CN108616504A - A kind of sensor node identity authorization system and method based on Internet of Things - Google Patents
A kind of sensor node identity authorization system and method based on Internet of Things Download PDFInfo
- Publication number
- CN108616504A CN108616504A CN201810236903.8A CN201810236903A CN108616504A CN 108616504 A CN108616504 A CN 108616504A CN 201810236903 A CN201810236903 A CN 201810236903A CN 108616504 A CN108616504 A CN 108616504A
- Authority
- CN
- China
- Prior art keywords
- sensor node
- certification
- internet
- things
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of sensor node identity authorization system based on Internet of Things, including certificate server, equipment management center, security gateway, at least one sensor node;The sensor node connects the security gateway, for sending authentication information to the security gateway;The security gateway connects the certificate server, for the authentication information to be sent to the certificate server together with gateway number;The certificate server connects the equipment management center, for being authenticated to the authentication information, identity token is generated after the completion of certification, the identity token is returned into the sensor node, and the sensor node after the certification is stored in the equipment management center.In addition, the invention also discloses a kind of sensor node identity identifying method based on Internet of Things, to ensure sensor node and Internet of Things general character support platform two-way authentication, and improves sensor node authentication efficiency, the internet of things networking time is reduced.
Description
Technical field
The invention belongs to Internet of Things and information security field, and in particular to a kind of sensor node identity based on Internet of Things
Verification System and method, under Internet of Things general character support platform, the certification for the sensor node identity legitimacy newly accessed,
Ensure the data and status safety of the sensor node.
Background technology
In environment of internet of things, object object interconnection, exchange information, sensor node also have receive, transmit, processing data and
The ability of order.However, since the data transmitted in Internet of Things are higher to security requirement, for pole in Internet of Things
It needs to obtain effectively for identity of the sensor node when accessing Internet of Things general character support platform of one of important component part
Certification.If without the authentication of safety, attacker very likely enters platform of internet of things using the node of forgery, makes
Platform and data safety therein are greatly threatened.
In face of the present situation of platform of internet of things system fast development, sensor node will largely be connect in a manner of blowout
Enter requirement and authentication, needs more fast and safely entity authentication mode.
However, existing sensor node authentication method can not provide large batch of node carry out plug and play without
The identification authentication mode of additional allocation fails to provide authentication based on the characteristics of node itself, in the group for carrying out Internet of Things
When net, needs to carry out manual operation and intervention, need to spend the more networking time, greatly reduce the working efficiency of networking.
Invention content
In order to solve the above-mentioned problems in the prior art, the present invention provides a kind of sensor section based on Internet of Things
Point identity authorization system and method, to ensure sensor node and Internet of Things general character support platform two-way authentication, and improve biography
Sensor node authentication efficiency reduces the internet of things networking time.
The technical problem to be solved in the present invention is achieved through the following technical solutions:
An embodiment of the present invention provides a kind of sensor node identity authorization system based on Internet of Things, including authentication service
Device, equipment management center, security gateway, at least one sensor node;
The sensor node connects the security gateway, for sending authentication information to the security gateway;
The security gateway connects the certificate server, described for the authentication information to be sent to together with gateway number
Certificate server;
The certificate server connects the equipment management center, and for being authenticated to the authentication information, certification is complete
At rear generation identity token, the identity token is returned into the sensor node, and the sensor node after the certification is deposited
Storage is in the equipment management center.
The embodiment of the present invention provides a kind of sensor node identity identifying method based on Internet of Things simultaneously, including:
S1, initialization sensor node information list to be certified;
S2, the authentication information that the sensor node to be certified is sent is received;
S3, the first decryption operation is carried out to the authentication information, if the first decryption operation failure, judges authentification failure,
Exit certification;If the first decryption operation success, obtains sensor node identity information, initial time stamp, node unique identification
Code executes step S4;
S4, judge that the sensor node identity information to be certified whether there is identity token, if so, judgement certification is complete
At if it is not, thening follow the steps S5;
S5, judge whether the initial time stamp is effective, if it is not, then judging authentification failure, exit certification;If so, holding
Row step S6;
S6, the public key that sensor node attribute generation is inquired according to the nodes unique identifier, to the sensor
Node identity information carries out the second decryption operation, if the second decryption operation failure, judges authentification failure, exit certification;If the
Two decryption operation successes, then obtain decryption identity information, execute step S7;
S7, new identity token and new authenticated time stamp are generated according to the decryption identity information, store the decryption
Identity information, and the new identity token and new authenticated time stamp are sent to the sensor node to be certified.
In a specific embodiment, the authentication information includes:By Internet of Things general character support platform public key and sensing
Private key encrypted sensor node identity information and the sensor node initial time stamp successively that device nodal community generates.
In a specific embodiment, the step S4 further includes:
Judge whether the identity token of the sensor node to be certified is expired, if so, thening follow the steps S5.
In a specific embodiment, the step S7 further includes:
The token out-of-service time is arranged in the new identity token to being sent to the sensor node to be certified, if judging
The token of the sensor node fails, then send re-authentication information to the failure sensor node.
In a specific embodiment, further include after the step S7:
When judging that predetermined quantity sensor node certification is completed, obtained using each sensor node after the completion of certification
Justify domain to certification, justifying domain according to the certification is authenticated sensor node to be certified.
In a specific embodiment, justify domain according to the certification to be authenticated sensor node to be certified, including:
When there is new sensor node to be certified to ask certification, calculate the new sensor node to be certified with it is described
The distance between domain is justified in certification, when judging that the new sensor node to be certified belongs to the certification circle domain, judges certification
It completes.
In a specific embodiment, justify domain according to the certification to be authenticated sensor node to be certified, including:
When there is new sensor node to be certified to ask certification, calculate the new sensor node to be certified with it is described
The distance between domain is justified in certification, when judging that the new sensor node to be certified is not belonging to certification circle domain, and is inquired
To when not having node access, then authentification failure is judged.
Compared with prior art, beneficial effects of the present invention:
1, in the method for the present invention, the key crypto identity information that sensor node is generated using the attribute of itself, this is close
The public key of key pair is stored in Internet of Things general character support platform, and private key does not preserve.All due to all the sensors node device attribute
It is not quite similar, the third party outside platform of internet of things can not generate equally valid identity information, ensure that the unique of identity information
Validity and legitimacy.
2, in the method for the present invention, sensor node identity information can only be obtained by platform of internet of things of the present invention, i.e. sensor
Node uses platform of internet of things public key encryption platform features code, it is ensured that sensor node will not be by the third party of unauthorized outside platform
Platform authentication, information will not be obtained by third party, achieve the effect that sensor node and platform of internet of things two-way authentication.
3, in the method for the present invention, after sensor node certification success, the security gateway of node identity information and node access
It is corresponding, corresponding access rights are set according to different security gateways and different device types convenient for platform of internet of things, are ensured
The each access of sensor node is all authorized so that the data that sensor node is acquired not by platform of internet of things not
The third party of mandate obtains, and under conditions of having the security node of certain amount known identities, can be to unknown node reality
Now fast and safely certification, certification is simple, and securely and reliably, application prospect and market value are high.
Description of the drawings
Fig. 1 is a kind of sensor node identity authorization system module frame based on Internet of Things provided in an embodiment of the present invention
Figure;
Fig. 2 is a sensor node internal structure schematic diagram of the invention;
Fig. 3 is a kind of sensor node identity identifying method flow chart based on Internet of Things provided in an embodiment of the present invention;
Fig. 4 is the method schematic diagram of the rapid authentication subsequent node of the embodiment of the present invention.
Specific implementation mode
Further detailed description is done to the present invention with reference to specific embodiment, but embodiments of the present invention are not limited to
This.
Embodiment one
Fig. 1 is referred to, Fig. 1 is a kind of sensor node authentication system based on Internet of Things provided in an embodiment of the present invention
System module frame chart, including certificate server, equipment management center, security gateway, at least one sensor node;
The sensor node connects the security gateway, for sending authentication information to the security gateway;
The security gateway connects the certificate server, described for the authentication information to be sent to together with gateway number
Certificate server;
Security gateway is as the security gateway with platform access under scene different in Internet of Things general character support platform, sensing
Device node is deployed in as required in each different scene, and security gateway has transmission data to sensor node and receives data
Permission, data exchange process of the sensor node in verification process and later done with the security gateway it is unique exchange, and
And do not receive the order of other security gateways, that is to say, that each sensor node corresponds to a unique security gateway, passes through
Gateway number is identified.
In the present embodiment, security gateway is responsible for the interaction of Internet of Things general character support platform and sensor node data, when
When security gateway receives the certification message A of subordinate's node transmission, distribution node sequence Us gives the node, is identified as security gateway
The mark of subordinate's node identities updates the data be responsible for being sent to platform of internet of things later;It is put down when security gateway receives Internet of Things
When the information that platform returns, sequence node Us is retrieved, and send information to corresponding node.
The certificate server connects the equipment management center, and for being authenticated to the authentication information, certification is complete
At rear generation identity token, the identity token is returned into the sensor node, and the sensor node after the certification is deposited
Storage is in the equipment management center.
All the sensors section under the details of all security gateways and security gateway in equipment management center management platform
According to the requirement of certificate server its affiliated safety will be added by the sensor node identity information of verification in the identity information of point
Under gateway.Certificate server receives the certification message A that security gateway is sent, and authenticity, validity according to corresponding strategy to A
It is authenticated, identity token Uauth is generated after certification success and authenticated time stabs Tauth, and is responsible for the mistake of identity token
Imitate the time.
Specifically, in one embodiment, the equipment management center and certificate server are in Internet of Things general character branch
Support platform;The sensor node accesses the security gateway, and obtains the certificate server by the security gateway
Certification;The sensor node includes CPU, sensor, safe SoC (System on Chip system level chips) chip, storage
Device, I/O interfaces etc., refer to Fig. 2, and Fig. 2 is a sensor node internal structure schematic diagram;The safe SoC chip storage
Identity information after the private key encryption generated including the Internet of Things general character support platform condition code, by node self attributes and
The sensor node unique identifier and initial time stamp.The data stored in above-mentioned safe SoC chip should be with encryption
Mode be stored in the sensor node, key be the Internet of Things general character support platform disclosed in public key.The biography
The self-contained identity information of sensor node includes the sensor node type, and the sensor node security level is described
Sensor node control command type.The memory storage certificate server certification success in the future in the sensor node
The identity token and other sensors for being sent to sensor node storage later need the information stored.
It is embodied in scene at one, sensor node verification process specifically comprises the following steps:
Step 1: in system operation, sensor node and security gateway start, and sensor node confirms with ciphertext form
The identity information of preservation is available, and security gateway confirms that security gateway number is available;Equipment management center confirms that nodal information list is closed
Method is available, confirms that security gateway management table is legal available.Nodal information list includes sensor node unique identifier and its root
According to self attributes generate public key, security gateway management table include under Internet of Things general character support platform all security gateway information with
And all the sensors node identity information under each security gateway.
Step 2: sensor node sends authentication information A, merge with security gateway Sid when passing through security gateway, and obtain
Sequence node Us of the security gateway to node distribution is obtained, authentication information A is updated, is sent to certificate server.Wherein, certification is believed
A is ceased by sensor node identity information C and Internet of Things general character support platform condition code Tid and sensor node unique identifier
Uid and initial time stamp T1 is obtained by secondary encryption, and encryption key is respectively and is given birth to by sensor node self attributes twice
At private key Pra and Internet of Things general character support platform public key Pub, encryption method be E [Pub, E (Pra, C) | | Tid | | Uid | |
T1], by certification message A after merging with security gateway number after security gateway be updated to E [Pub, E (Pra, C) | | Tid | | Uid
| | T1] | | Sid | | certification message A is sent to certificate server by Us.
Step 3: after certificate server receives certification message A, using Internet of Things general character support platform private key Prb to recognizing
Message A decryption is demonstrate,proved, decryption message B is obtained after successful decryption.Verification initial time stamp T1, platform features code Tid and sensing later
The legitimacy of device unique identifier Uid obtains sensor node identity information C after being proved to be successful, body is generated according to identity information C
Part token Uauth and authenticated time stab Tauth, return to sensor node.Meanwhile by identity information according to security gateway number
Sid is sent to equipment management center.
Step 4: sensor node receives identity token Uauth and authenticated time stamp, and it is deposited into safe core in node
In piece SoC, the voucher as follow-up data interaction.The identity information C of safety chip memory node, by identity token Uauth and
Authenticated time stabs Tauth etc. and can not be stored in node memory by the data that third party uses.To reduce to safe SOC chip
The requirement of capacity.
In the method for the present invention, the key crypto identity information that sensor node is generated using the attribute of itself, the key
To public key be stored in Internet of Things general character support platform, private key does not preserve.Not due to all the sensors node device attribute
Identical to the greatest extent, the third party outside platform of internet of things can not generate equally valid identity information, ensure that the unique of identity information has
Effect property and legitimacy.
In addition, sensor node identity information can only be obtained by the platform of internet of things of the present invention, i.e., sensor node uses
Platform of internet of things public key encryption platform features code, it is ensured that sensor node will not be recognized by the third-party platform of unauthorized outside platform
Card, information will not be obtained by third party, achieve the effect that sensor node and platform of internet of things two-way authentication.
Embodiment two
Certificate server refers to Fig. 3 to sensor node authentication procedures, and Fig. 3 is provided in an embodiment of the present invention one
Sensor node identity identifying method flow chart of the kind based on Internet of Things, including:
S1, initialization sensor node information list to be certified;
Wherein, system initialization is carried out first, starts each sensor node to be certified and for transmitting data
Security gateway, certificate server initializing sensor nodal information list, equipment management center initialization and security gateway and right
Node listing, sensor node initialization is answered to can be used with the identity information that ciphertext form preserves to ensure that sensor node confirms,
Security gateway confirms that security gateway number is available;Equipment management center confirms that nodal information list is legal available, confirms security gateway
It is legal available to manage table.
S2, the authentication information that the sensor node to be certified is sent is received;
Wherein, authentication information is sent to certification by sensor node via the security gateway in platform of internet of things group network system
Server, certificate server receive authentication information.The authentication information is by by Internet of Things general character support platform public key and sensing
Encrypted sensor node identity information and sensor node initial time stamp form the private key that device nodal community generates successively;
The sensor node identity information includes node self information and the Internet of Things general character support platform condition code.By safety
When gateway, authentication information and security gateway number are spliced.
After certificate server receives certification message A, A is decrypted using the private key Prb of Internet of Things general character support platform, side
Method be D [Prb, E (Pra, C) | | Tid | | Uid | | T1] | | Sid | | Us obtains platform of internet of things condition code Tid, sensor node
Unique identifier Uid, initial time stamp T1.
S3, the first decryption operation is carried out to the authentication information, if the first decryption operation failure, judges authentification failure,
Exit certification;If the first decryption operation success, obtains sensor node identity information, initial time stamp, node unique identification
Code executes step S4;
Wherein, certificate server receives authentication information, is carried out to authentication information using Internet of Things general character support platform public key
First decryption, obtains platform of internet of things condition code, equipment initial time stamp and sensor node unique identifier.If decryption is lost
It loses or decrypts obtained condition code it fails to match, then authentification failure.
Certificate server verifies what whether platform of internet of things condition code Tid obtained in the previous step was preserved with certificate server
Condition code TID matchings, if Tid=TID, execute next step, if it is not, then proving that the sensor node is not suitable for this Internet of Things
Platform, authentification failure.
S4, judge that the sensor node identity information to be certified whether there is identity token, if so, judgement certification is complete
At if it is not, thening follow the steps S5;
Wherein, when there are identity tokens for judgement, but identity token is expired, S5 is thened follow the steps.
Judge whether close obtained information includes identity token Uauth and whether Uauth can be used.
S5, judge whether the initial time stamp is effective, if it is not, then judging authentification failure, exit certification;If so, holding
Row step S6;
Judge whether the initial time stamp T1 that decryption obtains is effective, if initial time stamp T1 there are abnormal conditions, proves
The node security is still to be tested, authentification failure.
S6, the public key that sensor node attribute generation is inquired according to the nodes unique identifier, to the sensor
Node identity information carries out the second decryption operation, if the second decryption operation failure, judges authentification failure, exit certification;If the
Two decryption operation successes, then obtain decryption identity information, execute step S7;
Using the obtained nodes unique identifier Uid query node public key Pua of decryption, if nodes unique identifier it is invalid or
Person can not inquire node public key Pua, then prove that the node availability is still to be tested, authentification failure, if inquiring node public key
Pua then carries out secondary decryption using node public key Pua to decrypting message B for the first time, and decryption method is D (Pua, C).
S7, new identity token and new authenticated time stamp are generated according to the decryption identity information, store the decryption
Identity information, and the new identity token and new authenticated time stamp are sent to the sensor node to be certified.
Specifically, node identities token Uauth and authenticated time stamp Tauth are generated according to node identity information C, by identity
Token Uauth and authenticated time stamp Tauth return to sensor node, and by node identity information C according to security gateway Sid
Write device administrative center.
In a specific embodiment, the step S7 further includes:
The token out-of-service time is arranged in the new identity token to being sent to the sensor node to be certified, if judging
The token of the sensor node fails, then send re-authentication information to the failure sensor node.
To ensure that higher safety requirements, certificate server can be stored in the sensor node of certification the peace in system
The different token out-of-service times is arranged in full rank.Later, the sensor of identity token failure sends information to server, services
Device requires sensor to re-start authentication, is updated to the token of node storage after success.
In one embodiment, the sensor node security level obtained when platform of internet of things can be according to initial authentication
The different safety certification scheme of high low setting.For example, can be that shorter identity is arranged in the higher sensor node of security level
The effective time of token effective time, setting sensor node a are Ta, and after being proved to be successful for the first time, sensor node is in data
When passing through certificate server in interactive process, the certificate server verification time stabs Tauth validity, if current time Tc-Tauth
>Ta then shows that identity token fails, and sensor node a needs to carry out authentication again.This measure can ensure
Different safety measures is arranged according to its type for different types of sensor node, ensure node identities it is safe while due to
The flexibility of authentication policy and reduce verification number, to improve in platform of internet of things sensor node integrally certification when
Between.
In a specific embodiment, further include after the step S7:
When judging that predetermined quantity sensor node certification is completed, obtained using each sensor node after the completion of certification
Justify domain to certification, justifying domain according to the certification is authenticated sensor node to be certified.
Justify domain according to the certification to be authenticated sensor node to be certified, including:
When there is new sensor node to be certified to ask certification, calculate the new sensor node to be certified with it is described
The distance between domain is justified in certification, when judging that the new sensor node to be certified belongs to the certification circle domain, judges certification
It completes.
Justify domain according to the certification to be authenticated sensor node to be certified, including:
When there is new sensor node to be certified to ask certification, calculate the new sensor node to be certified with it is described
The distance between domain is justified in certification, when judging that the new sensor node to be certified is not belonging to certification circle domain, and is inquired
To when not having node access, then authentification failure is judged.
Wherein, after the certification for completing a collection of sensor node, current several types are calculated using stream K-means algorithms
The central point of node simultaneously draws round domain.When there is new node to ask certification, the distance between new node and central point are calculated, if
Belong to currently known type node, then by certification, whether if being not belonging to current type range of nodes, inquiring has new type section
Point access platform of internet of things, otherwise not passes through certification.
For clearer explanation embodiment, Fig. 4 is referred to, Fig. 4 is that the rapid authentication of the embodiment of the present invention is follow-up
The method schematic diagram of node.
After the certification for completing a collection of sensor node, current several types node is calculated using stream K-means algorithms
Central point and draw round domain, such as r1 in figure, shown in r2.When there is new node to ask certification, new node and central point are calculated
The distance between, if belonging to currently known type node, certification is passed through if node p2 is within the scope of r1 by certification;If no
Belong to current type range of nodes, then whether have new type node access platform of internet of things, otherwise not by certification, such as if inquiring
Node p1 is not belonging to currently known type node, then refuses certification immediately.
By the above method, in the verification process of new node, in the case of the node of same type known to verification, lead to
It crosses quick authentication mode and carries out authentication, in the case of verification unknown properties type node, by way of careful certification,
Until confirming that the node is credible or insincere, the embodiment of the present invention can realize sensor rapid authentication, Internet of Things
Platform ensures the believable identity of node in the case of quickly assembling.
In the method for the present invention, after sensor node certification success, security gateway phase that node identity information is accessed with node
It is corresponding, corresponding access rights are set according to different security gateways and different device types convenient for platform of internet of things, ensure to pass
The each access of sensor node is all authorized so that the data that sensor node is acquired are not awarded in platform of internet of things
The third party of power obtains, and under conditions of having the security node of certain amount known identities, can be realized to unknown node
Fast and safely certification, certification is simple, and securely and reliably, application prospect and market value are high.
The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be said that
The specific implementation of the present invention is confined to these explanations.For those of ordinary skill in the art to which the present invention belongs, exist
Under the premise of not departing from present inventive concept, a number of simple deductions or replacements can also be made, all shall be regarded as belonging to the present invention's
Protection domain.
Claims (8)
1. a kind of sensor node identity authorization system based on Internet of Things, which is characterized in that including certificate server, equipment pipe
Reason center, security gateway, at least one sensor node;
The sensor node connects the security gateway, for sending authentication information to the security gateway;
The security gateway connects the certificate server, for the authentication information to be sent to the certification together with gateway number
Server;
The certificate server connects the equipment management center, for being authenticated to the authentication information, after the completion of certification
Identity token is generated, the identity token is returned into the sensor node, and the sensor node after the certification is stored in
The equipment management center.
2. a kind of sensor node identity identifying method based on Internet of Things, which is characterized in that including:
S1, initialization sensor node information list to be certified;
S2, the authentication information that the sensor node to be certified is sent is received;
S3, the first decryption operation is carried out to the authentication information, if the first decryption operation failure, judges authentification failure, exit
Certification;If the first decryption operation success, obtains sensor node identity information, initial time stamp, nodes unique identifier, holds
Row step S4;
S4, judge that the sensor node identity information to be certified whether there is identity token, if so, judgement certification is completed,
If it is not, thening follow the steps S5;
S5, judge whether the initial time stamp is effective, if it is not, then judging authentification failure, exit certification;If so, executing step
Rapid S6;
S6, the public key that sensor node attribute generation is inquired according to the nodes unique identifier, to the sensor node
Identity information carries out the second decryption operation, if the second decryption operation failure, judges authentification failure, exit certification;If the second solution
Close operation success, then obtain decryption identity information, execute step S7;
S7, new identity token and new authenticated time stamp are generated according to the decryption identity information, store the decryption identity
Information, and the new identity token and new authenticated time stamp are sent to the sensor node to be certified.
3. the sensor node identity identifying method according to claim 2 based on Internet of Things, which is characterized in that described to recognize
Demonstrate,proving information includes:By Internet of Things general character support platform public key and the private key of sensor node attribute generation successively encrypted biography
Sensor node identity information and sensor node initial time stamp.
4. the sensor node identity identifying method according to claim 2 based on Internet of Things, which is characterized in that the step
Suddenly S4 further includes:
Judge whether the identity token of the sensor node to be certified is expired, if so, thening follow the steps S5.
5. the sensor node identity identifying method according to claim 2 based on Internet of Things, which is characterized in that the step
Suddenly S7 further includes:
The token out-of-service time is arranged in the new identity token to being sent to the sensor node to be certified, if described in judging
The token of sensor node fails, then send re-authentication information to the failure sensor node.
6. the sensor node identity identifying method according to claim 2 based on Internet of Things, which is characterized in that the step
Further include after rapid S7:
When judging that predetermined quantity sensor node certification is completed, recognized using each sensor node after the completion of certification
Card circle domain is justified domain according to the certification and is authenticated to sensor node to be certified.
7. the sensor node identity identifying method according to claim 6 based on Internet of Things, which is characterized in that according to institute
Certification circle domain is stated to be authenticated sensor node to be certified, including:
When there is new sensor node to be certified to ask certification, the new sensor node to be certified and the certification are calculated
The distance between circle domain, when judging that the new sensor node to be certified belongs to the certification circle domain, judgement certification is completed.
8. the sensor node identity identifying method according to claim 6 based on Internet of Things, which is characterized in that according to institute
Certification circle domain is stated to be authenticated sensor node to be certified, including:
When there is new sensor node to be certified to ask certification, the new sensor node to be certified and the certification are calculated
Circle the distance between domain when judging that the new sensor node to be certified is not belonging to certification circle domain, and inquires not
When having node access, then authentification failure is judged.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810236903.8A CN108616504B (en) | 2018-03-21 | 2018-03-21 | Sensor node identity authentication system and method based on Internet of things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810236903.8A CN108616504B (en) | 2018-03-21 | 2018-03-21 | Sensor node identity authentication system and method based on Internet of things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108616504A true CN108616504A (en) | 2018-10-02 |
CN108616504B CN108616504B (en) | 2020-12-15 |
Family
ID=63658556
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810236903.8A Active CN108616504B (en) | 2018-03-21 | 2018-03-21 | Sensor node identity authentication system and method based on Internet of things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108616504B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111010281A (en) * | 2019-12-11 | 2020-04-14 | 上海上药神象健康药业有限公司 | 3-channel Internet of things network system and data security access method |
CN110474921B (en) * | 2019-08-28 | 2020-06-26 | 中国石油大学(北京) | Perception layer data fidelity method for local area Internet of things |
CN111629004A (en) * | 2020-05-28 | 2020-09-04 | 河南智云数据信息技术股份有限公司 | Rapid authentication method for nodes of Internet of things |
CN111787540A (en) * | 2020-06-29 | 2020-10-16 | 百度在线网络技术(北京)有限公司 | Method and device for accessing Internet of things, electronic equipment and readable storage medium |
CN112087417A (en) * | 2020-07-22 | 2020-12-15 | 深圳奇迹智慧网络有限公司 | Terminal authority control method and device, computer equipment and storage medium |
WO2021204083A1 (en) * | 2020-04-08 | 2021-10-14 | 华为技术有限公司 | Bluetooth networking method for electronic device, and related device |
CN113642239A (en) * | 2021-07-16 | 2021-11-12 | 北京融数联智科技有限公司 | Method and system for modeling federated learning |
CN113973299A (en) * | 2020-07-22 | 2022-01-25 | 中国石油化工股份有限公司 | Wireless sensor with identity authentication function and identity authentication method |
WO2022166775A1 (en) * | 2021-02-08 | 2022-08-11 | 上海新时达电气股份有限公司 | Elevator accessory authentication method and system, and server and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932790A (en) * | 2012-10-31 | 2013-02-13 | 江苏博智软件科技有限公司 | Mobile-communication-network-based security authentication method of Internet of Things |
CN103647762B (en) * | 2013-11-27 | 2016-08-17 | 清华大学 | IPv6 Internet of things node identity identifying method based on access path |
CN107454079A (en) * | 2017-08-04 | 2017-12-08 | 西安电子科技大学 | Lightweight device authentication and shared key machinery of consultation based on platform of internet of things |
-
2018
- 2018-03-21 CN CN201810236903.8A patent/CN108616504B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932790A (en) * | 2012-10-31 | 2013-02-13 | 江苏博智软件科技有限公司 | Mobile-communication-network-based security authentication method of Internet of Things |
CN103647762B (en) * | 2013-11-27 | 2016-08-17 | 清华大学 | IPv6 Internet of things node identity identifying method based on access path |
CN107454079A (en) * | 2017-08-04 | 2017-12-08 | 西安电子科技大学 | Lightweight device authentication and shared key machinery of consultation based on platform of internet of things |
Non-Patent Citations (1)
Title |
---|
YONGZHAO ZHAN: "Wireless Sensor Networks for the Internet of Things", 《INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110474921B (en) * | 2019-08-28 | 2020-06-26 | 中国石油大学(北京) | Perception layer data fidelity method for local area Internet of things |
CN111010281A (en) * | 2019-12-11 | 2020-04-14 | 上海上药神象健康药业有限公司 | 3-channel Internet of things network system and data security access method |
WO2021204083A1 (en) * | 2020-04-08 | 2021-10-14 | 华为技术有限公司 | Bluetooth networking method for electronic device, and related device |
CN111629004A (en) * | 2020-05-28 | 2020-09-04 | 河南智云数据信息技术股份有限公司 | Rapid authentication method for nodes of Internet of things |
CN111787540A (en) * | 2020-06-29 | 2020-10-16 | 百度在线网络技术(北京)有限公司 | Method and device for accessing Internet of things, electronic equipment and readable storage medium |
CN111787540B (en) * | 2020-06-29 | 2023-07-07 | 百度在线网络技术(北京)有限公司 | Method and device for accessing Internet of things, electronic equipment and readable storage medium |
CN112087417A (en) * | 2020-07-22 | 2020-12-15 | 深圳奇迹智慧网络有限公司 | Terminal authority control method and device, computer equipment and storage medium |
CN113973299A (en) * | 2020-07-22 | 2022-01-25 | 中国石油化工股份有限公司 | Wireless sensor with identity authentication function and identity authentication method |
CN113973299B (en) * | 2020-07-22 | 2023-09-29 | 中国石油化工股份有限公司 | Wireless sensor with identity authentication function and identity authentication method |
WO2022166775A1 (en) * | 2021-02-08 | 2022-08-11 | 上海新时达电气股份有限公司 | Elevator accessory authentication method and system, and server and storage medium |
CN113642239A (en) * | 2021-07-16 | 2021-11-12 | 北京融数联智科技有限公司 | Method and system for modeling federated learning |
CN113642239B (en) * | 2021-07-16 | 2024-06-18 | 北京融数联智科技有限公司 | Federal learning modeling method and system |
Also Published As
Publication number | Publication date |
---|---|
CN108616504B (en) | 2020-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108616504A (en) | A kind of sensor node identity authorization system and method based on Internet of Things | |
US20190034919A1 (en) | Securing Electronic Wallet Transactions | |
US6148404A (en) | Authentication system using authentication information valid one-time | |
US8132243B2 (en) | Extended one-time password method and apparatus | |
CN101951603B (en) | Access control method and system for wireless local area network | |
CN102782694B (en) | Apparatus, method and system for data security | |
CN107181765A (en) | Network digital identity identifying method based on block chain technology | |
CN109728903B (en) | Block chain weak center password authorization method using attribute password | |
CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
CN109040139A (en) | A kind of identity authorization system and method based on block chain and intelligent contract | |
US20100268942A1 (en) | Systems and Methods for Using Cryptographic Keys | |
CN109729080A (en) | Access attack guarding method and system based on block chain domain name system | |
CN106713327A (en) | Authentication method and system of verification code security reinforcement | |
TW201019683A (en) | Access control system and method based on hierarchical key, and authentication key exchange thereof | |
CN109962890A (en) | A kind of the authentication service device and node access, user authen method of block chain | |
US20110213959A1 (en) | Methods, apparatuses, system and related computer program product for privacy-enhanced identity management | |
TW201215070A (en) | Key Management Systems and methods for shared secret ciphers | |
CN101262342A (en) | Distributed authorization and validation method, device and system | |
CN108566273A (en) | Identity authorization system based on quantum network | |
CN108769020A (en) | A kind of the identity attribute proof system and method for secret protection | |
CN107332858A (en) | Cloud date storage method | |
CN114938280A (en) | Authentication method and system based on non-interactive zero-knowledge proof and intelligent contract | |
LU93150B1 (en) | Method for providing secure digital signatures | |
CN109302286B (en) | Fido equipment key index generation method | |
CN107248997A (en) | Authentication method based on smart card under environment of multi-server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |