CN109474438A - It is a kind of based on the intelligent terminal access authentication method selectively revealed - Google Patents

It is a kind of based on the intelligent terminal access authentication method selectively revealed Download PDF

Info

Publication number
CN109474438A
CN109474438A CN201811585180.9A CN201811585180A CN109474438A CN 109474438 A CN109474438 A CN 109474438A CN 201811585180 A CN201811585180 A CN 201811585180A CN 109474438 A CN109474438 A CN 109474438A
Authority
CN
China
Prior art keywords
intelligent terminal
node
access unit
root
huffman tree
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811585180.9A
Other languages
Chinese (zh)
Other versions
CN109474438B (en
Inventor
刘虹
程乾阳
陈长松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Normal University
Third Research Institute of the Ministry of Public Security
Original Assignee
East China Normal University
Third Research Institute of the Ministry of Public Security
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University, Third Research Institute of the Ministry of Public Security filed Critical East China Normal University
Priority to CN201811585180.9A priority Critical patent/CN109474438B/en
Publication of CN109474438A publication Critical patent/CN109474438A/en
Application granted granted Critical
Publication of CN109474438B publication Critical patent/CN109474438B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of based on the intelligent terminal access authentication method selectively revealed, and the present invention realizes being mutually authenticated between intelligent terminal V and access unit R in conjunction with Huffman tree using lightweights operators such as individual event HMAC function, XOR operation.Before formal certification, certificate of the intelligent terminal V by trusted third party to access unit R pre-share comprising cryptographic Hash root.Verification process is divided into two stages: first stage, and intelligent terminal V completes the certification to access unit R identity legitimacy using random number and the mapping of close value;Second stage selectively reveals the information of intelligent terminal V by Huffman tree, realizes certification of the access unit R to intelligent terminal V identity legitimacy.Invention significantly improves the safety of verification process and flexibilities, in addition to it can defend the attacks such as message-replay, also effectively avoid the sensitive data that intelligent network is joined to vehicle from being directly exposed to roadbed unit, suitable for the secure interactive application scenarios with data sharing demand.

Description

It is a kind of based on the intelligent terminal access authentication method selectively revealed
Technical field
The present invention relates to intelligent terminal security fields more particularly to a kind of accessed based on the intelligent terminal selectively revealed to recognize Card method.
Background technique
With the rise of Internet of Things, the application prospect of intelligent terminal also becomes more wide.Nowadays, intelligent terminal by Widespread deployment is into sorts of systems, and the safety for applying to car networking, Industry Control etc concerns industry, this sends out intelligent terminal The more important and locating network environment of the effect waved is more complicated.How intelligent terminal is safely and efficiently accessed to increasingly complicated net The problem of network, is urgently to be resolved.Traditional communication protocol based on End to End Encryption is faced with all kinds of threats, is believed by intercepting and capturing The data packet transmitted on road can be easily carried out Replay Attack, generate unforeseen result.Therefore, it is necessary to a kind of safety Authentication protocol access link authentication verification object identity legitimacy.
In the application scenarios of many intelligent terminals, the specific requirements of certification are often different from most traditional networks.With vehicle For networking, on the one hand, network insertion unit performance itself is restricted with memory space, and it may locate in the same time Manage a large amount of access requests from intelligent terminal;On the other hand, net connection vehicle is followed by the service received and may and be not required in access network Want all properties information stored in authentication intelligent terminal.Many traditional authentication methods based on Encryption Algorithm are no longer desirable for This scene.So the authentication method that intelligent terminal is used when accessing network not only wants high efficiency, low storage, also to use Selective leakage mechanism avoids the exposure privacy information unrelated with session.
Summary of the invention
In view of the above technical problems, the invention proposes a kind of based on the intelligent terminal access authentication side selectively revealed Method, including intelligent terminal V, access unit R and trusted third party, the intelligent terminal V possess false identity identifier PIDV, share Close value SVAnd local data sets(l∈N*);The access unit R safeguards a close value mapping table, the close value Mapping table is by the shared secret S of each intelligent terminal VVIt is mapped to the false identity identifier PID of corresponding intelligent terminal VVAnd pre-share Key kv;kvBe authenticated between intelligent terminal V and access unit R HMAC function used key be also subsequent session encryption it is close Key;Intelligent terminal V is also needed will be by by trusted third partyThe certificate pre-share of generation gives access unit R;Institute The method of stating includes:
Step 1: certificate of the intelligent terminal V by trusted third party to access unit R pre-share comprising cryptographic Hash root;
Step 2: intelligent terminal V completes to recognize access unit R identity legitimacy using random number and the mapping of close value Card;
Step 3: by Huffman tree, selectively revealing the information of intelligent terminal V, realizes access unit R to intelligent end Hold the certification of V identity legitimacy.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, the intelligent terminal V Include the following steps: step a1 to the certificate that access unit R pre-share includes cryptographic Hash root by trusted third party: the intelligence Energy terminal V generates one group of pseudo random number using pseudo-random function generatorIt recyclesTo local Data setIt is denoted asRandom process is carried out, temporary data set is calculated
……
Wherein, " # " is as a kind of additional character, for dividing and definingWithData field;
Step a2: intelligent terminal V is calculated one group of numerical value using One-way Hash function
……
Step a3: intelligent terminal V willIt is denoted as), it willIt is denoted as, is sent to credible Tripartite;
Step a4: trusted third party's detectionValue, it is ensured that correspond;
Step a5: the probability that each attribute is presented is constructed Huffman tree as weight by trusted third party, is usedAs leaf node, weight building Huffman tree is corresponded to according to each node;Calculate each non-leaf nodes Cryptographic Hash Fnode=H (child1||child2), child1And child2Respectively indicate some non-leaf nodes or so child node Value, | | indicate cascade;By all nodal values of the available Huffman tree of above-mentioned calculating, the value of root node is denoted as root;
Step a6: cryptographic Hash root is sent to access unit R by trusted third party, and whole Huffman tree is sent to intelligence Terminal V.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, the intelligent terminal V It completes to include the following steps: the certification of access unit R identity legitimacy using random number and the mapping of close value
Step b1: intelligent terminal V generates pseudo random number r ' using pseudo-random function generatorV, extract local SV;Intelligence is eventually Hold V by r 'V||SVAccess unit R is sent to as access request and opens a new session period;
Step b2: when access unit R receives r 'V||SVAfterwards, pseudo random number r is generated using pseudo-random function generatorR, According to SV, corresponding false identity identifier PID is extracted from the close value mapping table being locally storedVAnd kv, M is calculatedR, and by grade The message r of connectionR||MRP is returned to as response;
Step b3: when intelligent terminal V receives rR||MRAfterwards, local PID is extractedVAnd kv, using this, they are calculatedThe M obtained by comparing receptionRWith M 'RConsistency, realize to access unit R The verifying of identity reality;If two values are equal, intelligent terminal V thinks that access unit R is a legal equipment, agreement Continue;Otherwise agreement terminates.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, it is described by Huffman Tree selectively reveals the information of intelligent terminal V, realizes certification of the access unit R to intelligent terminal V identity legitimacy, including Following steps:
Step c1: intelligent terminal V chooses the part temporary data set for intending sharing(i ∈ { 1,2 ..., m }), remainder It is labeled as according to collection(i ∈ { 1,2 ..., n }), can directly find in Huffman treeWithCorresponding leaf section Point(i ∈ { 1,2 ..., m }) and(i ∈ { 1,2 ..., n }), note comprising it is all containing onlyInterior joint is free ofThe root node collection of the subtree of interior joint is combined into(i ∈ { 1,2 ..., k }), then fromFather node is searched to be not belonging toNode form set(i ∈ { 1,2 ..., s }) is utilized according to Huffman treeWithKazakhstan is calculated The graceful root vertex value root of husband;Intelligent terminal V is calculatedAnd MV, and by rRMVWithIt is sent to access unit R;
Step c2: when access unit R receives rRMVWithFirst calculateCompare MVWith M 'V;If inconsistent, agreement is terminated, and is otherwise continued;
Step c3: access unit R calculatesIt utilizesWithRoot ' can be calculated, than Compared with root ' and locally whether the root that saves is equal, realizes the verifying to intelligent terminal V identity reality;If two values Equal, access unit R thinks that intelligent terminal V is a legal equipment, agreement normal termination.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, pass through a recurrence letter Number mark (node) is searchedProcess, comprising:
(1) it if node is leaf node, executes:
IfThe node is marked, is otherwise returned;
(2) it if node is not leaf node, executes:
First carry out mark (c1) and mark (c2), c1And c2For the child node of node;C is judged again1And c2Whether it is labeled, such as Fruit is all labeled, marks the node, otherwise returns.
It is proposed by the present invention described based in the intelligent terminal access authentication method selectively revealed, by once traversing letter Number search (node) is searchedProcess, comprising:
(1) it if node is leaf node, executes:
If node is labeled, result set is added in nodeOtherwise it returns;
(2) it if node is not leaf node, executes:
If node is labeled, which is addedOtherwise, search (c is executed1) and search (c2), c1And c2 For the child node of node.
The method of the present invention significantly improves the safety and flexibility of verification process, except can defend message-replay etc. attack Outside, it also effectively avoids the sensitive data that intelligent network is joined to vehicle from being directly exposed to roadbed unit, is suitable for that there is data sharing demand Secure interactive application scenarios.
Detailed description of the invention
Fig. 1 is the flow chart provided by the invention based on the intelligent terminal access authentication method selectively revealed.
Fig. 2 is the flow diagram provided by the invention based on the intelligent terminal access authentication method selectively revealed.
Fig. 3 is the Hash tree graph constructed in the embodiment of the present invention according to weight.
Specific embodiment
Technical solution of the present invention is described in detail below by attached drawing and specific embodiment, it should be understood that the application Specific features in embodiment and embodiment are the detailed description to technical scheme, rather than to present techniques The restriction of scheme, in the absence of conflict, the technical characteristic in the embodiment of the present application and embodiment can be combined with each other.
As illustrated in figs. 1 and 2, present invention implementation discloses a kind of based on the intelligent terminal access authentication side selectively revealed Method.The method is using the lightweights operator such as individual event HMAC function, XOR operation, in conjunction with Huffman tree, realize intelligent terminal V with Being mutually authenticated between access unit R.Before formal certification, intelligent terminal V passes through trusted third party to access unit R pre-share Certificate comprising cryptographic Hash root.Verification process is divided into two stages: first stage, and intelligent terminal V uses random number and close value It maps to complete the certification to access unit R identity legitimacy;Second stage, by Huffman tree, selectively leakage is intelligent The information of terminal V realizes certification of the access unit R to intelligent terminal V identity legitimacy.
The embodiment of the invention provides a kind of based on the intelligent terminal access authentication method selectively revealed.The present invention passes through Following technical scheme is taken to be achieved:
Intelligent terminal V possesses false identity identifier PIDV, shared secret SVAnd local data sets(l∈ N*);Access unit R safeguards a close value mapping table, and the table is by the shared secret S of each intelligent terminal VVIt is mapped to corresponding intelligence The false identity identifier PID of terminal VVWith wildcard kv;kvIt is that HMAC used is authenticated between intelligent terminal V and access unit R The key of function is also the encryption key of subsequent session;Before starting certification, intelligent terminal V is also needed will by trusted third party ByThe certificate pre-share of generation gives access unit R.
The generation of certificate and as follows with pre-share process:
Step a1: intelligent terminal V generates one group of pseudo random number first with pseudo-random function generatorAgain It utilizesTo local data setsIt (is denoted as) random process is carried out, ephemeral data is calculated Collection
……
Wherein, " # " is as a kind of additional character, for dividing and definingWithData field;
Step a2: intelligent terminal V is calculated one group of numerical value using One-way Hash function
……
Step a3: intelligent terminal V willIt (is denoted as)、It (is denoted as) be sent to can Believe third party (such as certification authority);
Step a4: trusted third party's detectionValue, it is ensured that correspond;
Step a5: for memory space needed for reduction Store Credentials, trusted third party needs by a node to be Hash The Huffman tree of value selects leakage mechanism to realize.Each attribute is presented general by this selectivity leakage certificate scheme consideration Rate (needing to count in advance) constructs Huffman tree as weight, and depth of the high attribute node of probability in tree is lower than probability Node is small, this makes the program more more efficient than the selectivity leakage certificate scheme based on Merkle tree in most cases.
Trusted third party usesAs leaf node, weight building Huffman is corresponded to according to each node Tree.Calculate the cryptographic Hash F of each non-leaf nodesnode=H (child1||child2), child1And child2Respectively indicate some The value of non-leaf nodes or so child node, | | indicate cascade.It, will by all nodal values of the available Huffman tree of above-mentioned calculating The value of root node is denoted as root.
Step a6: hereafter, cryptographic Hash root is sent to access unit R by trusted third party, and whole Huffman tree is sent Give intelligent terminal V.
The step of described safety certifying method for intelligent terminal, is as follows:
Step b1: intelligent terminal V generates pseudo random number r ' using pseudo-random function generatorV, extract local SV;Intelligence is eventually Hold V by r 'V||SVAccess unit R is sent to as access request and opens a new session period;
Step b2: when access unit R receives r 'V||SVAfterwards, pseudo random number r is generated using pseudo-random function generatorR, According to SV, corresponding false identity identifier PID is extracted from the close value mapping table being locally storedVAnd kv, M is calculatedR, and by grade The message r of connectionR||MRP is returned to as response;
Step b3: when intelligent terminal V receives rR||MRAfterwards, local PID is extractedVAnd kv, using this, they are calculatedThe M obtained by comparing receptionRWith M 'RConsistency, realize to access unit R The verifying of identity reality;If two values are equal, intelligent terminal V thinks that access unit R is a legal equipment, agreement Continue;Otherwise agreement terminates.
Step c1: intelligent terminal V chooses the part temporary data set for intending sharingIt is labeled as(i ∈ 1, 2 ..., n }), it can directly be found in Huffman treeWithCorresponding leaf node(i ∈ 1,2 ..., M }) and(i ∈ { 1,2 ..., n }).Note comprising it is all containing onlyInterior joint is free ofThe subtree of interior joint Root node collection is combined into(i ∈ { 1,2 ..., k }), then fromFather node is selected to be not belonging toNode form set(i ∈ { 1,2 ..., s }).According to Huffman tree, utilizeWithHuffman tree root node can be calculated Value root.It searchesProcess can pass through recurrence and primary traversal is realized.
Recursive function mark (node) implementation procedure is as follows:
(1) it if node is leaf node, executes:
IfThe node is marked, is otherwise returned;
(2) it if node is not leaf node, executes:
First carry out mark (c1) and mark (c2), c1And c2For the child node of node;C is judged again1And c2Whether it is labeled, such as Fruit is all labeled, marks the node, otherwise returns.
It is as follows to traverse function search (node) implementation procedure:
(1) it if node is leaf node, executes:
If node is labeled, result set is added in nodeOtherwise it returns;
(2) it if node is not leaf node, executes:
If node is labeled, which is addedOtherwise, search (c is executed1) and search (c2), c1And c2 For the child node of node.
Intelligent terminal V is calculatedAnd MV, and by rRMVWithIt is sent to access unit R.
Step c2: when access unit R receives rRMVWithIt is first calculated similar to step 3 Compare MVWith M 'V;If inconsistent, agreement is terminated, and is otherwise continued.
Step c3: access unit R calculatesIt utilizesWithRoot ' can be calculated, than Compared with root ' and locally whether the root that saves is equal, realizes the verifying to intelligent terminal V identity reality;If two values Equal, access unit R thinks that intelligent terminal V is a legal equipment, agreement normal termination.
Embodiment:
One, system initialization
Intelligent terminal V possesses false identity identifier PIDV, shared secret SVAnd local data sets(l∈ N*);Access unit R safeguards a close value mapping table, and the table is by the shared secret S of each intelligent terminal VVIt is mapped to corresponding intelligence The false identity identifier PID of terminal VVWith wildcard kv;kvIt is that HMAC used is authenticated between intelligent terminal V and access unit R The key of function is also the encryption key of subsequent session;Before starting certification, intelligent terminal V is also needed will by trusted third party ByThe certificate pre-share of generation gives access unit R.
Intelligent terminal V possesses false identity identifier PIDV, shared secret SVAnd local data setsIt connects Enter unit R and gather around one close value mapping table of maintenance, the table is by the shared secret S of each intelligent terminal VVIt is mapped to corresponding intelligent terminal The false identity identifier PID of VVWith wildcard kv;kvIt is that HMAC function used is authenticated between intelligent terminal V and access unit R Key be also subsequent session encryption key;Before starting certification, intelligent terminal V is also needed will be by by trusted third partyThe certificate pre-share of generation gives access unit R.
The generation of certificate and as follows with pre-share process:
Intelligent terminal V generates one group of pseudo random number first with pseudo-random function generatorIt is sharp again WithTo local data setsRandom process is carried out, ephemeral data is calculated Collection
Wherein, " # " is as a kind of additional character, for dividing and definingWithData field;
One group of numerical value is calculated using One-way Hash function in intelligent terminal V
Intelligent terminal V willIt (is denoted as)、It (is denoted as) send It gives trusted third party (such as certification authority), trusted third party's detectionValue, it is ensured that correspond;For drop Memory space needed for low Store Credentials needs to realize selection leakage machine by the Huffman tree that a node is cryptographic Hash System.This selectivity leakage certificate scheme considers the probability (needing to count in advance) that each attribute is presented carrying out structure as weight Huffman tree is made, depth of the high attribute node of probability in the tree node lower than probability is small, this makes the program in most feelings It is more more efficient than the selectivity leakage certificate scheme based on Merkle tree under condition.
Trusted third party usesAs leaf node, weight building is corresponded to according to each node Huffman tree.Calculate the cryptographic Hash F of each non-leaf nodesnode=H (child1||child2), child1And child2Table respectively Show the value of some non-leaf nodes or so child node, | | indicate cascade.Pass through all sections of the available Huffman tree of above-mentioned calculating The value of root node is denoted as root by point value.
Building in order to which Huffman tree is described in detail and the use in certification, are said using road vehicle restricted driving as scene It is bright.Assuming that being restricted driving to some section according to license plate possession and type of vehicle, only allow the car of local license plate or car logical Row.Assuming that six certain vehicle driver identity, license plate, vehicle, car brand, car color, service life attributes are presented possibility Property is followed successively by 21,31,9,10,6,5, obtains by random process and HashThen according to weight building Hash tree is as shown in Figure 3.
The cryptographic Hash of each non-leaf nodes are as follows:
Hereafter, cryptographic Hash root is sent to access unit R by trusted third party, and whole Huffman tree is sent to intelligent end Hold V.
Two, verification process
The step of described safety certifying method for intelligent terminal, is as follows:
Intelligent terminal V generates pseudo random number r ' using pseudo-random function generatorV, extract local SV;Intelligent terminal V is by r 'V ||SVAccess unit R is sent to as access request and opens a new session period;
When access unit R receives r 'V||SVAfterwards, pseudo random number r is generated using pseudo-random function generatorR, according to SV, Corresponding false identity identifier PID is extracted from the close value mapping table being locally storedVAnd kv, M is calculatedR, and by cascade message rR||MRP is returned to as response;
When intelligent terminal V receives rR||MRAfterwards, local PID is extractedVAnd kv, using this, they are calculated The M obtained by comparing receptionRWith M 'RConsistency, realize to access unit R identity it is true The verifying of reality;If two values are equal, intelligent terminal V thinks that access unit R is a legal equipment, and agreement continues; Otherwise agreement terminates;
Intelligent terminal V, which chooses, intends shared part temporary data setWithRemaining data collection It is labeled asIt can directly be found in Huffman treeWithCorresponding leaf nodeWithNote comprising it is all containing onlyInterior joint is free of The root node collection of the subtree of interior joint is combined into(i ∈ { 1,2 ..., k }), then fromFather node is selected to be not belonging to's Node composition set(i ∈ { 1,2 ..., s }).According to Huffman tree, utilizeWithKazakhstan can be calculated The graceful root vertex value root of husband.It searchesProcess can pass through recurrence and primary traversal is realized.
Recursive function mark (node) implementation procedure is as follows:
(1) it if node is leaf node, executes:
IfThe node is marked, is otherwise returned;
(2) it if node is not leaf node, executes:
First carry out mark (c1) and mark (c2), c1And c2For the child node of node;C is judged again1And c2Whether it is labeled, such as Fruit is all labeled, marks the node, otherwise returns.
It is as follows to traverse function search (node) implementation procedure:
(1) it if node is leaf node, executes:
If node is labeled, result set is added in nodeOtherwise it returns;
(2) it if node is not leaf node, executes:
If node is labeled, which is addedOtherwise, search (c is executed1) and search (c2), c1And c2 For the child node of node.
Intelligent terminal V calculates AV、BVAnd CV, and by rR And MVIt is sent to access unit R.
When access unit R receives rRAnd MV, similar to first calculating Compare MVWith M 'V;If inconsistent, agreement is terminated, and is otherwise continued.Access unit R It calculatesWith It utilizesWithRoot ' can be calculated, compare root ' and Whether the root locally saved is equal, realizes the verifying to intelligent terminal V identity reality;If two values are equal, access Unit R thinks that intelligent terminal V is a legal equipment, agreement normal termination.
For the vehicle restricted driving scene still used when pre-share, then intelligent terminal V is finally broadcasted And AV||CV, and step 4 access unit R calculating process is as follows:
Final relatively root ' and root carrys out the legitimacy of authentication intelligent terminal V.
The above is only a preferred embodiment of the present invention, does not play the role of any restrictions to the present invention.Belonging to any Those skilled in the art, in the range of not departing from technical solution of the present invention, to the invention discloses technical solution and Technology contents make the variation such as any type of equivalent replacement or modification, belong to the content without departing from technical solution of the present invention, still Within belonging to the scope of protection of the present invention.

Claims (6)

1. a kind of based on the intelligent terminal access authentication method selectively revealed, which is characterized in that including intelligent terminal V, access Unit R and trusted third party, the intelligent terminal V possess false identity identifier PIDV, shared secret SVAnd local data setsThe access unit R safeguards a close value mapping table, and the close value mapping table is by each intelligence The shared secret S of terminal VVIt is mapped to the false identity identifier PID of corresponding intelligent terminal VVWith wildcard kv;kvIt is intelligence The key that HMAC function used is authenticated between terminal V and access unit R is also the encryption key of subsequent session;Intelligent terminal V is also Needing will be by by trusted third partyThe certificate pre-share of generation gives access unit R;The described method includes:
Step 1: certificate of the intelligent terminal V by trusted third party to access unit R pre-share comprising cryptographic Hash root;
Step 2: intelligent terminal V completes the certification to access unit R identity legitimacy using random number and the mapping of close value;
Step 3: by Huffman tree, selectively revealing the information of intelligent terminal V, realizes access unit R to intelligent terminal V The certification of identity legitimacy.
2. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that described Intelligent terminal V is included the following steps: by trusted third party to the certificate that access unit R pre-share includes cryptographic Hash root
Step a1: the intelligent terminal V generates one group of pseudo random number using pseudo-random function generatorIt recyclesTo local data setsIt is denoted asRandom process is carried out, temporary data set is calculated
……
Wherein, " # " is as a kind of additional character, for dividing and definingWithData field;
Step a2: intelligent terminal V is calculated one group of numerical value using One-way Hash function
……
Step a3: intelligent terminal V willIt is denoted asIt willIt is denoted as, is sent to credible third Side;
Step a4: trusted third party's detectionValue, it is ensured that correspond;
Step a5: the probability that each attribute is presented is constructed Huffman tree as weight by trusted third party, is usedAs leaf node, weight building Huffman tree is corresponded to according to each node;Calculate each non-leaf nodes Cryptographic Hash Fnode=H (child1||child2), child1And child2Respectively indicate some non-leaf nodes or so child node Value, | | indicate cascade;By all nodal values of the available Huffman tree of above-mentioned calculating, the value of root node is denoted as root;
Step a6: cryptographic Hash root is sent to access unit R by trusted third party, and whole Huffman tree is sent to intelligent terminal V。
3. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that described Intelligent terminal V completes to include the following steps: the certification of access unit R identity legitimacy using random number and the mapping of close value
Step b1: intelligent terminal V generates pseudo random number r ' using pseudo-random function generatorV, extract local SV;Intelligent terminal V will r′V||SVAccess unit R is sent to as access request and opens a new session period;
Step b2: when access unit R receives r 'V||SVAfterwards, pseudo random number r is generated using pseudo-random function generatorR, according to SV, corresponding false identity identifier PID is extracted from the close value mapping table being locally storedVAnd kv, M is calculatedR, and will be cascade Message rR||MRP is returned to as response;
Step b3: when intelligent terminal V receives rR||MRAfterwards, local PID is extractedVAnd kv, using this, they are calculatedThe M obtained by comparing receptionRWith M 'RConsistency, realize to access unit R The verifying of identity reality;If two values are equal, intelligent terminal V thinks that access unit R is a legal equipment, agreement Continue;Otherwise agreement terminates.
4. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that described By Huffman tree, the information of intelligent terminal V is selectively revealed, realizes access unit R to intelligent terminal V identity legitimacy Certification, includes the following steps:
Step c1: intelligent terminal V chooses the part temporary data set for intending sharingRemaining data collection mark It is denoted asIt can directly be found in Huffman treeWithCorresponding leaf node WithNote comprising it is all containing onlyInterior joint is free ofInterior joint The root node collection of subtree be combined intoAgain fromFather node is searched to be not belonging toNode group At setAccording to Huffman tree, utilizeWithHuffman tree root node value is calculated root;Intelligent terminal V is calculatedAnd MV, and by rRMVWithIt is sent to access unit R;
Step c2: when access unit R receives rRMVWithFirst calculateCompare MVWith M 'V;If inconsistent, agreement is terminated, and is otherwise continued;
Step c3: access unit R calculatesIt utilizesWithRoot ' can be calculated, compare Whether root ' and the root locally saved are equal, realize the verifying to intelligent terminal V identity reality;If two values phase Deng access unit R thinks that intelligent terminal V is a legal equipment, agreement normal termination.
5. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that pass through One time recursive function mark (node) is searchedProcess, comprising:
(1) it if node is leaf node, executes:
IfThe node is marked, is otherwise returned;
(2) it if node is not leaf node, executes:
First carry out mark (c1) and mark (c2), c1And c2For the child node of node;C is judged again1And c2Whether it is labeled, if all It is labeled, the node is marked, is otherwise returned.
6. according to claim 1 based on the intelligent terminal access authentication method selectively revealed, which is characterized in that pass through Primary traversal function search (node) is searchedProcess, comprising:
(1) it if node is leaf node, executes:
If node is labeled, result set is added in nodeOtherwise it returns;
(2) it if node is not leaf node, executes:
If node is labeled, which is addedOtherwise, search (c is executed1) and search (c2), c1And c2For The child node of node.
CN201811585180.9A 2018-12-24 2018-12-24 Intelligent terminal access authentication method based on selective leakage Active CN109474438B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811585180.9A CN109474438B (en) 2018-12-24 2018-12-24 Intelligent terminal access authentication method based on selective leakage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811585180.9A CN109474438B (en) 2018-12-24 2018-12-24 Intelligent terminal access authentication method based on selective leakage

Publications (2)

Publication Number Publication Date
CN109474438A true CN109474438A (en) 2019-03-15
CN109474438B CN109474438B (en) 2021-08-17

Family

ID=65677679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811585180.9A Active CN109474438B (en) 2018-12-24 2018-12-24 Intelligent terminal access authentication method based on selective leakage

Country Status (1)

Country Link
CN (1) CN109474438B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112307519A (en) * 2020-10-23 2021-02-02 复旦大学 Hierarchical verifiable query system based on selective leakage
CN112887981A (en) * 2021-01-12 2021-06-01 国网电力科学研究院有限公司 Authentication method and system for power wireless private network terminal access

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323074A (en) * 2015-11-17 2016-02-10 西安电子科技大学 Trusted verification method for geographic position of terminal equipment
CN105553981A (en) * 2015-12-18 2016-05-04 成都三零瑞通移动通信有限公司 Rapid authentication and key negotiation method for WLAN
CN105871869A (en) * 2016-04-28 2016-08-17 湖南科技学院 Anonymous bidirectional authentication method in mobile social network based on single hash function and false identity
CN106790278A (en) * 2017-02-21 2017-05-31 中国信息安全测评中心 A kind of mutual authentication method and communication system
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323074A (en) * 2015-11-17 2016-02-10 西安电子科技大学 Trusted verification method for geographic position of terminal equipment
CN105553981A (en) * 2015-12-18 2016-05-04 成都三零瑞通移动通信有限公司 Rapid authentication and key negotiation method for WLAN
CN105871869A (en) * 2016-04-28 2016-08-17 湖南科技学院 Anonymous bidirectional authentication method in mobile social network based on single hash function and false identity
CN106790278A (en) * 2017-02-21 2017-05-31 中国信息安全测评中心 A kind of mutual authentication method and communication system
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112307519A (en) * 2020-10-23 2021-02-02 复旦大学 Hierarchical verifiable query system based on selective leakage
CN112307519B (en) * 2020-10-23 2022-06-17 复旦大学 Hierarchical verifiable query system based on selective leakage
CN112887981A (en) * 2021-01-12 2021-06-01 国网电力科学研究院有限公司 Authentication method and system for power wireless private network terminal access
CN112887981B (en) * 2021-01-12 2022-10-04 国网电力科学研究院有限公司 Authentication method and system for power wireless private network terminal access

Also Published As

Publication number Publication date
CN109474438B (en) 2021-08-17

Similar Documents

Publication Publication Date Title
CN112019591B (en) Cloud data sharing method based on block chain
WO2020258060A2 (en) Blockchain-based privacy protection trust model for internet of vehicles
CN109376528B (en) Trusted identity management system and method based on block chain
CN113256290B (en) Decentralized encrypted communication and transaction system
CN108012232A (en) VANETs location privacy protection querying methods under mist computing architecture
Rasheed et al. Adaptive group-based zero knowledge proof-authentication protocol in vehicular ad hoc networks
CN108809637A (en) The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher
CN107332858B (en) Cloud data storage method
Yue et al. An efficient and secure anonymous authentication scheme for VANETs based on the framework of group signatures
CN105491076B (en) A kind of heterogeneous network end to end authentication key exchange method towards empty day Information Network
CN108055122A (en) The anti-RAM leakage dynamic that can verify that can search for encryption method, Cloud Server
CN108173827B (en) Block chain thinking-based distributed SDN control plane security authentication method
CN112165472B (en) Internet of things data security sharing method based on privacy protection
CN106936833A (en) A kind of content center network method for secret protection based on Hybrid Encryption and anonymous group
CN111211905A (en) Identity management method for Fabric alliance chain members based on certificate-free authentication
CN114760065A (en) Access control method and device for teaching resource sharing of online learning platform
Kanumalli et al. Secure V2V Communication in IOV using IBE and PKI based Hybrid Approach
CN109474438A (en) It is a kind of based on the intelligent terminal access authentication method selectively revealed
CN110572392A (en) Identity authentication method based on HyperLegger network
CN113452764B (en) SM 9-based vehicle networking V2I bidirectional authentication method
CN110460447A (en) Edge calculations data accountability system and auditing method based on Hash binary tree
CN108259606B (en) Cloud computing public cloud file storage and retrieval method
CN106850584A (en) A kind of anonymous authentication method of curstomer-oriented/server network
CN110191129A (en) A kind of content in information centre's network names Verification System
US9485229B2 (en) Object level encryption system including encryption key management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant