CN109245882A - A kind of SM2 endorsement method suitable for electric power wireless sensor network - Google Patents
A kind of SM2 endorsement method suitable for electric power wireless sensor network Download PDFInfo
- Publication number
- CN109245882A CN109245882A CN201811046493.7A CN201811046493A CN109245882A CN 109245882 A CN109245882 A CN 109245882A CN 201811046493 A CN201811046493 A CN 201811046493A CN 109245882 A CN109245882 A CN 109245882A
- Authority
- CN
- China
- Prior art keywords
- sensing node
- data cloud
- key
- public key
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Abstract
The invention discloses a kind of SM2 endorsement methods suitable for electric power wireless sensor network, this method comprises: data cloud generates SM2 algorithm elliptic curve parameter, secret saves master key, announce other parameters;Using sensing node sequence number as identity ID, data cloud calculates each public and private key of sensing node by identity ID, and private key is injected sensing node;Sensing node signs to data packet with private key, exports digital signature value (r, s);Data cloud calculates corresponding sensing node public key according to sensing node public key calculation method, then verifies to signature, exports verification result;The corresponding authorization message Q of sensing node that data cloud is ID to verifier's public identity, grantee can be verified by sensing node ID and Q and be signed, and export verification result.Data cloud can calculate it according to sensing node identity ID and correspond to public key, so there is no need to store, to save data cloud storage space.
Description
Technical field
The invention belongs to field of information security technology more particularly to a kind of SM2 suitable for electric power wireless sensor network
Endorsement method.
Background technique
SM2 is the advanced safe ellipse curve public key cipher algorithm of national Password Management office publication, and SM2 has performance more
The advantages such as excellent, fast, the password complexity height of processing speed, have higher safety compared with RSA Algorithm.SM2 algorithm defines
Digital Signature Algorithm, Key Exchange Protocol and public key encryption algorithm, wherein Digital Signature Algorithm includes signature generating algorithm and label
Name verification algorithm.The private key of SM2 Digital Signature Algorithm be generally used for signer generate signature, public key for verifier to sign into
Row verifying.In the application, verifier generally requires keeping public key, and for the wireless sensor network of electric system, information
Security kernel is the foundation of security key, and sensing node is often distributed among remote, dtr signal region, often resource by
Limit, to cause the problems such as data transmission is unstable, informed source identifies difficulty.
Currently, there are four types of types for wireless sensor network key administrative mechanism, it is cipher key pre-distribution, dynamic key pipe respectively
Reason mechanism, the key management mechanism based on public key system and the key management mechanism based on trusted key Distribution Center.However not
The problems such as key updating cost that same key managing project may cause node is larger, safety is low and computing cost is larger.
Simultaneously because client public key is longer, how to reduce public key memory space and do not influence authentication efficiency and safety is also design signature
Problem to be solved when method.
Summary of the invention
The main object of the present invention is to propose a kind of SM2 endorsement method suitable for electric power wireless sensor network, is solved
Wireless sensor network mentioned above in the background art reduces public key memory space and does not influence to authenticate when message identifies
Efficiency and safety issue.
For this purpose, the present invention provides a kind of SM2 endorsement method suitable for electric power wireless sensor network, the method packet
Include following steps:
Step a: system parameter,
Data cloud generates SM2 algorithmic system parameter, whereinTo be defined on finite fieldOn elliptic curve equation,ForOnRank basic point,ForGeneration member, selection For system, master is close
Key,For system Your Majesty's key,For the hash function of safety, data cloud secret is saved, announce
Other parameters;
Step b: sensing node key generates,
Using sensing node sequence number as identity ID, sensing node private key is calculated, sensing node public key
Calculation method is, data cloud is using the identity ID of each node as index to sensing node
Information is managed, and injects private key to each sensing node by secured fashion, this key generating mode requires only data cloud
End can verify that grantee also can verify that after being authorized, or by master key in step a described in data cloud to and pass
Sense sequence node number is authenticated;
Step c: signature generates,
For the data packet of sensing node, sensing node signs data packet using sensing node private key in the step b
Name exports digital signature value (r, s);
Step d: signature verification,
The data packet that the docking of data cloud is receivedAnd signature, using sensing node public key calculation method in the step b,
Corresponding sensing node public key is calculated, then signature is verified with the sensing node public key, exports verification result;
Step e: authorized signature verifying,
Data cloud discloses the corresponding authorization message of sensing node that identity in the step b is ID to verifier, grantee is signed by sensing node ID and Q verifying, and exports verification result.
Further, the step b includes: data cloud about sensing node, without storing the sensing node public key,
And it need to only store sensing node identity ID.
Further, the step c includes: that sensing node calculates data packetWith the cryptographic Hash of identity ID,
Negotiate a random number, calculate the point on elliptic curve, then calculateIfOr, then regenerate, then calculateObtain signature value, such as
Fruit, then regenerate, finally export signature value (r, s).
Further, the step d includes: that data cloud first separately verifiesWithWhether at
It is vertical, the authentication failed if invalid, then calculate、IfThen authentication failed,
The point on elliptic curve is calculated againWith, examineIt is whether true, if
Establishment is then proved to be successful, and otherwise authentication failed, finally exports verification result.
Further, it before the step d includes: data cloud verifying signature, is calculated by sensing node ID corresponding
The sensing node public key cancels the sensing node public key after verifying signature, discharges memory space.
The invention discloses a kind of SM2 endorsement method suitable for electric power wireless sensor network, beneficial effect includes:
1. data cloud can calculate it according to sensing node identity ID and correspond to public key, so there is no need to store, to save data
Cloud storage space.
2. verifying signer is only limitted to data cloud or the grantee by the authorization of data cloud, to improve verifying
As a result reliability.
Detailed description of the invention
The present embodiment or technical solution are further illustrated with reference to the accompanying drawing.
Fig. 1 is the flow chart of endorsement method of the present invention.
Fig. 2 is the flow chart that signature key of the present invention generates.
Specific embodiment
The scheme of embodiment in order to preferably explain the present invention, is described further with reference to the accompanying drawing.
As shown in Figure 1, endorsement method of the present invention substantially process is as follows:
101, data cloud generates SM2 algorithm elliptic curve parameter, and secret saves master key, announces other parameters;
102, using sensing node sequence number as identity ID, data cloud calculates each public and private key of sensing node by identity ID,
And private key is injected into sensing node;
103, sensing node signs to data packet with private key, exports digital signature value (r, s);
104, data cloud calculates corresponding sensing node public key according to sensing node public key calculation method, then carries out to signature
Verifying exports verification result;
105, the corresponding authorization message Q of sensing node that data cloud is ID to verifier's public identity, grantee can lead to
Sensing node ID and Q verifying signature are crossed, and exports verification result.
As shown in Fig. 2, signature key generation method of the present invention is specific as follows:
201, sensing node sends identity ID to data cloud;
202, data cloud calculates private key according to identity ID, and design public key calculation method, and sensing node index is established according to identity ID;
203, private key is injected to each sensing node by secured fashion.
Embodiment 1:
After system parameter generates, sequence number is sent to data cloud by sensing node A, and data cloud is according to identity
ID generates private key, and sensing node public key calculation method is designed, then in a secured manner by sensing node private keyInjection
Sensing node A, sensing node A utilize private keyIt signs to the data packet of acquisition, generates signature (r, s), then by data packet
It is sent to data cloud with signature, after data cloud end receives, is calculated using the identity ID of sensing node A according to sensing node public key
Method generates corresponding public key, then use public keySignature is verified, verification result is finally exported, and cancels sensing node A
Public key, discharge data cloud storage space.
The above is only a preferred embodiment of the present invention, it is not limited to this mode, it is noted that although to this hair
It is bright to be described in detail, those skilled in the art should understand that, to part of or complete to the various embodiments described above
Portion's technical characteristic is equivalently replaced, or is still able to carry out modification to the technical solution, and these substitutions and modifications, and
Its essence is not set to depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (5)
1. a kind of SM2 endorsement method suitable for electric power wireless sensor network characterized by comprising
Step a: system parameter,
Data cloud generates SM2 algorithmic system parameter, whereinTo be defined on finite field
On elliptic curve equation,ForOnRank basic point,ForGeneration member, selection For system master key,For system Your Majesty's key,For the hash function of safety, data cloud secret is saved, announce other
Parameter;
Step b: sensing node key generates,
Using sensing node sequence number as identity ID, sensing node private key is calculated, sensing node public key meter
Calculation method is, sensing node is believed using the identity ID of each node as index in data cloud
Breath is managed, and injects private key to each sensing node by secured fashion, this key generating mode requires only data cloud
Can verify that, grantee also can verify that after being authorized, or by master key in step a described in data cloud to and sensing
Sequence node number is authenticated;
Step c: signature generates,
For the data packet of sensing node, sensing node signs data packet using sensing node private key in the step b
Name exports digital signature value (r, s);
Step d: signature verification,
The data packet that the docking of data cloud is receivedAnd signature, using sensing node public key calculation method in the step b,
Corresponding sensing node public key is first calculated, then signature is verified with the sensing node public key, exports verification result, and remove
Sell the sensing node public key;
Step e: authorized signature verifying,
Data cloud discloses the corresponding authorization message of sensing node that identity in the step b is ID to verifier,
Grantee exports verification result by sensing node ID and Q verifying signature.
2. a kind of SM2 endorsement method suitable for electric power wireless sensor network according to claim 1, feature exist
In the step b includes: data cloud about sensing node, without storing the sensing node public key, and need to only be stored described
Sensing node identity ID.
3. a kind of SM2 endorsement method suitable for electric power wireless sensor network according to claim 1, feature exist
In the step c includes: that sensing node calculates data packetWith the cryptographic Hash of identity ID, negotiate one with
Machine number, calculate the point on elliptic curve, then calculateIfOr, then regenerate, then calculateObtain signature valueIf,
Then regenerate, finally export signature value (r, s).
4. a kind of SM2 endorsement method suitable for electric power wireless sensor network according to claim 1, feature exist
In the step d includes: that data cloud first separately verifiesWithIt is whether true, if invalid
Authentication failed, then calculate、IfThen authentication failed, then calculate elliptic curve
On pointWith, examineIt is whether true, it is proved to be successful if setting up,
Otherwise authentication failed finally exports verification result.
5. a kind of SM2 endorsement method suitable for electric power wireless sensor network according to claim 4, feature exist
In before data cloud verifying signature, by the corresponding sensing node public key of sensing node ID calculating, in verifying label
After name, the sensing node public key is cancelled, discharges memory space.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811046493.7A CN109245882A (en) | 2018-09-08 | 2018-09-08 | A kind of SM2 endorsement method suitable for electric power wireless sensor network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811046493.7A CN109245882A (en) | 2018-09-08 | 2018-09-08 | A kind of SM2 endorsement method suitable for electric power wireless sensor network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109245882A true CN109245882A (en) | 2019-01-18 |
Family
ID=65060172
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811046493.7A Pending CN109245882A (en) | 2018-09-08 | 2018-09-08 | A kind of SM2 endorsement method suitable for electric power wireless sensor network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109245882A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112995992A (en) * | 2021-03-09 | 2021-06-18 | 大连理工大学 | Large-scale wireless sensor network collaborative identity verification method |
CN115001705A (en) * | 2022-05-25 | 2022-09-02 | 深圳市证通电子股份有限公司 | Network protocol security improving method based on encryption equipment |
CN116015679A (en) * | 2022-12-20 | 2023-04-25 | 浪潮云信息技术股份公司 | Multi-cloud management authentication method and system based on SM2 digital signature for government cloud |
CN116015679B (en) * | 2022-12-20 | 2024-04-30 | 浪潮云信息技术股份公司 | Government cloud multi-cloud management authentication system based on SM2 digital signature |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102510333A (en) * | 2011-09-30 | 2012-06-20 | 飞天诚信科技股份有限公司 | Authorization method and system |
CN102970679A (en) * | 2012-11-21 | 2013-03-13 | 联想中望系统服务有限公司 | Identity-based safety signature method |
CN108234515A (en) * | 2018-01-25 | 2018-06-29 | 中国科学院合肥物质科学研究院 | A kind of Self-certified digital identity management system and its method based on intelligent contract |
-
2018
- 2018-09-08 CN CN201811046493.7A patent/CN109245882A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102510333A (en) * | 2011-09-30 | 2012-06-20 | 飞天诚信科技股份有限公司 | Authorization method and system |
CN102970679A (en) * | 2012-11-21 | 2013-03-13 | 联想中望系统服务有限公司 | Identity-based safety signature method |
CN108234515A (en) * | 2018-01-25 | 2018-06-29 | 中国科学院合肥物质科学研究院 | A kind of Self-certified digital identity management system and its method based on intelligent contract |
Non-Patent Citations (2)
Title |
---|
周大伟等: ""基于无证书公钥体制的层簇式WSN密钥管理方案"", 《北京工业大学学报》 * |
左黎明等: ""铁路桥梁监测中基于短签名方案的数据传输协议"", 《计算机应用》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112995992A (en) * | 2021-03-09 | 2021-06-18 | 大连理工大学 | Large-scale wireless sensor network collaborative identity verification method |
CN112995992B (en) * | 2021-03-09 | 2022-01-04 | 大连理工大学 | Large-scale wireless sensor network collaborative identity verification method |
CN115001705A (en) * | 2022-05-25 | 2022-09-02 | 深圳市证通电子股份有限公司 | Network protocol security improving method based on encryption equipment |
CN115001705B (en) * | 2022-05-25 | 2024-01-26 | 深圳市证通电子股份有限公司 | Network protocol security improving method based on encryption equipment |
CN116015679A (en) * | 2022-12-20 | 2023-04-25 | 浪潮云信息技术股份公司 | Multi-cloud management authentication method and system based on SM2 digital signature for government cloud |
CN116015679B (en) * | 2022-12-20 | 2024-04-30 | 浪潮云信息技术股份公司 | Government cloud multi-cloud management authentication system based on SM2 digital signature |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8526606B2 (en) | On-demand secure key generation in a vehicle-to-vehicle communication network | |
US9467430B2 (en) | Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware | |
US20150113275A1 (en) | Tamper-resistant and scalable mutual authentication for machine-to-machine devices | |
CN102026195B (en) | One-time password (OTP) based mobile terminal identity authentication method and system | |
EP4007983A1 (en) | Systems and methods for generating signatures | |
CN109379387B (en) | Safety certification and data communication system between Internet of things equipment | |
US9185111B2 (en) | Cryptographic authentication techniques for mobile devices | |
CN101764693B (en) | Authentication method, system, client and network equipment | |
CN105553654B (en) | Key information processing method and device, key information management system | |
CN109359464B (en) | Wireless security authentication method based on block chain technology | |
TW201334493A (en) | Secure key generation | |
CN113067823B (en) | Mail user identity authentication and key distribution method, system, device and medium | |
CN112866242B (en) | Block chain-based digital identity authentication method, equipment and storage medium | |
CN110401615A (en) | A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing | |
CN109714176A (en) | Command identifying method, device and storage medium | |
CN111147245A (en) | Algorithm for encrypting by using national password in block chain | |
CN110929300B (en) | Trusted computing security chip construction method based on identification password | |
CN107302436A (en) | A kind of USB interface id password key | |
CN103079198A (en) | Key updating method and system for sensor node | |
CN112019326A (en) | Vehicle charging safety management method and system | |
US20160044031A1 (en) | Protecting against malicious modification in cryptographic operations | |
CN108347335A (en) | Login validation method based on SM3 algorithms and random challenge code and system | |
CN109245882A (en) | A kind of SM2 endorsement method suitable for electric power wireless sensor network | |
CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
CN110233729A (en) | A kind of encryption solid-state disk key management method based on PUF |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190118 |
|
WD01 | Invention patent application deemed withdrawn after publication |