CN109474438A - It is a kind of based on the intelligent terminal access authentication method selectively revealed - Google Patents
It is a kind of based on the intelligent terminal access authentication method selectively revealed Download PDFInfo
- Publication number
- CN109474438A CN109474438A CN201811585180.9A CN201811585180A CN109474438A CN 109474438 A CN109474438 A CN 109474438A CN 201811585180 A CN201811585180 A CN 201811585180A CN 109474438 A CN109474438 A CN 109474438A
- Authority
- CN
- China
- Prior art keywords
- intelligent terminal
- node
- access unit
- root
- huffman tree
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of based on the intelligent terminal access authentication method selectively revealed, and the present invention realizes being mutually authenticated between intelligent terminal V and access unit R in conjunction with Huffman tree using lightweights operators such as individual event HMAC function, XOR operation.Before formal certification, certificate of the intelligent terminal V by trusted third party to access unit R pre-share comprising cryptographic Hash root.Verification process is divided into two stages: first stage, and intelligent terminal V completes the certification to access unit R identity legitimacy using random number and the mapping of close value;Second stage selectively reveals the information of intelligent terminal V by Huffman tree, realizes certification of the access unit R to intelligent terminal V identity legitimacy.Invention significantly improves the safety of verification process and flexibilities, in addition to it can defend the attacks such as message-replay, also effectively avoid the sensitive data that intelligent network is joined to vehicle from being directly exposed to roadbed unit, suitable for the secure interactive application scenarios with data sharing demand.
Description
Technical field
The present invention relates to intelligent terminal security fields more particularly to a kind of accessed based on the intelligent terminal selectively revealed to recognize
Card method.
Background technique
With the rise of Internet of Things, the application prospect of intelligent terminal also becomes more wide.Nowadays, intelligent terminal by
Widespread deployment is into sorts of systems, and the safety for applying to car networking, Industry Control etc concerns industry, this sends out intelligent terminal
The more important and locating network environment of the effect waved is more complicated.How intelligent terminal is safely and efficiently accessed to increasingly complicated net
The problem of network, is urgently to be resolved.Traditional communication protocol based on End to End Encryption is faced with all kinds of threats, is believed by intercepting and capturing
The data packet transmitted on road can be easily carried out Replay Attack, generate unforeseen result.Therefore, it is necessary to a kind of safety
Authentication protocol access link authentication verification object identity legitimacy.
In the application scenarios of many intelligent terminals, the specific requirements of certification are often different from most traditional networks.With vehicle
For networking, on the one hand, network insertion unit performance itself is restricted with memory space, and it may locate in the same time
Manage a large amount of access requests from intelligent terminal;On the other hand, net connection vehicle is followed by the service received and may and be not required in access network
Want all properties information stored in authentication intelligent terminal.Many traditional authentication methods based on Encryption Algorithm are no longer desirable for
This scene.So the authentication method that intelligent terminal is used when accessing network not only wants high efficiency, low storage, also to use
Selective leakage mechanism avoids the exposure privacy information unrelated with session.
Summary of the invention
In view of the above technical problems, the invention proposes a kind of based on the intelligent terminal access authentication side selectively revealed
Method, including intelligent terminal V, access unit R and trusted third party, the intelligent terminal V possess false identity identifier PIDV, share
Close value SVAnd local data sets(l∈N*);The access unit R safeguards a close value mapping table, the close value
Mapping table is by the shared secret S of each intelligent terminal VVIt is mapped to the false identity identifier PID of corresponding intelligent terminal VVAnd pre-share
Key kv;kvBe authenticated between intelligent terminal V and access unit R HMAC function used key be also subsequent session encryption it is close
Key;Intelligent terminal V is also needed will be by by trusted third partyThe certificate pre-share of generation gives access unit R;Institute
The method of stating includes:
Step 1: certificate of the intelligent terminal V by trusted third party to access unit R pre-share comprising cryptographic Hash root;
Step 2: intelligent terminal V completes to recognize access unit R identity legitimacy using random number and the mapping of close value
Card;
Step 3: by Huffman tree, selectively revealing the information of intelligent terminal V, realizes access unit R to intelligent end
Hold the certification of V identity legitimacy.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, the intelligent terminal V
Include the following steps: step a1 to the certificate that access unit R pre-share includes cryptographic Hash root by trusted third party: the intelligence
Energy terminal V generates one group of pseudo random number using pseudo-random function generatorIt recyclesTo local
Data setIt is denoted asRandom process is carried out, temporary data set is calculated
……
Wherein, " # " is as a kind of additional character, for dividing and definingWithData field;
Step a2: intelligent terminal V is calculated one group of numerical value using One-way Hash function
……
Step a3: intelligent terminal V willIt is denoted as), it willIt is denoted as, is sent to credible
Tripartite;
Step a4: trusted third party's detectionValue, it is ensured that correspond;
Step a5: the probability that each attribute is presented is constructed Huffman tree as weight by trusted third party, is usedAs leaf node, weight building Huffman tree is corresponded to according to each node;Calculate each non-leaf nodes
Cryptographic Hash Fnode=H (child1||child2), child1And child2Respectively indicate some non-leaf nodes or so child node
Value, | | indicate cascade;By all nodal values of the available Huffman tree of above-mentioned calculating, the value of root node is denoted as root;
Step a6: cryptographic Hash root is sent to access unit R by trusted third party, and whole Huffman tree is sent to intelligence
Terminal V.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, the intelligent terminal V
It completes to include the following steps: the certification of access unit R identity legitimacy using random number and the mapping of close value
Step b1: intelligent terminal V generates pseudo random number r ' using pseudo-random function generatorV, extract local SV;Intelligence is eventually
Hold V by r 'V||SVAccess unit R is sent to as access request and opens a new session period;
Step b2: when access unit R receives r 'V||SVAfterwards, pseudo random number r is generated using pseudo-random function generatorR,
According to SV, corresponding false identity identifier PID is extracted from the close value mapping table being locally storedVAnd kv, M is calculatedR, and by grade
The message r of connectionR||MRP is returned to as response;
Step b3: when intelligent terminal V receives rR||MRAfterwards, local PID is extractedVAnd kv, using this, they are calculatedThe M obtained by comparing receptionRWith M 'RConsistency, realize to access unit R
The verifying of identity reality;If two values are equal, intelligent terminal V thinks that access unit R is a legal equipment, agreement
Continue;Otherwise agreement terminates.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, it is described by Huffman
Tree selectively reveals the information of intelligent terminal V, realizes certification of the access unit R to intelligent terminal V identity legitimacy, including
Following steps:
Step c1: intelligent terminal V chooses the part temporary data set for intending sharing(i ∈ { 1,2 ..., m }), remainder
It is labeled as according to collection(i ∈ { 1,2 ..., n }), can directly find in Huffman treeWithCorresponding leaf section
Point(i ∈ { 1,2 ..., m }) and(i ∈ { 1,2 ..., n }), note comprising it is all containing onlyInterior joint is free ofThe root node collection of the subtree of interior joint is combined into(i ∈ { 1,2 ..., k }), then fromFather node is searched to be not belonging toNode form set(i ∈ { 1,2 ..., s }) is utilized according to Huffman treeWithKazakhstan is calculated
The graceful root vertex value root of husband;Intelligent terminal V is calculatedAnd MV, and by rR、MVWithIt is sent to access unit R;
Step c2: when access unit R receives rR、MVWithFirst calculateCompare MVWith M 'V;If inconsistent, agreement is terminated, and is otherwise continued;
Step c3: access unit R calculatesIt utilizesWithRoot ' can be calculated, than
Compared with root ' and locally whether the root that saves is equal, realizes the verifying to intelligent terminal V identity reality;If two values
Equal, access unit R thinks that intelligent terminal V is a legal equipment, agreement normal termination.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, pass through a recurrence letter
Number mark (node) is searchedProcess, comprising:
(1) it if node is leaf node, executes:
IfThe node is marked, is otherwise returned;
(2) it if node is not leaf node, executes:
First carry out mark (c1) and mark (c2), c1And c2For the child node of node;C is judged again1And c2Whether it is labeled, such as
Fruit is all labeled, marks the node, otherwise returns.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, by once traversing letter
Number search (node) is searchedProcess, comprising:
(1) it if node is leaf node, executes:
If node is labeled, result set is added in nodeOtherwise it returns;
(2) it if node is not leaf node, executes:
If node is labeled, which is addedOtherwise, search (c is executed1) and search (c2), c1And c2
For the child node of node.
The method of the present invention significantly improves the safety and flexibility of verification process, except can defend message-replay etc. attack
Outside, it also effectively avoids the sensitive data that intelligent network is joined to vehicle from being directly exposed to roadbed unit, is suitable for that there is data sharing demand
Secure interactive application scenarios.
Detailed description of the invention
Fig. 1 is the flow chart provided by the invention based on the intelligent terminal access authentication method selectively revealed.
Fig. 2 is the flow diagram provided by the invention based on the intelligent terminal access authentication method selectively revealed.
Fig. 3 is the Hash tree graph constructed in the embodiment of the present invention according to weight.
Specific embodiment
Technical solution of the present invention is described in detail below by attached drawing and specific embodiment, it should be understood that the application
Specific features in embodiment and embodiment are the detailed description to technical scheme, rather than to present techniques
The restriction of scheme, in the absence of conflict, the technical characteristic in the embodiment of the present application and embodiment can be combined with each other.
As illustrated in figs. 1 and 2, present invention implementation discloses a kind of based on the intelligent terminal access authentication side selectively revealed
Method.The method is using the lightweights operator such as individual event HMAC function, XOR operation, in conjunction with Huffman tree, realize intelligent terminal V with
Being mutually authenticated between access unit R.Before formal certification, intelligent terminal V passes through trusted third party to access unit R pre-share
Certificate comprising cryptographic Hash root.Verification process is divided into two stages: first stage, and intelligent terminal V uses random number and close value
It maps to complete the certification to access unit R identity legitimacy;Second stage, by Huffman tree, selectively leakage is intelligent
The information of terminal V realizes certification of the access unit R to intelligent terminal V identity legitimacy.
The embodiment of the invention provides a kind of based on the intelligent terminal access authentication method selectively revealed.The present invention passes through
Following technical scheme is taken to be achieved:
Intelligent terminal V possesses false identity identifier PIDV, shared secret SVAnd local data sets(l∈
N*);Access unit R safeguards a close value mapping table, and the table is by the shared secret S of each intelligent terminal VVIt is mapped to corresponding intelligence
The false identity identifier PID of terminal VVWith wildcard kv;kvIt is that HMAC used is authenticated between intelligent terminal V and access unit R
The key of function is also the encryption key of subsequent session;Before starting certification, intelligent terminal V is also needed will by trusted third party
ByThe certificate pre-share of generation gives access unit R.
The generation of certificate and as follows with pre-share process:
Step a1: intelligent terminal V generates one group of pseudo random number first with pseudo-random function generatorAgain
It utilizesTo local data setsIt (is denoted as) random process is carried out, ephemeral data is calculated
Collection
……
Wherein, " # " is as a kind of additional character, for dividing and definingWithData field;
Step a2: intelligent terminal V is calculated one group of numerical value using One-way Hash function
……
Step a3: intelligent terminal V willIt (is denoted as)、It (is denoted as) be sent to can
Believe third party (such as certification authority);
Step a4: trusted third party's detectionValue, it is ensured that correspond;
Step a5: for memory space needed for reduction Store Credentials, trusted third party needs by a node to be Hash
The Huffman tree of value selects leakage mechanism to realize.Each attribute is presented general by this selectivity leakage certificate scheme consideration
Rate (needing to count in advance) constructs Huffman tree as weight, and depth of the high attribute node of probability in tree is lower than probability
Node is small, this makes the program more more efficient than the selectivity leakage certificate scheme based on Merkle tree in most cases.
Trusted third party usesAs leaf node, weight building Huffman is corresponded to according to each node
Tree.Calculate the cryptographic Hash F of each non-leaf nodesnode=H (child1||child2), child1And child2Respectively indicate some
The value of non-leaf nodes or so child node, | | indicate cascade.It, will by all nodal values of the available Huffman tree of above-mentioned calculating
The value of root node is denoted as root.
Step a6: hereafter, cryptographic Hash root is sent to access unit R by trusted third party, and whole Huffman tree is sent
Give intelligent terminal V.
The step of described safety certifying method for intelligent terminal, is as follows:
Step b1: intelligent terminal V generates pseudo random number r ' using pseudo-random function generatorV, extract local SV;Intelligence is eventually
Hold V by r 'V||SVAccess unit R is sent to as access request and opens a new session period;
Step b2: when access unit R receives r 'V||SVAfterwards, pseudo random number r is generated using pseudo-random function generatorR,
According to SV, corresponding false identity identifier PID is extracted from the close value mapping table being locally storedVAnd kv, M is calculatedR, and by grade
The message r of connectionR||MRP is returned to as response;
Step b3: when intelligent terminal V receives rR||MRAfterwards, local PID is extractedVAnd kv, using this, they are calculatedThe M obtained by comparing receptionRWith M 'RConsistency, realize to access unit R
The verifying of identity reality;If two values are equal, intelligent terminal V thinks that access unit R is a legal equipment, agreement
Continue;Otherwise agreement terminates.
Step c1: intelligent terminal V chooses the part temporary data set for intending sharingIt is labeled as(i ∈ 1,
2 ..., n }), it can directly be found in Huffman treeWithCorresponding leaf node(i ∈ 1,2 ...,
M }) and(i ∈ { 1,2 ..., n }).Note comprising it is all containing onlyInterior joint is free ofThe subtree of interior joint
Root node collection is combined into(i ∈ { 1,2 ..., k }), then fromFather node is selected to be not belonging toNode form set(i ∈ { 1,2 ..., s }).According to Huffman tree, utilizeWithHuffman tree root node can be calculated
Value root.It searchesProcess can pass through recurrence and primary traversal is realized.
Recursive function mark (node) implementation procedure is as follows:
(1) it if node is leaf node, executes:
IfThe node is marked, is otherwise returned;
(2) it if node is not leaf node, executes:
First carry out mark (c1) and mark (c2), c1And c2For the child node of node;C is judged again1And c2Whether it is labeled, such as
Fruit is all labeled, marks the node, otherwise returns.
It is as follows to traverse function search (node) implementation procedure:
(1) it if node is leaf node, executes:
If node is labeled, result set is added in nodeOtherwise it returns;
(2) it if node is not leaf node, executes:
If node is labeled, which is addedOtherwise, search (c is executed1) and search (c2), c1And c2
For the child node of node.
Intelligent terminal V is calculatedAnd MV, and by rR、MVWithIt is sent to access unit R.
Step c2: when access unit R receives rR、MVWithIt is first calculated similar to step 3 Compare MVWith M 'V;If inconsistent, agreement is terminated, and is otherwise continued.
Step c3: access unit R calculatesIt utilizesWithRoot ' can be calculated, than
Compared with root ' and locally whether the root that saves is equal, realizes the verifying to intelligent terminal V identity reality;If two values
Equal, access unit R thinks that intelligent terminal V is a legal equipment, agreement normal termination.
Embodiment:
One, system initialization
Intelligent terminal V possesses false identity identifier PIDV, shared secret SVAnd local data sets(l∈
N*);Access unit R safeguards a close value mapping table, and the table is by the shared secret S of each intelligent terminal VVIt is mapped to corresponding intelligence
The false identity identifier PID of terminal VVWith wildcard kv;kvIt is that HMAC used is authenticated between intelligent terminal V and access unit R
The key of function is also the encryption key of subsequent session;Before starting certification, intelligent terminal V is also needed will by trusted third party
ByThe certificate pre-share of generation gives access unit R.
Intelligent terminal V possesses false identity identifier PIDV, shared secret SVAnd local data setsIt connects
Enter unit R and gather around one close value mapping table of maintenance, the table is by the shared secret S of each intelligent terminal VVIt is mapped to corresponding intelligent terminal
The false identity identifier PID of VVWith wildcard kv;kvIt is that HMAC function used is authenticated between intelligent terminal V and access unit R
Key be also subsequent session encryption key;Before starting certification, intelligent terminal V is also needed will be by by trusted third partyThe certificate pre-share of generation gives access unit R.
The generation of certificate and as follows with pre-share process:
Intelligent terminal V generates one group of pseudo random number first with pseudo-random function generatorIt is sharp again
WithTo local data setsRandom process is carried out, ephemeral data is calculated
Collection
Wherein, " # " is as a kind of additional character, for dividing and definingWithData field;
One group of numerical value is calculated using One-way Hash function in intelligent terminal V
Intelligent terminal V willIt (is denoted as)、It (is denoted as) send
It gives trusted third party (such as certification authority), trusted third party's detectionValue, it is ensured that correspond;For drop
Memory space needed for low Store Credentials needs to realize selection leakage machine by the Huffman tree that a node is cryptographic Hash
System.This selectivity leakage certificate scheme considers the probability (needing to count in advance) that each attribute is presented carrying out structure as weight
Huffman tree is made, depth of the high attribute node of probability in the tree node lower than probability is small, this makes the program in most feelings
It is more more efficient than the selectivity leakage certificate scheme based on Merkle tree under condition.
Trusted third party usesAs leaf node, weight building is corresponded to according to each node
Huffman tree.Calculate the cryptographic Hash F of each non-leaf nodesnode=H (child1||child2), child1And child2Table respectively
Show the value of some non-leaf nodes or so child node, | | indicate cascade.Pass through all sections of the available Huffman tree of above-mentioned calculating
The value of root node is denoted as root by point value.
Building in order to which Huffman tree is described in detail and the use in certification, are said using road vehicle restricted driving as scene
It is bright.Assuming that being restricted driving to some section according to license plate possession and type of vehicle, only allow the car of local license plate or car logical
Row.Assuming that six certain vehicle driver identity, license plate, vehicle, car brand, car color, service life attributes are presented possibility
Property is followed successively by 21,31,9,10,6,5, obtains by random process and HashThen according to weight building
Hash tree is as shown in Figure 3.
The cryptographic Hash of each non-leaf nodes are as follows:
Hereafter, cryptographic Hash root is sent to access unit R by trusted third party, and whole Huffman tree is sent to intelligent end
Hold V.
Two, verification process
The step of described safety certifying method for intelligent terminal, is as follows:
Intelligent terminal V generates pseudo random number r ' using pseudo-random function generatorV, extract local SV;Intelligent terminal V is by r 'V
||SVAccess unit R is sent to as access request and opens a new session period;
When access unit R receives r 'V||SVAfterwards, pseudo random number r is generated using pseudo-random function generatorR, according to SV,
Corresponding false identity identifier PID is extracted from the close value mapping table being locally storedVAnd kv, M is calculatedR, and by cascade message
rR||MRP is returned to as response;
When intelligent terminal V receives rR||MRAfterwards, local PID is extractedVAnd kv, using this, they are calculated The M obtained by comparing receptionRWith M 'RConsistency, realize to access unit R identity it is true
The verifying of reality;If two values are equal, intelligent terminal V thinks that access unit R is a legal equipment, and agreement continues;
Otherwise agreement terminates;
Intelligent terminal V, which chooses, intends shared part temporary data setWithRemaining data collection
It is labeled asIt can directly be found in Huffman treeWithCorresponding leaf nodeWithNote comprising it is all containing onlyInterior joint is free of
The root node collection of the subtree of interior joint is combined into(i ∈ { 1,2 ..., k }), then fromFather node is selected to be not belonging to's
Node composition set(i ∈ { 1,2 ..., s }).According to Huffman tree, utilizeWithKazakhstan can be calculated
The graceful root vertex value root of husband.It searchesProcess can pass through recurrence and primary traversal is realized.
Recursive function mark (node) implementation procedure is as follows:
(1) it if node is leaf node, executes:
IfThe node is marked, is otherwise returned;
(2) it if node is not leaf node, executes:
First carry out mark (c1) and mark (c2), c1And c2For the child node of node;C is judged again1And c2Whether it is labeled, such as
Fruit is all labeled, marks the node, otherwise returns.
It is as follows to traverse function search (node) implementation procedure:
(1) it if node is leaf node, executes:
If node is labeled, result set is added in nodeOtherwise it returns;
(2) it if node is not leaf node, executes:
If node is labeled, which is addedOtherwise, search (c is executed1) and search (c2), c1And c2
For the child node of node.
Intelligent terminal V calculates AV、BVAnd CV, and by rR、 And MVIt is sent to access unit R.
When access unit R receives rR、And MV, similar to first calculating Compare MVWith M 'V;If inconsistent, agreement is terminated, and is otherwise continued.Access unit R
It calculatesWith It utilizesWithRoot ' can be calculated, compare root ' and
Whether the root locally saved is equal, realizes the verifying to intelligent terminal V identity reality;If two values are equal, access
Unit R thinks that intelligent terminal V is a legal equipment, agreement normal termination.
For the vehicle restricted driving scene still used when pre-share, then intelligent terminal V is finally broadcasted And AV||CV, and step 4 access unit R calculating process is as follows:
Final relatively root ' and root carrys out the legitimacy of authentication intelligent terminal V.
The above is only a preferred embodiment of the present invention, does not play the role of any restrictions to the present invention.Belonging to any
Those skilled in the art, in the range of not departing from technical solution of the present invention, to the invention discloses technical solution and
Technology contents make the variation such as any type of equivalent replacement or modification, belong to the content without departing from technical solution of the present invention, still
Within belonging to the scope of protection of the present invention.
Claims (6)
1. a kind of based on the intelligent terminal access authentication method selectively revealed, which is characterized in that including intelligent terminal V, access
Unit R and trusted third party, the intelligent terminal V possess false identity identifier PIDV, shared secret SVAnd local data setsThe access unit R safeguards a close value mapping table, and the close value mapping table is by each intelligence
The shared secret S of terminal VVIt is mapped to the false identity identifier PID of corresponding intelligent terminal VVWith wildcard kv;kvIt is intelligence
The key that HMAC function used is authenticated between terminal V and access unit R is also the encryption key of subsequent session;Intelligent terminal V is also
Needing will be by by trusted third partyThe certificate pre-share of generation gives access unit R;The described method includes:
Step 1: certificate of the intelligent terminal V by trusted third party to access unit R pre-share comprising cryptographic Hash root;
Step 2: intelligent terminal V completes the certification to access unit R identity legitimacy using random number and the mapping of close value;
Step 3: by Huffman tree, selectively revealing the information of intelligent terminal V, realizes access unit R to intelligent terminal V
The certification of identity legitimacy.
2. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that described
Intelligent terminal V is included the following steps: by trusted third party to the certificate that access unit R pre-share includes cryptographic Hash root
Step a1: the intelligent terminal V generates one group of pseudo random number using pseudo-random function generatorIt recyclesTo local data setsIt is denoted asRandom process is carried out, temporary data set is calculated
……
Wherein, " # " is as a kind of additional character, for dividing and definingWithData field;
Step a2: intelligent terminal V is calculated one group of numerical value using One-way Hash function
……
Step a3: intelligent terminal V willIt is denoted asIt willIt is denoted as, is sent to credible third
Side;
Step a4: trusted third party's detectionValue, it is ensured that correspond;
Step a5: the probability that each attribute is presented is constructed Huffman tree as weight by trusted third party, is usedAs leaf node, weight building Huffman tree is corresponded to according to each node;Calculate each non-leaf nodes
Cryptographic Hash Fnode=H (child1||child2), child1And child2Respectively indicate some non-leaf nodes or so child node
Value, | | indicate cascade;By all nodal values of the available Huffman tree of above-mentioned calculating, the value of root node is denoted as root;
Step a6: cryptographic Hash root is sent to access unit R by trusted third party, and whole Huffman tree is sent to intelligent terminal
V。
3. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that described
Intelligent terminal V completes to include the following steps: the certification of access unit R identity legitimacy using random number and the mapping of close value
Step b1: intelligent terminal V generates pseudo random number r ' using pseudo-random function generatorV, extract local SV;Intelligent terminal V will
r′V||SVAccess unit R is sent to as access request and opens a new session period;
Step b2: when access unit R receives r 'V||SVAfterwards, pseudo random number r is generated using pseudo-random function generatorR, according to
SV, corresponding false identity identifier PID is extracted from the close value mapping table being locally storedVAnd kv, M is calculatedR, and will be cascade
Message rR||MRP is returned to as response;
Step b3: when intelligent terminal V receives rR||MRAfterwards, local PID is extractedVAnd kv, using this, they are calculatedThe M obtained by comparing receptionRWith M 'RConsistency, realize to access unit R
The verifying of identity reality;If two values are equal, intelligent terminal V thinks that access unit R is a legal equipment, agreement
Continue;Otherwise agreement terminates.
4. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that described
By Huffman tree, the information of intelligent terminal V is selectively revealed, realizes access unit R to intelligent terminal V identity legitimacy
Certification, includes the following steps:
Step c1: intelligent terminal V chooses the part temporary data set for intending sharingRemaining data collection mark
It is denoted asIt can directly be found in Huffman treeWithCorresponding leaf node WithNote comprising it is all containing onlyInterior joint is free ofInterior joint
The root node collection of subtree be combined intoAgain fromFather node is searched to be not belonging toNode group
At setAccording to Huffman tree, utilizeWithHuffman tree root node value is calculated
root;Intelligent terminal V is calculatedAnd MV, and by rR、MVWithIt is sent to access unit R;
Step c2: when access unit R receives rR、MVWithFirst calculateCompare MVWith M 'V;If inconsistent, agreement is terminated, and is otherwise continued;
Step c3: access unit R calculatesIt utilizesWithRoot ' can be calculated, compare
Whether root ' and the root locally saved are equal, realize the verifying to intelligent terminal V identity reality;If two values phase
Deng access unit R thinks that intelligent terminal V is a legal equipment, agreement normal termination.
5. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that pass through
One time recursive function mark (node) is searchedProcess, comprising:
(1) it if node is leaf node, executes:
IfThe node is marked, is otherwise returned;
(2) it if node is not leaf node, executes:
First carry out mark (c1) and mark (c2), c1And c2For the child node of node;C is judged again1And c2Whether it is labeled, if all
It is labeled, the node is marked, is otherwise returned.
6. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that pass through
Primary traversal function search (node) is searchedProcess, comprising:
(1) it if node is leaf node, executes:
If node is labeled, result set is added in nodeOtherwise it returns;
(2) it if node is not leaf node, executes:
If node is labeled, which is addedOtherwise, search (c is executed1) and search (c2), c1And c2For
The child node of node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811585180.9A CN109474438B (en) | 2018-12-24 | 2018-12-24 | Intelligent terminal access authentication method based on selective leakage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811585180.9A CN109474438B (en) | 2018-12-24 | 2018-12-24 | Intelligent terminal access authentication method based on selective leakage |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109474438A true CN109474438A (en) | 2019-03-15 |
CN109474438B CN109474438B (en) | 2021-08-17 |
Family
ID=65677679
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811585180.9A Active CN109474438B (en) | 2018-12-24 | 2018-12-24 | Intelligent terminal access authentication method based on selective leakage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109474438B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112307519A (en) * | 2020-10-23 | 2021-02-02 | 复旦大学 | Hierarchical verifiable query system based on selective leakage |
CN112887981A (en) * | 2021-01-12 | 2021-06-01 | 国网电力科学研究院有限公司 | Authentication method and system for power wireless private network terminal access |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105323074A (en) * | 2015-11-17 | 2016-02-10 | 西安电子科技大学 | Trusted verification method for geographic position of terminal equipment |
CN105553981A (en) * | 2015-12-18 | 2016-05-04 | 成都三零瑞通移动通信有限公司 | Rapid authentication and key negotiation method for WLAN |
CN105871869A (en) * | 2016-04-28 | 2016-08-17 | 湖南科技学院 | Anonymous bidirectional authentication method in mobile social network based on single hash function and false identity |
CN106790278A (en) * | 2017-02-21 | 2017-05-31 | 中国信息安全测评中心 | A kind of mutual authentication method and communication system |
CN107919956A (en) * | 2018-01-04 | 2018-04-17 | 重庆邮电大学 | End-to-end method for protecting under a kind of internet of things oriented cloud environment |
-
2018
- 2018-12-24 CN CN201811585180.9A patent/CN109474438B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105323074A (en) * | 2015-11-17 | 2016-02-10 | 西安电子科技大学 | Trusted verification method for geographic position of terminal equipment |
CN105553981A (en) * | 2015-12-18 | 2016-05-04 | 成都三零瑞通移动通信有限公司 | Rapid authentication and key negotiation method for WLAN |
CN105871869A (en) * | 2016-04-28 | 2016-08-17 | 湖南科技学院 | Anonymous bidirectional authentication method in mobile social network based on single hash function and false identity |
CN106790278A (en) * | 2017-02-21 | 2017-05-31 | 中国信息安全测评中心 | A kind of mutual authentication method and communication system |
CN107919956A (en) * | 2018-01-04 | 2018-04-17 | 重庆邮电大学 | End-to-end method for protecting under a kind of internet of things oriented cloud environment |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112307519A (en) * | 2020-10-23 | 2021-02-02 | 复旦大学 | Hierarchical verifiable query system based on selective leakage |
CN112307519B (en) * | 2020-10-23 | 2022-06-17 | 复旦大学 | Hierarchical verifiable query system based on selective leakage |
CN112887981A (en) * | 2021-01-12 | 2021-06-01 | 国网电力科学研究院有限公司 | Authentication method and system for power wireless private network terminal access |
CN112887981B (en) * | 2021-01-12 | 2022-10-04 | 国网电力科学研究院有限公司 | Authentication method and system for power wireless private network terminal access |
Also Published As
Publication number | Publication date |
---|---|
CN109474438B (en) | 2021-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112019591B (en) | Cloud data sharing method based on block chain | |
WO2020258060A2 (en) | Blockchain-based privacy protection trust model for internet of vehicles | |
CN109376528B (en) | Trusted identity management system and method based on block chain | |
CN113256290B (en) | Decentralized encrypted communication and transaction system | |
CN108012232A (en) | VANETs location privacy protection querying methods under mist computing architecture | |
Rasheed et al. | Adaptive group-based zero knowledge proof-authentication protocol in vehicular ad hoc networks | |
CN108809637A (en) | The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher | |
CN107332858B (en) | Cloud data storage method | |
Yue et al. | An efficient and secure anonymous authentication scheme for VANETs based on the framework of group signatures | |
CN105491076B (en) | A kind of heterogeneous network end to end authentication key exchange method towards empty day Information Network | |
CN108055122A (en) | The anti-RAM leakage dynamic that can verify that can search for encryption method, Cloud Server | |
CN108173827B (en) | Block chain thinking-based distributed SDN control plane security authentication method | |
CN112165472B (en) | Internet of things data security sharing method based on privacy protection | |
CN106936833A (en) | A kind of content center network method for secret protection based on Hybrid Encryption and anonymous group | |
CN111211905A (en) | Identity management method for Fabric alliance chain members based on certificate-free authentication | |
CN114760065A (en) | Access control method and device for teaching resource sharing of online learning platform | |
Kanumalli et al. | Secure V2V Communication in IOV using IBE and PKI based Hybrid Approach | |
CN109474438A (en) | It is a kind of based on the intelligent terminal access authentication method selectively revealed | |
CN110572392A (en) | Identity authentication method based on HyperLegger network | |
CN113452764B (en) | SM 9-based vehicle networking V2I bidirectional authentication method | |
CN110460447A (en) | Edge calculations data accountability system and auditing method based on Hash binary tree | |
CN108259606B (en) | Cloud computing public cloud file storage and retrieval method | |
CN106850584A (en) | A kind of anonymous authentication method of curstomer-oriented/server network | |
CN110191129A (en) | A kind of content in information centre's network names Verification System | |
US9485229B2 (en) | Object level encryption system including encryption key management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |