en) * | 2017-04-28 | 2022-09-09 | 华为国际有限公司 | Symmetric group authentication method and system |
| CN107241321A (en) * | 2017-05-26 | 2017-10-10 | 陕西科技大学 | A kind of personal medical information method for secret protection |
| WO2018222133A3 (en) * | 2017-06-01 | 2019-01-31 | 华为国际有限公司 | Data protection method, apparatus and system |
| CN107370735A (en) * | 2017-07-19 | 2017-11-21 | 深圳市盛路物联通讯技术有限公司 | The encryption method at times and device of a kind of Internet of Things REPEATER DATA |
| CN107707608A (en) * | 2017-07-26 | 2018-02-16 | 日照职业技术学院 | A kind of household Internet of Things network control system |
| CN107370751B (en) * | 2017-08-18 | 2020-10-16 | 深圳市鑫宇鹏电子科技有限公司 | Method for updating session key in intelligent equipment communication |
| CN107370751A (en) * | 2017-08-18 | 2017-11-21 | 深圳市鑫宇鹏电子科技有限公司 | One kind session key update method in smart device communication |
| CN107919956A (en) * | 2018-01-04 | 2018-04-17 | 重庆邮电大学 | End-to-end method for protecting under a kind of internet of things oriented cloud environment |
| CN108449322A (en) * | 2018-02-13 | 2018-08-24 | 环球鑫彩(北京)彩票投资管理有限公司 | Identity registration, authentication method, system and relevant device |
| CN108449322B (en) * | 2018-02-13 | 2020-09-04 | 环球鑫彩(北京)彩票投资管理有限公司 | Identity registration and authentication method, system and related equipment |
| CN108712742B (en) * | 2018-03-22 | 2019-08-27 | 创新维度科技(北京)有限公司 | Internet of Things network security optimization method, user terminal and network side equipment |
| CN108712742A (en) * | 2018-03-22 | 2018-10-26 | 创新维度科技(北京)有限公司 | Internet of Things network security optimization method, user terminal and network side equipment |
| CN108881021A (en) * | 2018-05-08 | 2018-11-23 | 常熟理工学院 | A kind of Internet of Things implementation method of high efficient and reliable |
| CN108768660A (en) * | 2018-05-28 | 2018-11-06 | 北京航空航天大学 | Internet of things equipment identity identifying method based on physics unclonable function |
| CN110730063A (en) * | 2018-07-16 | 2020-01-24 | 中国电信股份有限公司 | Security verification method and system, Internet of things platform, terminal and readable storage medium |
| CN108989309B (en) * | 2018-07-16 | 2021-10-08 | 苏州大学张家港工业技术研究院 | Encryption communication method and encryption communication device based on narrow-band Internet of things |
| CN108989309A (en) * | 2018-07-16 | 2018-12-11 | 苏州大学张家港工业技术研究院 | Encryption communication method and its encrypted communication device based on narrowband Internet of Things |
| CN108540287A (en) * | 2018-07-16 | 2018-09-14 | 铂讯(北京)科技有限公司 | Internet of Things safety management encryption method |
| CN110730063B (en) * | 2018-07-16 | 2022-11-11 | 中国电信股份有限公司 | Security verification method and system, internet of things platform, terminal and readable storage medium |
| CN108574699A (en) * | 2018-07-20 | 2018-09-25 | 广东工业大学 | A kind of communication connecting method, system and internet of things equipment system and storage medium |
| CN108574699B (en) * | 2018-07-20 | 2021-07-06 | 广东工业大学 | Communication connection method and system, Internet of things equipment system and storage medium |
| CN108965321A (en) * | 2018-08-10 | 2018-12-07 | 重庆工程学院 | A kind of Security Architecture of Internet of Things |
| CN109246209B (en) * | 2018-08-30 | 2019-07-09 | 张家口市金诚科技有限责任公司 | Forestry Internet of Things secure communication management method |
| CN109143948A (en) * | 2018-08-30 | 2019-01-04 | 四川创客知佳科技有限公司 | Intelligent safety and defence system based on Internet of Things |
| CN109246209A (en) * | 2018-08-30 | 2019-01-18 | 广元量知汇科技有限公司 | Forestry Internet of Things secure communication management method |
| CN109412790A (en) * | 2018-10-26 | 2019-03-01 | 重庆邮电大学 | A kind of user authentication of internet of things oriented and key agreement system and method |
| CN109413644B (en) * | 2018-12-06 | 2024-03-19 | 广州邦讯信息系统有限公司 | LoRa encryption authentication communication method, storage medium and electronic terminal |
| CN109413644A (en) * | 2018-12-06 | 2019-03-01 | 广州邦讯信息系统有限公司 | LoRa encryption certification communication means, storage medium and electric terminal |
| CN111431841A (en) * | 2019-01-10 | 2020-07-17 | 北京普安信科技有限公司 | Internet of things security sensing system and Internet of things data security transmission method |
| CN110635904A (en) * | 2019-09-16 | 2019-12-31 | 绍兴文理学院 | Remote attestation method and system for software-defined Internet of things node |
| CN110635904B (en) * | 2019-09-16 | 2020-07-31 | 绍兴文理学院 | Remote attestation method and system for software-defined Internet of things node |
| CN113132105A (en) * | 2019-12-30 | 2021-07-16 | 中国移动通信集团四川有限公司 | Key processing system |
| CN113132105B (en) * | 2019-12-30 | 2023-04-11 | 中国移动通信集团四川有限公司 | Key processing system |
| CN111245834A (en) * | 2020-01-13 | 2020-06-05 | 北京科技大学 | Internet of things cross-domain access control method based on virtual identification |
| CN110995432A (en) * | 2020-03-05 | 2020-04-10 | 杭州字节物联安全技术有限公司 | Internet of things sensing node authentication method based on edge gateway |
| CN113497812A (en) * | 2020-03-18 | 2021-10-12 | 瑞昱半导体股份有限公司 | Internet of things network networking authentication system and method thereof |
| CN112217640A (en) * | 2020-10-15 | 2021-01-12 | 云南电网有限责任公司迪庆供电局 | Method and system for safely transmitting data of metering operation and maintenance system |
| CN112217640B (en) * | 2020-10-15 | 2023-04-18 | 云南电网有限责任公司迪庆供电局 | Method and system for safely transmitting data of metering operation and maintenance system |
| CN112437158A (en) * | 2020-11-24 | 2021-03-02 | 国网四川省电力公司信息通信公司 | Network security identity authentication method based on power Internet of things |
| CN112437158B (en) * | 2020-11-24 | 2022-10-14 | 国网四川省电力公司信息通信公司 | Network security identity authentication method based on power Internet of things |
| CN112788042A (en) * | 2021-01-18 | 2021-05-11 | 亚信科技(成都)有限公司 | Method for determining equipment identifier of Internet of things and Internet of things equipment |
| CN112713995A (en) * | 2021-02-08 | 2021-04-27 | 成都杰微科技有限公司 | Dynamic communication key distribution method and device for terminal of Internet of things |
| CN113132367A (en) * | 2021-04-09 | 2021-07-16 | 国网电力科学研究院有限公司 | Data transmission self-adaption method and device for engineering monitoring Internet of things acquisition terminal |
| CN113132367B (en) * | 2021-04-09 | 2024-02-23 | 国网电力科学研究院有限公司 | Engineering monitoring-oriented data transmission self-adaptive method and device for Internet of things acquisition terminal |
| CN113783836A (en) * | 2021-08-02 | 2021-12-10 | 南京邮电大学 | Internet of things data access control method and system based on block chain and IBE algorithm |
| CN114710290A (en) * | 2022-06-06 | 2022-07-05 | 科大天工智能装备技术(天津)有限公司 | Safety certification method for intelligent greenhouse sensor equipment |
| CN116938596A (en) * | 2023-09-12 | 2023-10-24 | 四川科瑞软件有限责任公司 | Data security transmission method of heterogeneous network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Malani et al. | Certificate-based anonymous device access control scheme for IoT environment | |
| CN107919956B (en) | End-to-end safety guarantee method in cloud environment facing to Internet of things | |
| CN111355745B (en) | Cross-domain identity authentication method based on edge computing network architecture | |
| Cui et al. | HCPA-GKA: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for VANETs | |
| CN107070652B (en) | A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system | |
| CN105743646B (en) | A kind of Identity based encryption method and system | |
| CN104253694B (en) | A kind of time slot scrambling for network data transmission | |
| CN1980123B (en) | Realizing method for PKI system based on IBE and key management apparatus | |
| US20100235627A1 (en) | Securing communications sent by a first user to a second user | |
| Memon et al. | Design and implementation to authentication over a GSM system using certificate-less public key cryptography (CL-PKC) | |
| CN106533656B (en) | A kind of key multilayer mixing method for encryption/decryption based on WSN | |
| CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
| Yang | Across-authority lightweight ownership transfer protocol | |
| Yang et al. | Protocol for ownership transfer across authorities: with the ability to assign transfer target | |
| Tan et al. | Secure and efficient authenticated key management scheme for UAV-assisted infrastructure-less IoVs | |
| CN103297230A (en) | Information encryption and decryption method, device and system | |
| CN108833113A (en) | A kind of authentication method and system of the enhancing communication security calculated based on mist | |
| CN103731819A (en) | Authentication method of wireless sensor network nodes | |
| Bansal et al. | Lightweight authentication protocol for inter base station communication in heterogeneous networks | |
| Parameswarath et al. | A privacy-preserving authenticated key exchange protocol for V2G communications using SSI | |
| GB2543359A (en) | Methods and apparatus for secure communication | |
| CN107959725A (en) | The Publish-subscribe class service agreement of consideration privacy of user based on elliptic curve | |
| Qin et al. | Strongly secure and cost-effective certificateless proxy re-encryption scheme for data sharing in cloud computing | |
| CN106230840A (en) | A kind of command identifying method of high security | |
| Yang et al. | A traceable privacy-preserving authentication protocol for VANETs based on proxy re-signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |