CN109067550A - Two-way authentication system and mutual authentication method based on CPK tagged keys - Google Patents

Two-way authentication system and mutual authentication method based on CPK tagged keys Download PDF

Info

Publication number
CN109067550A
CN109067550A CN201811114348.8A CN201811114348A CN109067550A CN 109067550 A CN109067550 A CN 109067550A CN 201811114348 A CN201811114348 A CN 201811114348A CN 109067550 A CN109067550 A CN 109067550A
Authority
CN
China
Prior art keywords
terminal
key
unit
random number
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811114348.8A
Other languages
Chinese (zh)
Other versions
CN109067550B (en
Inventor
罗燕京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinchangcheng Technology Development Co ltd
Original Assignee
Beijing Ren Letter Card Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ren Letter Card Technology Co Ltd filed Critical Beijing Ren Letter Card Technology Co Ltd
Priority to CN201811114348.8A priority Critical patent/CN109067550B/en
Publication of CN109067550A publication Critical patent/CN109067550A/en
Application granted granted Critical
Publication of CN109067550B publication Critical patent/CN109067550B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明涉及通信安全技术领域,尤其涉及一种基于CPK标识密钥的双向认证系统及双向认证方法。该系统包括第一终端,用于将第一终端ID发送至密钥管理装置;还用于进行复合,得到第一终端密钥;计算得到第二终端公钥;生成身份认证信息进行验证,若验证通过,则生成会话密钥与第二终端进行通信;第二终端,用于将第二终端ID发送至密钥管理装置;还用于进行复合,得到第二终端密钥;计算得到第一终端公钥;生成身份认证信息进行验证,若验证通过,则生成会话密钥与第一终端进行通信;密钥管理装置,用于计算第一终端标识密钥和第二终端标识密钥;第一终端和第二终端均包含有NB‑IoT模组进行信息传输。本发明具有安全可靠的优点。

The invention relates to the technical field of communication security, in particular to a two-way authentication system and a two-way authentication method based on a CPK identification key. The system includes a first terminal, which is used to send the first terminal ID to the key management device; is also used to perform compounding to obtain the first terminal key; calculate and obtain the second terminal public key; generate identity authentication information for verification, if If the verification is passed, a session key is generated to communicate with the second terminal; the second terminal is used to send the second terminal ID to the key management device; it is also used for compounding to obtain the second terminal key; terminal public key; generate identity authentication information for verification, and if the verification is passed, generate a session key to communicate with the first terminal; a key management device is used to calculate the first terminal identification key and the second terminal identification key; the second Both the first terminal and the second terminal include NB‑IoT modules for information transmission. The invention has the advantages of safety and reliability.

Description

Two-way authentication system and mutual authentication method based on CPK tagged keys
Technical field
The present invention relates to technical field of communication safety and comprising more particularly to a kind of two-way authentication systems based on CPK tagged keys And mutual authentication method.
Background technique
It is caused in the recent period based on cellular narrowband Internet of Things NB-IoT (Narrow Band Internet of Things) Extensive concern.NB-IoT is implemented in cellular network, only consumes the frequency range of about 180KHz, can be deployed directly into global mobile communication System (GSM) network, Universal Mobile Communication System (UMTS) network or LTE (Long Term Evolution, long term evolution skill Art) network, to reduce lower deployment cost, realization smooth upgrade.NB-IoT supports stand-by time short, higher to network connectivity requirements to set Standby efficient connection, while very comprehensive indoor cellular data connection covering can be provided, it has also become the one of all things on earth internet A important branch is that one kind can widely applied emerging technology in the world.NB-IoT has wide covering, multi-connection, low The features such as rate, low cost, few power consumption, excellent framework, can be widely applied to a variety of vertical industries, as remote meter reading, assets with Track, intelligent parking, wisdom agricultural etc..While NB-IoT system is gradually mature, China also often payes attention to entire NB-IoT ecology Chain is made.In April, 2016, industry and information portion hold NB-IoT work and promote meeting, carry forward vigorously and to cultivate NB-IoT entire Industrial chain.Major operator's active response industrial policy takes laboratory proofing, field testing, commercial " three-step-march " opened Strategy, starting the POC verifying based on NB-IoT standard, (Proof of Concept is the verifying for client's concrete application Property test) and laboratory proofing.With the maturation and scale shipment of NB-IoT chip and terminal, it is contemplated that will realize within 2018 true Positive scale commercialization deployment.However to be also faced with such as access authentication, secret protection, wireless sensor node anti-fake by NB-IoT Equal security threats.Therefore, how to guarantee the safety that business information, physical space resource use in NB-IoT system, The urgent problems as important in NB-IoT commercialization deployment process.
The main NB-IOT mould group of Vehicles Collected from Market research and development is concentrated mainly on the realization of basic communication transfer function, and inside uses Algorithm be also all based on International Algorithmic realization greatly, such as Des, AES, RSA scheduling algorithm do not design corresponding cryptoguard measure. The disadvantage is that: 1, cannot achieve the authentication to terminal mould group;2, the key stored in mould group does not have safety protecting mechanism;3, Communication data does not encrypt or Encryption Algorithm intensity is too weak;4, certification needs third party's CA system end to end.
Therefore, it is badly in need of a kind of two-way authentication system and mutual authentication method based on CPK tagged keys.
Summary of the invention
The present invention provides a kind of two-way authentication system and mutual authentication method based on CPK tagged keys, in order to more Add and securely achieves end-to-end two-way authentication.
One aspect of the present invention provides a kind of two-way authentication system based on CPK tagged keys, comprising:
First terminal is sent to key management dress for prestoring first terminal ID and cipher key matrix, and by first terminal ID It sets;It is also used to generate first terminal local key according to cipher key matrix, first terminal tagged keys and first terminal are locally close Key progress is compound, obtains first terminal key;The second terminal ID that second terminal is sent is received, and is calculated according to second terminal ID Obtain second terminal public key;Authentication information is generated using the private key in second terminal public key and first terminal key to be sent to Second terminal is verified, if being verified, the generating random number of random number and the second terminal generation generated according to itself Session key is communicated with second terminal;
Second terminal is sent to key management dress for prestoring second terminal ID and cipher key matrix, and by second terminal ID It sets;It is also used to generate second terminal local key according to cipher key matrix, second terminal tagged keys and second terminal are locally close Key progress is compound, obtains second terminal key;The first terminal ID that first terminal is sent is received, and is calculated according to first terminal ID Obtain first terminal public key;Authentication information is generated using the private key in first terminal public key and second terminal key to be sent to First terminal is verified, if being verified, the generating random number of random number and the first terminal generation generated according to itself Session key is communicated with first terminal;
Key management apparatus, for first terminal ID and second terminal ID to be substituted into preset cipher key matrix, and benefit respectively First terminal tagged keys and second terminal tagged keys are calculated separately out with CPK tagged keys mapping algorithm, are respectively sent to First terminal and second terminal;
Wherein, first terminal and second terminal include NB-IoT mould group, and first terminal and second terminal pass through NB- IoT mould group carries out information transmission.
Further, first terminal includes the pre- memory cell of first terminal ID, first key matrix unit, first terminal key Recombiner unit, first terminal public key computing unit, first terminal authentication information edit cell, first terminal authentication list Member, first terminal random number generation unit, first terminal session key generation unit and the first NB-IoT mould group, second terminal packet It includes the pre- memory cell of second terminal ID, the second cipher key matrix unit, second terminal key recombiner unit, second terminal public key and calculates list Member, second terminal authentication information edit cell, second terminal identity authenticating unit, second terminal random number generation unit, Second terminal session key generation unit and the 2nd NB-IoT mould group, wherein
The pre- memory cell of first terminal ID, for prestoring first terminal ID and being sent to key management apparatus;
First key matrix unit is used for prestored secret key matrix, and locally close according to cipher key matrix generation first terminal Key is sent to first terminal key recombiner unit;
First terminal key recombiner unit, for being answered first terminal tagged keys and first terminal local key It closes, obtains first terminal key and be sent to first terminal authentication information edit cell;
First terminal public key computing unit, for receiving the second terminal ID of second terminal transmission, and according to second terminal ID is calculated second terminal public key and is sent to first terminal authentication information edit cell;
First terminal authentication information edit cell, for utilizing the private in second terminal public key and first terminal key Key generation first terminal authentication information is sent to second terminal and is verified;
First terminal identity authenticating unit, second for receiving the transmission of second terminal authentication information edit cell are whole End authentication information is simultaneously verified, if being verified, verification result is sent to first terminal random number generation unit;
First terminal random number generation unit is sent to first for receiving verification result and generating first terminal random number Terminal session Key generating unit;
First terminal session key generation unit, for according to first terminal random number and second terminal generating random number list The generating random number first terminal session key that member is sent is sent to the first NB-IoT mould group;
First NB-IoT mould group, for carrying out the letter between first terminal and second terminal according to first terminal session key Breath transmission;
The pre- memory cell of second terminal ID, for prestoring second terminal ID and being sent to key management apparatus;
Second cipher key matrix unit is used for prestored secret key matrix, and locally close according to cipher key matrix generation second terminal Key is sent to second terminal key recombiner unit;
Second terminal key recombiner unit, for being answered second terminal tagged keys and second terminal local key It closes, obtains second terminal key and be sent to second terminal authentication information edit cell;
Second terminal public key computing unit, for receiving the first terminal ID of first terminal transmission, and according to first terminal ID is calculated first terminal public key and is sent to second terminal authentication information edit cell;
Second terminal authentication information edit cell, for utilizing the private in first terminal public key and second terminal key Key generation second terminal authentication information is sent to first terminal and is verified;
Second terminal identity authenticating unit, first for receiving the transmission of first terminal authentication information edit cell are whole End authentication information is simultaneously verified, if being verified, verification result is sent to second terminal random number generation unit;
Second terminal random number generation unit is sent to second for receiving verification result and generating second terminal random number Terminal session Key generating unit;
Second terminal session key generation unit, for according to second terminal random number and first terminal generating random number list The second session key of generating random number that member is sent is sent to the first NB-IoT mould group;
2nd NB-IoT mould group, for being conversated according to the second session key and the first NB-IoT mould group.
Further, first key matrix unit is identical as the cipher key matrix in the second cipher key matrix unit.
Further, first terminal key recombiner unit and second terminal key recombiner unit utilize distributed collaboration to calculate Method carries out compound obtain first terminal key and second terminal key.
Further, first terminal random number generation unit and second terminal random number generation unit are random number Device.
Further, randomizer generates random number using SM4 algorithm.
Further, the second terminal ID in first terminal identity authenticating unit verifying second terminal authentication information is No is whether preset second terminal ID and second terminal signature are correct, if being, is verified.
The second aspect of the invention is provided and a kind of is recognized based on described among the above based on the two-way of CPK tagged keys The mutual authentication method based on CPK tagged keys that card system is realized, comprising the following steps:
First terminal ID and cipher key matrix are prestored using first terminal, and first terminal ID is sent to key management dress It sets;First terminal local key is generated according to cipher key matrix, first terminal tagged keys and first terminal local key are carried out It is compound, obtain first terminal key;The second terminal ID that second terminal is sent is received, and is calculated the according to second terminal ID Two terminal public key;Authentication information, which is generated, using the private key in second terminal public key and first terminal key is sent to second eventually End is verified, if being verified, the generating random number session that the random number and second terminal generated according to itself generates is close Key is communicated with second terminal;
Second terminal ID and cipher key matrix are prestored using second terminal, and second terminal ID is sent to key management dress It sets;Second terminal local key is generated according to cipher key matrix, second terminal tagged keys and second terminal local key are carried out It is compound, obtain second terminal key;The first terminal ID that first terminal is sent is received, and is calculated the according to first terminal ID One terminal public key;Authentication information, which is generated, using the private key in first terminal public key and second terminal key is sent to first eventually End is verified, if being verified, the generating random number session that the random number and first terminal generated according to itself generates is close Key is communicated with first terminal;
Using key management apparatus first terminal ID and second terminal ID are substituted into preset cipher key matrix respectively, and utilized CPK tagged keys mapping algorithm calculates separately out first terminal tagged keys and second terminal tagged keys, is respectively sent to One terminal and second terminal;
First terminal NB-IoT mould group and second terminal NB-IoT mould group conversate.
Two-way authentication system and mutual authentication method provided by the invention based on CPK tagged keys, with prior art phase Than with following progress: by key management apparatus according to the ID of terminal generate tagged keys, then by the key of terminal local with Tagged keys carry out it is compound obtain final terminal key, be conducive to improve the safety that uses of key;Between terminal and terminal Information transmission and the bi-directional verification of both sides' identity are carried out by NB-IoT mould group, electronic third-party business confirming is not needed and awards It weighs mechanism and certificate management is provided, improve the safety and reliability of information transmission.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is that the device of the two-way authentication system based on CPK tagged keys in the embodiment of the present invention connects block diagram;
The step of Fig. 2 is the mutual authentication method in the embodiment of the present invention based on CPK tagged keys is schemed.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art Language and scientific term), there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Should also Understand, those terms such as defined in the general dictionary, it should be understood that have in the context of the prior art The consistent meaning of meaning, and unless otherwise will not be explained in an idealized or overly formal meaning by specific definitions.
Present embodiments provide a kind of two-way authentication system and mutual authentication method based on CPK tagged keys.
Such as Fig. 1, the two-way authentication system based on CPK tagged keys of the present embodiment, comprising:
First terminal is sent to key management dress for prestoring first terminal ID and cipher key matrix, and by first terminal ID It sets;It is also used to generate first terminal local key according to cipher key matrix, first terminal tagged keys and first terminal are locally close Key progress is compound, obtains first terminal key;The second terminal ID that second terminal is sent is received, and is calculated according to second terminal ID Obtain second terminal public key;Authentication information is generated using the private key in second terminal public key and first terminal key to be sent to Second terminal is verified, if being verified, the generating random number of random number and the second terminal generation generated according to itself Session key is communicated with second terminal;
Second terminal is sent to key management dress for prestoring second terminal ID and cipher key matrix, and by second terminal ID It sets;It is also used to generate second terminal local key according to cipher key matrix, second terminal tagged keys and second terminal are locally close Key progress is compound, obtains second terminal key;The first terminal ID that first terminal is sent is received, and is calculated according to first terminal ID Obtain first terminal public key;Authentication information is generated using the private key in first terminal public key and second terminal key to be sent to First terminal is verified, if being verified, the generating random number of random number and the first terminal generation generated according to itself Session key is communicated with first terminal;
Key management apparatus, for first terminal ID and second terminal ID to be substituted into preset cipher key matrix, and benefit respectively First terminal tagged keys and second terminal tagged keys are calculated separately out with CPK tagged keys mapping algorithm, are respectively sent to First terminal and second terminal;
Wherein, first terminal and second terminal include NB-IoT mould group, and first terminal and second terminal pass through NB- IoT mould group carries out information transmission.
The two-way authentication system based on CPK tagged keys of the present embodiment, by key management apparatus according to the ID of terminal Generate tagged keys, then by the key of terminal local and tagged keys carry out it is compound obtain final terminal key, be conducive to mention The safety that high key uses;Pair of information transmission and both sides' identity is carried out between terminal and terminal by NB-IoT mould group To verifying, do not need electronic third-party business confirming authorized organization and certificate management be provided, improve information transmission safety and Reliability.
Key management apparatus utilizes CPK (Combined Public Key, combined public-key scheme or tagged keys system) Tagged keys mapping algorithm generates terminal iidentification key corresponding with Termination ID, can use the resource of very little, support ultra-large User, what memory space needed lacks, and operational efficiency is high, and processing energy is big, and then greatly expands its application range.
Such as Fig. 1, when it is implemented, first terminal includes the pre- memory cell of first terminal ID, first key matrix unit, first Terminal key recombiner unit, first terminal public key computing unit, first terminal authentication information edit cell, first terminal body Part authentication unit, first terminal random number generation unit, first terminal session key generation unit and the first NB-IoT mould group, the Two terminals include the pre- memory cell of second terminal ID, the second cipher key matrix unit, second terminal key recombiner unit, second terminal public affairs Key computing unit, second terminal authentication information edit cell, second terminal identity authenticating unit, second terminal random number are raw At unit, second terminal session key generation unit and the 2nd NB-IoT mould group, wherein
The pre- memory cell of first terminal ID, for prestoring first terminal ID and being sent to key management apparatus;
First key matrix unit is used for prestored secret key matrix, and locally close according to cipher key matrix generation first terminal Key is sent to first terminal key recombiner unit;
First terminal key recombiner unit, for being answered first terminal tagged keys and first terminal local key It closes, obtains first terminal key and be sent to first terminal authentication information edit cell;
First terminal public key computing unit, for receiving the second terminal ID of second terminal transmission, and according to second terminal ID is calculated second terminal public key and is sent to first terminal authentication information edit cell;
First terminal authentication information edit cell, for utilizing the private in second terminal public key and first terminal key Key generation first terminal authentication information is sent to second terminal and is verified;
First terminal identity authenticating unit, second for receiving the transmission of second terminal authentication information edit cell are whole End authentication information is simultaneously verified, if being verified, verification result is sent to first terminal random number generation unit;
First terminal random number generation unit is sent to first for receiving verification result and generating first terminal random number Terminal session Key generating unit;
First terminal session key generation unit, for according to first terminal random number and second terminal generating random number list The generating random number first terminal session key that member is sent is sent to the first NB-IoT mould group;
First NB-IoT mould group, for carrying out the letter between first terminal and second terminal according to first terminal session key Breath transmission;
The pre- memory cell of second terminal ID, for prestoring second terminal ID and being sent to key management apparatus;
Second cipher key matrix unit is used for prestored secret key matrix, and locally close according to cipher key matrix generation second terminal Key is sent to second terminal key recombiner unit;
Second terminal key recombiner unit, for being answered second terminal tagged keys and second terminal local key It closes, obtains second terminal key and be sent to second terminal authentication information edit cell;
Second terminal public key computing unit, for receiving the first terminal ID of first terminal transmission, and according to first terminal ID is calculated first terminal public key and is sent to second terminal authentication information edit cell;
Second terminal authentication information edit cell, for utilizing the private in first terminal public key and second terminal key Key generation second terminal authentication information is sent to first terminal and is verified;
Second terminal identity authenticating unit, first for receiving the transmission of first terminal authentication information edit cell are whole End authentication information is simultaneously verified, if being verified, verification result is sent to second terminal random number generation unit;
Second terminal random number generation unit is sent to second for receiving verification result and generating second terminal random number Terminal session Key generating unit;
Second terminal session key generation unit, for according to second terminal random number and first terminal generating random number list The second session key of generating random number that member is sent is sent to the first NB-IoT mould group;
2nd NB-IoT mould group, for being conversated according to the second session key and the first NB-IoT mould group.
When it is implemented, first key matrix unit is identical as the cipher key matrix in the second cipher key matrix unit.Pass through phase With cipher key matrix calculate the public key of distant terminal, it is fairly simple, have convenient for the subsequent authentication for carrying out distant terminal Effect.
When it is implemented, first terminal key recombiner unit and second terminal key recombiner unit utilize distributed collaboration Algorithm carries out compound obtain first terminal key and second terminal key.Using distributed collaboration operation, according to terminal iidentification Key and terminal local key carry out calculate and it is compound, terminal iidentification key and terminal local can not be deduced according to intermediate result The sensitive information of key, and terminal iidentification key and terminal local key did not occur completely from beginning to end, can be greatly reduced The risk of terminal iidentification key and terminal local Key Exposure, improves the reliability in use process.
When it is implemented, first terminal random number generation unit and second terminal random number generation unit are random number hair Raw device, and randomizer generates random number using SM4 algorithm, upper layer sets entropy input function, institute by readjustment form It obtains entropy and meets safe second level demand, improve safety.
When it is implemented, the second terminal ID in first terminal identity authenticating unit verifying second terminal authentication information Whether be preset second terminal ID and second terminal signature it is whether correct, if being, be verified.Due to terminal It, can be by the other side in distant terminal authentication information when verifying the identity of distant terminal through prestoring the ID of distant terminal Termination ID is compared with the distant terminal ID prestored, if unanimously, authentication success can carry out subsequent session, If inconsistent, authentication failure.When it is implemented, the verifying for distant terminal identity information, may also include pair The verifying of distant terminal signature, terminal have preserved the public key of distant terminal, have utilized the public key verifications distant terminal of distant terminal Signature.When it is implemented, verification mode can also be configured as needed by user.
Such as Fig. 2, the present embodiment additionally provide it is a kind of based on the above embodiment described in based on the two-way of CPK tagged keys The mutual authentication method based on CPK tagged keys that Verification System is realized, comprising the following steps:
First terminal ID and cipher key matrix are prestored using first terminal, and first terminal ID is sent to key management dress It sets;First terminal local key is generated according to cipher key matrix, first terminal tagged keys and first terminal local key are carried out It is compound, obtain first terminal key;The second terminal ID that second terminal is sent is received, and is calculated the according to second terminal ID Two terminal public key;Authentication information, which is generated, using the private key in second terminal public key and first terminal key is sent to second eventually End is verified, if being verified, the generating random number session that the random number and second terminal generated according to itself generates is close Key is communicated with second terminal;
Second terminal ID and cipher key matrix are prestored using second terminal, and second terminal ID is sent to key management dress It sets;Second terminal local key is generated according to cipher key matrix, second terminal tagged keys and second terminal local key are carried out It is compound, obtain second terminal key;The first terminal ID that first terminal is sent is received, and is calculated the according to first terminal ID One terminal public key;Authentication information, which is generated, using the private key in first terminal public key and second terminal key is sent to first eventually End is verified, if being verified, the generating random number session that the random number and first terminal generated according to itself generates is close Key is communicated with first terminal;
Using key management apparatus first terminal ID and second terminal ID are substituted into preset cipher key matrix respectively, and utilized CPK tagged keys mapping algorithm calculates separately out first terminal tagged keys and second terminal tagged keys, is respectively sent to One terminal and second terminal;
First terminal NB-IoT mould group and second terminal NB-IoT mould group conversate.
The mutual authentication method based on CPK tagged keys of the present embodiment, by key management apparatus according to the ID of terminal Generate tagged keys, then by the key of terminal local and tagged keys carry out it is compound obtain final terminal key, be conducive to mention The safety that high key uses;Pair of information transmission and both sides' identity is carried out between terminal and terminal by NB-IoT mould group To verifying, do not need electronic third-party business confirming authorized organization and certificate management be provided, improve information transmission safety and Reliability.
For embodiment of the method, for simple description, therefore, it is stated as a series of action combinations, but this field Technical staff should be aware of, and embodiment of that present invention are not limited by the describe sequence of actions, because implementing according to the present invention Example, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know that, specification Described in embodiment belong to preferred embodiment, the actions involved are not necessarily necessary for embodiments of the present invention.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features; And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and Range.

Claims (10)

1.一种基于CPK标识密钥的双向认证系统,其特征在于,包括:1. A two-way authentication system based on CPK identification key, characterized in that, comprising: 第一终端,用于预存第一终端ID和密钥矩阵,并将第一终端ID发送至密钥管理装置;还用于根据密钥矩阵产生第一终端本地密钥,将第一终端标识密钥和第一终端本地密钥进行复合,得到第一终端密钥;接收第二终端发送的第二终端ID,并根据第二终端ID计算得到第二终端公钥;利用第二终端公钥和第一终端密钥中的私钥生成身份认证信息发送至第二终端进行验证,若验证通过,则根据自身产生的随机数和第二终端产生的随机数生成会话密钥与第二终端进行通信;The first terminal is used to pre-store the first terminal ID and the key matrix, and send the first terminal ID to the key management device; it is also used to generate the first terminal local key according to the key matrix, and encrypt the first terminal ID key and the local key of the first terminal to obtain the first terminal key; receive the second terminal ID sent by the second terminal, and calculate the second terminal public key according to the second terminal ID; use the second terminal public key and The private key in the first terminal key generates identity authentication information and sends it to the second terminal for verification. If the verification passes, a session key is generated based on the random number generated by itself and the random number generated by the second terminal to communicate with the second terminal. ; 第二终端,用于预存第二终端ID和密钥矩阵,并将第二终端ID发送至密钥管理装置;还用于根据密钥矩阵产生第二终端本地密钥,将第二终端标识密钥和第二终端本地密钥进行复合,得到第二终端密钥;接收第一终端发送的第一终端ID,并根据第一终端ID计算得到第一终端公钥;利用第一终端公钥和第二终端密钥中的私钥生成身份认证信息发送至第一终端进行验证,若验证通过,则根据自身产生的随机数和第一终端产生的随机数生成会话密钥与第一终端进行通信;The second terminal is used to pre-store the second terminal ID and the key matrix, and send the second terminal ID to the key management device; it is also used to generate the second terminal local key according to the key matrix, and encrypt the second terminal ID Key and the second terminal local key are compounded to obtain the second terminal key; receive the first terminal ID sent by the first terminal, and calculate the first terminal public key according to the first terminal ID; use the first terminal public key and The private key in the second terminal key generates identity authentication information and sends it to the first terminal for verification. If the verification passes, a session key is generated based on the random number generated by itself and the random number generated by the first terminal to communicate with the first terminal. ; 密钥管理装置,用于将第一终端ID和第二终端ID分别代入预设的密钥矩阵,并利用CPK标识密钥映射算法分别计算出第一终端标识密钥和第二终端标识密钥,分别发送至第一终端和第二终端;A key management device, configured to respectively substitute the first terminal ID and the second terminal ID into the preset key matrix, and use the CPK identification key mapping algorithm to calculate the first terminal identification key and the second terminal identification key respectively , respectively sent to the first terminal and the second terminal; 其中,第一终端和第二终端均包含有NB-IoT模组,第一终端和第二终端通过NB-IoT模组进行信息传输。Wherein, both the first terminal and the second terminal include a NB-IoT module, and the first terminal and the second terminal perform information transmission through the NB-IoT module. 2.根据权利要求1所述的基于CPK标识密钥的双向认证系统,其特征在于,第一终端包括第一终端ID预存单元、第一密钥矩阵单元、第一终端密钥复合单元、第一终端公钥计算单元、第一终端身份认证信息编辑单元、第一终端身份验证单元、第一终端随机数生成单元、第一终端会话密钥生成单元和第一NB-IoT模组,第二终端包括第二终端ID预存单元、第二密钥矩阵单元、第二终端密钥复合单元、第二终端公钥计算单元、第二终端身份认证信息编辑单元、第二终端身份验证单元、第二终端随机数生成单元、第二终端会话密钥生成单元和第二NB-IoT模组,其中,2. The two-way authentication system based on the CPK identification key according to claim 1, wherein the first terminal comprises a first terminal ID pre-storage unit, a first key matrix unit, a first terminal key composite unit, a second A terminal public key calculation unit, a first terminal identity authentication information editing unit, a first terminal identity verification unit, a first terminal random number generation unit, a first terminal session key generation unit, a first NB-IoT module, a second The terminal includes a second terminal ID pre-storage unit, a second key matrix unit, a second terminal key composite unit, a second terminal public key calculation unit, a second terminal identity authentication information editing unit, a second terminal identity verification unit, a second A terminal random number generating unit, a second terminal session key generating unit and a second NB-IoT module, wherein, 第一终端ID预存单元,用于预存第一终端ID并发送至密钥管理装置;a first terminal ID pre-storage unit, configured to pre-storage the first terminal ID and send it to the key management device; 第一密钥矩阵单元,用于预存密钥矩阵,以及根据密钥矩阵产生第一终端本地密钥发送至第一终端密钥复合单元;The first key matrix unit is used to pre-store the key matrix, and generate the first terminal local key according to the key matrix and send it to the first terminal key composite unit; 第一终端密钥复合单元,用于将第一终端标识密钥和第一终端本地密钥进行复合,得到第一终端密钥发送至第一终端身份认证信息编辑单元;The first terminal key composite unit is configured to composite the first terminal identification key and the first terminal local key to obtain the first terminal key and send it to the first terminal identity authentication information editing unit; 第一终端公钥计算单元,用于接收第二终端发送的第二终端ID,并根据第二终端ID计算得到第二终端公钥发送至第一终端身份认证信息编辑单元;The first terminal public key calculation unit is configured to receive the second terminal ID sent by the second terminal, and calculate the second terminal public key according to the second terminal ID and send it to the first terminal identity authentication information editing unit; 第一终端身份认证信息编辑单元,用于利用第二终端公钥和第一终端密钥中的私钥生成第一终端身份认证信息发送至第二终端进行验证;The first terminal identity authentication information editing unit is configured to use the second terminal public key and the private key in the first terminal key to generate the first terminal identity authentication information and send it to the second terminal for verification; 第一终端身份验证单元,用于接收第二终端身份认证信息编辑单元发送的第二终端身份认证信息并进行验证,若验证通过,则将验证结果发送至第一终端随机数生成单元;The first terminal identity verification unit is configured to receive and verify the second terminal identity authentication information sent by the second terminal identity authentication information editing unit, and if the verification is passed, send the verification result to the first terminal random number generation unit; 第一终端随机数生成单元,用于接收验证结果并生成第一终端随机数发送至第一终端会话密钥生成单元;The first terminal random number generation unit is configured to receive the verification result and generate the first terminal random number and send it to the first terminal session key generation unit; 第一终端会话密钥生成单元,用于根据第一终端随机数和第二终端随机数生成单元发送的随机数生成第一终端会话密钥发送至第一NB-IoT模组;The first terminal session key generating unit is configured to generate a first terminal session key according to the random number sent by the first terminal random number and the second terminal random number generating unit and send it to the first NB-IoT module; 第一NB-IoT模组,用于根据第一终端会话密钥进行第一终端和第二终端之间的信息传输;The first NB-IoT module is used to transmit information between the first terminal and the second terminal according to the session key of the first terminal; 第二终端ID预存单元,用于预存第二终端ID并发送至密钥管理装置;The second terminal ID pre-storage unit is used for pre-storing the second terminal ID and sending it to the key management device; 第二密钥矩阵单元,用于预存密钥矩阵,以及根据密钥矩阵产生第二终端本地密钥发送至第二终端密钥复合单元;The second key matrix unit is used to pre-store the key matrix, and generate the second terminal local key according to the key matrix and send it to the second terminal key composite unit; 第二终端密钥复合单元,用于将第二终端标识密钥和第二终端本地密钥进行复合,得到第二终端密钥发送至第二终端身份认证信息编辑单元;The second terminal key composite unit is configured to composite the second terminal identification key and the second terminal local key to obtain the second terminal key and send it to the second terminal identity authentication information editing unit; 第二终端公钥计算单元,用于接收第一终端发送的第一终端ID,并根据第一终端ID计算得到第一终端公钥发送至第二终端身份认证信息编辑单元;The second terminal public key calculation unit is configured to receive the first terminal ID sent by the first terminal, and calculate the first terminal public key according to the first terminal ID and send it to the second terminal identity authentication information editing unit; 第二终端身份认证信息编辑单元,用于利用第一终端公钥和第二终端密钥中的私钥生成第二终端身份认证信息发送至第一终端进行验证;The second terminal identity authentication information editing unit is configured to use the first terminal public key and the private key in the second terminal key to generate second terminal identity authentication information and send it to the first terminal for verification; 第二终端身份验证单元,用于接收第一终端身份认证信息编辑单元发送的第一终端身份认证信息并进行验证,若验证通过,则将验证结果发送至第二终端随机数生成单元;The second terminal identity verification unit is configured to receive and verify the first terminal identity authentication information sent by the first terminal identity authentication information editing unit, and if the verification is passed, send the verification result to the second terminal random number generation unit; 第二终端随机数生成单元,用于接收验证结果并生成第二终端随机数发送至第二终端会话密钥生成单元;The second terminal random number generation unit is configured to receive the verification result and generate the second terminal random number and send it to the second terminal session key generation unit; 第二终端会话密钥生成单元,用于根据第二终端随机数和第一终端随机数生成单元发送的随机数生成第二会话密钥发送至第二NB-IoT模组;The second terminal session key generating unit is configured to generate a second session key according to the second terminal random number and the random number sent by the first terminal random number generating unit and send it to the second NB-IoT module; 第二NB-IoT模组,用于根据第二会话密钥与第一NB-IoT模组进行会话。The second NB-IoT module is configured to conduct a session with the first NB-IoT module according to the second session key. 3.根据权利要求2所述的基于CPK标识密钥的双向认证系统,其特征在于,第一密钥矩阵单元与第二密钥矩阵单元中的密钥矩阵相同。3. The two-way authentication system based on the CPK identification key according to claim 2, wherein the key matrix in the first key matrix unit is the same as that in the second key matrix unit. 4.根据权利要求3所述的基于CPK标识密钥的双向认证系统,其特征在于,第一终端密钥复合单元和第二终端密钥复合单元均利用分布式协同算法进行复合得到将第一终端密钥和第二终端密钥。4. The two-way authentication system based on CPK identification key according to claim 3, characterized in that, the first terminal key composite unit and the second terminal key composite unit all utilize a distributed collaborative algorithm to composite the first a terminal key and a second terminal key. 5.根据权利要求4所述的基于CPK标识密钥的双向认证系统,其特征在于,第一终端随机数生成单元和第二终端随机数生成单元均为随机数发生器。5. The two-way authentication system based on the CPK identification key according to claim 4, characterized in that, both the first terminal random number generating unit and the second terminal random number generating unit are random number generators. 6.根据权利要求5所述的基于CPK标识密钥的双向认证系统,其特征在于,随机数发生器使用SM4算法生成随机数。6. The two-way authentication system based on the CPK identification key according to claim 5, wherein the random number generator uses the SM4 algorithm to generate random numbers. 7.根据权利要求6所述的基于CPK标识密钥的双向认证系统,其特征在于,第一终端身份验证单元验证第二终端身份认证信息中的第二终端ID是否为预设的第二终端ID,以及第二终端签名是否正确,若均是,则验证通过。7. The two-way authentication system based on the CPK identification key according to claim 6, wherein the first terminal identity verification unit verifies whether the second terminal ID in the second terminal identity authentication information is a preset second terminal Whether the ID and the signature of the second terminal are correct, and if both are, the verification is passed. 8.一种基于权利要求1所述的基于CPK标识密钥的双向认证系统实现的基于CPK标识密钥的双向认证方法,其特征在于,包括以下步骤:8. A two-way authentication method based on the CPK identification key realized by the two-way authentication system based on the CPK identification key according to claim 1, it is characterized in that, comprising the following steps: 利用第一终端预存第一终端ID和密钥矩阵,并将第一终端ID发送至密钥管理装置;根据密钥矩阵产生第一终端本地密钥,将第一终端标识密钥和第一终端本地密钥进行复合,得到第一终端密钥;接收第二终端发送的第二终端ID,并根据第二终端ID计算得到第二终端公钥;利用第二终端公钥和第一终端密钥中的私钥生成身份认证信息发送至第二终端进行验证,若验证通过,则根据自身产生的随机数和第二终端产生的随机数生成会话密钥与第二终端进行通信;Use the first terminal to pre-store the first terminal ID and key matrix, and send the first terminal ID to the key management device; generate the first terminal local key according to the key matrix, and use the first terminal identification key and the first terminal Composite the local key to obtain the first terminal key; receive the second terminal ID sent by the second terminal, and calculate the second terminal public key according to the second terminal ID; use the second terminal public key and the first terminal key The private key in the generated identity authentication information is sent to the second terminal for verification, and if the verification is passed, a session key is generated according to the random number generated by itself and the random number generated by the second terminal to communicate with the second terminal; 利用第二终端预存第二终端ID和密钥矩阵,并将第二终端ID发送至密钥管理装置;根据密钥矩阵产生第二终端本地密钥,将第二终端标识密钥和第二终端本地密钥进行复合,得到第二终端密钥;接收第一终端发送的第一终端ID,并根据第一终端ID计算得到第一终端公钥;利用第一终端公钥和第二终端密钥中的私钥生成身份认证信息发送至第一终端进行验证,若验证通过,则根据自身产生的随机数和第一终端产生的随机数生成会话密钥与第一终端进行通信;Use the second terminal to pre-store the second terminal ID and key matrix, and send the second terminal ID to the key management device; generate the second terminal local key according to the key matrix, and use the second terminal identification key and the second terminal Composite the local key to obtain the second terminal key; receive the first terminal ID sent by the first terminal, and calculate the first terminal public key according to the first terminal ID; use the first terminal public key and the second terminal key The private key in the generated identity authentication information is sent to the first terminal for verification, and if the verification is passed, a session key is generated according to the random number generated by itself and the random number generated by the first terminal to communicate with the first terminal; 利用密钥管理装置将第一终端ID和第二终端ID分别代入预设的密钥矩阵,并利用CPK标识密钥映射算法分别计算出第一终端标识密钥和第二终端标识密钥,分别发送至第一终端和第二终端;Use the key management device to respectively substitute the first terminal ID and the second terminal ID into the preset key matrix, and use the CPK identification key mapping algorithm to calculate the first terminal identification key and the second terminal identification key respectively, respectively sent to the first terminal and the second terminal; 第一终端NB-IoT模组和第二终端NB-IoT模组进行会话。The NB-IoT module of the first terminal conducts a session with the NB-IoT module of the second terminal. 9.根据权利要求8所述的基于CPK标识密钥的双向认证系统方法,其特征在于,第一终端与第二终端中的密钥矩阵相同。9. The two-way authentication system method based on CPK identification key according to claim 8, characterized in that the key matrix in the first terminal and the second terminal are the same. 10.根据权利要求9所述的基于CPK标识密钥的双向认证系统方法,其特征在于,第一终端和第二终端密均利用分布式协同算法进行复合得到将第一终端密钥和第二终端密钥。10. The two-way authentication system method based on the CPK identification key according to claim 9, wherein the first terminal key and the second terminal key are compounded using a distributed cooperative algorithm to obtain the first terminal key and the second terminal key terminal key.
CN201811114348.8A 2018-09-25 2018-09-25 Bidirectional Authentication System and Bidirectional Authentication Method Based on CPK Identification Key Active CN109067550B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811114348.8A CN109067550B (en) 2018-09-25 2018-09-25 Bidirectional Authentication System and Bidirectional Authentication Method Based on CPK Identification Key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811114348.8A CN109067550B (en) 2018-09-25 2018-09-25 Bidirectional Authentication System and Bidirectional Authentication Method Based on CPK Identification Key

Publications (2)

Publication Number Publication Date
CN109067550A true CN109067550A (en) 2018-12-21
CN109067550B CN109067550B (en) 2021-10-22

Family

ID=64763605

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811114348.8A Active CN109067550B (en) 2018-09-25 2018-09-25 Bidirectional Authentication System and Bidirectional Authentication Method Based on CPK Identification Key

Country Status (1)

Country Link
CN (1) CN109067550B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111756531A (en) * 2020-05-11 2020-10-09 北京仁信证科技有限公司 Communication system and method of LoRa terminal based on CPK
CN113615220A (en) * 2021-06-22 2021-11-05 华为技术有限公司 Secure communication method and device
CN115549961A (en) * 2022-08-19 2022-12-30 海南视联通信技术有限公司 Terminal authentication method and device, electronic equipment and storage medium
WO2024139603A1 (en) * 2022-12-27 2024-07-04 中国银联股份有限公司 Bidirectional authentication method and system based on internet of things

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488853A (en) * 2009-01-15 2009-07-22 赵建国 Cross-certification method based on seed key management
WO2011150811A1 (en) * 2010-05-31 2011-12-08 Pettersson Hans Jerry Urban Method for performing bidirectional communication by adopting optical vision codes
CN105577377A (en) * 2014-10-13 2016-05-11 航天信息股份有限公司 Identity-based authentication method and identity-based authentication system with secret key negotiation
CN106713236A (en) * 2015-11-17 2017-05-24 成都腾甲数据服务有限公司 End-to-end identity authentication and encryption method based on CPK identifier authentication
CN108322486A (en) * 2018-05-07 2018-07-24 安徽大学 Authentication protocol towards multiserver framework under a kind of car networking cloud environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488853A (en) * 2009-01-15 2009-07-22 赵建国 Cross-certification method based on seed key management
WO2011150811A1 (en) * 2010-05-31 2011-12-08 Pettersson Hans Jerry Urban Method for performing bidirectional communication by adopting optical vision codes
CN105577377A (en) * 2014-10-13 2016-05-11 航天信息股份有限公司 Identity-based authentication method and identity-based authentication system with secret key negotiation
CN106713236A (en) * 2015-11-17 2017-05-24 成都腾甲数据服务有限公司 End-to-end identity authentication and encryption method based on CPK identifier authentication
CN108322486A (en) * 2018-05-07 2018-07-24 安徽大学 Authentication protocol towards multiserver framework under a kind of car networking cloud environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谢永、吴黎兵、张宇波、叶璐瑶: "《面向车联网的多服务器架构的匿名双向认证与密钥协商协议》", 《计算机研究与发展》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111756531A (en) * 2020-05-11 2020-10-09 北京仁信证科技有限公司 Communication system and method of LoRa terminal based on CPK
CN111756531B (en) * 2020-05-11 2023-12-26 北京信长城科技发展有限公司 Communication system and method of LoRa terminal based on CPK
CN113615220A (en) * 2021-06-22 2021-11-05 华为技术有限公司 Secure communication method and device
CN113615220B (en) * 2021-06-22 2023-04-18 华为技术有限公司 A secure communication method and device
CN115549961A (en) * 2022-08-19 2022-12-30 海南视联通信技术有限公司 Terminal authentication method and device, electronic equipment and storage medium
WO2024139603A1 (en) * 2022-12-27 2024-07-04 中国银联股份有限公司 Bidirectional authentication method and system based on internet of things

Also Published As

Publication number Publication date
CN109067550B (en) 2021-10-22

Similar Documents

Publication Publication Date Title
CN101777978B (en) Method and system based on wireless terminal for applying digital certificate and wireless terminal
WO2018120883A1 (en) Low power consumption bluetooth device communication encryption method and system
CN109067550A (en) Two-way authentication system and mutual authentication method based on CPK tagged keys
CN105308995A (en) Wireless configuration using passive near field communication
CN103795541B (en) Secure communication method of electricity information acquisition system of 230M wireless private network channel
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN106576043A (en) Virally distributable trusted messaging
Hou et al. Lightweight and privacy-preserving charging reservation authentication protocol for 5G-V2G
CN109787761A (en) A device authentication and key distribution system and method based on a physical unclonable function
CN110401530A (en) A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium
CN105701873B (en) A kind of Non-contact attendance recording method and attendance record system
WO2016058259A1 (en) Encryption transmission and verification method for power communication network field operation and maintenance data
CN112994873B (en) Certificate application method and equipment
US10880079B2 (en) Private key generation method and system, and device
KR102135710B1 (en) Hardware secure module
CN101807994A (en) Method and system for application data transmission of IC card
CN102970676A (en) Method for processing original data, internet of thing system and terminal
CN109816831A (en) An authentication method and system for an intelligent lock based on a national secret algorithm
CN107493165A (en) A kind of car networking certification and cryptographic key negotiation method with strong anonymity
CN101895881A (en) Method for realizing GBA secret key and pluggable equipment of terminal
CN101990201A (en) Method, system and device for generating general bootstrapping architecture (GBA) secret key
CN105407109A (en) Data secure transmission method between Bluetooth devices
CN116996321A (en) Digital substation edge computing access authentication method and system
CN112804356A (en) Block chain-based networking equipment supervision authentication method and system
Mbarek et al. Energy efficient security protocols for wireless sensor networks: SPINS vs TinySec

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Luo Yanjing

Inventor after: Liu Peng

Inventor before: Luo Yanjing

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089

Patentee after: Beijing xinchangcheng Technology Development Co.,Ltd.

Address before: 100080 room 1505, 15 / F, block B, 3 Haidian Street, Haidian District, Beijing

Patentee before: BEIJING RENXINZHENG TECHNOLOGY CO.,LTD.

CP03 Change of name, title or address
TR01 Transfer of patent right

Effective date of registration: 20231019

Address after: 610, Floor 6, Block A, No. 2, Lize Middle Second Road, Chaoyang District, Beijing 100102

Patentee after: Zhongguancun Technology Leasing Co.,Ltd.

Address before: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089

Patentee before: Beijing xinchangcheng Technology Development Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240202

Address after: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089

Patentee after: Beijing xinchangcheng Technology Development Co.,Ltd.

Country or region after: China

Address before: 610, Floor 6, Block A, No. 2, Lize Middle Second Road, Chaoyang District, Beijing 100102

Patentee before: Zhongguancun Technology Leasing Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right
CP03 Change of name, title or address

Address after: 738, 7th Floor, Building 10, No. 6, 8, 10, 12, 16, 18 Xuanwumen Outer Street, Xicheng District, Beijing 100053

Patentee after: Beijing xinchangcheng Technology Development Co.,Ltd.

Country or region after: China

Address before: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089

Patentee before: Beijing xinchangcheng Technology Development Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address