CN108632254A - A kind of access control method of the smart home environment based on privately owned chain - Google Patents

A kind of access control method of the smart home environment based on privately owned chain Download PDF

Info

Publication number
CN108632254A
CN108632254A CN201810303970.7A CN201810303970A CN108632254A CN 108632254 A CN108632254 A CN 108632254A CN 201810303970 A CN201810303970 A CN 201810303970A CN 108632254 A CN108632254 A CN 108632254A
Authority
CN
China
Prior art keywords
smart home
visitor
access
administrator
owner
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810303970.7A
Other languages
Chinese (zh)
Other versions
CN108632254B (en
Inventor
许春香
薛婧婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201810303970.7A priority Critical patent/CN108632254B/en
Publication of CN108632254A publication Critical patent/CN108632254A/en
Application granted granted Critical
Publication of CN108632254B publication Critical patent/CN108632254B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/283Processing of data at an internetworking point of a home automation network
    • H04L12/2834Switching of information between an external network and a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Automation & Control Theory (AREA)
  • Multimedia (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The invention discloses a kind of access control methods of the smart home environment based on privately owned chain, belong to field of information security technology.The method of the invention includes initialization, registration, certification, verification and revocation.Compared with the access control scheme of the prior art, the present invention can guarantee the confidentiality of accessed data, integrality;It can guarantee the two-way authentication of owner and visitor's identity;It can guarantee a legal visitor after accessing the deadline or after being forced to have cancelled log-on message, cannot access request be initiated to device data again, moreover it is possible to ensure visitor and owner to the non repudiation of access behavior (including accessed data and access time) and access the unforgeable recorded.

Description

A kind of access control method of the smart home environment based on privately owned chain
Technical field
The invention belongs to field of information security technology, and in particular to a kind of access of the smart home environment based on privately owned chain Control method.
Background technology
Internet of Things (Internet of Things) is that all common objects that can exercise standalone feature is allowed to realize that interconnection is mutual Logical network.The application range of Internet of Things is very extensive, includes mainly following aspect:Transport and logistics field, health medical treatment are led Domain range, intelligent environment field, individual and social field etc..As a successful Internet of Things application, smart home obtains Extensive concern.Smart home converts real-life family arrangement for mathematical model, to make the number of personal information Reach thinner granularity according to changing.The data of smart machine can be used for providing a large amount of more efficient personalized clothes for home owner Business.However, the personal information implied in smart machine also makes smart home as the target of various attacks.In addition, smart home Equipment consume limited resource to execute Core Feature, and the safety of data cannot be protected.So frequent data collection and Unsafe equipment accesses the leakage for leading to smart home owner's privacy at last.Therefore, smart home needs one are safe and efficient Access control scheme, will not reveal the privacy information of user to ensure data while for providing personalized service.
In order to ensure the safety of smart machine data, the ability that smart home environment resists external attack, Ren Menti are promoted Many safe and efficient access control schemes are gone out.But for following scene, existing access control scheme can't be complete Meet the demand for security of user.For example, certain service provider provides the intelligent monitoring clothes paid by smart home owner is about set to Business, including anti-thefting monitoring and household safe protection.Service provider utilizes camera and door and window Sensor monitoring building safety shape Condition detects indoor various parameters by gas sensor, smoke sensor device etc..That is, service provider (visits as one The person of asking) data that must periodically access various relevant devices in smart home environment, to assess the safe shape of smart home State.However, it is possible to which there are following situations:(a) service provider does not access phase periodically to save access cost by agreement The data for closing equipment are come, but forge and access record to cheat smart home owner;(b) owner is reluctant payment services expense, and Deny the access (service) of visitor.Known by two above problem, other than the access control function of safety, smart home environment A scheme is needed to record the access behavior of service provider in a manner of it can not forge, cannot distort.
Invention content
The purpose of the present invention is overcoming above-mentioned the deficiencies in the prior art, a kind of smart home environment based on privately owned chain is provided Access control method.
Technical problem proposed by the invention solves in this way:
A kind of access control method of the smart home environment based on privately owned chain, including:
Initialization:Smart home owner is that smart home administrator distributes identity information and key first, is smart machine Distribute identity information;Then first block of privately owned chain is written in tactful head by owner;Last smart home administrator respectively with intelligence Energy equipment and smart home owner share different symmetric keys;
Registration:Visitor registers to smart home owner to obtain the voucher of access, and detailed process is as follows:
Visitor generates a registration request and is sent to smart home owner;Smart home owner is receiving registration request The public key sequence of storage is inquired afterwards;If the public key of visitor is in the sequence, it is fresh that smart home owner replys visitor one Random number, otherwise refuse this registration request;After receiving random number, visitor sends a registration to smart home owner Message;The freshness of the identity and registration message that are checked after the message of smart home owner decryption visitor;If visitor's Identity is legal and message fresh, and smart home owner sends an access permission message to visitor and accesses intelligence The voucher of household administrator, wherein access permission message are included as the symmetric key of visitor and smart home administrator distribution;
Certification:Visitor sends certification request to obtain the access key of smart machine, specifically to smart home administrator Process is as follows:
Visitor sends a certification request to smart home administrator;After smart home administrator receives certification request, The tactful head in privately owned chain is checked to judge whether visitor can be with access equipment data;If visitor has corresponding access right Limit, smart home administrator is visitor and symmetric key is shared in relevant device distribution, and distributes an access phase to visitor Close the voucher of equipment;After receiving shared honeymoon and access credentials, visitor sends access request, access credentials to relevant device And signature;After relevant device receives access request, recovers smart home administrator distribution and share symmetric key, and respectively to intelligence It can household administrator and the requested data of visitor's transmission;
Verification:Smart home administrator exists the access record storage of signature after the legitimacy that authentication-access person signs In privately owned chain, and oneself is sent to accessing the signature recorded to visitor;In the legitimacy of verification smart home administrator signature Afterwards, visitor also stores identical access record and signature;
Revocation:Revocation includes automatic revocation and pressure revocation;If having spent the deadline accessed (distributes the effective of key Phase), then the log-on message of visitor will be automatically marked as it is illegal;If visitor wants to continue access equipment data, It needs to register again;If before accessing the deadline, the log-on message of visitor needs to be forced to cancel for some reason, then Smart home owner signs and sends a cancel an order to administrator;Store a list in cancel an order, record by The identity of the visitor for the permission that calls off a visit;In this way, the visitor for being forced to cancel access rights can not just complete to recognize next time Card.
The specific method of initialization is:
Initialization algorithm selects the group G of a Prime Orders p1, a hash function H:{ 0,1 } * → Zp, a symmetric cryptography Algorithm Ek′(m) and one is signed close algorithm SCk′(m), wherein subscript * is that the digit of 01 string does not limit, ZpRank is represented as the group of p The set that group element is constituted, Ek′(m) it is that symmetric key encryption, SC are carried out to data m with key k 'k′(m) it is with key k ' logarithms According to m sign close;Smart home owner firstThere are one unique identity IDO* and private-public key pair of ∈ { 0,1 } (skO, pkO);Smart home owner firstFor smart home administratorDistribute a unique identity IDA∈ { 0,1 } * and Key pair (skA, pkA), it is smart machine { D1, D2..., DnDistribution identity { ID1, ID2..., IDn, wherein n is that intelligence is set Standby number, and access control policy is written in privately owned chain;There are one unique identity ID by visitor VV∈ { 0,1 } * and one A private-public key is to (skV, pkV);Smart home administratorWith smart machine IDi∈{ID1, ID2..., IDnShared symmetrical Key ki, wherein 1≤i≤n, n are the number of smart machine, smart home administratorWith smart home ownerIt is shared symmetrical Key k.
The specific method registered as:
VisitorTo smart home ownerSend registration request (IDV, IDA);Smart home ownerReceiving registration The PK sequences that storage is inquired after request, if IDVIn the sequence, smart home ownerReply visitorOne it is fresh with Machine number r1∈Zq, wherein q is a Big prime, otherwise refuses this registration request;After receiving random number, visitorXiang Zhi It can home ownerSend a registration messageWherein r2It is also a random number;Smart home OwnerDecryption message simultaneously checks IDVLegitimacy and registration message freshness;If it is IDVIt is legal and message fresh , smart home ownerAn access permission message is sent to visitor To distribute key for it, and sends and access smart home administratorVoucher T1, wherein kVAFor visitor and smart home pipe The shared symmetric key of reason person, t1It is to stab at the first time, | | it is connector, ED1It is kVAThe term of validity, hash0=hash (IDV, IDA), T1=Ek(kVA, IDV, IDA, t1, ED1), hash () is the hash function of safety.
The specific method of certification is:
VisitorTo smart home administratorSend a certification requestWherein t2It is Two timestamps;Smart home administratorAfter receiving certification request, the tactful head in privately owned chain is checked to judge visitorIt is It is no can be with access equipment data;If visitorThere are corresponding access rights, smart home administratorBy being sent out to visitor It sendCome for visitorDistribute visitorWith equipment DiShared symmetric key kVDi, And give visitorDistribute the voucher T of access equipment2, wherein miIt is equipment DiUpper smart home ownerAllow visitorRequest Data, t3For third timestamp, ED2For key kVDiThe term of validity,When receiving After shared key and access credentials, visitorTo equipment DiSend access request and access credentialsSimultaneously To smart home administratorSend signatureWherein t4For the 4th timestamp;Equipment DiReceive access request Afterwards, smart home administrator is recoveredThe shared symmetric key k of distributionVDi, and the validity of authentication-access person signature;If label Name is effective, equipment DiTo visitorWith smart home administratorSend requested device data Wherein t5For the 5th timestamp.
The specific method of verification is:
Smart home administratorIt generatesWherein TXjiFor intelligent family Occupy administratorAnd visitorIn miOn multi-signature, j indicates visitor jth time access equipment Di, t6For the 6th timestamp, Calculate TXj={ TXj1, TXj2..., TXjiAnd smart home administrator to the signature of data block jAnd It is sent to visitorVisitorIn verification smart home administratorThe TX of the validity sum of signaturejIntegrality after calculate Signature of the visitor to data block jAnd it is sent to smart home administratorCalculate separately visitor To the cryptographic Hash of data block jWith Data packet Mj={ Mj1, Mj2..., Mji, wherein Mji=(IDA, IDV, mi, t4, t6), and all data are stored in privately owned chain In.
The beneficial effects of the invention are as follows:
Compared with the existing technology, the present invention overcomes several big difficult points that block chain and Internet of Things combine:1) meter of block chain Calculate that expense is very big, and most of internet of things equipment are all resource constraints, 2) block chain has larger when network node quantity is big Delay, however Internet of Things includes a large amount of network node and pursues real-time, 3) block chain in newly-increased block, has a large amount of Communication overhead, however the bandwidth of internet of things equipment is typically limited;
Compared with the access control scheme of the prior art, confidentiality, complete of the present invention in addition to 1) can guarantee accessed data Whole property;2) two-way authentication of owner and visitor's identity be can guarantee;3) it can guarantee that a legal visitor is accessing cut-off After date or it is forced after having cancelled log-on message, cannot access request be initiated to device data again, moreover it is possible to 4) ensures to access Person and owner to access the non repudiation of behavior (including accessed data and access time) and access record can not be pseudo- The property made.
Description of the drawings
Fig. 1 is the flow chart of the smart home environment access control of the present invention based on privately owned chain;
Fig. 2 is the flow chart of registration process in the present invention;
Fig. 3 is the flow chart of verification process in the present invention;
Fig. 4 is the flow chart of verification process in the present invention;
Fig. 5 is the structural schematic diagram of privately owned chain in the present invention.
Specific implementation mode
The present invention is further detailed with reference to the accompanying drawings and examples.
The present embodiment provides a kind of access control method of the smart home environment based on privately owned chain, the intelligence based on privately owned chain The flow chart of energy domestic environment access control is as shown in Figure 1, include:
Initialization:Smart home owner firstFor smart home administratorIdentity information and key are distributed, for intelligence Equipment distributes identity information;Then first block of privately owned chain is written in tactful head by owner;Last smart home administrator difference With smart machine and smart home ownerShared different symmetric key;
The specific method of initialization is:
Initialization algorithm selects the group G of a Prime Orders p1, a hash function H:{ 0,1 } * → Zp, a symmetric cryptography Algorithm Ek′(m) and one is signed close algorithm SCk′(m), wherein subscript * is that the digit of 01 string does not limit, ZpRank is represented as the group of p The set that group element is constituted, Ek′(m) it is that symmetric key encryption, SC are carried out to data m with key k 'k′(m) it is with key k ' logarithms According to m sign close;Smart home owner firstThere are one unique identity IDO* and private-public key pair of ∈ { 0,1 } (skO, pkO);Smart home owner firstFor smart home administratorDistribute a unique identity IDA∈ { 0,1 } * and Key pair (skA, pkA), it is smart machine { D1, D2..., DnDistribution identity { ID1, ID2..., IDn, wherein n is that intelligence is set Standby number, and access control policy is written in privately owned chain;VisitorThere are one unique identity IDV∈ { 0,1 } * and one A private-public key is to (skV, pkV);Smart home administratorWith smart machine IDi∈{ID1, ID2..., IDnShared symmetrical Key ki, wherein 1≤i≤n, n are the number of smart machine, smart home administratorWith smart home ownerIt is shared symmetrical Key k.
Registration:VisitorTo smart home ownerTo obtain the voucher of access, detailed process is as follows for registration:
VisitorIt generates a registration request and is sent to smart home ownerSmart home ownerReceiving note The public key sequence of storage is inquired after volume request;If visitorPublic key in the sequence, smart home ownerIt replys and accesses PersonOne fresh random number, otherwise refuses this registration request;After receiving random number, visitorTo smart home master PeopleSend a registration message;Smart home ownerDecrypt visitorMessage after the identity that checks and registration message Freshness;If visitorIdentity be legal and message fresh, smart home ownerOne is sent to visitor Access permission message and access smart home administratorVoucher, wherein access permission message is included as visitorAnd intelligence Household administratorThe symmetric key of distribution;
The flow chart registered as shown in Fig. 2, specific method as:
VisitorTo smart home ownerSend registration request (IDV, IDA);Smart home ownerReceiving registration The PK sequences that storage is inquired after request, if IDVIn the sequence, smart home ownerReply visitorOne it is fresh with Machine number r1∈Zq, wherein q is a Big prime, otherwise refuses this registration request;After receiving random number, visitorXiang Zhi It can home ownerSend a registration messageWherein r2It is also a random number;Smart home OwnerDecryption message simultaneously checks IDVLegitimacy and registration message freshness;If it is IDVIt is legal and message fresh , smart home ownerAn access permission message is sent to visitor To distribute key for it, and sends and access smart home administratorVoucher T1, wherein kVAFor visitor and smart home pipe The shared symmetric key of reason person, t1It is to stab at the first time, | | it is connector, ED1It is kVAThe term of validity, hash0=hash (IDV, IDA), T1=Ek(kVA, IDV, IDA, t1, ED1), hash () is the hash function of safety.
Certification:VisitorTo smart home administratorCertification request is sent to obtain the access key of smart machine, is had Body process is as follows:
VisitorTo smart home administratorSend a certification request;Smart home administratorCertification is received to ask After asking, the tactful head in privately owned chain is checked to judge visitorWhether can be with access equipment data;If visitorThere is correspondence Access rights, smart home administratorFor visitorIt is distributed with relevant device and shares symmetric key, and give visitorPoint The voucher of one access relevant device of hair;After receiving shared honeymoon and access credentials, visitorIt sends and visits to relevant device Ask request, access credentials and signature;After relevant device receives access request, smart home administrator is recoveredShared pair of distribution Claim key, and respectively to smart home administratorAnd visitorSend requested data;
The flow chart of certification is as shown in figure 3, specific method is:
VisitorTo smart home administratorSend a certification requestWherein t2It is Two timestamps;Smart home administratorAfter receiving certification request, the tactful head in privately owned chain is checked to judge visitorIt is It is no can be with access equipment data;If visitorThere are corresponding access rights, smart home administratorBy being sent out to visitor It sendCome for visitorDistribute visitorWith equipment DiShared symmetric key kVDi, And give visitorDistribute the voucher T of access equipment2, wherein miIt is equipment DiUpper smart home ownerAllow visitorRequest Data, t3For third timestamp, ED2For key kVDiThe term of validity,When receiving After shared key and access credentials, visitorTo equipment DiSend access request and access credentialsSimultaneously To smart home administratorSend signatureWherein t4For the 4th timestamp;Equipment DiReceive access request Afterwards, smart home administrator is recoveredThe shared symmetric key k of distributionVDi, and the validity of authentication-access person signature;If label Name is effective, equipment DiTo visitorWith smart home administratorSend requested device data Wherein t5For the 5th timestamp.
Verification:Smart home administratorIn authentication-access personAfter the legitimacy of signature, the access record of signature is deposited Storage is in privately owned chain, and to visitorOneself is sent to accessing the signature recorded;In verification smart home administratorSignature Legitimacy after, visitorAlso identical access record and signature are stored;
The flow chart of verification is as shown in figure 4, specific method is:
Smart home administratorIt generatesWherein TXjiFor intelligent family Occupy administratorAnd visitorIn miOn multi-signature, j indicates visitor jth time access equipment Di, t6For the 6th time Stamp calculates TXj={ TXj1, TXj2..., TXjiAnd smart home administrator to the signature of data block j And it is sent to visitorVisitorIn verification smart home administratorThe TX of the validity sum of signaturejIntegrality after count Calculate signature of the visitor to data block jAnd it is sent to smart home administratorCalculate separately access Cryptographic Hash of the person to data block j With data packet Mj={ Mj1, Mj2..., Mji, wherein Mji=(IDA, IDV, mi, t4, t6), and all data are stored in privately owned In chain, as shown in Figure 5.
Revocation:Revocation includes automatic revocation and pressure revocation;If having spent the deadline accessed (distributes the effective of key Phase), then the log-on message of visitor will be automatically marked as it is illegal;If visitor wants to continue access equipment data, It needs to register again;If before accessing the deadline, the log-on message of visitor needs to be forced to cancel for some reason, then Smart home owner signs and sends a cancel an order to administrator;Store a list in cancel an order, record by The identity of the visitor for the permission that calls off a visit;In this way, the visitor for being forced to cancel access rights can not just complete to recognize next time Card.

Claims (5)

1. a kind of access control method of the smart home environment based on privately owned chain, which is characterized in that including:
Initialization:Smart home owner is that smart home administrator distributes identity information and key first, is distributed for smart machine Identity information;Then first block of privately owned chain is written in tactful head by owner;Last smart home administrator sets with intelligence respectively Standby and smart home owner shares different symmetric keys;
Registration:Visitor registers to smart home owner to obtain the voucher of access, and detailed process is as follows:
Visitor generates a registration request and is sent to smart home owner;Smart home owner looks into after receiving registration request Ask the public key sequence of storage;If the public key of visitor is in the sequence, smart home owner reply visitor one it is fresh with Otherwise machine number refuses this registration request;After receiving random number, visitor sends a registration to smart home owner and disappears Breath;The freshness of the identity and registration message that are checked after the message of smart home owner decryption visitor;If the body of visitor Part is legal and message fresh, and smart home owner sends an access permission message to visitor and accesses intelligent family The voucher of administrator is occupied, wherein access permission message is included as the symmetric key of visitor and smart home administrator distribution;
Certification:Visitor sends certification request to obtain the access key of smart machine, detailed process to smart home administrator It is as follows:
Visitor sends a certification request to smart home administrator;After smart home administrator receives certification request, check Tactful head in privately owned chain judges whether visitor can be with access equipment data;If visitor has corresponding access rights, Smart home administrator is visitor and symmetric key is shared in relevant device distribution, and distributes an access correlation to visitor and set Standby voucher;After receiving shared honeymoon and access credentials, visitor sends access request, access credentials and label to relevant device Name;After relevant device receives access request, recovers smart home administrator distribution and share symmetric key, and respectively to intelligent family It occupies administrator and visitor sends requested data;
Verification:Smart home administrator is after the legitimacy that authentication-access person signs, by the access record storage of signature privately owned In chain, and oneself is sent to accessing the signature recorded to visitor;After the legitimacy of verification smart home administrator signature, visit The person of asking also stores identical access record and signature;
Revocation:Revocation includes automatic revocation and pressure revocation;If the deadline accessed has been spent, then the log-on message of visitor It will be automatically marked as illegal;If visitor wants to continue access equipment data, need to register again;If ending accessing Before date, the log-on message of visitor needs to be forced to cancel for some reason, then smart home owner signs and sends one A cancel an order is to administrator;It stores a list in cancel an order, records the body for the visitor for being cancelled access rights Part;In this way, the visitor for being forced to cancel access rights can not just complete certification next time.
2. the access control method of the smart home environment according to claim 1 based on privately owned chain, which is characterized in that just The specific method of beginningization is:
Initialization algorithm selects the group G of a Prime Orders p1, a hash function H:{ 0,1 } * → Zp, a symmetric encipherment algorithm Ek′(m) and one is signed close algorithm SCk′(m), wherein subscript * is that the digit of 01 string does not limit, ZpRank is represented as group's member of the group of p The set that element is constituted, Ek′(m) it is that symmetric key encryption, SC are carried out to data m with key k 'k′(m) be with key k ' to data m Sign close;Smart home owner firstThere are one unique identity IDO* and private-public key of ∈ { 0,1 } is to (skO, pkO);Smart home owner firstFor smart home administratorDistribute a unique identity IDA∈ { 0,1 } * and key pair (skA, pkA), it is smart machine { D1, D2..., DnDistribution identity { ID1, ID2..., IDn, wherein n is of smart machine Number, and access control policy is written in privately owned chain;VisitorThere are one unique identity IDV* and private key-of ∈ { 0,1 } Public key is to (skV, pkV);Smart home administratorWith smart machine IDi∈{ID1, ID2..., IDnShare symmetric key ki, Wherein 1≤i≤n, n are the number of smart machine, smart home administratorWith smart home ownerShared symmetric key k.
3. the access control method of the smart home environment according to claim 2 based on privately owned chain, which is characterized in that note Volume specific method be:
VisitorTo smart home ownerSend registration request (IDV, IDA);Smart home ownerReceiving registration request The PK sequences for inquiring storage afterwards, if IDVIn the sequence, smart home ownerReply visitorOne fresh random number r1∈Zq, wherein q is a Big prime, otherwise refuses this registration request;After receiving random number, visitorTo intelligent family Occupy ownerSend a registration messageWherein r2It is also a random number;Smart home ownerDecryption message simultaneously checks IDVLegitimacy and registration message freshness;If it is IDVLegal and message fresh, intelligence It can home ownerAn access permission message is sent to visitorCome for it Key is distributed, and sends and accesses smart home administratorVoucher T1, wherein kVAFor visitor and smart home administrator Shared symmetric key, t1It is to stab at the first time, | | it is connector, ED1It is kVAThe term of validity, hash0=hash (IDV, IDA), T1 =Ek(kVA, IDV, IDA, t1, ED1), hash () is the hash function of safety.
4. the access control method of the smart home environment according to claim 3 based on privately owned chain, which is characterized in that recognize The specific method of card is:
VisitorTo smart home administratorSend a certification requestWherein t2When being second Between stab;Smart home administratorAfter receiving certification request, the tactful head in privately owned chain is checked to judge visitorWhether may be used With access equipment data;If visitorThere are corresponding access rights, smart home administratorBy being sent to visitorCome for visitorDistribute visitorWith equipment DiShared symmetric key kVDi, and To visitorDistribute the voucher T of access equipment2, wherein miIt is equipment DiUpper smart home ownerAllow visitorRequest Data, t3For third timestamp, ED2For key kVDiThe term of validity,When receiving After shared key and access credentials, visitorTo equipment DiSend access request and access credentialsSimultaneously To smart home administratorSend signatureWherein t4For the 4th timestamp;Equipment DiReceive access request Afterwards, smart home administrator is recoveredThe shared symmetric key k of distributionVDi, and the validity of authentication-access person signature;If label Name is effective, equipment DiTo visitorWith smart home administratorSend requested device data Wherein t5For the 5th timestamp.
5. the access control method of the smart home environment according to claim 4 based on privately owned chain, which is characterized in that test The specific method of card is:
Smart home administratorIt generatesWherein TXjiFor smart home pipe Reason personAnd visitorIn miOn multi-signature, j indicates visitor jth time access equipment Di, t6For the 6th timestamp, meter Calculate TXj={ TXj1, TXj2..., TXjiAnd smart home administrator to the signature of data block jConcurrently Give visitorVisitorIn verification smart home administratorThe TX of the validity sum of signaturejIntegrality after calculate visit Signature of the person of asking to data block jAnd it is sent to smart home administratorCalculate separately visitor couple The cryptographic Hash of data block jSum number According to packet Mj={ Mj1, Mj2..., Mji, wherein Mji=(IDA, IDV, mi, t4, t6), and all data are stored in privately owned chain In.
CN201810303970.7A 2018-04-03 2018-04-03 Access control method of intelligent home environment based on private chain Expired - Fee Related CN108632254B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810303970.7A CN108632254B (en) 2018-04-03 2018-04-03 Access control method of intelligent home environment based on private chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810303970.7A CN108632254B (en) 2018-04-03 2018-04-03 Access control method of intelligent home environment based on private chain

Publications (2)

Publication Number Publication Date
CN108632254A true CN108632254A (en) 2018-10-09
CN108632254B CN108632254B (en) 2020-09-25

Family

ID=63704693

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810303970.7A Expired - Fee Related CN108632254B (en) 2018-04-03 2018-04-03 Access control method of intelligent home environment based on private chain

Country Status (1)

Country Link
CN (1) CN108632254B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110009499A (en) * 2019-04-17 2019-07-12 北京八分量信息科技有限公司 A kind of method of commerce and system based on block chain and hidden address

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170046698A1 (en) * 2015-08-13 2017-02-16 The Toronto-Dominion Bank Systems and methods for establishing and enforcing transaction-based restrictions using hybrid public-private blockchain ledgers
CN106790513A (en) * 2016-12-19 2017-05-31 杜伯仁 The method that network share service is realized based on block chain
CN107070938A (en) * 2017-04-27 2017-08-18 电子科技大学 Data access control system based on block chain
CN107533501A (en) * 2015-03-20 2018-01-02 里维茨公司 Use block chain automated validation appliance integrality

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107533501A (en) * 2015-03-20 2018-01-02 里维茨公司 Use block chain automated validation appliance integrality
US20170046698A1 (en) * 2015-08-13 2017-02-16 The Toronto-Dominion Bank Systems and methods for establishing and enforcing transaction-based restrictions using hybrid public-private blockchain ledgers
CN106790513A (en) * 2016-12-19 2017-05-31 杜伯仁 The method that network share service is realized based on block chain
CN107070938A (en) * 2017-04-27 2017-08-18 电子科技大学 Data access control system based on block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110009499A (en) * 2019-04-17 2019-07-12 北京八分量信息科技有限公司 A kind of method of commerce and system based on block chain and hidden address

Also Published As

Publication number Publication date
CN108632254B (en) 2020-09-25

Similar Documents

Publication Publication Date Title
Zhu et al. Privacy-preserving authentication and data aggregation for fog-based smart grid
CN108270571B (en) Internet of Things identity authorization system and its method based on block chain
Ni et al. Toward privacy-preserving valet parking in autonomous driving era
CN102710623B (en) Intelligent grid electricity information privacy protection method based on multi-party interaction
Li et al. Providing efficient privacy-aware incentives for mobile sensing
CN107181765A (en) Network digital identity identifying method based on block chain technology
Li et al. Providing privacy-aware incentives in mobile sensing systems
CN102077545A (en) Personal security manager for ubiquitous patient monitoring
CN109146524A (en) A kind of agricultural product using block chain technology are traced to the source information security solution
CN104767731A (en) Identity authentication protection method of Restful mobile transaction system
CN101834853A (en) Method and system for sharing anonymous resource
CN109741800A (en) The method for security protection of medical data intranet and extranet interaction based on block chain technology
CN116405187A (en) Distributed node intrusion situation sensing method based on block chain
CN102377573A (en) Double-factor authentication method capable of securely updating password
CN109840766B (en) Equipment control method and related equipment thereof
Mahmoud et al. Secure data aggregation mechanism for water distribution system using blockchain
CN103312672A (en) Identity authentication method and system
Peng et al. A privacy-preserving crowdsensing system with muti-blockchain
CN103166969A (en) Security access method for cloud controller based on cloud computing platform
Vignesh et al. Secured Data Access and Control Abilities Management over Cloud Environment using Novel Cryptographic Principles
CN102075518A (en) Trust negotiation building method and system based on history roles
Wang et al. Not yet another digital ID: privacy-preserving humanitarian aid distribution
CN108632254A (en) A kind of access control method of the smart home environment based on privately owned chain
CN107425964A (en) Three-side password authentication and key agreement protocol based on the fault-tolerant smart card of information leakage
CN110430207A (en) A kind of smart grid multi-point remote inter-network interaction collaboration authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200925