CN109218307A - A kind of method of client identity certification - Google Patents

A kind of method of client identity certification Download PDF

Info

Publication number
CN109218307A
CN109218307A CN201811067426.3A CN201811067426A CN109218307A CN 109218307 A CN109218307 A CN 109218307A CN 201811067426 A CN201811067426 A CN 201811067426A CN 109218307 A CN109218307 A CN 109218307A
Authority
CN
China
Prior art keywords
gateway
ciphertext
code
identifying code
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811067426.3A
Other languages
Chinese (zh)
Inventor
李业兵
张利岩
孙重阳
陈恩强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Tong National Pulse Technology Nanjing Co Ltd
Original Assignee
China Tong National Pulse Technology Nanjing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Tong National Pulse Technology Nanjing Co Ltd filed Critical China Tong National Pulse Technology Nanjing Co Ltd
Priority to CN201811067426.3A priority Critical patent/CN109218307A/en
Publication of CN109218307A publication Critical patent/CN109218307A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of method of client identity certification, comprising the following steps: register the sequence number of gateway, and generate encryption code key at random;Encryption code key is configured to device gateway access network, after starting, 8 byte random verification codes is generated, the character string of gateway ID+ identifying code is then spliced into gateway ID;Using the encryption code key of configuration, character string is encrypted, obtained ciphertext is spliced with gateway ID again;Gateway connection management platform;After connection, marshalling message of the gateway gateway ID+ ciphertext, sending tube platform;Platform is managed according to the message after the marshalling taken, gateway ID is parsed, decrypts ciphertext;Gateway ID and identifying code after being decrypted, are then encrypted using code key, and encrypted ciphertext data are returned to device gateway;Device gateway receives the ciphertext that management platform returns, and decryption is verified code and timestamp;Device gateway identifying code, what whether the identifying code after decryption oneself generated, whether stamp time verification time synchronizes, and communication connection is established after being proved to be successful.

Description

A kind of method of client identity certification
Technical field
The invention belongs to internet areas, are related to a kind of method of client identity certification.
Background technique
Equipment is managed collectively and closes management Platform communication with Internet of Things and is responsible for by device gateway in IoT applications, facility network It closes and is controlled by single chip communication and equipment, since single-chip microcontroller only has several K to the hardware resource of tens K, be not available consuming resource Asymmetric arithmetic handle communicating pair authentication question, so it is real to use TEA Encryption Algorithm combination self-defining data structure The authentication of existing client gateways, TEA algorithm is not only fairly simple, and has very strong resisting differential analysis ability, encryption speed Degree is also than very fast.
Summary of the invention
1, technical problem to be solved:
Existing single-chip microcontroller only has several K to the hardware resource of tens K, is not available the asymmetric arithmetic of consuming resource to handle communication Mutual authentication problem.
2, technical solution:
In order to solve problem above, the present invention provides a kind of methods of client identity certification, comprising the following steps: first Step: in IOT Internet of Things management platform, gateway management module, the sequence number and unique identification of gateway are registered, and generate at random Encrypt code key;Step 2: the encryption code key of generation is configured on device gateway, device gateway accesses network, power-up starting; Step 3: generating 8 byte random verification codes after device gateway starting, the word of gateway ID+ identifying code being then spliced into gateway ID Symbol string;Step 4: using configuration encryption code key, to spliced character string encrypt, then obtained ciphertext again with gateway ID splicing, forms the marshalling message of gateway ID+ ciphertext;Step 5: the connection IOT Internet of Things management of gateways and starting signal procedure is flat Platform;Step 6: the marshalling message of gateway ID+ ciphertext is sent to IOT Internet of Things management platform by gateway after connection;Step 7: IOT Internet of Things manages platform according to the message after the marshalling taken, and system of solutions message parses gateway ID, is inquired according to gateway ID Corresponding encryption code key decrypts ciphertext;8th: then gateway ID and identifying code after being decrypted are tested using code key encryption Code+timestamp is demonstrate,proved, encrypted ciphertext data are returned to device gateway;Step 9: device gateway receives IOT Internet of Things network management The ciphertext that platform returns, is first decrypted using code key, is verified code and timestamp;Step 10: device gateway identifying code, decryption What whether identifying code afterwards oneself generated, whether stamp time verification time synchronizes, error≤60s;Step 11: being proved to be successful Communication connection is established afterwards.
The long reading of the message is not 8 multiple, and the data of 8 multiple lengths are supplied in filling before original text.
3, the utility model has the advantages that
The method of client identity certification provided by the invention solves device gateway and leading to before IOT Internet of Things management platform Believe safety problem, avoids not by the device gateway access platform of certification.
Specific embodiment
The present invention is described in detail below.
The present invention provides the present invention provides a kind of methods that client identity authenticates, comprising the following steps: step 1: In IOT Internet of Things management platform, gateway management module, the sequence number and unique identification of gateway are registered, and generate encryption at random Code key;
Step 2: the encryption code key of generation is configured on device gateway, device gateway accesses network, power-up starting;
Step 3: generating 8 byte random verification codes after device gateway starting, gateway ID+ identifying code being then spliced into gateway ID Character string;
Step 4: using configuration encryption code key, to spliced character string encrypt, then obtained ciphertext again with gateway ID Splicing forms the marshalling message of gateway ID+ ciphertext;
Step 5: gateways and starting signal procedure connection IOT Internet of Things manages platform;
Step 6: the marshalling message of gateway ID+ ciphertext is sent to IOT Internet of Things management platform by gateway after connection;
Step 7: IOT Internet of Things manages platform according to the message after the marshalling taken, system of solutions message parses gateway ID, according to Gateway ID inquires corresponding encryption code key, decrypts ciphertext;
8th: then gateway ID and identifying code after being decrypted use code key encrypted authentication code+timestamp, after encryption Ciphertext data return to device gateway;
Step 9: device gateway receives the ciphertext that IOT Internet of Things management platform returns, is first decrypted using code key, be verified code And timestamp;
Step 10: device gateway identifying code, what whether the identifying code after decryption oneself generated, whether the verification time stabs the time same Step, error≤60s
Step 11: establishing communication connection after being proved to be successful.
Message structure:
Gateway is to-platform
Cloud platform-gateway
Encryption pad rule
Message is long read be not 8 multiple, before original text filling supply 8 multiple lengths data rule it is as follows
Filler BLOCK_SIZE
Original text length LEN GTH
BLOCK_SIZE=8-LENGTH%8;
Embodiment 1 is all fill part in addition to last 1 column.
BLOCK_SIZE=8 LENGTH=24
2 first two columns of embodiment is fill part
BLOCK_SIZE=2 LENGTH=22
Although the present invention has been described by way of example and in terms of the preferred embodiments, they be not it is for the purpose of limiting the invention, it is any to be familiar with this Those skilled in the art can make various changes or retouch from working as, therefore protection model of the invention without departing from the spirit and scope of the invention Enclosing should be subject to what claims hereof protection scope was defined.

Claims (2)

1. a kind of method of client identity certification, comprising the following steps: step 1: managing platform, gateway pipe in IOT Internet of Things It manages in module, registers the sequence number and unique identification of gateway, and generate encryption code key at random;Step 2: the encryption generation is secret Key is configured on device gateway, and device gateway accesses network, power-up starting;Step 3: generating 8 bytes after device gateway starting Then random verification code is spliced into the character string of gateway ID+ identifying code with gateway ID;Step 4: using the encryption code key of configuration, Spliced character string is encrypted, obtained ciphertext is spliced with gateway ID again then, forms the marshalling report of gateway ID+ ciphertext Text;Step 5: gateways and starting signal procedure connection IOT Internet of Things manages platform;Step 6: gateway is close gateway ID+ after connection The marshalling message of text is sent to IOT Internet of Things management platform;Step 7: after IOT Internet of Things manages platform according to the marshalling taken Message, system of solutions message parses gateway ID, inquires corresponding encryption code key according to gateway ID, decrypts ciphertext;Step 8: obtaining Then gateway ID and identifying code after must decrypting use code key encrypted authentication code+timestamp, encrypted ciphertext data are returned Back to device gateway;Step 9: device gateway receives the ciphertext that IOT Internet of Things management platform returns, is first decrypted, obtained using code key To identifying code and timestamp;Step 10: device gateway identifying code, what whether the identifying code after decryption oneself generated, the verification time Whether the stamp time synchronizes, error≤60s;Step 11: establishing communication connection after being proved to be successful.
2. the method as described in claim 1, it is characterised in that: the long reading of the message is not 8 multiple, fills and mends before original text The data of 8 multiple lengths of foot.
CN201811067426.3A 2018-09-13 2018-09-13 A kind of method of client identity certification Pending CN109218307A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811067426.3A CN109218307A (en) 2018-09-13 2018-09-13 A kind of method of client identity certification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811067426.3A CN109218307A (en) 2018-09-13 2018-09-13 A kind of method of client identity certification

Publications (1)

Publication Number Publication Date
CN109218307A true CN109218307A (en) 2019-01-15

Family

ID=64983356

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811067426.3A Pending CN109218307A (en) 2018-09-13 2018-09-13 A kind of method of client identity certification

Country Status (1)

Country Link
CN (1) CN109218307A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995774A (en) * 2019-03-22 2019-07-09 泰康保险集团股份有限公司 Cipher key authentication method, system, equipment and storage medium based on part decryption
CN110768953A (en) * 2019-09-15 2020-02-07 杭州拓深科技有限公司 Rapid Internet of things data encryption transmission method
CN111783068A (en) * 2020-06-03 2020-10-16 中移(杭州)信息技术有限公司 Device authentication method, system, electronic device and storage medium
CN112109644A (en) * 2020-09-11 2020-12-22 中国第一汽车股份有限公司 Vehicle control method, device, equipment and storage medium
CN113852595A (en) * 2021-07-29 2021-12-28 四川天翼网络服务有限公司 Cross-network-segment encrypted communication method for embedded equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801773A (en) * 2012-03-09 2012-11-28 无锡互惠信息技术有限公司 Internet of things system and acquisition and monitoring method for article information
CN104468562A (en) * 2014-12-03 2015-03-25 南京信息工程大学 Portable transparent data safety protection terminal oriented to mobile applications
CN104506483A (en) * 2014-10-21 2015-04-08 中兴通讯股份有限公司 Method for encrypting and decrypting information and managing secret key as well as terminal and network server
CN105282179A (en) * 2015-11-27 2016-01-27 中国电子科技集团公司第五十四研究所 Family Internet of things security control method based on CPK
KR20180099293A (en) * 2017-02-28 2018-09-05 한국전자통신연구원 Method for communicating between trust domains and gateway therefor

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801773A (en) * 2012-03-09 2012-11-28 无锡互惠信息技术有限公司 Internet of things system and acquisition and monitoring method for article information
CN104506483A (en) * 2014-10-21 2015-04-08 中兴通讯股份有限公司 Method for encrypting and decrypting information and managing secret key as well as terminal and network server
CN104468562A (en) * 2014-12-03 2015-03-25 南京信息工程大学 Portable transparent data safety protection terminal oriented to mobile applications
CN105282179A (en) * 2015-11-27 2016-01-27 中国电子科技集团公司第五十四研究所 Family Internet of things security control method based on CPK
KR20180099293A (en) * 2017-02-28 2018-09-05 한국전자통신연구원 Method for communicating between trust domains and gateway therefor

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995774A (en) * 2019-03-22 2019-07-09 泰康保险集团股份有限公司 Cipher key authentication method, system, equipment and storage medium based on part decryption
CN109995774B (en) * 2019-03-22 2021-10-08 泰康保险集团股份有限公司 Key authentication method, system, device and storage medium based on partial decryption
CN110768953A (en) * 2019-09-15 2020-02-07 杭州拓深科技有限公司 Rapid Internet of things data encryption transmission method
CN110768953B (en) * 2019-09-15 2022-05-03 杭州拓深科技有限公司 Rapid Internet of things data encryption transmission method
CN111783068A (en) * 2020-06-03 2020-10-16 中移(杭州)信息技术有限公司 Device authentication method, system, electronic device and storage medium
CN112109644A (en) * 2020-09-11 2020-12-22 中国第一汽车股份有限公司 Vehicle control method, device, equipment and storage medium
CN112109644B (en) * 2020-09-11 2022-03-04 中国第一汽车股份有限公司 Vehicle control method, device, equipment and storage medium
CN113852595A (en) * 2021-07-29 2021-12-28 四川天翼网络服务有限公司 Cross-network-segment encrypted communication method for embedded equipment
CN113852595B (en) * 2021-07-29 2024-02-02 四川天翼网络服务有限公司 Cross-network-segment encryption communication method for embedded equipment

Similar Documents

Publication Publication Date Title
CN109218307A (en) A kind of method of client identity certification
EP3318043B1 (en) Mutual authentication of confidential communication
CN108206831B (en) Electronic seal realization method, server, client and readable storage medium
CN103152182B (en) A kind of electronic data authentication verification method
CN103107996B (en) Digital certificate download online method and system, digital certificate are provided platform
CN102025503B (en) Data security implementation method in cluster environment and high-security cluster
CN105933315B (en) A kind of network service safe communication means, device and system
CN103138938B (en) Based on SM2 certificate request and the application process of CSP
CN102946314B (en) A kind of client-side user identity authentication method based on browser plug-in
CN106060078B (en) User information encryption method, register method and verification method applied to cloud platform
CN104618334A (en) Method and system for generating and verifying dynamic two-dimensional code
CN104394172A (en) Single sign-on device and method
CN104219228A (en) User registration and user identification method and user registration and user identification system
CN104660551B (en) A kind of database access device and method based on webservice
CN105025019A (en) Data safety sharing method
CN105827395A (en) Network user authentication method
CN102325026A (en) Account password secure encryption system
WO2015003503A1 (en) Network device, terminal device and information security improving method
KR101082917B1 (en) Method for verifying the integrity of a user's data in remote computing and System thereof
CN106161017A (en) ID authentication safety management system
CN104486087A (en) Digital signature method based on remote hardware security modules
CN105281902A (en) Web system safety login method based on mobile terminal
CN106936579A (en) Cloud storage data storage and read method based on trusted third party agency
CN102025748B (en) Method, device and system for acquiring user name of Kerberos authentication mode
CN106850517A (en) A kind of method, apparatus and system for solving intranet and extranet repeat logon

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190115

RJ01 Rejection of invention patent application after publication