CN104052599A - Ubiquitously integrated star-ground node network trusted access method - Google Patents
Ubiquitously integrated star-ground node network trusted access method Download PDFInfo
- Publication number
- CN104052599A CN104052599A CN201310082965.5A CN201310082965A CN104052599A CN 104052599 A CN104052599 A CN 104052599A CN 201310082965 A CN201310082965 A CN 201310082965A CN 104052599 A CN104052599 A CN 104052599A
- Authority
- CN
- China
- Prior art keywords
- certificate
- gateway station
- satellite
- encrypted
- certificates
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Radio Relay Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates a security communication system, and especially discloses a flat network trusted access method between satellite nodes and ground gateways. The method comprises: the ground gateways regularly updating certificates, and obtaining new RSA parameters; and afterwards, selecting t satellite nodes, the ground gateways respectively sending certificate updating requests to these satellite nodes and obtaining a part of certificates issued by the satellite nodes, and when the ground gateway obtains a corresponding number of the part of the certificates, the ground gateway synthesizing new certificates through the part of the certificates. According to the invention, private keys of ground gateway domains are respectively stored on the satellite nodes by use of a (t, n) threshold method, and if the certificates are reapplied for, satellite node sub-signatures with a number not smaller than a number t need to be obtained, therefore, a satellite network can provide effective services even if being attacked.
Description
Technical field
The present invention relates to a kind of safe communication system, particularly the network trusted cut-in method of a kind of flattening between satellite node and gateway station.
Background technology
Along with remote, high covering, the mutual needs of multi-source information, the requirement of communicating by letter between star ground, star also further improves, require polytype satellite on different tracks, by interconnected and ground system between star, support, complete obtain, the task of utilization and transmission information.
Satellite network is an open network system, and the satellite with processing capacity on star of take is main communication entity, in conjunction with the satellite group volume grid interconnecting that torus network operational control center, gateway station and terrestrial user are set up relatively.Along with increasing of satellite business, transmit the enhancing of information importance, satellite network, as the important interconnection network in international communication network, has progressively improved its requirement to secure communication of network.The features such as dynamic topological structure that satellite network has, wide coverage, radio communication system, are faced with than the more security threat of ground system it, strengthen and to improve the protection of satellite network very urgent.
Because gateway station is being born the opening of satellite network user's uplink and downlink link, need to protect accordingly information.When initialization, the certificate Shi You network operation control centre of gateway station issues, when gateway station commencement of commercial operation, allow gateway station directly and the direct communication of network operation control centre dangerous, so the more new task of gateway station certificate is transferred to satellite node.
Summary of the invention
Technical problem to be solved by this invention is to propose a kind of network trusted cut-in method of star ground node of ubiquitous fusion, thereby realize identification safety authentication aperiodically when gateway station link satellite node.
In order to address the above problem, technical scheme of the present invention is: a kind of network trusted cut-in method of star ground node of ubiquitous fusion, and the method comprises the following steps:
The first step: gateway station utilizes old certificate and satellite node to complete identification safety authentication;
Second step: gateway station generates new corresponding parameter, and build new authentication P;
The 3rd step: gateway station utilizes the encryption method in random symmetric key encryption and decryption to be encrypted new authentication P, generates the first encrypted certificate and is transferred to satellite node;
The 4th step: satellite node utilizes the decryption method in random symmetric key encryption and decryption to pass first encrypted certificate of coming to gateway station and is decrypted, and generates deciphering certificate;
The 5th step: the type of satellite node audit gateway station and the effective time of deciphering certificate, audit is by the rear signature of depositing generating portion that divides with private key;
The 6th step: satellite node utilizes the encryption method of random symmetric key encryption and decryption to be encrypted deciphering certificate, generates the second encrypted certificate and is transferred to gateway station;
The 7th step: gateway station recycles t-1 the part signature that above step is obtained other, the subsequently synthetic new authentication Q of method in the distributed RSA signature algorithm of utilization (t, n) thresholding theory.
Beneficial effect of the present invention:
The present invention utilizes (t, n) gate method that the private key in gateway station territory is divided and deposited on satellite node, if again apply for certificate, need to obtain being no less than minute signature of the satellite node of t number, therefore,, even if satellite network is under attack, still can provide when needed effective service.
Accompanying drawing explanation
Fig. 1 is gateway station certificate update scheme schematic diagram.
Embodiment
Below in conjunction with drawings and Examples, the present invention is further illustrated.
As shown in Figure 1, the network trusted cut-in method of star ground node of the ubiquitous fusion of the present invention, supposes that gateway station A will carry out certificate update, and its concrete step of updating is as follows:
The first step: gateway station A utilizes old certificate and satellite node B to complete safety certification;
Second step: first gateway station A generates new corresponding parameter:
, e and d, wherein p, q are the large prime number generating in advance, wherein e with
coprime, simultaneously
, build new certificate P;
The 3rd step: gateway station A utilizes the encryption method in random symmetric key encryption and decryption to be encrypted new certificate P, generates the first encrypted certificate, and is transferred to satellite node B;
The 4th step: satellite node B utilizes the decryption method of the description in random symmetric key encryption and decryption to pass the encrypted certificate information of coming to gateway station A and is decrypted, and obtains deciphering certificate;
The 5th step: the type of satellite node B audit gateway station A and the effective time of deciphering certificate, audit is by the rear signature of depositing generating portion that divides with private key;
The 6th step: satellite node B center utilizes the encryption method of random symmetric key encryption and decryption to be encrypted deciphering certificate, generates the second encrypted certificate, and is transferred to gateway station A;
The 7th step: gateway station A recycling above-mentioned steps is obtained other t-1 part signature, the subsequently synthetic new authentication Q of method in the distributed RSA signature algorithm of utilization (t, n) thresholding theory.
Wherein, in second step, new certificate P comprises: the PKI of gateway station A is to the effective time of (N, e), certificate and gateway station.
In the present invention, gateway station meeting regular update certificate, obtains new RSA parameter; After completing, select t satellite node, gateway station sends certificate update request to these satellite nodes respectively, and obtain the part certificate signed and issued by satellite node, when gateway station acquires after the part certificate of respective number, gateway station can be by the synthetic new certificate of these part certificates, wherein, the satellite node that the value of new Compressed Bloom Filters is upgraded by participating certificate recalculates, and is distributed to other satellite node.
Gateway station of the present invention is in order to prevent certificate update concentrated in sometime, cause satellite node resource anxiety or communication blocking, the cycle T of certificate update can be divided into s time slicing, at T/s, only have M/s gateway station to carry out certificate update in the time like this, wherein M represents the sum of gateway station.
Because gateway station is being born satellite network user's main source, on satellite, most flow is all from gateway station, therefore satellite node need to be identified the identity of gateway station, prevent that resource is stolen, the present invention utilizes (t initialized time, n) gate method is divided the private key in gateway station territory to have deposited on satellite node, if again apply for certificate, need to obtain being no less than minute signature of the satellite node of t number, even if therefore satellite network is under attack, still can provide when needed effective service.
Claims (4)
1. the network trusted cut-in method of star ground node of ubiquitous fusion, is characterized in that comprising the following steps:
The first step: gateway station utilizes old certificate and satellite node to complete identification safety authentication;
Second step: gateway station generates new corresponding parameter, and build new authentication P;
The 3rd step: gateway station utilizes the encryption method in random symmetric key encryption and decryption to be encrypted new authentication P, generates the first encrypted certificate and is transferred to satellite node;
The 4th step: satellite node utilizes the decryption method in random symmetric key encryption and decryption to pass first encrypted certificate of coming to gateway station and is decrypted, and generates deciphering certificate;
The 5th step: the type of satellite node audit gateway station and the effective time of deciphering certificate, audit is by the rear signature of depositing generating portion that divides with private key;
The 6th step: satellite node utilizes the encryption method of random symmetric key encryption and decryption to be encrypted deciphering certificate, generates the second encrypted certificate and is transferred to gateway station;
The 7th step: gateway station recycles t-1 the part signature that above step is obtained other, the subsequently synthetic new authentication Q of method in the distributed RSA signature algorithm of utilization (t, n) thresholding theory.
2. the network trusted cut-in method of star ground node of ubiquitous fusion according to claim 1, is characterized in that: the new certificate P described in second step comprises: the PKI of gateway station A is to the effective time of (N, e), certificate and gateway station.
3. the network trusted cut-in method of star ground node of ubiquitous fusion according to claim 1, is characterized in that: described gateway station regular update certificate, obtains new RSA parameter.
4. the network trusted cut-in method of star ground node of ubiquitous fusion according to claim 3, it is characterized in that: the cycle T of described certificate update is divided into s time slicing, at T/s, in the time, M/s gateway station carries out certificate update, and wherein M represents the sum of gateway station.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310082965.5A CN104052599A (en) | 2013-03-15 | 2013-03-15 | Ubiquitously integrated star-ground node network trusted access method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310082965.5A CN104052599A (en) | 2013-03-15 | 2013-03-15 | Ubiquitously integrated star-ground node network trusted access method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104052599A true CN104052599A (en) | 2014-09-17 |
Family
ID=51504985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310082965.5A Pending CN104052599A (en) | 2013-03-15 | 2013-03-15 | Ubiquitously integrated star-ground node network trusted access method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104052599A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106911673A (en) * | 2017-01-23 | 2017-06-30 | 全球能源互联网研究院 | A kind of electric power wide area Internet cooperates with safely guard system and its means of defence |
| CN108289026A (en) * | 2017-12-22 | 2018-07-17 | 北京邮电大学 | Identity identifying method and relevant device in a kind of satellite network |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030112772A1 (en) * | 2000-02-15 | 2003-06-19 | Spacenet, Inc. | System and method for acceleration of a secure transmission over satellite |
| CN103188673A (en) * | 2011-12-29 | 2013-07-03 | 无锡南理工科技发展有限公司 | Flattened multisource safety certificate updating system between satellite node and ground gateway |
-
2013
- 2013-03-15 CN CN201310082965.5A patent/CN104052599A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030112772A1 (en) * | 2000-02-15 | 2003-06-19 | Spacenet, Inc. | System and method for acceleration of a secure transmission over satellite |
| CN103188673A (en) * | 2011-12-29 | 2013-07-03 | 无锡南理工科技发展有限公司 | Flattened multisource safety certificate updating system between satellite node and ground gateway |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106911673A (en) * | 2017-01-23 | 2017-06-30 | 全球能源互联网研究院 | A kind of electric power wide area Internet cooperates with safely guard system and its means of defence |
| CN108289026A (en) * | 2017-12-22 | 2018-07-17 | 北京邮电大学 | Identity identifying method and relevant device in a kind of satellite network |
| CN108289026B (en) * | 2017-12-22 | 2020-07-31 | 北京邮电大学 | Identity authentication method in satellite network and related equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Weng et al. | BENBI: Scalable and dynamic access control on the northbound interface of SDN-based VANET | |
| CN103414682B (en) | The method for cloud storage of a kind of data and system | |
| CN102594555A (en) | Security protection method for data, entity on network side and communication terminal | |
| CN105812131B (en) | Vehicle-mounted node certificate updating method based on vehicle-mounted short-distance communication network | |
| CN106411515B (en) | The method and system for promoting key safety are split to key using cipher machine | |
| CN107196920A (en) | A kind of key towards wireless communication system produces distribution method | |
| CN102546184B (en) | Method and system for message secure transmission or key distribution in sensor network | |
| CN104065485A (en) | Power grid dispatching mobile platform safety guaranteeing and controlling method | |
| CN104010305A (en) | Bidirectional authentication reinforcement method of terminal and access network based on physical layer secret key | |
| CN105704160B (en) | Vehicle-mounted data real-time computing technique | |
| CN102123392A (en) | Secret key management method for distributed wireless sensor network | |
| CN108632251A (en) | Authentic authentication method based on cloud computing data service and its Encryption Algorithm | |
| CN104955039A (en) | Network authentication certification method and equipment | |
| Wei et al. | BAVP: Blockchain‐Based Access Verification Protocol in LEO Constellation Using IBE Keys | |
| CN102487503B (en) | Method for managing multi-stage security dynamic group security keys | |
| CN108833113A (en) | A kind of authentication method and system of the enhancing communication security calculated based on mist | |
| CN103354637B (en) | A kind of internet-of-things terminal M2M communication encrypting method | |
| CN101527708B (en) | Method and device for restoring connection | |
| CA2962187C (en) | Satellite receiver option for certificate distribution | |
| CN104202317A (en) | Cloud platform data management method and system | |
| CN101483469B (en) | Satellite network safe routing implementing method based on mobile proxy | |
| CN104052599A (en) | Ubiquitously integrated star-ground node network trusted access method | |
| CN105871551B (en) | User based on proxy re-encryption cancels access control method | |
| KR102219018B1 (en) | Blockchain based data transmission method in internet of things | |
| CN103200563A (en) | Subliminal channel hiding communication method based on authentication code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140917 |