CN108173882A - Edge calculations node identities authentication method based on aes algorithm - Google Patents

Edge calculations node identities authentication method based on aes algorithm Download PDF

Info

Publication number
CN108173882A
CN108173882A CN201810172441.8A CN201810172441A CN108173882A CN 108173882 A CN108173882 A CN 108173882A CN 201810172441 A CN201810172441 A CN 201810172441A CN 108173882 A CN108173882 A CN 108173882A
Authority
CN
China
Prior art keywords
edge
key
registration
service equipment
aes algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810172441.8A
Other languages
Chinese (zh)
Other versions
CN108173882B (en
Inventor
滕明凤
安建伟
林福宏
孔志印
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology Beijing USTB
Original Assignee
University of Science and Technology Beijing USTB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology Beijing USTB filed Critical University of Science and Technology Beijing USTB
Priority to CN201810172441.8A priority Critical patent/CN108173882B/en
Publication of CN108173882A publication Critical patent/CN108173882A/en
Application granted granted Critical
Publication of CN108173882B publication Critical patent/CN108173882B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of edge calculations node identities authentication method based on aes algorithm, wherein, the method includes:Initialization step distributes ID, and complete the edge service equipment and the public private key pair generation of the registration body using registration body for edge service equipment each in network;Registration step completes the registration of edge customer of request service and the generation of master key;Authenticating step realizes the edge customer and the bidirectional identity authentication of the edge service equipment using the improved aes algorithm.Technical solution provided by the invention solves the problems, such as the bidirectional identity authentication of edge calculations node, has ensured that fringe node safely and efficiently communicates, and can meet the requirement of edge calculations high dynamic, low time delay.

Description

Edge calculations node identities authentication method based on aes algorithm
Technical field
The present invention relates to authentication related application field more particularly to a kind of edge calculations nodes based on aes algorithm Identity identifying method.
Background technology
With the fast development of Internet of Things and popularizing for 4G/5G wireless networks, all things on earth Internet age arrives rapidly, network edge Edge number of devices increases sharply, and mass data needs to handle, using cloud computing model as core centralized big data processing mode Through being unable to data caused by efficient process edge device, network constantly complicates, network delay, network blockage etc. will give object Networking brings immeasurable loss, and the pattern that existing Internet of Things is directly accessed cloud is no longer applicable in.Edge calculations can efficiently and When, safe handling mass data, provide faster response to the user, by demand marginal end solve, therefore will become all things on earth it is mutual Connection epoch emphasis of concern.
AES (Advanced Encryption Standard) is excellent with simplicity, high efficiency, symmetry, modularity etc. Point, but the attack method of algorithm is found at present by studying, AES employs the side for expanding seed key generation sub-key Formula, key schedule are designed fairly simple, and the attacks such as Attacks and penetration attack are exactly the key in aes algorithm It makes an issue of in expansion algorithm, to attack the safety of AES encryption algorithm.This algorithm is there are attacker after a respective loops are obtained The defects of can deriving original seed sub-key.Backstepping process is the main mode of thinking of key cracker, if it is possible to be found A kind of operation direction that can make algorithm has a unicity method, i.e., algorithm may only calculate from front to back and cannot be from rear past Preceding reckoning, it is possible to security from attacks.
Authentication is to ensure that edge calculations very important measure safely, traditional identity verification scheme high dynamic, Do not have good scalability in highly dense edge network;The authentication execution time based on biological characteristic is longer, price It is expensive;Based on the identity identifying technology of D-H problems development, calculated using complex model, verification process is too slow, is not suitable for intelligence Equipment or smart card.
Invention content
In view of this, the purpose of the present invention is to provide a kind of edge calculations node identities authenticating parties based on aes algorithm Method, and then solve the problems, such as the bidirectional identity authentication of edge calculations node, to ensure that fringe node safely and efficiently communicates.
The present invention proposes a kind of edge calculations node identities authentication method based on aes algorithm, wherein, the method packet It includes:
Initialization step distributes ID, and complete the edge using registration body for edge service equipment each in network Service equipment and the public private key pair of the registration body generate;
Registration step completes the registration of edge customer of request service and the generation of master key;
Authenticating step realizes pair of the edge customer and the edge service equipment using the improved aes algorithm To authentication.
Preferably, the improved aes algorithm includes the improvement of row hybrid matrix, wherein, improved row mixing Matrix A is:
Wherein, the improved row hybrid matrix A is in finite field gf (28) on inverse matrix and the improved row Hybrid matrix A is identical.
Preferably, the improved aes algorithm further includes the improvement of secret key extension, wherein, the secret key extension Improved method includes:
By Wi-4、Wi-3、Wi-2、Wi-1Calculate Wi、Wi+1、Wi+2、Wi+3, wherein, WiBy Wi-4With Wi-1It is calculated, Wi+1By WiWith Wi-2Exclusive or obtains, Wi+2、Wi+3It is not related to last round of key but be directly obtained by this round key, Wi+2By WiWith Wi+1It is different Or it obtains, Wi+3By Wi+1With Wi+2Exclusive or obtains;
The third word of every round key is exchanged with the third word of last round of key, the key after exchange is as a new round Sub-key.
Preferably, the registration body is located at high in the clouds and is responsible for the registration of each edge service equipment and secret key point in network Hair, wherein, the initialization step specifically includes:
The registration body is that each edge service equipment distributes unique ID in networkES, and with private key sRASignature is sent To the edge service equipment;
The edge service equipment is in the private key s for receiving the registration bodyRAAfter signature, with the public affairs of the registration body Key pRAVerify message;
Wherein, the registration body and the edge service equipment possess respective public private key pair, and private key is respectively respectively Keeping, the edge service equipment also possess the public key of the registration body, and the registration body also possesses the edge service The public key of equipment.
Preferably, the registration step specifically includes:
The edge customer of service is asked to send the ID of the edge customer to the registration bodyEU
The registration body checks the ID of the edge customer receivedEUWhether register;
If having registered, stop this registration step.
Preferably, the registration step specifically further includes:
If not registering, the registration body selects master key k at random for the edge customerEUAnd it is sent to the side Edge user;
The registration body calculates the secret key k of the edge service equipment under the conditions of the current edge customerES =H (IDE,IDES,kEU), and with the public key p of the edge service equipmentESIt is encrypted, then the private key with the registration body sRAThe edge service equipment is sent to after being signed;
The edge service equipment is after the receipt with the public key p of the registration bodyRAIt carries out verifying whether to be maliciously tampered, And with the private key s of the edge service equipmentESIt is decrypted to obtain the secret key kES, and store the secret key kESWith it is corresponding The edge customer IDEU
Preferably, the authenticating step specifically further includes:
The edge customer selects random number rEU, and the broadcast data < helloEdge, ID into networkEU,rEU>;
The edge service equipment checks the ID of the edge customer after the broadcast data is receivedEUWhether register, Stop process if not registering, if having registration by the ID with the edge customerEUThe corresponding secret key kESIt takes out;
The edge service equipment selects random number rES, and encrypt (r with the improved aes algorithmEU,rES), then It is replied to the edge customer
Preferably, the authenticating step specifically further includes:
The edge customer utilizes the edge service device id receivedESAnd owned IDE、kEUIt calculates kES, wherein, kES=H (IDE,IDES,kEU);
The edge customer k calculatedESEncryption data is decrypted with the random number after being decrypted, will described in Random number and the random number r of transmission after decryptionEUIt is compared, stops to continue to execute if equal, otherwise stop process;
The edge customer selects random data as session secret key ks, it is encrypted with the improved aes algorithm, Wherein encryption secret key is rES
The edge customer is to the edge service equipment transmission data
Preferably, the authenticating step specifically further includes:
The edge service equipment uses rESTo the data receivedIt is solved It is close to obtain the session secret key ks
If successful decryption and the encryption secret key r receivedESWith the secret key kESIt is equal, then certification complete, otherwise stop into Journey.
Technical solution provided by the invention realizes edge calculations using improved AES symmetric encipherment algorithms and hash scheduling algorithms Node bidirectional identity authentication, and symmetric encipherment algorithm high-performance and the advantage of flexibility are made full use of, it is kept away by improving aes algorithm Exempt from the phenomenon that cipher key attacks person derives original seed sub-key using a respective loops to occur, solve the two-way of edge calculations node Verify Your Identity questions have ensured that fringe node safely and efficiently communicates, and can meet edge calculations high dynamic, low time delay will It asks, and can safely and fast complete authentication between node.
Description of the drawings
Fig. 1 is the edge calculations node identities authentication method flow chart based on aes algorithm in an embodiment of the present invention;
Fig. 2 is the flow diagram of registration phase in an embodiment of the present invention;
Fig. 3 is the flow diagram of authentication phase in an embodiment of the present invention;
Fig. 4 is the schematic diagram of improved aes algorithm cipher key spreading in an embodiment of the present invention;
Fig. 5 is the schematic diagram that improved aes algorithm key exchanges flow in an embodiment of the present invention.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, it is right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
A kind of edge calculations node identities authentication method based on aes algorithm provided by the present invention will be carried out below detailed It describes in detail bright.
Referring to Fig. 1, for the edge calculations node identities authentication method stream based on aes algorithm in an embodiment of the present invention Cheng Tu.
In step sl, initialization step distributes ID, and complete using registration body for edge service equipment each in network It is generated into the public private key pair of the edge service equipment and the registration body.
In the present embodiment, edge calculations authentication is related to the registration body RA in high in the clouds, positioned at the side of network edge The edge service equipment ES and edge customer EU of request service, wherein, entire verification process includes initial phase, registration rank Section, authentication phase these three steps.
In the present embodiment, the registration body is located at high in the clouds and is responsible for the registration of each edge service equipment in network Distribute with secret key, wherein, the initialization step specifically includes:
The registration body is that each edge service equipment distributes unique ID in networkES, and with private key sRASignature is sent To the edge service equipment;
The edge service equipment is in the private key s for receiving the registration bodyRAAfter signature, with the public affairs of the registration body Key pRAVerify message;
Wherein, the registration body and the edge service equipment possess respective public private key pair, and private key is respectively respectively Keeping, the edge service equipment also possess the public key of the registration body, and the registration body also possesses the edge service The public key of equipment.
In step s 2, registration step completes the registration of edge customer of request service and the generation of master key.
In the present embodiment, entire registration phase is as shown in Fig. 2, the registration step specifically includes:
The edge customer of service is asked to send the ID of the edge customer to the registration bodyEU
The registration body checks the ID of the edge customer receivedEUWhether register;
If having registered, stop this registration step.
In the present embodiment, the registration step specifically further includes:
If not registering, the registration body selects master key k at random for the edge customerEUAnd it is sent to the side Edge user;
The registration body calculates the secret key k of the edge service equipment under the conditions of the current edge customerES =H (IDE,IDES,kEU), and with the public key p of the edge service equipmentESIt is encrypted, then the private key with the registration body sRAThe edge service equipment is sent to after being signed;
The edge service equipment is after the receipt with the public key p of the registration bodyRAIt carries out verifying whether to be maliciously tampered, And with the private key s of the edge service equipmentESIt is decrypted to obtain the secret key kES, and store the secret key kESWith it is corresponding The edge customer IDEU
In step s3, authenticating step realizes that the edge customer and the edge take using the improved aes algorithm The bidirectional identity authentication for equipment of being engaged in.
In the present embodiment, entire authentication phase is as shown in figure 3, wherein, the authenticating step specifically further includes:
The edge customer selects random number rEU, and the broadcast data < helloEdge, ID into networkEU,rEU>;
The edge service equipment checks the ID of the edge customer after the broadcast data is receivedEUWhether register, Stop process if not registering, if having registration by the ID with the edge customerEUThe corresponding secret key kESIt takes out;
The edge service equipment selects random number rES, and encrypt (r with the improved aes algorithmEU,rES), then It is replied to the edge customer
In the present embodiment, the authenticating step specifically further includes:
The edge customer utilizes the edge service device id receivedESAnd owned IDE、kEUIt calculates kES, wherein, kES=H (IDE,IDES,kEU);
The edge customer k calculatedESEncryption data is decrypted with the random number after being decrypted, will described in Random number and the random number r of transmission after decryptionEUIt is compared, stops to continue to execute if equal, otherwise stop process;
The edge customer selects random data as session secret key ks, it is encrypted with the improved aes algorithm, Wherein encryption secret key is rES
The edge customer is to the edge service equipment transmission data
Preferably, the authenticating step specifically further includes:
The edge service equipment uses rESTo the data receivedIt is solved It is close to obtain the session secret key ks
If successful decryption and the encryption secret key r receivedESWith the secret key kESIt is equal, then certification complete, otherwise stop into Journey.
In the present embodiment, improved aes algorithm includes the improvement two of improvement and the secret key extension of row hybrid matrix A part.
In the present embodiment, row mixing is divided into positive nematic mixing (MC) and reverse row mixing (IMC), is all to state square Battle array progress is individually operated, is all in finite field gf (2 by each row of the state matrix of input and a fixed multinomial8) on It is multiplied, then modulo polynomial x4+ 1, wherein the mixing of positive nematic, using formula (1), reverse row are used in mixed way formula (2).
Positive nematic mixing fixed matrix is simpler than reverse row mixing fixed matrix it can be seen from above-mentioned formula (1), (2) It is more, positive mixcolumns need to perform 4 xor operations and 2 xtime multiplyings, and inverse mixcolumns need execution 9 Secondary xor operations and 12 xtime multiplyings, this is also that reverse time-consuming mixed than positive nematic of row mixing takes more reasons.
Therefore, the present invention uses minimum form matrix (namely improved row hybrid matrix A), wherein, improved row Hybrid matrix A is:
Wherein, the improved row hybrid matrix A is in finite field gf (28) on inverse matrix and the improved row Hybrid matrix A is identical, is that computation complexity is identical with positive nematic mixing computation complexity in this way carrying out inverse row mixing, need to be into 4 xor operations of row and 2 xtime multiplyings so, save decryption time, improve aes algorithm efficiency.
In the present embodiment, the improved aes algorithm further includes the improvement of secret key extension, as shown in figure 4, its In, the improved method of the secret key extension includes:
By Wi-4、Wi-3、Wi-2、Wi-1Calculate Wi、Wi+1、Wi+2、Wi+3, wherein, WiBy Wi-4With Wi-1It is calculated, Wi+1By WiWith Wi-2Exclusive or obtains, Wi+2、Wi+3It is not related to last round of key but be directly obtained by this round key, Wi+2By WiWith Wi+1It is different Or it obtains, Wi+3By Wi+1With Wi+2Exclusive or obtains;
The third word of every round key is exchanged with the third word of last round of key, the key after exchange is as a new round Sub-key.
In the present embodiment, key is equally converted as unit of byte, is represented with the two-dimensional array of 4 rows, The realization of cipher key spreading is the mode directly extended, and algorithm is made to have higher efficiency, and the encryption of 128b carries out the operation of 10 wheels, Along with initial seed key, primary complete encryption totally 11 grouping.Cipher key spreading process is by Wi-4、Wi-3、Wi-2、Wi-1It calculates Wi、Wi+1、Wi+2、Wi+3, realize that process is learnt from above-mentioned cipher key spreading, although often wheel carries out complex transformations, exist with upper wheel Strong correlation.Assuming that attacker obtains a respective loops, then only need to guess 232It is secondary to derive last round of sub-key, with It causes in deriving all sub-keys including seed key.Therefore it needs to be improved cipher key spreading and both keeps original cipher key It extends high efficiency and improves algorithm one-way as far as possible again, make algorithm backstepping that can not realize.
In the present embodiment, as shown in Figure 4, extension basic procedure is constant, by W for the improved method of cipher key spreadingi-4、 Wi-3、Wi-2、Wi-1Calculate Wi、Wi+1、Wi+2、Wi+3, WiBy Wi-4With Wi-1It is calculated, Wi+1By WiWith Wi-2Exclusive or obtains, Wi+2、 Wi+3It is not related to last round of key but be directly obtained by this round key, Wi+2By WiWith Wi+1Exclusive or obtains, Wi+3By Wi+1With Wi+2Exclusive or obtains.
In the present embodiment, then by the third word of every round key with last round of key third word it exchanges, such as Fig. 5 institutes Show, the key after exchange is as new round sub-key.Accordingly even when the 3rd, 4 can not also be derived by guessing the first two word of key A word, if it is desired to obtaining a respective loops, it is necessary to all guess by the first two word of ten respective loops.Need 2128It is secondary, it is and sudden and violent Power, which cracks, to compare favourably.And W2It is not involved in calculating, seed key can not be obtained, attacker cannot obtain all keys, enhance Key safety.
Technical solution provided by the invention realizes edge calculations using improved AES symmetric encipherment algorithms and hash scheduling algorithms Node bidirectional identity authentication, and symmetric encipherment algorithm high-performance and the advantage of flexibility are made full use of, it is kept away by improving aes algorithm Exempt from the phenomenon that cipher key attacks person derives original seed sub-key using a respective loops to occur, solve the two-way of edge calculations node Verify Your Identity questions have ensured that fringe node safely and efficiently communicates, and can meet edge calculations high dynamic, low time delay will It asks, and can safely and fast complete authentication between node.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention All any modification, equivalent and improvement made within refreshing and principle etc., should all be included in the protection scope of the present invention.

Claims (9)

1. a kind of edge calculations node identities authentication method based on aes algorithm, which is characterized in that the method includes:
Initialization step distributes ID, and complete the edge service using registration body for edge service equipment each in network Equipment and the public private key pair of the registration body generate;
Registration step completes the registration of edge customer of request service and the generation of master key;
Authenticating step realizes the edge customer and the two-way body of the edge service equipment using the improved aes algorithm Part certification.
2. the edge calculations node identities authentication method based on aes algorithm as described in claim 1, which is characterized in that described The improved aes algorithm includes the improvement of row hybrid matrix, wherein, improved row hybrid matrix A is:
Wherein, the improved row hybrid matrix A is in finite field gf (28) on inverse matrix and the improved row mixed moment Battle array A is identical.
3. the edge calculations node identities authentication method based on aes algorithm as claimed in claim 2, which is characterized in that described The improved aes algorithm further includes the improvement of secret key extension, wherein, the improved method of the secret key extension includes:
By Wi-4、Wi-3、Wi-2、Wi-1Calculate Wi、Wi+1、Wi+2、Wi+3, wherein, WiBy Wi-4With Wi-1It is calculated, Wi+1By WiWith Wi-2Exclusive or obtains, Wi+2、Wi+3It is not related to last round of key but be directly obtained by this round key, Wi+2By WiWith Wi+1Exclusive or It obtains, Wi+3By Wi+1With Wi+2Exclusive or obtains;
The third word of every round key is exchanged with the third word of last round of key, the key after exchange is close as new round Key.
4. the edge calculations node identities authentication method based on aes algorithm as claimed in claim 3, which is characterized in that described Registration body is located at high in the clouds and is responsible for the registration of each edge service equipment and secret key distribution in network, wherein, the initialization Step specifically includes:
The registration body is that each edge service equipment distributes unique ID in networkES, and with private key sRASignature is sent to institute State edge service equipment;
The edge service equipment is in the private key s for receiving the registration bodyRAAfter signature, with the public key p of the registration bodyRA Verify message;
Wherein, the registration body and the edge service equipment possess respective public private key pair, and private key is respectively taken care of respectively, The edge service equipment also possesses the public key of the registration body, and the registration body also possesses the edge service equipment Public key.
5. the edge calculations node identities authentication method based on aes algorithm as claimed in claim 4, which is characterized in that described Registration step specifically includes:
The edge customer of service is asked to send the ID of the edge customer to the registration bodyEU
The registration body checks the ID of the edge customer receivedEUWhether register;
If having registered, stop this registration step.
6. the edge calculations node identities authentication method based on aes algorithm as claimed in claim 5, which is characterized in that described Registration step specifically further includes:
If not registering, the registration body selects master key k at random for the edge customerEUAnd it is sent to the edge and uses Family;
The registration body calculates the secret key k of the edge service equipment under the conditions of the current edge customerES=H (IDE,IDES,kEU), and with the public key p of the edge service equipmentESIt is encrypted, then the private key s with the registration bodyRAInto The edge service equipment is sent to after row signature;
The edge service equipment is after the receipt with the public key p of the registration bodyRAIt carries out verifying whether to be maliciously tampered, be used in combination The private key s of the edge service equipmentESIt is decrypted to obtain the secret key kES, and store the secret key kESWith corresponding institute State the ID of edge customerEU
7. the edge calculations node identities authentication method based on aes algorithm as claimed in claim 6, which is characterized in that described Authenticating step specifically further includes:
The edge customer selects random number rEU, and the broadcast data < helloEdge, ID into networkEU,rEU>;
The edge service equipment checks the ID of the edge customer after the broadcast data is receivedEUWhether register, if not having There is registration then to stop process, by the ID with the edge customer if having registrationEUThe corresponding secret key kESIt takes out;
The edge service equipment selects random number rES, and encrypt (r with the improved aes algorithmEU,rES), then to institute It states edge customer and replys < IDE,IDEU,IDES,EkES(rEU,rES) >.
8. the edge calculations node identities authentication method based on aes algorithm as claimed in claim 7, which is characterized in that described Authenticating step specifically further includes:
The edge customer utilizes the edge service device id receivedESAnd owned IDE、kEUCalculate kES, In, kES=H (IDE,IDES,kEU);
The edge customer k calculatedESEncryption data is decrypted with the random number after being decrypted, by the decryption Random number afterwards and the random number r sentEUIt is compared, stops to continue to execute if equal, otherwise stop process;
The edge customer selects random data as session secret key ks, it is encrypted with the improved aes algorithm, wherein Encryption secret key is rES
The edge customer is to the edge service equipment transmission data < IDE,IDEU,IDES,ErES(ks, rES) >.
9. the edge calculations node identities authentication method based on aes algorithm as claimed in claim 8, which is characterized in that described Authenticating step specifically further includes:
The edge service equipment uses rESTo the data < ID receivedE,IDEU,IDES,ErES(ks, rES) > be decrypted with Obtain the session secret key ks
If successful decryption and the encryption secret key r receivedESWith the secret key kESEqual, then certification is completed, and otherwise stops process.
CN201810172441.8A 2018-03-01 2018-03-01 AES algorithm-based edge computing node identity authentication method Expired - Fee Related CN108173882B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810172441.8A CN108173882B (en) 2018-03-01 2018-03-01 AES algorithm-based edge computing node identity authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810172441.8A CN108173882B (en) 2018-03-01 2018-03-01 AES algorithm-based edge computing node identity authentication method

Publications (2)

Publication Number Publication Date
CN108173882A true CN108173882A (en) 2018-06-15
CN108173882B CN108173882B (en) 2020-07-31

Family

ID=62510866

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810172441.8A Expired - Fee Related CN108173882B (en) 2018-03-01 2018-03-01 AES algorithm-based edge computing node identity authentication method

Country Status (1)

Country Link
CN (1) CN108173882B (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246209A (en) * 2018-08-30 2019-01-18 广元量知汇科技有限公司 Forestry Internet of Things secure communication management method
CN109873815A (en) * 2019-01-28 2019-06-11 西安电子科技大学 Isomeric compound networking certification method based on edge calculations, Internet of Things security platform
CN110958111A (en) * 2019-12-09 2020-04-03 广东电网有限责任公司 Electric power mobile terminal identity authentication mechanism based on block chain
CN111049814A (en) * 2019-12-04 2020-04-21 苏州大学 Method for computing and verifying pollution attack in edge computing environment
CN111147472A (en) * 2019-12-23 2020-05-12 全球能源互联网研究院有限公司 Lightweight authentication method and system for intelligent electric meter under edge computing scene
CN111182551A (en) * 2020-01-07 2020-05-19 中国联合网络通信集团有限公司 Network security protection method and system
CN111294352A (en) * 2020-02-03 2020-06-16 国家工业信息安全发展研究中心 Data security authentication method between cloud and edge node
CN111355745A (en) * 2020-03-12 2020-06-30 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
CN111935714A (en) * 2020-07-13 2020-11-13 兰州理工大学 Identity authentication method in mobile edge computing network
CN112347513A (en) * 2020-11-13 2021-02-09 北京科技大学 Block chain node identity authentication method and system based on channel state information
CN112637298A (en) * 2020-12-15 2021-04-09 中国联合网络通信集团有限公司 Authentication method and member node
CN112866197A (en) * 2020-12-31 2021-05-28 北京安御道合科技有限公司 Password edge calculation method and system for realizing security of terminal of Internet of things and terminal
WO2022067654A1 (en) * 2020-09-30 2022-04-07 Lenovo (Beijing) Limited Key-based authentication for a mobile edge computing network
WO2023070433A1 (en) * 2021-10-28 2023-05-04 Apple Inc. Authentication between wireless devices and edge servers

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970679A (en) * 2012-11-21 2013-03-13 联想中望系统服务有限公司 Identity-based safety signature method
US20140208099A1 (en) * 2013-01-21 2014-07-24 Alcatel-Lucent Canada Inc. Service plane encryption in ip/mpls networks
CN106203047A (en) * 2016-07-08 2016-12-07 钟林超 A kind of movable storage device with identification verification function

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970679A (en) * 2012-11-21 2013-03-13 联想中望系统服务有限公司 Identity-based safety signature method
US20140208099A1 (en) * 2013-01-21 2014-07-24 Alcatel-Lucent Canada Inc. Service plane encryption in ip/mpls networks
CN106203047A (en) * 2016-07-08 2016-12-07 钟林超 A kind of movable storage device with identification verification function

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246209B (en) * 2018-08-30 2019-07-09 张家口市金诚科技有限责任公司 Forestry Internet of Things secure communication management method
CN109246209A (en) * 2018-08-30 2019-01-18 广元量知汇科技有限公司 Forestry Internet of Things secure communication management method
CN111371730B (en) * 2018-12-26 2021-11-30 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
CN111371730A (en) * 2018-12-26 2020-07-03 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene
CN109873815B (en) * 2019-01-28 2021-07-02 西安电子科技大学 Heterogeneous Internet of things authentication method based on edge computing and Internet of things security platform
CN109873815A (en) * 2019-01-28 2019-06-11 西安电子科技大学 Isomeric compound networking certification method based on edge calculations, Internet of Things security platform
CN111049814A (en) * 2019-12-04 2020-04-21 苏州大学 Method for computing and verifying pollution attack in edge computing environment
CN111049814B (en) * 2019-12-04 2021-09-28 苏州大学 Method for computing and verifying pollution attack in edge computing environment
CN110958111A (en) * 2019-12-09 2020-04-03 广东电网有限责任公司 Electric power mobile terminal identity authentication mechanism based on block chain
CN110958111B (en) * 2019-12-09 2023-09-08 广东电网有限责任公司 Block chain-based identity authentication mechanism of electric power mobile terminal
CN111147472A (en) * 2019-12-23 2020-05-12 全球能源互联网研究院有限公司 Lightweight authentication method and system for intelligent electric meter under edge computing scene
CN111182551A (en) * 2020-01-07 2020-05-19 中国联合网络通信集团有限公司 Network security protection method and system
CN111182551B (en) * 2020-01-07 2022-09-02 中国联合网络通信集团有限公司 Network security protection method and system
CN111294352A (en) * 2020-02-03 2020-06-16 国家工业信息安全发展研究中心 Data security authentication method between cloud and edge node
CN111294352B (en) * 2020-02-03 2022-06-14 国家工业信息安全发展研究中心 Data security authentication method between cloud and edge node
CN111355745A (en) * 2020-03-12 2020-06-30 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
CN111355745B (en) * 2020-03-12 2021-07-06 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
CN111935714B (en) * 2020-07-13 2022-11-22 兰州理工大学 Identity authentication method in mobile edge computing network
CN111935714A (en) * 2020-07-13 2020-11-13 兰州理工大学 Identity authentication method in mobile edge computing network
WO2022067654A1 (en) * 2020-09-30 2022-04-07 Lenovo (Beijing) Limited Key-based authentication for a mobile edge computing network
CN112347513A (en) * 2020-11-13 2021-02-09 北京科技大学 Block chain node identity authentication method and system based on channel state information
CN112347513B (en) * 2020-11-13 2024-02-13 北京科技大学 Block chain node identity authentication method and system based on channel state information
CN112637298A (en) * 2020-12-15 2021-04-09 中国联合网络通信集团有限公司 Authentication method and member node
CN112866197A (en) * 2020-12-31 2021-05-28 北京安御道合科技有限公司 Password edge calculation method and system for realizing security of terminal of Internet of things and terminal
WO2023070433A1 (en) * 2021-10-28 2023-05-04 Apple Inc. Authentication between wireless devices and edge servers

Also Published As

Publication number Publication date
CN108173882B (en) 2020-07-31

Similar Documents

Publication Publication Date Title
CN108173882A (en) Edge calculations node identities authentication method based on aes algorithm
CN109584978B (en) Information processing method and system based on signature aggregation medical health monitoring network model
CN105245326B (en) A kind of smart grid security communication means based on combination pin
CN105827402B (en) A kind of distribution is open to can verify that random digit generation method
CN107342859B (en) A kind of anonymous authentication method and its application
Tseng et al. A chaotic maps-based key agreement protocol that preserves user anonymity
CN110650017B (en) Non-bilinear pairing multi-message multi-receiver signcryption method and Internet of things communication system
CN107437993A (en) One kind is based on without the side's authentication key agreement method of certificate two and device
CN106130716A (en) Cipher key exchange system based on authentication information and method
CN107659395A (en) The distributed authentication method and system of identity-based under a kind of environment of multi-server
CN107294696B (en) Method for distributing full homomorphic keys for Leveled
CN106059775B (en) CFL manages mode implementation method concentratedly
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN103023646B (en) The polymerisable label decryption method of a kind of label ciphertext
CN116049897A (en) Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption
CN109104278A (en) A kind of encrypting and decrypting method
Zuo et al. Security analysis of quantum multi-signature protocol based on teleportation
CN111030821B (en) Encryption method of alliance chain based on bilinear mapping technology
CN106850584B (en) A kind of anonymous authentication method of curstomer-oriented/server network
Irshad et al. A low-cost privacy preserving user access in mobile edge computing framework
CN110890961B (en) Novel safe and efficient multi-authorization attribute-based key negotiation protocol
CN110336775B (en) Quantum group authentication method based on Grover algorithm
Shi et al. Verifiable quantum key exchange with authentication
JP2004328293A (en) Electronic ticket, electronic ticket system, authentication system, and information processing system
Wu et al. A secure quantum sealed-bid auction protocol based on quantum public key encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200731

CF01 Termination of patent right due to non-payment of annual fee