CN108574699B - Communication connection method and system, Internet of things equipment system and storage medium - Google Patents

Communication connection method and system, Internet of things equipment system and storage medium Download PDF

Info

Publication number
CN108574699B
CN108574699B CN201810804245.8A CN201810804245A CN108574699B CN 108574699 B CN108574699 B CN 108574699B CN 201810804245 A CN201810804245 A CN 201810804245A CN 108574699 B CN108574699 B CN 108574699B
Authority
CN
China
Prior art keywords
network service
management platform
service management
sensor node
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810804245.8A
Other languages
Chinese (zh)
Other versions
CN108574699A (en
Inventor
张广驰
张振华
崔苗
林凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201810804245.8A priority Critical patent/CN108574699B/en
Publication of CN108574699A publication Critical patent/CN108574699A/en
Application granted granted Critical
Publication of CN108574699B publication Critical patent/CN108574699B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Abstract

The application discloses a communication connection method, a communication connection system and a storage medium, which are applied to an Internet of things equipment system, wherein the Internet of things equipment system comprises an authentication server, a network service management platform and a sensor node, and the method comprises the following steps: the authentication server initializes and discloses key parameters so that each node generates a respective public key and a private key according to the key parameters; the private key is updated according to the current time; when a sensor node requests to join, receiving a check application group through the network service management platform; decrypting the verification application packet through a private key at the current time, and verifying the identity information of the network service management platform and the sensor node according to a decryption result; and the verification result is sent to the network service management platform and the sensor node, so that either one of the network service management platform and the sensor node establishes communication connection after judging the identity information of the other party, and the communication safety among the devices in the Internet of things device system is enhanced.

Description

Communication connection method and system, Internet of things equipment system and storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a communication connection method, system, and device and a computer-readable storage medium.
Background
Currently, the internet of things equipment is widely applied to the fields of military national defense, environmental monitoring, medical health, industrial and high-risk data monitoring and the like. The application value and the scientific research value of the method are highly concerned by countries in the world. Because the architecture of the internet of things equipment is open, the security of the network is determined to be poor by some characteristics of the internet of things equipment, and lawless persons can easily eavesdrop, intercept and forge transmitted information, so that the security becomes one of the key problems to be solved urgently by the internet of things equipment.
The authentication verification method in the prior art comprises the following steps: 1) the second attestation system sends a message 1 to the first attestation system; 2) after receiving the message 1, the first certification system sends a message 2 to the second certification system; 3) after receiving the message 2, the second certification system sends a message 3 to a trusted third party; 4) after receiving the message 3, the trusted third party sends a message 4 to the second certification system; 5) after receiving the message 4, the second certification system sends a message 5 to the first certification system; 6) the first attestation system, upon receiving message 5, performs access control.
When the ternary peer-to-peer architecture is applied between a mobile device, a network platform and a trusted third party, there is a problem of certificate management between the three elements. The first condition is as follows: each device presets a digital certificate in the production process and always uses the certificate for identity authentication. In this case, it is easy for an attacker to perform collision attack on the digital signature of the certificate, so as to crack the digital signature of the certificate. Case two: through the ternary network, the equipment terminal requests the trusted third party to update the digital certificate, and the digital certificate is transmitted through the network between the equipment terminal and the trusted third party. In this case, the communication data is intercepted by an attacker during transmission, and once the eavesdropper acquires the digital certificate directly encrypted by each unit, the information of the system is completely mastered by the attacker.
Therefore, how to enhance the security of communication between devices in the internet of things device system is a problem to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide a communication connection method, a communication connection system, communication equipment and a computer readable storage medium, and the communication safety between the equipment in an internet of things equipment system is enhanced.
In order to achieve the above object, the present application provides a communication connection method, which is applied to an internet of things device system, where the internet of things device system includes an authentication server, a network service management platform, and a sensor node, and the communication connection method includes:
the authentication server initializes and discloses key parameters so that each node in the Internet of things equipment system can generate a respective public key and a private key according to the key parameters; wherein the private key is updated according to the current time;
when the sensor node requests to join the Internet of things equipment system, the authentication server receives a check application packet through the network service management platform; the inspection application group comprises a public key and identity information encrypted by the network service management platform and a public key and identity information encrypted by the sensor node;
the authentication server decrypts the verification application packet through a private key at the current time, and verifies the identity information of the network service management platform and the sensor node according to a decryption result;
and the authentication server sends the verification result to the network service management platform and the sensor node so as to establish communication connection after any one of the network service management platform and the sensor node judges the identity information of the other party to be safe.
Wherein, when the sensor node requests to join the internet of things equipment system, the authentication server receives a verification application packet through the network service management platform, and the method comprises the following steps:
when the sensor node requests to join the Internet of things equipment system, the network service management platform sends a challenge inquiry group to the sensor node; wherein the challenge set comprises the key parameter and a public key of the authentication server;
the sensor node sends an access request packet to the network service management platform; the access request packet comprises a public key and identity information encrypted by the sensor node;
the network service management platform generates an intermediate parameter according to the key parameter, the current time and the identity information of the network service management platform, and sends the verification application packet to the authentication server; wherein the check application packet includes an encrypted intermediate packet and the access request packet, and the intermediate packet includes a public key of the network service management platform, identity information, and the intermediate parameter.
Wherein, the authentication server sends the verification result to the network service management platform and the sensor node, so that after any one of the network service management platform and the sensor node judges that the identity information of the other party is safe, communication connection is established, and the method comprises the following steps:
the authentication server sends a verification application response to the network service management platform; the verification application response comprises a verification result of the network service management platform, a verification result of the sensor node and a public key of the authentication server;
the network service management platform sends an access request response to the sensor node after judging the identity information security of the sensor node according to the verification result of the sensor node; wherein the access request response comprises a verification result of the network service management platform node and a public key of the authentication server;
and after judging the identity information safety of the network service management platform according to the verification result of the network service management platform, the sensor node establishes communication connection with the network service management platform.
The private key generation algorithm specifically comprises the following steps:
v=H1(IDA);
u-1=H2(IDA,-1),u0=H2(IDA,0);
Figure BDA0001737805980000031
Figure BDA0001737805980000032
wherein A is the authentication server or the network service management platform or the sensor node, IDAIdentity information of A, xAIs a secret value of A, SA,0For the generated initial private key,H1、H2、s1、s2The key parameter is a parameter in the key parameters;
the public key generation algorithm specifically comprises:
Figure BDA0001737805980000033
wherein, PKAAnd a is a parameter in the key parameters for the generated public key.
After each node in the internet of things device system generates a respective public key and a respective private key according to the key parameter, the method further includes:
checking a key pair consisting of the private key and the public key by using a check formula;
the check formula specifically includes:
Figure BDA0001737805980000034
wherein e is bilinear pairwise mapping in the key parameters, a, s1Is a parameter in the key parameters.
The encryption mode of the public key and the identity information of the network service management platform or the sensor node is specifically as follows:
ui-1=H2(IDA,i-1),ui=H2(IDA,i);
Figure BDA0001737805980000041
Figure BDA0001737805980000042
wherein A is the network service management platform or the sensor node, IDAIdentity information of A, xASecret value of A, H3Is a parameter of the key parameters that is,m is the plaintext of the identity information, r is a random number, i is the current time, e is the bilinear pairwise mapping in the key parameters,
Figure BDA0001737805980000043
Figure BDA0001737805980000044
a、s1is a parameter of the key parameters that is,
Figure BDA0001737805980000045
is exclusive-or operation, and C is the encryption result.
After verifying the identity information of the network service management platform and the sensor node according to the decryption result, the method further comprises the following steps:
the authentication server updates the private key according to an updating algorithm;
the updating algorithm specifically comprises the following steps:
SA,i=SA,i-1·HKi
wherein A is the authentication server or the network service management platform or the sensor node, SA,i-1Is the private key of the last time, SA,iA private key that is the current time; HKiIs the intermediate parameter;
wherein, HKiThe calculation steps are as follows:
when i ═ j mod 2, ui-2=H2(IDA,i-2),ui=H2(IDA,i);
Figure BDA0001737805980000046
Figure BDA0001737805980000047
Wherein i is the current time, j is 1 or 2, IDAIdentity information of A, H2、sjIs a parameter in the key parameters.
In order to achieve the above object, the present application provides a communication connection system, which is applied to an internet of things device system, the internet of things device system includes an authentication server, a network service management platform, and a sensor node, and the communication connection system includes:
the initialization module is used for initializing and disclosing key parameters so that each node in the Internet of things equipment system can generate a respective public key and a private key according to the key parameters; wherein the private key is updated according to the current time;
the receiving module is used for receiving a check application group through the network service management platform when the sensor node requests to join the Internet of things equipment system; the inspection application group comprises a public key and identity information encrypted by the network service management platform and a public key and identity information encrypted by the sensor node;
the verification module is used for decrypting the verification application packet through a private key at the current time and verifying the identity information of the network service management platform and the sensor node according to a decryption result;
and the sending module is used for sending the verification result to the network service management platform and the sensor node so as to establish communication connection after any one of the network service management platform and the sensor node judges the identity information of the other party to be safe.
In order to achieve the above object, the present application provides an internet of things device system, which includes an authentication server, a network service management platform, and a sensor node;
the authentication server includes:
a first memory for storing a first computer program;
a first processor for implementing the steps of the above-described communication connection method when executing the first computer program;
the network service management platform comprises:
a second memory for storing a second computer program;
a second processor for implementing the steps of the above-described communication connection method when executing the second computer program;
the sensor node includes:
a third memory for storing a third computer program;
a third processor for implementing the steps of the above communication connection method when executing the first computer program.
To achieve the above object, the present application provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the above communication connection method.
According to the scheme, the communication connection method is applied to the Internet of things equipment system, the Internet of things equipment system comprises an authentication server, a network service management platform and sensor nodes, and the communication connection method comprises the following steps: the authentication server initializes and discloses key parameters so that each node in the Internet of things equipment system can generate a respective public key and a private key according to the key parameters; wherein the private key is updated according to the current time; when the sensor node requests to join the Internet of things equipment system, the authentication server receives a check application packet through the network service management platform; the inspection application group comprises a public key and identity information encrypted by the network service management platform and a public key and identity information encrypted by the sensor node; the authentication server decrypts the verification application packet through a private key at the current time, and verifies the identity information of the network service management platform and the sensor node according to a decryption result; and the authentication server sends the verification result to the network service management platform and the sensor node so as to establish communication connection after any one of the network service management platform and the sensor node judges the identity information of the other party to be safe.
According to the communication connection method, the authentication server updates the private key at random time through the key updating method, each encryption terminal updates the private key and then broadcasts and sends the currently matched public key mark, and the receiving terminal receives the mark and then synchronously updates the key, so that the safety of the system is improved, and the protection of the Internet of things equipment is enhanced. Under the condition that the customer experience is not influenced, each device in the Internet of things device system independently realizes the updating of the secret key, and the safety and reliability of the customer information are greatly improved. The application also discloses a communication connection system, an Internet of things equipment system and a computer readable storage medium, and the technical effects can be realized.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a communication connection method disclosed in an embodiment of the present application;
fig. 2 is a flowchart of another communication connection method disclosed in an embodiment of the present application;
fig. 3 is a block diagram of a communication connection system disclosed in an embodiment of the present application;
fig. 4 is a block diagram of another communication connection system disclosed in an embodiment of the present application;
fig. 5 is a structural diagram of an internet of things device system disclosed in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application discloses a communication connection method, which is applied to an Internet of things equipment system, wherein the Internet of things equipment system comprises an Authentication Server (AS), a network service management platform (NSP) and a sensor node (REQ), and the safety of communication among equipment in the Internet of things equipment system is enhanced.
Referring to fig. 1, a flowchart of a communication connection method disclosed in an embodiment of the present application is shown in fig. 1, and includes:
s101: initializing and disclosing key parameters so that each node in the Internet of things equipment system can generate a respective public key and a private key according to the key parameters; wherein the private key is updated according to the current time;
in the specific implementation, the AS initializes and discloses the key parameters, generates an AS private key by using a private key generation algorithm according to the key parameters, generates an AS public key by using a public key generation algorithm, and sends the AS public key to the NSP, and the NSP generates an NSP private key by using a private key generation algorithm according to the key parameters and generates an NSP public key by using a public key generation algorithm. In this embodiment, a specific generation algorithm of the private key and the public key is not limited, and a person skilled in the art can select the generation algorithm flexibly, but it should be noted that the private key is updated in real time at the current time, and a specific update algorithm of the private key is not limited here.
S102: when the sensor node requests to join the Internet of things equipment system, receiving a check application packet through the network service management platform; the inspection application group comprises a public key and identity information encrypted by the network service management platform and a public key and identity information encrypted by the sensor node;
in a specific implementation, when the sensor node requests to join, a request, i.e., a check application packet, may be sent to the AS through the NSP, so that the AS verifies the identity information of the REQ and the NSP. The embodiment does not limit the specific construction process of the verification application packet, for example, the specific construction process is as follows:
the NSP sends a challenge set to the REQ, which includes the key parameters and the AS public key. The REQ generates a REQ private key by using a private key generation algorithm according to the key parameters, generates a REQ public key by using a public key generation algorithm, encrypts REQ identity information by using the REQ public key, and sends an access request packet to the NSP. The specific encryption process of the identity information is not limited herein, and those skilled in the art can flexibly select the encryption process according to the actual situation.
The NSP generates an intermediate parameter according to the key parameter, the current time and the NSP identity information, and sends a verification application packet to the AS, wherein the verification application packet comprises an encrypted intermediate packet and an access request packet, and the intermediate packet comprises an NSP public key, NSP identity information and the intermediate parameter.
S103: decrypting the verification application packet through a private key at the current time, and verifying the identity information of the network service management platform and the sensor node according to a decryption result;
in a specific implementation, after receiving the verification application packet, the AS needs to perform a decryption operation using a private key of the current time, where the specific process of the decryption operation is also not limited herein, but needs to correspond to the encryption process in the previous step.
S104: and sending the verification result to the network service management platform and the sensor node so as to establish communication connection after any one of the network service management platform and the sensor node judges the identity information of the other party to be safe.
In a specific implementation, the AS sends a verification application response to the NSP, where the verification application response includes an NSP verification result, a REQ verification result, and an AS public key. And after judging that the REQ identity information is safe according to the REQ verification result, the NSP sends an access request response to the REQ, wherein the access request response comprises the NSP verification result and the AS public key. And after the REQ judges that the NSP identity information is safe according to the NSP verification result, establishing communication connection with the NSP.
According to the communication connection method provided by the embodiment of the application, the authentication server updates the private key at random time through the key updating method, each encryption terminal updates the private key and then broadcasts and sends the currently matched public key mark, and the receiving terminal receives the mark and then synchronously updates the key, so that the safety of the system is improved, and the protection of the Internet of things equipment is enhanced. Under the condition that the customer experience is not influenced, each device in the Internet of things device system independently realizes the updating of the secret key, and the safety and reliability of the customer information are greatly improved.
The embodiment of the application discloses a communication connection method, and compared with the previous embodiment, the embodiment further explains and optimizes the technical scheme. Specifically, the method comprises the following steps:
referring to fig. 2, a flowchart of another communication connection method provided in the embodiment of the present application is shown in fig. 2, and includes:
s201: the authentication server initializes and discloses key parameters so that each node in the Internet of things equipment system can generate a respective public key and a private key according to the key parameters; wherein the private key is updated according to the current time;
in the specific implementation, firstly, a safety parameter k epsilon Z is preset in the AS+And further realizing initialization, comprising the following specific steps: setting a multiplicative group G1And G2With the order of q, randomly selecting a generator a belonging to G1To obtain a bilinear enantiomer e: G1×G1→G2And determining a hash function H in the selective encryption algorithm1、H2And H3
Wherein H1:{0,1}*→G1,H2:{0,1}*×Z+→G1,H3:G1×G1→{0,1}*
Random selection
Figure BDA0001737805980000091
Defining public key parameters
Figure BDA0001737805980000092
And
Figure BDA0001737805980000093
will s1、s2Defined as the master-key of the system and discloses the key parameter params ═ G1,G2,q,e,a,p1,p2)。
The AS sends the current key parameter params,Public key PKASSent to the NSP, which receives { params, PK from the ASASFourthly, according to the ID of the identity informationNSPOutputting secret value x by secret value generation algorithm through secret key parameter paramsNSP∈ZqHere, the secret value generation algorithm is a conventional technical means in the prior art. Calculating the public key PK of the NSP through a public key generation algorithm and an initial key generation algorithmNSPAnd private key, and wait for a new REQ to join.
Preferably, the private key generation algorithm of each node in the system is specifically:
v=H1(IDA);
u-1=H2(IDA,-1),u0=H2(IDA,0);
Figure BDA0001737805980000094
Figure BDA0001737805980000095
wherein A is the authentication server or the network service management platform or the sensor node, IDAIdentity information of A, xAIs a secret value of A, SA,0To generate the initial private key, H1、H2、s1、s2The key parameter is a parameter in the key parameters;
preferably, the public key generation algorithm of each node in the system is specifically:
Figure BDA0001737805980000096
wherein, PKAAnd a is a parameter in the key parameters for the generated public key.
S221: when the sensor node requests to join the Internet of things equipment system, the network service management platform sends a challenge inquiry group to the sensor node;
wherein the challenge set comprises the key parameter and a public key of the authentication server;
when a new REQ joins the system network, the NSP challenges the identity information of the REQ, and the NSP sends a challenge packet { params, PK to the REQAS}。
S222: the sensor node sends an access request packet to the network service management platform;
the access request packet comprises a public key and identity information encrypted by the sensor node;
REQ receives the challenge packet, identifies the key parameter params in the packet, and calculates the secret value x by the secret value generation algorithmREQ∈ZqAnd according to self-identity information IDREQSecret value xREQAnd the key parameter params calculates an initial private key and a public key PK through an initial key generation algorithmREQ. Preferably, after the key pair is generated, a verification step of the key pair may be further included. In particular, the verification of the check equation
Figure BDA0001737805980000101
And if not, outputting error information and judging that the access verification is unsuccessful. Wherein e is bilinear pairwise mapping in the key parameters, a, s1Is a parameter in the key parameters. If the check is successful, REQ constructs an access request packet { N }REQ,PKREQ,IREQAnd PK is usedREQAnd encrypting the identity verification information. Wherein N isREQIs a random real number, IREQThe identity check information for the REQ includes node identity information and a digital signature of the identity information of the REQ. It will be appreciated that each node in the system may include the verification steps described above after generating the key pair.
S223: the network service management platform generates an intermediate parameter according to the key parameter, the current time and the identity information of the network service management platform, and sends the verification application packet to the authentication server;
wherein the check application packet includes an encrypted intermediate packet and the access request packet, and the intermediate packet includes a public key of the network service management platform, identity information, and the intermediate parameter.
Due to the principle of isolation from the coordinator at the key generation center and power consumption issues of the sensor nodes, the coordinator is placed on the NSP. Helper key generation by partial private key parameter sjParams and the current time period i e {1,2, …, N } of the system, and the identity information ID of the preset system nodeAGenerating intermediate parameters by performing the following operations:
when i ═ j mod 2, ui-2=H2(IDA,i-2),ui=H2(IDA,i);
Figure BDA0001737805980000102
Figure BDA0001737805980000103
Wherein i is the current time, j is 1 or 2, IDAIdentity information of A, H2、sjIs a parameter in the key parameters.
NSP uses PKNSPFor { NNSP,PKNSP,INSP,HKiEncrypting, merging the access request packet and the encrypted identity information to construct a check application packet { N }REQ,NNSP,PKREQ,PKNSP,IREQ,INSP,HKiAnd sending the data to the AS.
The encryption mode of the public key and the identity information of the network service management platform or the sensor node is specifically as follows:
ui-1=H2(IDA,i-1),ui=H2(IDA,i);
Figure BDA0001737805980000111
Figure BDA0001737805980000112
wherein A is the network service management platform or the sensor node, IDAIdentity information of A, xASecret value of A, H3Is a parameter in the key parameter, M is a plaintext of identity information, r is a random number, i is the current time, e is a bilinear pairwise mapping in the key parameter,
Figure BDA0001737805980000113
Figure BDA0001737805980000114
a、s1is a parameter of the key parameters that is,
Figure BDA0001737805980000115
is exclusive-or operation, and C is the encryption result.
S203: the authentication server decrypts the verification application packet through a private key at the current time, and verifies the identity information of the network service management platform and the sensor node according to a decryption result;
after AS receives the check application packet, cipher text C is carried out<i,c0,c1>Decryption, the decryption algorithm is specifically:
W'=e(c0,SAS,i);
Figure BDA0001737805980000116
according to the plain text M ═ { PKREQ,PKNSP,IREQ,INSPIdentify and authenticate the identity information of the NSP and REQ and record their corresponding public keys. Once the identity authentication of the NSP and the REQ is completed, the AS updates the private key through an update algorithm, which specifically comprises:
SA,i=SA,i-1·HKi
wherein A is the authentication server or the network service management platform or the sensor node, SA,i-1Is the private key of the last time, SA,iA private key that is the current time; HKiIs the intermediate parameter;
and (2) carrying out public key and private key verification according to the verification formula, verifying the correctness of the key pair, outputting error information and disconnecting the connection with the NSP if the key pair is incorrect, and constructing a verification application response { (N) if the key pair is correctNSP,RESREQ),(NREQ,RESNSP),PKASAnd encrypting by using a corresponding public key according to the responded sending target.
S241: the authentication server sends a verification application response to the network service management platform;
the verification application response comprises a verification result of the network service management platform, a verification result of the sensor node and a public key of the authentication server;
it can be understood that after the AS sends the check application response, the S at the last time needs to be deletedAS,i-1And HKi
S242: the network service management platform sends an access request response to the sensor node after judging the identity information security of the sensor node according to the verification result of the sensor node;
wherein the access request response comprises a verification result of the network service management platform node and a public key of the authentication server;
NSP identifies and decrypts verification result information { N ] to REQ in verification application responseNSP,RESREQAccording to RESREQDetermining identity information of the REQ, and if the REQ is safe, constructing an access request response { N }REQ,RESNSP,PKASAnd sending the REQ, and if the REQ is unsafe, judging that the current REQ check fails.
S243: and after judging the identity information safety of the network service management platform according to the verification result of the network service management platform, the sensor node establishes communication connection with the network service management platform.
REQ identifies and decrypts verification result information { N ] for NSP in verification application responseREQ,RESNSPAccording to RESNSPAnd judging the identity information of the NSP, if the identity information is safe, establishing connection, and if the identity information is unsafe, judging that the verification fails.
A communication connection system provided in an embodiment of the present application is described below, and a communication connection system described below and a communication connection method described above may be referred to each other.
Referring to fig. 3, a structure diagram of a communication connection system according to an embodiment of the present application is shown in fig. 3, and includes:
an initialization module 301, configured to initialize and disclose key parameters, so that each node in the internet of things device system generates a respective public key and a respective private key according to the key parameters; wherein the private key is updated according to the current time;
a receiving module 302, configured to receive, through the network service management platform, an inspection application packet when the sensor node requests to join the internet of things device system; the inspection application group comprises a public key and identity information encrypted by the network service management platform and a public key and identity information encrypted by the sensor node;
the verification module 303 is configured to perform decryption operation on the verification application packet through a private key at the current time, and verify the identity information of the network service management platform and the identity information of the sensor node according to a decryption result;
a sending module 304, configured to send the verification result to the network service management platform and the sensor node, so that after any one of the network service management platform and the sensor node determines that the identity information of the other party is safe, a communication connection is established.
According to the communication connection system provided by the embodiment of the application, the authentication server updates the private key at random time through the key updating method, each encryption terminal updates the private key and then broadcasts and sends the currently matched public key mark, and the receiving terminal receives the mark and then synchronously updates the key, so that the safety of the system is improved, and the protection of the Internet of things equipment is enhanced. Under the condition that the customer experience is not influenced, each device in the Internet of things device system independently realizes the updating of the secret key, and the safety and reliability of the customer information are greatly improved.
The embodiment of the application discloses a communication connection system, and compared with the previous embodiment, the embodiment further explains and optimizes the technical scheme. Specifically, the method comprises the following steps:
referring to fig. 4, a structure diagram of another communication connection system provided in the embodiment of the present application is shown in fig. 4, where the authentication server includes:
the initialization module 411 is configured to initialize and disclose key parameters, so that each node in the internet of things device system generates a respective public key and a respective private key according to the key parameters; wherein the private key is updated according to the current time;
a receiving module 412, configured to receive, through the network service management platform, an inspection application packet when the sensor node requests to join the internet of things device system; the inspection application group comprises a public key and identity information encrypted by the network service management platform and a public key and identity information encrypted by the sensor node;
the verification module 413 is configured to perform decryption operation on the verification application packet through a private key at the current time, and verify the identity information of the network service management platform and the identity information of the sensor node according to a decryption result;
a sending module 414, configured to send the verification result to the network service management platform and the sensor node, so that after any one of the network service management platform and the sensor node determines that the identity information of the other party is safe, a communication connection is established;
the network service management platform comprises:
a challenge query group sending module 421, configured to send a challenge query group to the sensor node;
a verification application packet sending module 422, configured to generate an intermediate parameter according to the key parameter, the current time, and the identity information of the network service management platform, and send the verification application packet to the authentication server;
an access request response sending module 423, configured to send an access request response to the sensor node after determining that the identity information of the sensor node is safe according to the verification result of the sensor node; wherein the access request response comprises a verification result of the network service management platform node and a public key of the authentication server;
the sensor node includes:
an access request packet sending module 431, configured to send an access request packet to the network service management platform;
and the connection establishing module 432 is configured to establish a communication connection with the network service management platform after determining that the identity information of the network service management platform is safe according to the verification result of the network service management platform.
Referring to fig. 5, a structure diagram of an internet of things device system provided in an embodiment of the present application is shown in fig. 5, and includes an authentication server AS, a network service management platform NSP, and a sensor node REQ;
the authentication server AS comprises:
a first memory for storing a first computer program;
a first processor for implementing the steps of the above-described communication connection method when executing the first computer program;
the network service management platform NSP includes:
a second memory for storing a second computer program;
a second processor for implementing the steps of the above-described communication connection method when executing the second computer program;
the sensor node REQ includes:
a third memory for storing a third computer program;
a third processor for implementing the steps of the above communication connection method when executing the first computer program.
Specifically, the memory includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and computer-readable instructions, and the internal memory provides an environment for the operating system and the computer-readable instructions in the non-volatile storage medium to run.
According to the Internet of things equipment system provided by the embodiment of the application, the authentication server updates the private key at random time through the key updating method, each encryption terminal updates the private key and then broadcasts and sends the currently matched public key mark, and the receiving terminal receives the mark and then synchronously updates the key, so that the safety of the system is improved, and the protection of the Internet of things equipment is enhanced. Under the condition that the customer experience is not influenced, each device in the Internet of things device system independently realizes the updating of the secret key, and the safety and reliability of the customer information are greatly improved.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, may implement the steps provided by the above-described embodiments. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. A communication connection method is applied to an Internet of things equipment system, the Internet of things equipment system comprises an authentication server, a network service management platform and a sensor node, and the communication connection method comprises the following steps:
the authentication server initializes and discloses key parameters so that each node in the Internet of things equipment system can generate a respective public key and a private key according to the key parameters; wherein the private key is updated according to the current time;
when the sensor node requests to join the Internet of things equipment system, the authentication server receives an application packet through the network service management platform; the application packet comprises a public key and identity information encrypted by the network service management platform and a public key and identity information encrypted by the sensor node;
the authentication server decrypts the application packet through a private key at the current time to obtain a decryption result, and verifies the identity information of the network service management platform and the sensor node according to the decryption result;
and the authentication server sends the verification result to the network service management platform and the sensor node so as to establish communication connection after any one of the network service management platform and the sensor node judges the identity information of the other party to be safe.
2. The communication connection method according to claim 1, wherein when the sensor node requests to join the internet of things device system, the authentication server receives an application packet through the network service management platform, and includes:
when the sensor node requests to join the Internet of things equipment system, the network service management platform sends a challenge inquiry group to the sensor node; wherein the challenge set comprises the key parameter and a public key of the authentication server;
the sensor node sends an access request packet to the network service management platform; the access request packet comprises a public key and identity information encrypted by the sensor node;
the network service management platform generates an intermediate parameter according to the key parameter, the current time and the identity information of the network service management platform, and sends the application packet to the authentication server; the application packet comprises an encrypted intermediate packet and the access request packet, and the intermediate packet comprises a public key of the network service management platform, identity information and the intermediate parameter.
3. The communication connection method according to claim 1, wherein the authentication server sends the verification result to the network service management platform and the sensor node, so that after either one of the network service management platform and the sensor node determines that the identity information of the other party is safe, the communication connection is established, including:
the authentication server sends a verification application response to the network service management platform; the verification application response comprises a verification result of the network service management platform, a verification result of the sensor node and a public key of the authentication server;
the network service management platform sends an access request response to the sensor node after judging the identity information security of the sensor node according to the verification result of the sensor node; wherein the access request response comprises a verification result of the network service management platform node and a public key of the authentication server;
and after judging the identity information safety of the network service management platform according to the verification result of the network service management platform, the sensor node establishes communication connection with the network service management platform.
4. The communication connection method according to claim 1, wherein the private key generation algorithm is specifically:
v=H1(IDA);
u-1=H2(IDA,-1),u0=H2(IDA,0);
Figure FDA0002988427020000021
Figure FDA0002988427020000022
wherein A isID for the authentication server or the network service management platform or the sensor nodeAIdentity information of A, xAIs a secret value of A, SA,0To generate the initial private key, H1、H2、s1、s2For a parameter of the key parameters, v, u-1、u0、d-1And d0Generating parameters in an algorithm for the private key;
the public key generation algorithm specifically comprises:
Figure FDA0002988427020000023
wherein, PKAAnd a is a parameter in the key parameters for the generated public key.
5. The communication connection method according to claim 4, wherein after each node in the internet of things device system generates a respective public key and a respective private key according to the key parameter, the method further includes:
checking a key pair consisting of the private key and the public key by using a check formula;
the check formula specifically includes:
Figure FDA0002988427020000031
wherein e is bilinear pairwise mapping in the key parameters, a, s1Is a parameter in the key parameters.
6. The communication connection method according to claim 1, wherein the encryption mode of the public key and the identity information of the network service management platform or the sensor node is specifically:
Figure FDA0002988427020000032
wherein A is the network service management platform or the sensor node, IDAIdentity information of A, xASecret value of A, H3Is a parameter in the key parameter, M is a plaintext of identity information, r is a random number, i is the current time, e is a bilinear pairwise mapping in the key parameter,
Figure FDA0002988427020000033
a、s1is a parameter of the key parameters that is,
Figure FDA0002988427020000034
for exclusive-or operation, C is the result of encryption, v ═ H1(IDA),ui-1、uiAnd W is a parameter in the encryption process.
7. The communication connection method according to any one of claims 2 to 6, further comprising, after verifying the identity information of the network service management platform and the sensor node according to the decryption result:
the authentication server updates the private key according to an updating algorithm;
the updating algorithm specifically comprises the following steps:
SA,i=SA,i-1·HKi
wherein A is the authentication server or the network service management platform or the sensor node, SA,i-1Is the private key of the last time, SA,iA private key that is the current time; HKiIs the intermediate parameter;
wherein, HKiThe calculation steps are as follows:
when i ═ j mod 2, ui-2=H2(IDA,i-2),ui=H2(IDA,i);
Figure FDA0002988427020000035
Figure FDA0002988427020000036
Wherein i is the current time, j is 1 or 2, IDAIdentity information of A, H2、sjIs a parameter in the key parameters.
8. The utility model provides a communication connection system, its characterized in that is applied to thing networking equipment system, thing networking equipment system includes authentication server, network service management platform and sensor node, communication connection system includes:
the initialization module is used for initializing and disclosing key parameters so that each node in the Internet of things equipment system can generate a respective public key and a private key according to the key parameters; wherein the private key is updated according to the current time;
the receiving module is used for receiving an application packet through the network service management platform when the sensor node requests to join the Internet of things equipment system; the application packet comprises a public key and identity information encrypted by the network service management platform and a public key and identity information encrypted by the sensor node;
the verification module is used for carrying out decryption operation on the application packet through a private key at the current time to obtain a decryption result and verifying the identity information of the network service management platform and the sensor node according to the decryption result;
and the sending module is used for sending the verification result to the network service management platform and the sensor node so as to establish communication connection after any one of the network service management platform and the sensor node judges the identity information of the other party to be safe.
9. An Internet of things equipment system is characterized by comprising an authentication server, a network service management platform and a sensor node;
the authentication server includes:
a first memory for storing a first computer program;
a first processor for implementing the steps of the communication connection method according to any one of claims 1 to 7 when executing the first computer program;
the network service management platform comprises:
a second memory for storing a second computer program;
a second processor for implementing the steps of the communication connection method according to any one of claims 1 to 7 when executing the second computer program;
the sensor node includes:
a third memory for storing a third computer program;
a third processor for implementing the steps of the communication connection method according to any one of claims 1 to 7 when executing the first computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the communication connection method according to one of claims 1 to 7.
CN201810804245.8A 2018-07-20 2018-07-20 Communication connection method and system, Internet of things equipment system and storage medium Active CN108574699B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810804245.8A CN108574699B (en) 2018-07-20 2018-07-20 Communication connection method and system, Internet of things equipment system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810804245.8A CN108574699B (en) 2018-07-20 2018-07-20 Communication connection method and system, Internet of things equipment system and storage medium

Publications (2)

Publication Number Publication Date
CN108574699A CN108574699A (en) 2018-09-25
CN108574699B true CN108574699B (en) 2021-07-06

Family

ID=63571832

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810804245.8A Active CN108574699B (en) 2018-07-20 2018-07-20 Communication connection method and system, Internet of things equipment system and storage medium

Country Status (1)

Country Link
CN (1) CN108574699B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833101B (en) * 2018-09-28 2024-04-12 腾讯科技(北京)有限公司 Data transmission method of Internet of things equipment, internet of things equipment and authentication platform
CN109450621B (en) * 2018-10-12 2021-06-18 广州杰赛科技股份有限公司 Information verification method and device of equipment
CN109412790B (en) * 2018-10-26 2021-11-16 重庆邮电大学 User authentication and key agreement system and method facing to Internet of things
CN113015158B (en) * 2019-12-20 2023-08-04 西门子(中国)有限公司 Method and apparatus for enhancing wireless network security
CN112738061B (en) * 2020-12-24 2022-06-21 四川虹微技术有限公司 Information processing method, device, management platform, electronic equipment and storage medium
CN114189356A (en) * 2021-11-12 2022-03-15 珠海大横琴科技发展有限公司 Data transmission method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102547690A (en) * 2010-12-13 2012-07-04 中兴通讯股份有限公司 Wireless sensor network system, node equipment and secret key generating method thereof
CN103166919A (en) * 2011-12-13 2013-06-19 中国移动通信集团黑龙江有限公司 Method and system for internet of things information transmission
CN103501228A (en) * 2013-08-01 2014-01-08 沈阳华矿新能源装备科技有限公司 Dynamic two-dimension code token and authentication method of dynamic two-dimension code instruction
CN104580261A (en) * 2015-02-10 2015-04-29 成都英力拓信息技术有限公司 Safety method applicable to wireless internet of things
KR101678795B1 (en) * 2015-11-30 2016-11-22 전삼구 Iot-basesd things management system and method using block chain authentification
CN107483195A (en) * 2017-09-08 2017-12-15 哈尔滨工业大学深圳研究生院 Safe mutual authentication and key agreement protocol under environment of internet of things

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102547690A (en) * 2010-12-13 2012-07-04 中兴通讯股份有限公司 Wireless sensor network system, node equipment and secret key generating method thereof
CN103166919A (en) * 2011-12-13 2013-06-19 中国移动通信集团黑龙江有限公司 Method and system for internet of things information transmission
CN103501228A (en) * 2013-08-01 2014-01-08 沈阳华矿新能源装备科技有限公司 Dynamic two-dimension code token and authentication method of dynamic two-dimension code instruction
CN104580261A (en) * 2015-02-10 2015-04-29 成都英力拓信息技术有限公司 Safety method applicable to wireless internet of things
KR101678795B1 (en) * 2015-11-30 2016-11-22 전삼구 Iot-basesd things management system and method using block chain authentification
CN107483195A (en) * 2017-09-08 2017-12-15 哈尔滨工业大学深圳研究生院 Safe mutual authentication and key agreement protocol under environment of internet of things

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《Research on Pervasive Computing Security》;Long Zhao Hua等;《 2010 7th International Conference on Ubiquitous Intelligence & Computing and 7th International Conference on Autonomic & Trusted Computing》;20101029;全文 *
《基于虎符TePA的物联网安全接入机制研究》;杨年鹏等;《计算机工程与设计》;20120416;全文 *

Also Published As

Publication number Publication date
CN108574699A (en) 2018-09-25

Similar Documents

Publication Publication Date Title
CN108574699B (en) Communication connection method and system, Internet of things equipment system and storage medium
CN107948189B (en) Asymmetric password identity authentication method and device, computer equipment and storage medium
Saxena et al. Authentication and authorization scheme for various user roles and devices in smart grid
CN105577384B (en) Method for protecting a network
CN101238677B (en) Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved safety
JP5414898B2 (en) Security access control method and system for wired LAN
CN1964258B (en) Method for secure device discovery and introduction
EP2779524A1 (en) Secure data transmission method, device and system
EP3020158B1 (en) Key agreement device and method
JP2008545353A (en) Establishing a reliable relationship between unknown communicating parties
CN104270249A (en) Signcryption method from certificateless environment to identity environment
KR100842267B1 (en) Server, Client and Method for integrated user authentication in a system of multi-authentication means
CN104821933A (en) Device and method certificate generation
EP3360279B1 (en) Public key infrastructure&amp;method of distribution
US20210167963A1 (en) Decentralised Authentication
CN109040060B (en) Terminal matching method and system and computer equipment
CN105897416B (en) A kind of end-to-end security instant communication method of forward direction based on id password system
CN104301108A (en) Signcryption method based from identity environment to certificateless environment
CN104303450A (en) Determination of cryptographic keys
CN104955040B (en) Network authentication method and equipment
Gajbhiye et al. Bluetooth secure simple pairing with enhanced security level
CN105681362A (en) Client and server communication method capable of protecting geographic position privacy
KR100892616B1 (en) Method For Joining New Device In Wireless Sensor Network
CN111245611B (en) Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment
CN113014376B (en) Method for safety authentication between user and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant