CN105516980A - Token authentication method for wireless sensor network based on Restful architecture - Google Patents
Token authentication method for wireless sensor network based on Restful architecture Download PDFInfo
- Publication number
- CN105516980A CN105516980A CN201510947805.1A CN201510947805A CN105516980A CN 105516980 A CN105516980 A CN 105516980A CN 201510947805 A CN201510947805 A CN 201510947805A CN 105516980 A CN105516980 A CN 105516980A
- Authority
- CN
- China
- Prior art keywords
- web server
- client
- aggregation node
- token
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a token authentication method for a wireless sensor network based on a Restful architecture. The token authentication method comprises the following steps: self organizing a sensor node and a sink node into a network; connecting the sink node to a Web server based on the Restful architecture; and adopting challenge response authentication between the sink node and the Web server, adopting SSL (Security Socket Layer) authentication between the Web server and a client and adopting token authentication between the client and the sink node, wherein the above three authentications are bidirectional authentications, and a user accesses the Web server to acquire data of a wireless sensor node through the client. The token authentication method for the wireless sensor network based on the Restful architecture provided by the invention can effectively prevent a malicious attacker from damaging data, and guarantee the safety of data in the wireless sensor network.
Description
Technical field
The present invention relates to technical field of the computer network, particularly relate to a kind of wireless sensor network token authentication method based on Restful framework.
Background technology
Wireless sensor network (WirelessSensorNetworks, WSN) be the wireless network be made up of in an ad-hoc fashion one group of microsensor node, its objective is the information of perceptive object in perception collaboratively, covering geographic area, acquisition and processing networking, and be distributed to observer.Each transducer in wireless sensor network has one or more node, and sensor node is a miniature embedded system normally.Each node monitors oneself sensing range object, monitor specific behavior, node is used to carry out image data, the data collected are sent to nearest aggregation node, enter the convergence stage subsequently, from the data analysis collected close to node and process, then result is sent to base station as required, base station sends final result to observer.
Because sensor network configuration surroundings is general relatively more severe, wireless network fragility inherently, is thus very easily subject to various attack in addition.For the safe transfer of guarantee information, need a kind of mechanism to verify the legitimacy of communication parties identity.In traditional cable network, PKIX efficiently solves this problem, and it, by using and managing digital certificate, provides comprehensive public key encryption and digital signature service.By PKIX, the identity binding of PKI and lawful owner can be got up, thus set up and safeguard a believable network environment.But asymmetry sampling needs very high calculating, communication and storage overhead, which dictates that and use digital signature and public key certificate mechanism to be infeasible on resource-constrained transducer.For the safe transfer of guarantee information, need a kind of mechanism to verify the legitimacy of communication parties identity, must set up and a set ofly consider fail safe, efficiency and performance and carry out rational sensor network identity verification scheme.
Summary of the invention
The object of this invention is to provide a kind of wireless sensor network token authentication method based on Restful framework, can effectively prevent malicious attacker to the destruction of data, ensure the safety of data in wireless sensor network.
The technical solution used in the present invention is: a kind of wireless sensor network token authentication method based on Restful framework, sensor node and aggregation node are organized themselves into into network, aggregation node is connected to the Web server based on Restful framework, challenge responses certification is adopted between aggregation node and Web server, SSL certification is adopted between Web server and client, token authentication is adopted between client and aggregation node, the above three kinds of certification is two-way authentication, and user obtains the data of wireless sensor node by client-access Web server.
Challenge responses certification between described aggregation node and Web server, comprises the following steps:
A aggregation node initiates identity registration request to Web server, enters step B;
BWeb server is that aggregation node distributes ID, preserves the id information of aggregation node and consults with aggregation node the authenticate key that obtains, and this ID is sent to aggregation node, enter step C in this locality;
C aggregation node receives id information, sends the authentication request comprising aggregation node id information, enter step D to Web server;
Whether the ID that DWeb server receives at local search exists, if exist, then generates the first random number and sends to aggregation node, sending to aggregation node one group of function algorithm table simultaneously, enter step e; If do not exist, enter step H;
E aggregation node adopts authenticate key to be encrypted the first random number, and adopt a kind of algorithm in function algorithm table to encrypt again the first random number after encryption, aggregation node by again encryption after the first random number and selected cryptographic algorithm send to Web server, enter step F;
FWeb server adopts authenticate key to be encrypted the first random number, the cryptographic algorithm adopting aggregation node to send is encrypted the first random number after encryption again, and judge that encrypted result and aggregation node send encrypt again after the first random number whether consistent, if consistent, then by checking, enter step G, otherwise, checking is not passed through, and enters step H;
GWeb server and aggregation node are consulted to obtain session key;
The data of HWeb server rejection aggregation node.
In described step B and step G, Web server and aggregation node adopt DH algorithm to generate the secret key of certification and session key respectively.
Function algorithm table in described step D is One-way Hash Function Algorithm table.
Token authentication between described client and Web server, comprises the authentication between client and Web server and the identity registration between client and Web server successively;
Authentication between client and Web server, comprises the following steps successively:
A1, client initiate connection request to Web server, and receive the first CA certificate and the information relevant to the first CA certificate that Web server returns;
The legitimacy of B1, client validation Web server identity, and preserve the PKI of Web server;
C1, client send the second CA certificate to Web server;
The legitimacy of D1, Web server checking client identity, and preserve the PKI of client;
The communication symmetric cryptography scheme self supported is sent to Web server by E1, client;
F1, Web server select a kind of cryptography scheme from the communication symmetric cryptography scheme received, and send to client after this cryptography scheme is adopted the public key encryption of client;
G1, client, to the cryptography scheme deciphering after the encryption received, obtain the cryptography scheme that Web server is selected, determine key of conversing, and send to Web server after call key is adopted the public key encryption of Web server;
H1, Web server receive the call key after encryption, are decrypted, and obtain call key;
Identity registration between client and Web server, comprises the following steps successively:
A2, client initiate registration request to Web server, and log-on message is issued Web server by SSL safe lane;
B2, client first time is when logging in, Web server by user guiding mandate page, the access rights of User Defined personal data, and issue Web server by SSL safe lane;
Subscriber authorisation situation stored in Access Control List (ACL), is generated interim token according to the user name of user, password and current time, and interim token is sent to client by C2, Web server;
D2, client use interim token to send data operation request to Web server;
E2, Web server judge whether interim token lost efficacy, and send to client as voucher if failure requirement client re-starts register and generates new interim token; If token did not lose efficacy, then responded the request of client.
In described step C2, if user has private aggregation node, the interim token generated also is sent to aggregation node by Web server.
In token authentication process between client and aggregation node, user buy private aggregation node time, obtain a unique identification number, Web server by the ID of this aggregation node therewith identifier number bind.
Token authentication process between client and aggregation node, comprises the following steps successively:
A3, client initiate registration request to Web server, fill in ID and the identifier number of private aggregation node;
B3, Web server receive the log-on message of client, if find, the ID of aggregation node mates with identifier number, then admit the private aggregation node of this aggregation node user for this reason, and when generating interim token after client logs in, while interim token is sent to client, send to the private aggregation node of user;
The private aggregation node of C3, user receives interim token, and client is connected with private aggregation node by interim token.
Sensor node and aggregation node organize themselves into as network by the present invention, aggregation node is connected to the Web server based on Restful framework, challenge responses certification is adopted between aggregation node and Web server, SSL certification is adopted between Web server and client, token authentication is adopted between client and aggregation node, the above three kinds of certification is two-way authentication, user obtains the data of wireless sensor node by client-access Web server, wireless sensor network token authentication method based on Restful framework of the present invention, can effectively prevent malicious attacker to the destruction of data, ensure the safety of data in wireless sensor network.
Accompanying drawing explanation
Fig. 1 is the wireless sensor network topology figure that the present invention is based on Restful framework;
Fig. 2 is the challenge responses identifying procedure figure in the present invention between aggregation node and Web server;
Fig. 3 is the flow for authenticating ID figure in the present invention between client and Web server;
Fig. 4 is the identity registration flow chart in the present invention between client and Web server;
Fig. 5 is the token authentication process in the present invention between client and aggregation node.
Embodiment
A kind of wireless sensor network token authentication method based on Restful framework of the present invention, sensor node sensor and aggregation node sinknode is organized themselves into as network, aggregation node sinknode is connected to the Web server based on Restful framework, challenge responses certification is adopted between aggregation node sinknode and Web server, SSL certification is adopted between Web server and client user, token authentication is adopted between client user and aggregation node sinknode, the above three kinds of certification is two-way authentication, user accesses by client user the data that Web server obtains wireless sensor node sensor.
REST full name is RepresentationalStateTransfer, i.e. declarative state transitions, refers to shelving structure constraints and a principle, if framework meets constraints and the principle of REST, is just called Restful framework.Current HTTP is unique example relevant to REST.
Restful framework follows stateless communication principle.It is stateless between each request that stateless communication principle refers in client user and the mutual process of Web server.REST claimed condition or be placed in resource status, or be stored on client user, namely Web server can not keep the communications status of any client user communicated with except single request.This kind of communications status makes the free space of Web server have scalability, if Web server needs to keep client user state, so a large amount of client user can have a strong impact on the internal memory free space (footprint) of Web server alternately.For realizing stateless communication, the authentication request based on Restful framework should not rely on cookie or session, and each request should carry the Service Ticket of certain type.
Fig. 1 is the wireless sensor network topology figure based on Restful framework, an aggregation node sinknode connects some sensor node sensor, sensor node sensor is for collecting measurement data, aggregation node sinknode primary responsibility manipulation sensor node sensor collects data, accepts the data of all the sensors node sensor and be connected with outer net, can regard gateway node as.A Web server can be accessed by a large amount of aggregation node sinknode, Web server is used for storing the measurement data that aggregation node sinknode sends, user can log in Web server by the client user of webpage, sends data operation request dominate node finish the work or check the collection data of preserving in Web server by browser.If user has private aggregation node sinknode, then client user can directly and aggregation node sinknode connect and do not need checked by Web server or manipulate data.
Fig. 2 is the challenge responses identifying procedure figure between aggregation node sinknode and Web server, comprises the following steps:
S101: aggregation node sinknode initiates identity registration request to Web server;
When aggregation node sinknode accesses sensor network first, initiate ID authentication request to Web server, namely carry out identity registration.
S102:Web server is that aggregation node sinknode distributes ID, preserves the id information of aggregation node sinknode and consults with aggregation node sinknode the authenticate key that obtains, and this ID is sent to aggregation node sinknode in this locality;
In the present embodiment, when aggregation node sinknode carries out identity registration, Web server is that aggregation node sinknode distributes ID, and preserves the id information of aggregation node sinknode in this locality, both sides adopt DH algorithm to generate the secret key of certification simultaneously, and both sides preserve the secret key of certification of generation separately.
S103: aggregation node sinknode receives id information, sends the authentication request comprising the id information of aggregation node sinknode to Web server;
Aggregation node sinknode receives id information, again initiates authentication request to server during access, comprises the ID of aggregation node sinknode in authentication request.
Whether the ID that S104:Web server receives at local search exists, if exist, then generates the first random number and sends to aggregation node sinknode, sending to aggregation node sinknode mono-group of function algorithm table simultaneously; If do not exist, the data of Web server rejection aggregation node sinknode;
In the present embodiment, Web server from local data base inquire-receive to the ID of aggregation node sinknode whether exist, if exist, then produce a random number in inside and return to aggregation node sinknode, return to aggregation node sinknode mono-group of One-way Hash Function Algorithm table, One-way Hash Function Algorithm table comprises MD5, SHA and HMAC etc. simultaneously.
S105: aggregation node sinknode adopts authenticate key to be encrypted the first random number, and adopt a kind of algorithm in function algorithm table to encryption after the first random number encrypt again, aggregation node sinknode by again encryption after the first random number and selected cryptographic algorithm send to Web server;
In the present embodiment, the first random number received and the authenticate key generated during registration are carried out XOR by aggregation node sinknode, select a kind of algorithm in One-way Hash Function Algorithm table to generate character string as response to after the string processing after XOR, and this character string and selected cryptographic algorithm are sent to Web server.
S106:Web server adopts authenticate key to be encrypted the first random number, the cryptographic algorithm adopting aggregation node sinknode to send is encrypted the first random number after encryption again, and judge that encrypted result and aggregation node sinknode send encrypt again after the first random number whether consistent, if consistent, then by checking; Otherwise checking is not passed through, the data of Web server rejection aggregation node sinknode;
In the present embodiment, first random number and authenticate key are carried out XOR by Web server, and the One-way Hash Function Algorithm adopting the aggregation node sinknode received to return processes, the character string that result of calculation and aggregation node sinknode return is compared, if the two is identical, then pass through certification; Otherwise checking is not passed through, the data of Web server rejection aggregation node sinknode.
S107:Web server and aggregation node sinknode consult to obtain session key;
In the present embodiment, certification adopts DH algorithm to generate the secret key of session by rear Web server and aggregation node sinknode, follow-up connection using the secret key of session as the secret key of encryption, in order to meet the confidentiality demand for security of data.
Token authentication between described client user and Web server, comprises the authentication between client user and Web server and the identity registration between client user and Web server successively;
Fig. 3 is the flow diagram of authentication procedures between client user and Web server, comprises the following steps successively:
S201: client user initiates connection request to Web server, and the first CA certificate and the information relevant to the first CA certificate that receive that Web server returns;
The legitimacy of S202: client user checking Web server identity, and preserve the PKI of Web server;
In the present embodiment, client user verifies whether the first CA certificate that Web server send is that the CA center of being trusted by oneself is signed and issued.If not, client user just gives user's alert message, and warning user first CA certificate is untrustworthy, and inquiry user is the need of continuation access.If so, client user compares the message in the first CA certificate, and whether such as domain name is consistent with the related news that Web server sends with PKI, if consistent, the legal identity of client browser accreditation Web server also preserves the PKI of Web server.
S203: client user sends the second CA certificate to Web server;
The legitimacy of S204:Web server authentication client user identity, and preserve the PKI of client user;
Second CA certificate of Web server checking client user, if not by checking, then refuses to connect; If by checking, Web server obtain client user PKI.
The communication symmetric cryptography scheme self supported is sent to Web server by S205: client user;
S206:Web server selects a kind of cryptography scheme from the communication symmetric cryptography scheme received, and sends to client user after this cryptography scheme is adopted the public key encryption of client user;
S207: client user, to the cryptography scheme deciphering after the encryption received, obtains the cryptography scheme that Web server is selected, determines key of conversing, and sends to Web server after call key is adopted the public key encryption of Web server;
S208:Web server receives the call key after encryption, is decrypted, and obtains call key;
Fig. 4 is the registration process flow chart between client user and Web server, comprises the following steps successively:
S301: client user initiates registration request to Web server, and log-on message is issued Web server by SSL safe lane;
In the present embodiment, user initiates registration request at client user to Web server, fills in relevant information, as user name, password etc.; If user has private aggregation node sinknode, need relevant information be filled in, relate to the certification of aggregation node sinknode and client user here, after ask in the verification process of aggregation node sinknode and client user and can describe in detail.The information of user issues Web server by SSL safe lane.User's registration information preserved by Web server, and during registration, the user name of user must not repeat.
S302: client user first time is when logging in, Web server by user guiding mandate page, the access rights of User Defined personal data, and issue Web server by SSL safe lane;
Client user first time is when logging in, if login password is correct, Web server by user guiding mandate page, the access rights of User Defined personal data, as only individual as seen or all visible, and the access rights of definition are issued Web server by SSL safe lane;
S303:Web server by subscriber authorisation situation stored in Access Control List (ACL), according to the interim token Token that the user name of user, password and current time generate, and interim token Token is sent to client user, if user has private aggregation node sinknode, interim for generation token Token is also sent to aggregation node sinknode by Web server;
Access Control List (ACL) is the list being specifically designed to memory access authority, if user A thinks the node data of visit data user B, then need to send access application to Web server, first Web server receives access application will check Access Control List (ACL), if the access rights of user B are set to individual visible in Access Control List (ACL), then Web server returns to the message that user A haves no right to access, if the access rights of user B are set to all visible, then Web server returns to the data that user A wants to check.If user A haves no right the data of calling party B, can apply for access further, initiate application by Web server to user B, wait for the response of user B, if user B grant access, user A can continue the data of checking user B.Access Control List (ACL) structure is as follows:
Interim token Token is by user name, and password and current time in system are element, and Web server generates interim token Token, and the interim token Token generated is sent to client user by Web server.
S304: client user uses interim token Token to send data operation request to Web server;
Client user does not need each connection to carry out register, adopts interim token Token can carry out data interaction with Web server.
S305:Web server judges whether interim token Token lost efficacy, and sends to client user as voucher if failure requirement client user re-starts register and generates new interim token Token; If token did not lose efficacy, then responded the request of client user.
Web server judge user name in interim token Token and password whether correct, and get the interim token Token rise time, with current time according to judging whether interim token Token lost efficacy, if lost efficacy, required client user to re-start register and generated new interim token Token to send to client user as voucher; If token did not lose efficacy, then responded the request of client user.
Existing token authentication adopts dynamic-password technique usually.Dynamic-password technique is the improvement to traditional static password technology, user will have some vouchers, as the interim token Token that system is issued, and the numeral on interim token Token is constantly change, and be synchronous with the Web server of certification, therefore the password that user signs in system also constantly changes, i.e. so-called " one-time pad ".
Existing dynamic-password technique has two kinds of synchronization scenarios: time synchronized, event synchronization.
1. time synchronized, refers to that interim token Token adopts the time as a seed of dynamic password, the password that Web server was produced as an interim token Token of seed certification by the employing time.
2. event synchronization, refer to interim token Token using current counting as a seed at every turn when producing dynamic password, after having produced dynamic password, this counting can increase progressively automatically at every turn, and Web server adopts number of times as seed when verifying equally.
Interim token Token with extraneous without any data communication, seed identical in interim token Token also preserved by Web server, adopt the cryptographic algorithm identical with interim token Token, draw identical enciphered data, then obtain identical random cipher and verify.The random cipher of interim token Token must and the binding such as account of client, just can judge whether password mates.When Web server does certification, same password only allows verification once.
Token authentication core is algorithm, and it uses relatively flexible, without the need to memory cipher, adopts two-factor authentication mechanism can play the effect of dual fail-safe, simple; Token authentication is the developing direction that ID authentication mechanism is new, provides the fail safe higher than traditional static password, is to adapt to the important identity identifying technology of of current information security development characteristic.
In token authentication process between client user and aggregation node sinknode, user buy private aggregation node sinknode time, obtain a unique identification number, Web server by the ID of this aggregation node sinknode therewith identifier number bind.
Fig. 5 is the token authentication process between client user and aggregation node sinknode, comprises the following steps:
S401: client user initiates registration request to Web server, fills in ID and the identifier number of private aggregation node sinknode;
The log-on message of S402:Web server receives client user, if find, the ID of aggregation node sinknode mates with identifier number, then admit the private aggregation node sinknode of this aggregation node sinknode user for this reason, and when generating interim token Token after client user logs in, while interim token Token is sent to client user, send to the private aggregation node sinknode of user;
S403: the private aggregation node sinknode of user is received interim token Token, client user and is connected with private aggregation node sinknode by interim token Token.
So far, the certification in many ways in wireless sensor network is complete, can ensure the data security of each side in whole communication system.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (8)
1. the wireless sensor network token authentication method based on Restful framework, it is characterized in that: sensor node and aggregation node are organized themselves into into network, aggregation node is connected to the Web server based on Restful framework, challenge responses certification is adopted between aggregation node and Web server, SSL certification is adopted between Web server and client, token authentication is adopted between client and aggregation node, the above three kinds of certification is two-way authentication, and user obtains the data of wireless sensor node by client-access Web server.
2. the wireless sensor network token authentication method based on Restful framework according to claim 1, it is characterized in that, the challenge responses certification between described aggregation node and Web server, comprises the following steps:
Aggregation node initiates identity registration request to Web server, enters step B;
Web server is that aggregation node distributes ID, preserves the id information of aggregation node and consults with aggregation node the authenticate key that obtains, and this ID is sent to aggregation node, enter step C in this locality;
Aggregation node receives id information, sends the authentication request comprising aggregation node id information, enter step D to Web server;
Whether the ID that Web server receives at local search exists, if exist, then generates the first random number and sends to aggregation node, sending to aggregation node one group of function algorithm table simultaneously, enter step e; If do not exist, enter step H;
Aggregation node adopts authenticate key to be encrypted the first random number, and adopt a kind of algorithm in function algorithm table to encrypt again the first random number after encryption, aggregation node by again encryption after the first random number and selected cryptographic algorithm send to Web server, enter step F;
Web server adopts authenticate key to be encrypted the first random number, the cryptographic algorithm adopting aggregation node to send is encrypted the first random number after encryption again, and judge that encrypted result and aggregation node send encrypt again after the first random number whether consistent, if consistent, then by checking, enter step G, otherwise, checking is not passed through, and enters step H;
Web server and aggregation node are consulted to obtain session key;
The data of Web server rejection aggregation node.
3. the wireless sensor network token authentication method based on Restful framework according to claim 2, is characterized in that: in described step B and step G, and Web server and aggregation node adopt DH algorithm to generate the secret key of certification and session key respectively.
4. the wireless sensor network token authentication method based on Restful framework according to claim 2, is characterized in that: the function algorithm table in described step D is One-way Hash Function Algorithm table.
5. the wireless sensor network token authentication method based on Restful framework according to claim 1, it is characterized in that, token authentication between described client and Web server, comprises the authentication between client and Web server and the identity registration between client and Web server successively;
Authentication between client and Web server, comprises the following steps successively:
A1, client initiate connection request to Web server, and receive the first CA certificate and the information relevant to the first CA certificate that Web server returns;
The legitimacy of B1, client validation Web server identity, and preserve the PKI of Web server;
C1, client send the second CA certificate to Web server;
The legitimacy of D1, Web server checking client identity, and preserve the PKI of client;
The communication symmetric cryptography scheme self supported is sent to Web server by E1, client;
F1, Web server select a kind of cryptography scheme from the communication symmetric cryptography scheme received, and send to client after this cryptography scheme is adopted the public key encryption of client;
G1, client, to the cryptography scheme deciphering after the encryption received, obtain the cryptography scheme that Web server is selected, determine key of conversing, and send to Web server after call key is adopted the public key encryption of Web server;
H1, Web server receive the call key after encryption, are decrypted, and obtain call key;
Identity registration between client and Web server, comprises the following steps successively:
A2, client initiate registration request to Web server, and log-on message is issued Web server by SSL safe lane;
B2, client first time is when logging in, Web server by user guiding mandate page, the access rights of User Defined personal data, and issue Web server by SSL safe lane;
Subscriber authorisation situation stored in Access Control List (ACL), is generated interim token according to the user name of user, password and current time, and interim token is sent to client by C2, Web server;
D2, client use interim token to send data operation request to Web server;
E2, Web server judge whether interim token lost efficacy, and send to client as voucher if failure requirement client re-starts register and generates new interim token; If token did not lose efficacy, then responded the request of client.
6. the wireless sensor network token authentication method based on Restful framework according to claim 5, is characterized in that: in described step C2, if user has private aggregation node, the interim token generated also is sent to aggregation node by Web server.
7. the wireless sensor network token authentication method based on Restful framework according to claim 1, it is characterized in that, in token authentication process between client and aggregation node, user is when buying private aggregation node, obtain a unique identification number, Web server by the ID of this aggregation node therewith identifier number bind.
8. the wireless sensor network token authentication method based on Restful framework according to claim 1, it is characterized in that, the token authentication process between client and aggregation node, comprises the following steps successively:
A3, client initiate registration request to Web server, fill in ID and the identifier number of private aggregation node;
B3, Web server receive the log-on message of client, if find, the ID of aggregation node mates with identifier number, then admit the private aggregation node of this aggregation node user for this reason, and when generating interim token after client logs in, while interim token is sent to client, send to the private aggregation node of user;
The private aggregation node of C3, user receives interim token, and client is connected with private aggregation node by interim token.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510947805.1A CN105516980B (en) | 2015-12-17 | 2015-12-17 | A kind of wireless sensor network token authentication method based on Restful frameworks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510947805.1A CN105516980B (en) | 2015-12-17 | 2015-12-17 | A kind of wireless sensor network token authentication method based on Restful frameworks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105516980A true CN105516980A (en) | 2016-04-20 |
| CN105516980B CN105516980B (en) | 2018-11-13 |
Family
ID=55724545
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510947805.1A Active CN105516980B (en) | 2015-12-17 | 2015-12-17 | A kind of wireless sensor network token authentication method based on Restful frameworks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105516980B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107577504A (en) * | 2017-07-26 | 2018-01-12 | 河南大学 | A kind of wireless sensor network programming method based on Restful frameworks |
| CN107888615A (en) * | 2017-12-01 | 2018-04-06 | 郑州云海信息技术有限公司 | A kind of safety certifying method of Node registry |
| CN108347330A (en) * | 2017-01-24 | 2018-07-31 | 北京百度网讯科技有限公司 | A kind of method and apparatus of secure communication |
| CN108600156A (en) * | 2018-03-07 | 2018-09-28 | 华为技术有限公司 | A kind of server and safety certifying method |
| CN109462595A (en) * | 2018-11-29 | 2019-03-12 | 甘肃万维信息科技有限责任公司 | Data-interface secure exchange method based on RestFul |
| CN109587249A (en) * | 2018-12-07 | 2019-04-05 | 北京金山云网络技术有限公司 | Information sending, receiving method, device, server, client and storage medium |
| CN110402440A (en) * | 2017-02-27 | 2019-11-01 | J·加斯屈埃尔 | Segment key Verification System |
| CN110581829A (en) * | 2018-06-08 | 2019-12-17 | 中国移动通信集团有限公司 | Communication method and device |
| CN110691358A (en) * | 2019-11-14 | 2020-01-14 | 北京京航计算通讯研究所 | Access control system based on attribute cryptosystem in wireless sensor network |
| JP2020531990A (en) * | 2017-08-29 | 2020-11-05 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Automatic upgrade from one-step authentication to two-step authentication via application programming interface |
| JP2021518006A (en) * | 2018-04-25 | 2021-07-29 | グーグル エルエルシーGoogle LLC | Delayed two-factor authentication in a networked environment |
| CN113836553A (en) * | 2021-09-22 | 2021-12-24 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
| JP2022058437A (en) * | 2018-04-25 | 2022-04-12 | グーグル エルエルシー | Delayed two-factor authentication in networked environment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350719A (en) * | 2007-07-18 | 2009-01-21 | 康佳集团股份有限公司 | Novel identification authentication method |
| CN101355555A (en) * | 2007-07-27 | 2009-01-28 | 日立软件工程株式会社 | Authentication system and authentication method |
| US20130086645A1 (en) * | 2011-09-29 | 2013-04-04 | Oracle International Corporation | Oauth framework |
| CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
-
2015
- 2015-12-17 CN CN201510947805.1A patent/CN105516980B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350719A (en) * | 2007-07-18 | 2009-01-21 | 康佳集团股份有限公司 | Novel identification authentication method |
| CN101355555A (en) * | 2007-07-27 | 2009-01-28 | 日立软件工程株式会社 | Authentication system and authentication method |
| US20130086645A1 (en) * | 2011-09-29 | 2013-04-04 | Oracle International Corporation | Oauth framework |
| CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108347330A (en) * | 2017-01-24 | 2018-07-31 | 北京百度网讯科技有限公司 | A kind of method and apparatus of secure communication |
| CN110402440B (en) * | 2017-02-27 | 2024-02-02 | J·加斯屈埃尔 | Segmented key authentication system |
| CN110402440A (en) * | 2017-02-27 | 2019-11-01 | J·加斯屈埃尔 | Segment key Verification System |
| CN107577504A (en) * | 2017-07-26 | 2018-01-12 | 河南大学 | A kind of wireless sensor network programming method based on Restful frameworks |
| JP7100939B2 (en) | 2017-08-29 | 2022-07-14 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Automatic upgrade from one-step verification to two-step verification via application programming interface |
| JP2020531990A (en) * | 2017-08-29 | 2020-11-05 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | Automatic upgrade from one-step authentication to two-step authentication via application programming interface |
| CN107888615A (en) * | 2017-12-01 | 2018-04-06 | 郑州云海信息技术有限公司 | A kind of safety certifying method of Node registry |
| CN107888615B (en) * | 2017-12-01 | 2021-07-02 | 郑州云海信息技术有限公司 | Safety authentication method for node registration |
| CN108600156B (en) * | 2018-03-07 | 2021-05-07 | 华为技术有限公司 | Server and security authentication method |
| CN108600156A (en) * | 2018-03-07 | 2018-09-28 | 华为技术有限公司 | A kind of server and safety certifying method |
| JP2022058437A (en) * | 2018-04-25 | 2022-04-12 | グーグル エルエルシー | Delayed two-factor authentication in networked environment |
| JP2021518006A (en) * | 2018-04-25 | 2021-07-29 | グーグル エルエルシーGoogle LLC | Delayed two-factor authentication in a networked environment |
| JP7004833B2 (en) | 2018-04-25 | 2022-01-21 | グーグル エルエルシー | Delayed two-factor authentication in a networked environment |
| JP7262565B2 (en) | 2018-04-25 | 2023-04-21 | グーグル エルエルシー | Delayed two-factor authentication in networked environments |
| CN110581829A (en) * | 2018-06-08 | 2019-12-17 | 中国移动通信集团有限公司 | Communication method and device |
| CN109462595A (en) * | 2018-11-29 | 2019-03-12 | 甘肃万维信息科技有限责任公司 | Data-interface secure exchange method based on RestFul |
| CN109587249A (en) * | 2018-12-07 | 2019-04-05 | 北京金山云网络技术有限公司 | Information sending, receiving method, device, server, client and storage medium |
| CN110691358A (en) * | 2019-11-14 | 2020-01-14 | 北京京航计算通讯研究所 | Access control system based on attribute cryptosystem in wireless sensor network |
| CN110691358B (en) * | 2019-11-14 | 2022-10-14 | 北京京航计算通讯研究所 | Access control system based on attribute cryptosystem in wireless sensor network |
| CN113836553A (en) * | 2021-09-22 | 2021-12-24 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
| CN113836553B (en) * | 2021-09-22 | 2023-10-20 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105516980B (en) | 2018-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105516980B (en) | A kind of wireless sensor network token authentication method based on Restful frameworks | |
| Hou et al. | A survey on internet of things security from data perspectives | |
| Liu et al. | A survey on secure data analytics in edge computing | |
| Dhillon et al. | Secure multi‐factor remote user authentication scheme for Internet of Things environments | |
| CN105530253B (en) | Wireless sensor network access authentication method under Restful framework based on CA certificate | |
| Kumari et al. | An enhanced and secure trust‐extended authentication mechanism for vehicular ad‐hoc networks | |
| Jia et al. | A2 chain: a blockchain‐based decentralized authentication scheme for 5G‐enabled IoT | |
| Jeong et al. | An efficient authentication system of smart device using multi factors in mobile cloud service architecture | |
| CN110677234B (en) | Privacy protection method and system based on homomorphic encryption blockchain | |
| Park et al. | A selective group authentication scheme for IoT-based medical information system | |
| Dua et al. | Replay attack prevention in Kerberos authentication protocol using triple password | |
| US20210167963A1 (en) | Decentralised Authentication | |
| Sadasivam et al. | A novel authentication service for hadoop in cloud environment | |
| Hasan et al. | WORAL: A witness oriented secure location provenance framework for mobile devices | |
| Santos et al. | FLAT: Federated lightweight authentication for the Internet of Things | |
| CN115001841A (en) | Identity authentication method, identity authentication device and storage medium | |
| Gao et al. | A privacy-preserving identity authentication scheme based on the blockchain | |
| Srikanth et al. | An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems | |
| Wazid et al. | TACAS-IoT: trust aggregation certificate-based authentication Scheme for edge-enabled IoT systems | |
| Al‐Balasmeh et al. | Framework of data privacy preservation and location obfuscation in vehicular cloud networks | |
| Badar et al. | Secure authentication protocol for home area network in smart grid-based smart cities | |
| Klevjer et al. | Extended HTTP digest access authentication | |
| Zhang et al. | Is Today's End-to-End Communication Security Enough for 5G and Its Beyond? | |
| Wang et al. | An efficient data sharing scheme for privacy protection based on blockchain and edge intelligence in 6G-VANET | |
| Kara et al. | VoIPChain: A decentralized identity authentication in Voice over IP using Blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |