CN109218307A - A kind of method of client identity certification - Google Patents
A kind of method of client identity certification Download PDFInfo
- Publication number
- CN109218307A CN109218307A CN201811067426.3A CN201811067426A CN109218307A CN 109218307 A CN109218307 A CN 109218307A CN 201811067426 A CN201811067426 A CN 201811067426A CN 109218307 A CN109218307 A CN 109218307A
- Authority
- CN
- China
- Prior art keywords
- gateway
- ciphertext
- code
- identifying code
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of method of client identity certification, comprising the following steps: register the sequence number of gateway, and generate encryption code key at random;Encryption code key is configured to device gateway access network, after starting, 8 byte random verification codes is generated, the character string of gateway ID+ identifying code is then spliced into gateway ID;Using the encryption code key of configuration, character string is encrypted, obtained ciphertext is spliced with gateway ID again;Gateway connection management platform;After connection, marshalling message of the gateway gateway ID+ ciphertext, sending tube platform;Platform is managed according to the message after the marshalling taken, gateway ID is parsed, decrypts ciphertext;Gateway ID and identifying code after being decrypted, are then encrypted using code key, and encrypted ciphertext data are returned to device gateway;Device gateway receives the ciphertext that management platform returns, and decryption is verified code and timestamp;Device gateway identifying code, what whether the identifying code after decryption oneself generated, whether stamp time verification time synchronizes, and communication connection is established after being proved to be successful.
Description
Technical field
The invention belongs to internet areas, are related to a kind of method of client identity certification.
Background technique
Equipment is managed collectively and closes management Platform communication with Internet of Things and is responsible for by device gateway in IoT applications, facility network
It closes and is controlled by single chip communication and equipment, since single-chip microcontroller only has several K to the hardware resource of tens K, be not available consuming resource
Asymmetric arithmetic handle communicating pair authentication question, so it is real to use TEA Encryption Algorithm combination self-defining data structure
The authentication of existing client gateways, TEA algorithm is not only fairly simple, and has very strong resisting differential analysis ability, encryption speed
Degree is also than very fast.
Summary of the invention
1, technical problem to be solved:
Existing single-chip microcontroller only has several K to the hardware resource of tens K, is not available the asymmetric arithmetic of consuming resource to handle communication
Mutual authentication problem.
2, technical solution:
In order to solve problem above, the present invention provides a kind of methods of client identity certification, comprising the following steps: first
Step: in IOT Internet of Things management platform, gateway management module, the sequence number and unique identification of gateway are registered, and generate at random
Encrypt code key;Step 2: the encryption code key of generation is configured on device gateway, device gateway accesses network, power-up starting;
Step 3: generating 8 byte random verification codes after device gateway starting, the word of gateway ID+ identifying code being then spliced into gateway ID
Symbol string;Step 4: using configuration encryption code key, to spliced character string encrypt, then obtained ciphertext again with gateway
ID splicing, forms the marshalling message of gateway ID+ ciphertext;Step 5: the connection IOT Internet of Things management of gateways and starting signal procedure is flat
Platform;Step 6: the marshalling message of gateway ID+ ciphertext is sent to IOT Internet of Things management platform by gateway after connection;Step 7:
IOT Internet of Things manages platform according to the message after the marshalling taken, and system of solutions message parses gateway ID, is inquired according to gateway ID
Corresponding encryption code key decrypts ciphertext;8th: then gateway ID and identifying code after being decrypted are tested using code key encryption
Code+timestamp is demonstrate,proved, encrypted ciphertext data are returned to device gateway;Step 9: device gateway receives IOT Internet of Things network management
The ciphertext that platform returns, is first decrypted using code key, is verified code and timestamp;Step 10: device gateway identifying code, decryption
What whether identifying code afterwards oneself generated, whether stamp time verification time synchronizes, error≤60s;Step 11: being proved to be successful
Communication connection is established afterwards.
The long reading of the message is not 8 multiple, and the data of 8 multiple lengths are supplied in filling before original text.
3, the utility model has the advantages that
The method of client identity certification provided by the invention solves device gateway and leading to before IOT Internet of Things management platform
Believe safety problem, avoids not by the device gateway access platform of certification.
Specific embodiment
The present invention is described in detail below.
The present invention provides the present invention provides a kind of methods that client identity authenticates, comprising the following steps: step 1:
In IOT Internet of Things management platform, gateway management module, the sequence number and unique identification of gateway are registered, and generate encryption at random
Code key;
Step 2: the encryption code key of generation is configured on device gateway, device gateway accesses network, power-up starting;
Step 3: generating 8 byte random verification codes after device gateway starting, gateway ID+ identifying code being then spliced into gateway ID
Character string;
Step 4: using configuration encryption code key, to spliced character string encrypt, then obtained ciphertext again with gateway ID
Splicing forms the marshalling message of gateway ID+ ciphertext;
Step 5: gateways and starting signal procedure connection IOT Internet of Things manages platform;
Step 6: the marshalling message of gateway ID+ ciphertext is sent to IOT Internet of Things management platform by gateway after connection;
Step 7: IOT Internet of Things manages platform according to the message after the marshalling taken, system of solutions message parses gateway ID, according to
Gateway ID inquires corresponding encryption code key, decrypts ciphertext;
8th: then gateway ID and identifying code after being decrypted use code key encrypted authentication code+timestamp, after encryption
Ciphertext data return to device gateway;
Step 9: device gateway receives the ciphertext that IOT Internet of Things management platform returns, is first decrypted using code key, be verified code
And timestamp;
Step 10: device gateway identifying code, what whether the identifying code after decryption oneself generated, whether the verification time stabs the time same
Step, error≤60s
Step 11: establishing communication connection after being proved to be successful.
Message structure:
Gateway is to-platform
Cloud platform-gateway
Encryption pad rule
Message is long read be not 8 multiple, before original text filling supply 8 multiple lengths data rule it is as follows
Filler BLOCK_SIZE
Original text length LEN GTH
BLOCK_SIZE=8-LENGTH%8;
Embodiment 1 is all fill part in addition to last 1 column.
BLOCK_SIZE=8 | LENGTH=24 |
2 first two columns of embodiment is fill part
BLOCK_SIZE=2 | LENGTH=22 |
Although the present invention has been described by way of example and in terms of the preferred embodiments, they be not it is for the purpose of limiting the invention, it is any to be familiar with this
Those skilled in the art can make various changes or retouch from working as, therefore protection model of the invention without departing from the spirit and scope of the invention
Enclosing should be subject to what claims hereof protection scope was defined.
Claims (2)
1. a kind of method of client identity certification, comprising the following steps: step 1: managing platform, gateway pipe in IOT Internet of Things
It manages in module, registers the sequence number and unique identification of gateway, and generate encryption code key at random;Step 2: the encryption generation is secret
Key is configured on device gateway, and device gateway accesses network, power-up starting;Step 3: generating 8 bytes after device gateway starting
Then random verification code is spliced into the character string of gateway ID+ identifying code with gateway ID;Step 4: using the encryption code key of configuration,
Spliced character string is encrypted, obtained ciphertext is spliced with gateway ID again then, forms the marshalling report of gateway ID+ ciphertext
Text;Step 5: gateways and starting signal procedure connection IOT Internet of Things manages platform;Step 6: gateway is close gateway ID+ after connection
The marshalling message of text is sent to IOT Internet of Things management platform;Step 7: after IOT Internet of Things manages platform according to the marshalling taken
Message, system of solutions message parses gateway ID, inquires corresponding encryption code key according to gateway ID, decrypts ciphertext;Step 8: obtaining
Then gateway ID and identifying code after must decrypting use code key encrypted authentication code+timestamp, encrypted ciphertext data are returned
Back to device gateway;Step 9: device gateway receives the ciphertext that IOT Internet of Things management platform returns, is first decrypted, obtained using code key
To identifying code and timestamp;Step 10: device gateway identifying code, what whether the identifying code after decryption oneself generated, the verification time
Whether the stamp time synchronizes, error≤60s;Step 11: establishing communication connection after being proved to be successful.
2. the method as described in claim 1, it is characterised in that: the long reading of the message is not 8 multiple, fills and mends before original text
The data of 8 multiple lengths of foot.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811067426.3A CN109218307A (en) | 2018-09-13 | 2018-09-13 | A kind of method of client identity certification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811067426.3A CN109218307A (en) | 2018-09-13 | 2018-09-13 | A kind of method of client identity certification |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109218307A true CN109218307A (en) | 2019-01-15 |
Family
ID=64983356
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811067426.3A Pending CN109218307A (en) | 2018-09-13 | 2018-09-13 | A kind of method of client identity certification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109218307A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109995774A (en) * | 2019-03-22 | 2019-07-09 | 泰康保险集团股份有限公司 | Cipher key authentication method, system, equipment and storage medium based on part decryption |
CN110768953A (en) * | 2019-09-15 | 2020-02-07 | 杭州拓深科技有限公司 | Rapid Internet of things data encryption transmission method |
CN111783068A (en) * | 2020-06-03 | 2020-10-16 | 中移(杭州)信息技术有限公司 | Device authentication method, system, electronic device and storage medium |
CN112109644A (en) * | 2020-09-11 | 2020-12-22 | 中国第一汽车股份有限公司 | Vehicle control method, device, equipment and storage medium |
CN113852595A (en) * | 2021-07-29 | 2021-12-28 | 四川天翼网络服务有限公司 | Cross-network-segment encrypted communication method for embedded equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102801773A (en) * | 2012-03-09 | 2012-11-28 | 无锡互惠信息技术有限公司 | Internet of things system and acquisition and monitoring method for article information |
CN104468562A (en) * | 2014-12-03 | 2015-03-25 | 南京信息工程大学 | Portable transparent data safety protection terminal oriented to mobile applications |
CN104506483A (en) * | 2014-10-21 | 2015-04-08 | 中兴通讯股份有限公司 | Method for encrypting and decrypting information and managing secret key as well as terminal and network server |
CN105282179A (en) * | 2015-11-27 | 2016-01-27 | 中国电子科技集团公司第五十四研究所 | Family Internet of things security control method based on CPK |
KR20180099293A (en) * | 2017-02-28 | 2018-09-05 | 한국전자통신연구원 | Method for communicating between trust domains and gateway therefor |
-
2018
- 2018-09-13 CN CN201811067426.3A patent/CN109218307A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102801773A (en) * | 2012-03-09 | 2012-11-28 | 无锡互惠信息技术有限公司 | Internet of things system and acquisition and monitoring method for article information |
CN104506483A (en) * | 2014-10-21 | 2015-04-08 | 中兴通讯股份有限公司 | Method for encrypting and decrypting information and managing secret key as well as terminal and network server |
CN104468562A (en) * | 2014-12-03 | 2015-03-25 | 南京信息工程大学 | Portable transparent data safety protection terminal oriented to mobile applications |
CN105282179A (en) * | 2015-11-27 | 2016-01-27 | 中国电子科技集团公司第五十四研究所 | Family Internet of things security control method based on CPK |
KR20180099293A (en) * | 2017-02-28 | 2018-09-05 | 한국전자통신연구원 | Method for communicating between trust domains and gateway therefor |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109995774A (en) * | 2019-03-22 | 2019-07-09 | 泰康保险集团股份有限公司 | Cipher key authentication method, system, equipment and storage medium based on part decryption |
CN109995774B (en) * | 2019-03-22 | 2021-10-08 | 泰康保险集团股份有限公司 | Key authentication method, system, device and storage medium based on partial decryption |
CN110768953A (en) * | 2019-09-15 | 2020-02-07 | 杭州拓深科技有限公司 | Rapid Internet of things data encryption transmission method |
CN110768953B (en) * | 2019-09-15 | 2022-05-03 | 杭州拓深科技有限公司 | Rapid Internet of things data encryption transmission method |
CN111783068A (en) * | 2020-06-03 | 2020-10-16 | 中移(杭州)信息技术有限公司 | Device authentication method, system, electronic device and storage medium |
CN112109644A (en) * | 2020-09-11 | 2020-12-22 | 中国第一汽车股份有限公司 | Vehicle control method, device, equipment and storage medium |
CN112109644B (en) * | 2020-09-11 | 2022-03-04 | 中国第一汽车股份有限公司 | Vehicle control method, device, equipment and storage medium |
CN113852595A (en) * | 2021-07-29 | 2021-12-28 | 四川天翼网络服务有限公司 | Cross-network-segment encrypted communication method for embedded equipment |
CN113852595B (en) * | 2021-07-29 | 2024-02-02 | 四川天翼网络服务有限公司 | Cross-network-segment encryption communication method for embedded equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109218307A (en) | A kind of method of client identity certification | |
EP3318043B1 (en) | Mutual authentication of confidential communication | |
CN108206831B (en) | Electronic seal realization method, server, client and readable storage medium | |
CN103152182B (en) | A kind of electronic data authentication verification method | |
CN103107996B (en) | Digital certificate download online method and system, digital certificate are provided platform | |
CN102025503B (en) | Data security implementation method in cluster environment and high-security cluster | |
CN105933315B (en) | A kind of network service safe communication means, device and system | |
CN103138938B (en) | Based on SM2 certificate request and the application process of CSP | |
CN102946314B (en) | A kind of client-side user identity authentication method based on browser plug-in | |
CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
CN104618334A (en) | Method and system for generating and verifying dynamic two-dimensional code | |
CN104394172A (en) | Single sign-on device and method | |
CN104219228A (en) | User registration and user identification method and user registration and user identification system | |
CN104660551B (en) | A kind of database access device and method based on webservice | |
CN105025019A (en) | Data safety sharing method | |
CN105827395A (en) | Network user authentication method | |
CN102325026A (en) | Account password secure encryption system | |
WO2015003503A1 (en) | Network device, terminal device and information security improving method | |
KR101082917B1 (en) | Method for verifying the integrity of a user's data in remote computing and System thereof | |
CN106161017A (en) | ID authentication safety management system | |
CN104486087A (en) | Digital signature method based on remote hardware security modules | |
CN105281902A (en) | Web system safety login method based on mobile terminal | |
CN106936579A (en) | Cloud storage data storage and read method based on trusted third party agency | |
CN102025748B (en) | Method, device and system for acquiring user name of Kerberos authentication mode | |
CN106850517A (en) | A kind of method, apparatus and system for solving intranet and extranet repeat logon |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190115 |
|
RJ01 | Rejection of invention patent application after publication |