CN111355745A - Cross-domain identity authentication method based on edge computing network architecture - Google Patents

Cross-domain identity authentication method based on edge computing network architecture Download PDF

Info

Publication number
CN111355745A
CN111355745A CN202010168731.2A CN202010168731A CN111355745A CN 111355745 A CN111355745 A CN 111355745A CN 202010168731 A CN202010168731 A CN 202010168731A CN 111355745 A CN111355745 A CN 111355745A
Authority
CN
China
Prior art keywords
user
authentication server
edge node
parameter
node local
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010168731.2A
Other languages
Chinese (zh)
Other versions
CN111355745B (en
Inventor
董庆宽
姚雪
陈原
丁文静
王蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202010168731.2A priority Critical patent/CN111355745B/en
Publication of CN111355745A publication Critical patent/CN111355745A/en
Application granted granted Critical
Publication of CN111355745B publication Critical patent/CN111355745B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a cross-domain identity authentication method based on an edge computing network architecture, which mainly solves the technical problems that in the prior art, key management and distribution are difficult, and user privacy is difficult to protect. The method comprises the following steps: 1) the edge node local authentication server and the hometown authentication server calculate respective public keys and private keys; 2) the hometown authentication server generates a private key constructed by the user by using the pseudo identity; 3) a user applies for cross-domain access to a local authentication server of an edge node; 4) the edge node local authentication server sends information to a home authentication server of the user to verify the identity of the user; 5) the home authentication server authenticates the user information and returns a session key; 6) the edge node local authentication server calculates a session key and returns authentication information; 7) the user confirmation information generates a session key. The invention can effectively improve the security of bidirectional authentication between the edge node equipment and the user, solves the problems of exposure of user identity privacy and tracking of conversation, and can be used for modern Internet of things equipment.

Description

Cross-domain identity authentication method based on edge computing network architecture
Technical Field
The invention belongs to the technical field of communication, relates to an information security technology, and further relates to a cross-domain identity authentication method based on an edge computing network architecture. The method can be used for carrying out safety certification on the edge equipment user in the edge network with limited resources and complex conditions, and comprises a mobile phone, a Bluetooth watch, an intelligent home and an intelligent vehicle-mounted device.
Background
An edge in edge computing refers to any computing resource and network resource between data paths from a data source to a cloud computing center. The basic idea of edge computing is to run the computing task on computing resources close to the data source. For the rapid development of the current Internet of things and 4G/5G wireless networks, the data processing of the edge calculation at the edge position solves the explosive data increase processing load, and reduces the congestion caused by the rapid increase of the network transmission bandwidth.
Edge computing typically includes a number of functional entities (e.g., data participating end users, service providers, and infrastructure providers), services (e.g., virtual machines, data containers), and infrastructure (e.g., end infrastructure, edge data centers, and core infrastructure). Thus, edge computing is a distributed interactive computing system with multiple trust domains co-existing. In this complex multi-entity computing paradigm, not only is it necessary to assign an identity to each entity, but it is also necessary to allow entities between different trust domains to authenticate each other. The traditional identity authentication scheme has no good expandability in a high-dynamic and high-density edge network.
An AES bidirectional authentication method is proposed in the patent document 'AES algorithm-based edge computing node identity authentication method' (application number: 201810172441.8, application publication number: CN 108173882A) applied by Beijing university of science and technology. The method utilizes the improved AES symmetric encryption algorithm, hash algorithm and other algorithms, realizes the bidirectional identity authentication of the edge computing node by improving the AES algorithm in a way that a key attacker is prevented from deducing an original seed key by utilizing a wheel key, and solves the bidirectional identity authentication problem of the edge computing node. The method has the disadvantage that the key management and distribution is very difficult due to the AES symmetric key encryption mode. Meanwhile, because of the network structure of edge computing multi-trust domain coexistence, the AES encryption authentication can not provide cross-domain identity authentication.
A Cross-domain based dynamic anonymous group key management authentication system CD-AGKMS is proposed in a publication "Cross-domain dynamic anonymous group key management with system-matching for e-health social system" (Future Generation Computer Systems,2017, PP (99):1-7.) of YANG Y, ZHEN X H, LIU X M, etc., and the system realizes Cross-domain group key agreement by establishing a tree-type hierarchical structure with a key Generation center KGC as the top layer. In terms of group key management, the scheme provides a time-controlled key revocation mechanism, where a user's key is revoked upon expiration of a validity period. The CD-AGKMS does not need bilinear pairings to be calculated, and the feasibility and the efficiency of the system are improved. The method has the disadvantage that the device cannot be accessed in an anonymous form when accessed by cross-domain authentication so as to ensure the privacy of the user.
Disclosure of Invention
The invention aims to provide a cross-domain identity authentication method based on an edge computing network architecture, aiming at overcoming the defects in the prior art, solving the problems of difficult key management and distribution and low network security and efficiency caused by limited edge computing authentication resources in the prior art, and solving the technical problems of exposure of user identity privacy, easy tracking of session and difficult protection of user privacy in an anonymous identity authentication mode.
The idea for realizing the invention is as follows: the edge node local authentication server is combined with the user home authentication server to authenticate the non-local user, the communication message is signed by an elliptic curve algorithm, the communication message is prevented from being intercepted and falsified illegally, the temporary information of the non-local user is stored, and the user identity is authenticated quickly and simply within a determined time.
The invention realizes the aim as follows:
(1) the home authentication server and the edge node local authentication server respectively generate respective public keys PKHA、PKLAAnd the private key skHA、skLAAnd externally disclosing system parameters:
(2) the edge device user U generates the false identity information of the user U:
(2a) user generation of parameter r using pseudo-random generatorID
(2b) User will set the parameter rIDCascading with self identity information, and carrying out Hash operation on the cascading result by using a lightweight Photon Hash function to obtain a pseudo identity VIDUAnd sends it to the hometown authentication server;
(3) the hometown authentication server establishes a user account:
(3a) home authentication server uses pseudo-random generator to generate parameter rUUsing the parameter rUGenerating a user-related parameter RUAre combined into a user private key skU
(3b) The hometown authentication server uses the private key sk of the userUSending the data to an edge device user U through a safety channel;
(3c) the hometown authentication server establishes an account for the user and stores user Index information IndexUPseudo identity VIDUParameter R related to userU
(3d) The user utilizes the system public parameters to check whether the private key is correct; if yes, continuing to execute the step (4), otherwise, failing to register;
(4) the user sends an access request Re q to the edge node local authentication serverresAnd an authentication message mU
(4a) User generation of random numbers using a pseudo-random number generator
Figure BDA0002408368770000031
And acquires the current timestamp tU
(4b) The user constructs a first key parameter X and a second key parameter Y by using the generated random number:
X=xP,
Y=yP;
obtaining an identity verification parameter Y':
Y'=Y+xPKHA
and will use the false identity VIDUCurrent time stamp tUUser-related parameter RUCascading with a second key parameter Y to obtain cascading information J;
(4c) the user using a second function H2Carrying out Hash operation on the cascade information J, and taking a calculation result as a Hash parameter h;
(4d) the user calculates the index value construction parameter z according to the following formula:
z=y+skUh;
(4d) the user sends an access request Re q to the edge node local authentication serverresAnd will pseudo identity VIDUHometown authentication server IDHATime stamp tUThe first key parameter X, the identity verification parameter Y', the hash parameter h and the index value construction parameter z are used as the authentication message mUSending the data together;
(5) the edge node local authentication server verifies the user identity:
the edge node local authentication server receives an access request Re q of a userresAnd an authentication message mUThen, checking whether the user is a verified user by retrieving the user list, namely judging whether the temporary identity of the user exists in the user list; if yes, executing the step (5 b); otherwise, executing the step (5 a);
(5a) the edge node local authentication server authenticates and registers the user identity for the first time, and negotiates a session key:
(5a1) the edge node local authentication server sends information to a hometown authentication server to check the validity of the user identity:
(5a1.1) the edge node local authentication server receives the information and checks the timestamp tUWhether it is within the age; if yes, continuing to execute the next step, otherwise, failing to authenticate;
(5a1.2) the edge node local authentication server acquires the current timestamp tLAThe message from the user and the time stamp tLATogether into a message mLAAnd signing the message to obtain a signed message SignLA(mLA);
(5a1.3) edge node local authentication server sends message m to home authentication serverLAAnd message signature SignLA(mLA);
(5a2) The hometown authentication server checks the correctness of the information and replies to the edge node local authentication server:
(5a2.1) Home authentication Server receives message mLAChecking the time stamp tLAIf the authentication is within the time limit, continuing to execute the next step, otherwise, failing to authenticate, and returning an authentication failure message to the edge node local authentication server;
(5a2.2) Home authentication Server verifies message signature SignLA(mLA) Whether it is correct; if the authentication is correct, continuing to execute the next step, otherwise, failing to authenticate, and returning an authentication failure message to the edge node local authentication server;
(5a2.3) the hometown authentication server calculates the Index value Index according to the received informationUAnd searching in the user list; if the index value is retrieved, continuing the next step, otherwise, failing to authenticate, and returning an authentication failure message to the edge node local authentication server;
(5a2.4) the hometown authentication server finds the index account, utilizes the relevant parameters of the account to verify whether the value of the hash parameter h is correct, if so, continues to execute the next step, otherwise, returns an authentication failure message to the edge node local authentication server;
(5a2.5) the hometown authentication server obtains the current time stamp tHAUsing a third function H3Calculating the hash function value of the second key parameter Y to obtain a session key k, and constructing a message m containing the session key kHAAnd signature message signHA(mHA) Sending the information to the edge node local authentication server;
(5a3) the edge node local authentication server registers the user identity:
(5a3.1) edge node local authentication server receives hometown authentication server information mHAAnd signature message signHA(mHA) Checking the time stamp tHAIf the time is within the time limit, continuing to execute the next step, otherwise, failing to authenticate;
(5a3.2) the local authentication server of the edge node determines the user U as a legal user and generates a temporary identity ID for the user U'UAnd a corresponding temporary private key (s'U,R'U) Establishing temporary account information of the user in a user list;
(5a3.3) edge node local authentication Server from message mHAGet the session key and the current timestamp t'LAEncrypting the temporary identity ID 'with the session key'UTemporary private key (s'U,R'U) And a time stamp of t'LAAnd are sent to the user together;
(5a4) the user confirms the information for the first time, and generates a session key k by using the parameters:
(5a4.1) user verification timestamp t'LAIf the time is within the time limit, continuing to execute the next step, otherwise, failing to authenticate;
(5a4.2) the user generates a session key k, decrypts the transmitted encrypted message to obtain the confirmation information, and gets the time stamp t 'contained in the confirmation information'LAIf the time stamp is consistent with the received time stamp, continuing to execute the next step; otherwise, authentication fails;
(5a4.3) the user saves the session key k, temporary identity ID 'sent from the edge node local authentication server'UAnd a temporary private key (s'U,R'U) Terminating the identity authentication;
(5b) the edge node local authentication server does not authenticate the user identity for the first time, and negotiates a session key:
(5b1) the edge node local authentication server inquires temporary account information in the user list:
(5b1.1) edge node local authenticator verification timestamp tUIf the time is within the time limit, the step (5b1.2) is continuously executed if the time is within the time limit, otherwise, the authentication fails;
(5b1.2) edge node local Authenticator calculates Index value Index'USearching the index value in the user list, if the index value is found, continuing to execute the next step, otherwise, failing to authenticate;
(5b1.3) the edge node local authenticator concatenates the user temporary account information and the user timestamp tUA second key parameter Y, and using a second function H to obtain a value obtained by cascading2Carrying out Hash operation to obtain a parameter h ', and checking whether h' is consistent with the stored Hash parameter h; if the two are consistent, continuing to execute the next step; otherwise, authentication fails;
(5b1.4) the local authenticator of the edge node calculates the session key and obtains the current time stamp tLAEncrypting the time stamp tLA、tUAnd returns the encryption information and the current time stamp t to the userLA
(5b2) The user does not confirm the information for the first time, and generates a session key by using parameters:
(5b2.1) user verification timestamp tLAIf the time is within the time limit, continuing to execute the next step, otherwise, failing to authenticate;
(5b2.2) the user generates a session key k, decrypts the received encrypted message by using the key k, and judges whether the time stamp contained in the encrypted message is the time stamp t returned by the edge node authentication serverLAIf yes, continuing to execute the next step, otherwise, failing to authenticate;
(5b2.3) the user saves the session key k, terminating the identity authentication.
Compared with the prior art, the invention has the following advantages:
firstly, the invention utilizes elliptic curve cryptographic signature and encryption algorithm to complete the bidirectional authentication between the server and the user, thereby reducing the calculation overhead and lowering the cost while ensuring the safety and reliability;
secondly, because the invention signs the authentication message in the authentication process, the message can not be illegally tampered or forged; moreover, when the user carries out an access request, a fresh timestamp is added to both the user and the server to ensure that the message cannot be replayed; the reliability of the system is effectively improved;
thirdly, for the cross-domain authentication, the invention adopts the anonymous temporary account to apply for resources, so that the problem that the user information is leaked does not exist, and the privacy safety of the user is ensured.
Drawings
FIG. 1 is a schematic diagram of a security authentication system in which the present invention is applicable;
fig. 2 is a flow chart of an implementation of the present invention.
Detailed Description
The invention is described in further detail below with reference to the following figures and specific examples:
referring to fig. 1, a schematic structural diagram of a security authentication system applicable to the present invention is shown, where the security authentication system applicable to the present invention at least includes a home authentication server, a user and an edge node local authentication server, where the user is configured to make an authentication request to the edge node local authentication server, the home authentication server is configured to verify the validity of the user identity and return information to the edge node local authentication server, and the edge node local authentication server is configured to generate a temporary user identity, manage and maintain a user list, and authenticate the validity of the user.
Referring to fig. 2, the cross-domain identity authentication method based on the edge computing network architecture provided by the invention specifically includes the following steps:
step 1: the home authentication server and the edge node local authentication server respectively generate respective public keys and private keys, and externally disclose system parameters:
(1a) hometown authentication server selects elliptic curve E (F)p) Q-order cyclic addition group G above1,G1The generator of (2) is P; i.e. determining a q-order cyclic addition group G based on the prime number q1And in G1Upper selection elliptic Curve E (F)p);
(1b) The hometown authentication server randomly selects an integer sk smaller than qHAAs its own private key, and
Figure BDA0002408368770000071
obtaining the home authentication server public key PK according to the following formulaHA
PKHA=skHAP∈G1
(1c) The edge node local authentication server constructs the same parameters with the home authentication server in the step (1a) in a mode of the home authentication server;
(1d) randomly selecting an integer sk smaller than q by the edge node local authentication serverLAAs its own private key, and
Figure BDA0002408368770000072
obtaining the public key PK of the edge node local authentication server according to the following formulaLA
PKLA=skLAP∈G1
(1e) The hometown authentication server and the edge node local authentication server respectively construct a first function H by adopting a lightweight Photon Hash function based on a sponge structure1A second function H2And a third function H3
Figure BDA0002408368770000073
Figure BDA0002408368770000074
H3:G1→{0,1}*
(1f) System parameter G of authentication server of hometown1,q,P,PKHA,H1,H2,H3And system parameters of edge node local authentication server G1,q,P,PKLA,H1,H2,H3Is disclosed externally;
step 2: the edge device user U generates the false identity information of the user U:
(2a) user U uses a pseudo-random generator to generate parameter rID
(2b) User U will set parameter rIDCascading with self identity information, and carrying out Hash operation on the cascaded result by using a lightweight Photon Hash function to obtain a pseudoIdentity VIDUAnd sends it to the hometown authentication server;
and step 3: the hometown authentication server establishes a user account:
(3a) home authentication server uses pseudo-random generator to generate parameter rUUsing the parameter rUGenerating a user-related parameter RUAre combined into a user private key skU(ii) a Wherein r is calculatedUP as RU(ii) a Home authentication server cascade pseudo identity VIDUAnd RUAnd use of H1Carrying out hash operation on the cascade information by a hash function to obtain a parameter c; reuse private key skHAMultiplying the value by c, and multiplying the value by a random number rUAdding to obtain a parameter sU(ii) a Hometown authentication server will sUAnd RUThe combination is carried out, and the obtained key information is the user private key skU
(3b) The hometown authentication server uses the private key sk of the userUSending the data to an edge device user U through a safety channel;
(3c) the hometown authentication server establishes an account for the user and stores user Index information IndexUPseudo identity VIDUParameter R related to userU(ii) a Wherein, the user Index information IndexUIs the parameter c and the public key PKHAMultiplied by a parameter RUAnd adding the two to obtain the final product.
(3d) The user utilizes the system public parameters to check whether the private key is correct; if yes, continuing to execute the step (4), otherwise, failing to register; the method specifically comprises the following steps: user U receives message, verifies sUP=RU+H1(VIDU,RU)PKHAIf yes, continuing the step 4, otherwise, failing to register;
and 4, step 4: the user sends an access request Re q to the edge node local authentication serverresAnd an authentication message mU
(4a) User generation of random numbers using a pseudo-random number generator
Figure BDA0002408368770000081
And acquires the current timestamp tU
(4b) The user constructs a first key parameter X and a second key parameter Y by using the generated random number:
X=xP,
Y=yP;
obtaining an identity verification parameter Y':
Y'=Y+XKHA
and will use the false identity VIDUCurrent time stamp tUUser-related parameter RUCascading with a second key parameter Y to obtain cascading information J;
(4c) the user using a second function H2Carrying out Hash operation on the cascade information J, and taking a calculation result as a Hash parameter h;
(4d) the user calculates the index value construction parameter z according to the following formula:
z=y+skUh;
(4d) the user sends an access request Re q to the edge node local authentication serverresAnd will pseudo identity VIDUHometown authentication server IDHATime stamp tUThe first key parameter X, the identity verification parameter Y', the hash parameter h and the index value construction parameter z are used as the authentication message mUFirstly, the information is sent to a local authentication server of the edge node;
and 5: the edge node local authentication server verifies the user identity:
the edge node local authentication server receives an access request Re q of a userresAnd an authentication message mUThen, checking whether the user is a verified user by searching the user list; if yes, namely the temporary identity exists in the user list, executing the step (5 b); otherwise, executing the step (5 a);
(5a) the edge node local authentication server authenticates and registers the user identity for the first time, and negotiates a session key:
(5a1) the edge node local authentication server sends information to a hometown authentication server to check the validity of the user identity:
(5a1.1) the edge node local authentication server receives the information and checks the timestamp tUWhether or not within the time limit, i.e.Checking whether the timestamp is fresh; if yes, continuing to execute the step (5a1.2), otherwise, failing to authenticate;
(5a1.2) the edge node local authentication server acquires the current timestamp tLAThe message from the user and the time stamp tLATogether into a message mLAAnd signing the message to obtain a signed message SignLA(mLA) (ii) a The scheme of the invention adopts an elliptic curve signature algorithm to reduce the calculation overhead and reduce the cost; the signature method here may be RSA signature, SM2 cryptographic signature algorithm, or the like.
(5a1.3) edge node local authentication server sends message m to home authentication serverLAAnd message signature SignLA(mLA);
(5a2) The hometown authentication server checks the correctness of the information and replies to the edge node local authentication server:
(5a2.1) Home authentication Server receives message mLAChecking the time stamp tLAIf the time is within the time limit, the step (5a2.2) is continuously executed if the time is within the time limit, otherwise, the authentication fails, and an authentication failure message is returned to the edge node local authentication server;
(5a2.2) Home authentication Server verifies message signature SignLA(mLA) Whether it is correct; if the authentication is correct, the hometown authentication server continues to execute the step (5a2.3) through the authentication of the edge node local authentication server, otherwise, the authentication fails, and an authentication failure message is returned to the edge node local authentication server;
(5a2.3) the hometown authentication server calculates the Index value Index according to the received informationUAnd searching in the user list; if the index value is retrieved, continuing the step (5a2.4), otherwise, failing to authenticate, returning an authentication failure message to the edge node local authentication server; wherein the parameter z is multiplied by the generator P, minus the parameter Y' plus skHAMultiplying the value obtained by X by the inverse operation of the parameter h, the resulting value being the Index value IndexU
(5a2.4) the hometown authentication server finds the index account, and verifies whether the value of the hash parameter h is correct or not by using the related parameters of the account, namely verifies h disappearsWhether or not the message is associated with the received user identity, user timestamp, RUThe value is the same as the value of Y cascade and calculated by a hash function; if the authentication is correct, the step (5a2.5) is continuously executed through the authentication of the user U, otherwise, the user U is judged to be an illegal user, and an authentication failure message is returned to the edge node local authentication server;
(5a2.5) the hometown authentication server obtains the current time stamp tHAUsing a third function H3Calculating the hash function value of the second key parameter Y to obtain a session key k, and constructing a message m containing the session key kHAAnd message signature signHA(mHA) Sending the information to the edge node local authentication server; the scheme of the invention adopts an elliptic curve signature algorithm to reduce the calculation overhead and reduce the cost; the signature method here may be RSA signature, SM2 cryptographic signature algorithm, or the like.
Wherein the message mHAThe identity of the local authentication server of the edge node, the identity of the hometown authentication server and the timestamp tHA、tLAAnd a session key E (k) encrypted by an elliptic curve encryption algorithm.
(5a3) The edge node local authentication server registers the user identity:
(5a3.1) edge node local authentication server receives hometown authentication server information mHA,signHA(mHA) Checking the time stamp tHAIf the time is within the time limit, if yes, the step (5a3.2) is continuously executed, otherwise, the authentication fails;
(5a3.2) the local authentication server of the edge node determines the user U as a legal user and generates a temporary identity ID for the user U'UAnd a corresponding temporary private key (s'U,R'U) Establishing temporary account information (Index ') in the user list'U,ID'U,R'UT), where t is the validity period of the temporary account beyond which it will be deleted, Index value Index'U=R'U+H1(ID'U,R'U)PKLA
(5a3.3) edge node local authentication Server from message mHAGet the session key and the current timestamp t'LAEncrypting the temporary identity, temporary private key (s ') with the session key'U,R'U) And a time stamp of t'LAAnd are sent to the user together; the encryption operation is carried out by adopting a symmetric encryption algorithm, and a data encryption algorithm DES, a triple data encryption algorithm 3DES, an advanced encryption standard algorithm AES and the like can also be used;
edge node local authentication server slave message mHAE (k) to obtain the session key k. Obtaining current timestamp t'LA(ii) a And will timestamp t'LAAnd tUUser temporary key s'UAnd R'UUser temporary identity ID'UPerforming cascade connection, and encrypting cascade connection message by adopting symmetric encryption algorithm to obtain Ek(t'LA,tU,s'U,RU,ID'U) (ii) a And encrypt the information Ek(t'LA,tU,s'U,RU,ID'U) And a time stamp of t'LAAnd sending the data to the user.
(5a4) The user confirms the information for the first time, and generates a session key k by using the parameters:
(5a4.1) user verification timestamp t'LAIf the time is within the time limit, the step (5a4.2) is continuously executed if the time is within the time limit, otherwise, the authentication fails;
(5a4.2) the user generates a session key k, decrypts the transmitted encrypted message to obtain the confirmation information, and gets the time stamp t 'contained in the confirmation information'LAIf the timestamp is consistent with the received timestamp, continuing to execute the step (5a 4.3); otherwise, authentication fails; the method specifically comprises the following steps: user utilization of hash function H3Performing hash operation on the parameter Y to obtain a value serving as a session key k; user decrypting E using session key kk(tFA,tU,s'U,RU,ID'U) Checking time stamp t'LAAnd tUIf yes, continuing the step (5a4.3), otherwise, failing to authenticate;
(5a4.3) the user saves the session key k, temporary identity ID 'sent from the edge node local authentication server'UAnd a temporary private key (s'U,RU) Facilitating subsequent communication, terminating the identity authentication;
(5b) the edge node local authentication server does not authenticate the user identity for the first time, and negotiates a session key:
(5b1) the edge node local authentication server inquires temporary account information in the user list:
(5b1.1) edge node local authenticator verification timestamp tUIf the time is within the time limit, the step (5b1.2) is continuously executed if the time is within the time limit, otherwise, the authentication fails;
(5b1.2) edge node local Authenticator calculates Index value Index'USearching the index value in the user list, if the index value is found, continuing to execute the step (5b1.3), otherwise, failing to authenticate; wherein, the edge node local authentication server calculates the multiplication of the parameter z and the generator P, subtracts the parameter Y' and adds the skLAMultiplying the value obtained by X by the inverse operation of the parameter h to obtain a value of Index value Index'U
(5b1.3) the edge node local authenticator concatenates the user temporary account information and the user timestamp tUA second key parameter Y, and using a second function H to obtain a value obtained by cascading2Carrying out Hash operation to obtain a parameter h ', and checking whether h' is consistent with the stored Hash parameter h; if the two are consistent, the verification is passed, namely the authentication is successful, and the step (5b1.4) is continuously executed; otherwise, authentication fails;
(5b1.4) the local authenticator of the edge node calculates the session key and obtains the current time stamp tLA(ii) a Encrypting the time stamp tLA、tUAnd returns the encryption information and the current time stamp t to the userLA(ii) a The encryption operation is carried out by adopting a symmetric encryption algorithm, and a data encryption algorithm DES, a triple data encryption algorithm 3DES, an advanced encryption standard algorithm AES and the like can also be used; wherein, the edge node local authenticator calculates the session key by using a hash function H3Carrying out Hash operation on the parameter Y, wherein the obtained value is the session key k; edge node local authenticator uses symmetric encryption algorithm to time stamp t using session key kLA、tUEncrypting to obtain encrypted information Ek(tLA,tU);
(5b2) The user does not confirm the information for the first time, and generates a session key by using parameters:
(5b2.1) the user checks whether the time stamp is in the time limit, if so, the step (5b2.2) is continuously executed, otherwise, the authentication fails;
(5b2.2) the user generates a session key k, decrypts the received encrypted message to obtain a timestamp tLA、tUIf the time stamp is included and the time stamp t returned by the edge node authentication serverLAIf yes, continuing the step (5b2.3), otherwise, failing to authenticate; the method specifically comprises the following steps: user usage hash function H3Performing hash operation on the parameter Y to obtain a value serving as a session key k; user decrypting E with session key kk'(tLA,tU) Checking the time stamp tLA、tUIf yes, continuing the step (5b2.3), otherwise, failing to authenticate;
(5b2.3) the user saves the session key k for facilitating subsequent communication, terminating the authentication.
The invention has not been described in detail in part of the common general knowledge of those skilled in the art.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.

Claims (6)

1. A cross-domain identity authentication method based on an edge computing network architecture is characterized by comprising the following steps:
(1) the home authentication server and the edge node local authentication server respectively generate respective public keys PKHA、PKLAAnd the private key skHA、skLAAnd externally disclosing system parameters:
(2) the edge device user U generates the false identity information of the user U:
(2a) user generation of parameter r using pseudo-random generatorID
(2b) User will set the parameter rIDAnd oneselfThe information is cascaded, and the lightweight Photon Hash function is utilized to carry out Hash operation on the cascaded result to obtain the pseudo identity VIDUAnd sends it to the hometown authentication server;
(3) the hometown authentication server establishes a user account:
(3a) home authentication server uses pseudo-random generator to generate parameter rUUsing the parameter rUGenerating a user-related parameter RUAre combined into a user private key skU
(3b) The hometown authentication server uses the private key sk of the userUSending the data to an edge device user U through a safety channel;
(3c) the hometown authentication server establishes an account for the user and stores user Index information IndexUPseudo identity VIDUParameter R related to userU
(3d) The user utilizes the system public parameters to check whether the private key is correct; if yes, continuing to execute the step (4), otherwise, failing to register;
(4) user sends access request Req to edge node local authentication serverresAnd an authentication message mU
(4a) User generation of random numbers using a pseudo-random number generator
Figure FDA0002408368760000011
And acquires the current timestamp tU
(4b) The user constructs a first key parameter X and a second key parameter Y by using the generated random number:
X=xP,
Y=yP;
obtaining an identity verification parameter Y':
Y'=Y+XPKHA
and will use the false identity VIDUCurrent time stamp tUUser-related parameter RUCascading with a second key parameter Y to obtain cascading information J;
(4c) the user using a second function H2Carrying out Hash operation on the cascade information J, and taking a calculation result as a Hash parameter h;
(4d) the user calculates the index value construction parameter z according to the following formula:
z=y+skUh;
(4d) user sends access request Req to edge node local authentication serverresAnd will pseudo identity VIDUHometown authentication server IDHATime stamp tUThe first key parameter X, the identity verification parameter Y', the hash parameter h and the index value construction parameter z are used as the authentication message mUSending the data together;
(5) the edge node local authentication server verifies the user identity:
the edge node local authentication server receives an access request Req of a userresAnd an authentication message mUThen, checking whether the user is a verified user by retrieving the user list, namely judging whether the temporary identity of the user exists in the user list; if yes, executing the step (5 b); otherwise, executing the step (5 a);
(5a) the edge node local authentication server authenticates and registers the user identity for the first time, and negotiates a session key:
(5a1) the edge node local authentication server sends information to a hometown authentication server to check the validity of the user identity:
(5a1.1) the edge node local authentication server receives the information and checks the timestamp tUWhether it is within the age; if yes, continuing to execute the next step, otherwise, failing to authenticate;
(5a1.2) the edge node local authentication server acquires the current timestamp tLAThe message from the user and the time stamp tLATogether into a message mLAAnd signing the message to obtain a signed message SignLA(mLA);
(5a1.3) edge node local authentication server sends message m to home authentication serverLAAnd message signature SignLA(mLA);
(5a2) The hometown authentication server checks the correctness of the information and replies to the edge node local authentication server:
(5a2.1) Home authentication Server receives message mLAChecking the time stamp tLAIf the authentication is within the time limit, continuing to execute the next step, otherwise, failing to authenticate, and returning an authentication failure message to the edge node local authentication server;
(5a2.2) Home authentication Server verifies message signature SignLA(mLA) Whether it is correct; if the authentication is correct, continuing to execute the next step, otherwise, failing to authenticate, and returning an authentication failure message to the edge node local authentication server;
(5a2.3) the hometown authentication server calculates the Index value Index according to the received informationUAnd searching in the user list; if the index value is retrieved, continuing the next step, otherwise, failing to authenticate, and returning an authentication failure message to the edge node local authentication server;
(5a2.4) the hometown authentication server finds the index account, utilizes the relevant parameters of the account to verify whether the value of the hash parameter h is correct, if so, continues to execute the next step, otherwise, returns an authentication failure message to the edge node local authentication server;
(5a2.5) the hometown authentication server obtains the current time stamp tHAUsing a third function H3Calculating the hash function value of the second key parameter Y to obtain a session key k, and constructing a message m containing the session key kHAAnd signature message signHA(mHA) Sending the information to the edge node local authentication server;
(5a3) the edge node local authentication server registers the user identity:
(5a3.1) edge node local authentication server receives hometown authentication server information mHAAnd signature message signHA(mHA) Checking the time stamp tHAIf the time is within the time limit, continuing to execute the next step, otherwise, failing to authenticate;
(5a3.2) the local authentication server of the edge node determines the user U as a legal user and generates a temporary identity ID for the user U'UAnd a corresponding temporary private key (s'U,R'U) Establishing temporary account information of the user in a user list;
(5a3.3) edge node local authentication Server from message mHATo obtain a session keyAnd current timestamp t'LAEncrypting the temporary identity ID 'with the session key'UTemporary private key (s'U,R'U) And a time stamp of t'LAAnd are sent to the user together;
(5a4) the user confirms the information for the first time, and generates a session key k by using the parameters:
(5a4.1) user verification timestamp t'LAIf the time is within the time limit, continuing to execute the next step, otherwise, failing to authenticate;
(5a4.2) the user generates a session key k, decrypts the transmitted encrypted message to obtain the confirmation information, and gets the time stamp t 'contained in the confirmation information'LAIf the time stamp is consistent with the received time stamp, continuing to execute the next step; otherwise, authentication fails;
(5a4.3) the user saves the session key k, temporary identity ID 'sent from the edge node local authentication server'UAnd a temporary private key (s'U,R'U) Terminating the identity authentication;
(5b) the edge node local authentication server does not authenticate the user identity for the first time, and negotiates a session key:
(5b1) the edge node local authentication server inquires temporary account information in the user list:
(5b1.1) edge node local authenticator verification timestamp tUIf the time is within the time limit, the step (5b1.2) is continuously executed if the time is within the time limit, otherwise, the authentication fails;
(5b1.2) edge node local Authenticator calculates Index value Index'USearching the index value in the user list, if the index value is found, continuing to execute the next step, otherwise, failing to authenticate;
(5b1.3) the edge node local authenticator concatenates the user temporary account information and the user timestamp tUA second key parameter Y, and using a second function H to obtain a value obtained by cascading2Carrying out Hash operation to obtain a parameter h ', and checking whether h' is consistent with the stored Hash parameter h; if the two are consistent, continuing to execute the next step; otherwise, authentication fails;
(5b1.4) the local authenticator of the edge node calculates the session key and obtains the current time stamp tLAEncrypting the time stamp tLA、tUIn parallel toThe user returns the encrypted information and the current timestamp tLA
(5b2) The user does not confirm the information for the first time, and generates a session key by using parameters:
(5b2.1) user verification timestamp tLAIf the time is within the time limit, continuing to execute the next step, otherwise, failing to authenticate;
(5b2.2) the user generates a session key k, decrypts the received encrypted message by using the key k, and judges whether the time stamp contained in the encrypted message is the time stamp t returned by the edge node authentication serverLAIf yes, continuing to execute the next step, otherwise, failing to authenticate;
(5b2.3) the user saves the session key k, terminating the identity authentication.
2. The method of claim 1, wherein: the specific implementation manner of the step (1) is as follows:
(1a) the hometown authentication server determines a q-order cyclic addition group G according to the prime number q1And in G1Upper selection elliptic Curve E (F)p) Wherein P is G1A generator of (2);
(1b) the hometown authentication server randomly selects an integer sk smaller than qHAAs its own private key, and
Figure FDA0002408368760000041
obtaining the home authentication server public key PK according to the following formulaHA
PKHA=skHAP∈G1
(1c) The edge node local authentication server constructs the same parameters with the home authentication server in the step (1a) in a mode of the home authentication server;
(1d) randomly selecting an integer sk smaller than q by the edge node local authentication serverLAAs its own private key, and
Figure FDA0002408368760000051
obtaining the public key PK of the edge node local authentication server according to the following formulaLA
PKLA=skLAP∈G1
(1e) The hometown authentication server and the edge node local authentication server respectively construct a first function H by adopting a lightweight Photon Hash function based on a sponge structure1A second function H2And a third function H3
H1:
Figure FDA0002408368760000052
H2:
Figure FDA0002408368760000053
H3:G1→{0,1}*
(1f) System parameter G of authentication server of hometown1,q,P,PKHA,H1,H2,H3And system parameters of edge node local authentication server G1,q,P,PKLA,H1,H2,H3Is disclosed externally.
3. The method of claim 1, wherein: step (3c) of indexing the user with information IndexUIs determined by a user-dependent parameter RUAnd the index value obtained by calculating the system public parameter.
4. The method of claim 1, wherein: and (5a3.2) the temporary account information in the step (5a) contains the valid period of the temporary account, and after the valid period is exceeded, the edge node local authentication server deletes the temporary account information.
5. The method of claim 1, wherein: and (5a3.3) and (5b1.4) both adopt a symmetric encryption algorithm to encrypt.
6. The method of claim 1, wherein: the message signatures in the steps (5a3.3) and (5a2.5) are obtained by signing the message by using an elliptic curve signature algorithm ECDSA.
CN202010168731.2A 2020-03-12 2020-03-12 Cross-domain identity authentication method based on edge computing network architecture Active CN111355745B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010168731.2A CN111355745B (en) 2020-03-12 2020-03-12 Cross-domain identity authentication method based on edge computing network architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010168731.2A CN111355745B (en) 2020-03-12 2020-03-12 Cross-domain identity authentication method based on edge computing network architecture

Publications (2)

Publication Number Publication Date
CN111355745A true CN111355745A (en) 2020-06-30
CN111355745B CN111355745B (en) 2021-07-06

Family

ID=71197567

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010168731.2A Active CN111355745B (en) 2020-03-12 2020-03-12 Cross-domain identity authentication method based on edge computing network architecture

Country Status (1)

Country Link
CN (1) CN111355745B (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291773A (en) * 2020-12-31 2021-01-29 飞天诚信科技股份有限公司 Authenticator and communication method thereof
CN112636977A (en) * 2020-12-23 2021-04-09 四川虹微技术有限公司 Internet of things equipment management method, registration method, device and system and electronic equipment
CN112822274A (en) * 2021-01-08 2021-05-18 苏州蓝赫朋勃智能科技有限公司 Safety verification method and device for household edge computing system
CN112822018A (en) * 2021-04-21 2021-05-18 北京电信易通信息技术股份有限公司 Mobile equipment security authentication method and system based on bilinear pairings
CN113315762A (en) * 2021-05-20 2021-08-27 西安电子科技大学 Distributed network authentication method for realizing secure communication by identity cryptography
CN113872992A (en) * 2021-11-03 2021-12-31 管芯微技术(上海)有限公司 Method for realizing strong security authentication of remote Web access in BMC system
CN114124548A (en) * 2021-11-26 2022-03-01 中通服咨询设计研究院有限公司 Data cross-domain flow safety method based on edge calculation
CN114205132A (en) * 2021-12-02 2022-03-18 北京八分量信息科技有限公司 Access authentication method and device in heterogeneous network and related products
CN114500049A (en) * 2022-01-26 2022-05-13 北京邮电大学 Mobile terminal equipment identity authentication method and system in Internet of things system
CN114501440A (en) * 2022-01-04 2022-05-13 中国人民武装警察部队工程大学 Authentication key protocol applied to edge of wireless sensor network by block chain
WO2022135387A1 (en) * 2020-12-26 2022-06-30 西安西电捷通无线网络通信股份有限公司 Identity authentication method and apparatus
WO2022135376A1 (en) * 2020-12-26 2022-06-30 西安西电捷通无线网络通信股份有限公司 Identity authentication method and apparatus
CN114900288A (en) * 2022-05-23 2022-08-12 科大天工智能装备技术(天津)有限公司 Industrial environment authentication method based on edge service
CN114978635A (en) * 2022-05-11 2022-08-30 中国电信股份有限公司 Cross-domain authentication method and device, and user registration method and device
CN115333747A (en) * 2022-07-26 2022-11-11 国网湖北省电力有限公司信息通信公司 Safety protection method, equipment and storage medium based on multi-factor authentication
WO2022236606A1 (en) * 2021-05-10 2022-11-17 Apple Inc. Mec authentication between edge enabler client and edge configuration or enabler server based on akma
WO2022247765A1 (en) * 2021-05-28 2022-12-01 京东方科技集团股份有限公司 Authentication method and authentication apparatus
CN115460589A (en) * 2022-08-11 2022-12-09 西安电子科技大学 Terminal anonymous access and switching authentication method and system in vehicle-mounted edge computing
CN115834104A (en) * 2022-09-26 2023-03-21 中国电子科技集团公司第三十研究所 Data safety circulation method and system
CN115843447A (en) * 2020-08-06 2023-03-24 苹果公司 Network authentication of user equipment access to edge data networks
CN117955649A (en) * 2024-03-26 2024-04-30 杭州海康威视数字技术股份有限公司 Safe and efficient data transmission method and system for Internet of things and electronic equipment

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399671A (en) * 2008-11-18 2009-04-01 中国科学院软件研究所 Cross-domain authentication method and system thereof
US20160127896A1 (en) * 2014-11-03 2016-05-05 Qualcomm Incorporated Apparatuses and methods for wireless communication
WO2016165737A1 (en) * 2015-04-13 2016-10-20 Telefonaktiebolaget Lm Ericsson (Publ) Wireless communications
CN107360567A (en) * 2017-08-17 2017-11-17 西南交通大学 Identity-based without to wireless network it is cross-domain switching certification cryptographic key negotiation method
CN107634837A (en) * 2017-11-01 2018-01-26 安徽大学 The efficient message authentication method of car networking based on edge calculations
CN108173882A (en) * 2018-03-01 2018-06-15 北京科技大学 Edge calculations node identities authentication method based on aes algorithm
CN108737436A (en) * 2018-05-31 2018-11-02 西安电子科技大学 Based on the cross-domain services device identity identifying method for trusting alliance's block chain
CN109240821A (en) * 2018-07-20 2019-01-18 北京航空航天大学 A kind of cross-domain cooperated computing of distribution and service system and method based on edge calculations
CN109861828A (en) * 2018-12-11 2019-06-07 全球能源互联网研究院有限公司 A kind of node access and node authentication method based on edge calculations
CN110099367A (en) * 2019-04-26 2019-08-06 河南工学院 Car networking secure data sharing method based on edge calculations

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399671A (en) * 2008-11-18 2009-04-01 中国科学院软件研究所 Cross-domain authentication method and system thereof
US20160127896A1 (en) * 2014-11-03 2016-05-05 Qualcomm Incorporated Apparatuses and methods for wireless communication
WO2016165737A1 (en) * 2015-04-13 2016-10-20 Telefonaktiebolaget Lm Ericsson (Publ) Wireless communications
CN107360567A (en) * 2017-08-17 2017-11-17 西南交通大学 Identity-based without to wireless network it is cross-domain switching certification cryptographic key negotiation method
CN107634837A (en) * 2017-11-01 2018-01-26 安徽大学 The efficient message authentication method of car networking based on edge calculations
CN108173882A (en) * 2018-03-01 2018-06-15 北京科技大学 Edge calculations node identities authentication method based on aes algorithm
CN108737436A (en) * 2018-05-31 2018-11-02 西安电子科技大学 Based on the cross-domain services device identity identifying method for trusting alliance's block chain
CN109240821A (en) * 2018-07-20 2019-01-18 北京航空航天大学 A kind of cross-domain cooperated computing of distribution and service system and method based on edge calculations
CN109861828A (en) * 2018-12-11 2019-06-07 全球能源互联网研究院有限公司 A kind of node access and node authentication method based on edge calculations
CN110099367A (en) * 2019-04-26 2019-08-06 河南工学院 Car networking secure data sharing method based on edge calculations

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ALSHAHRANI,M: ""Secure mutual authentication and automated access control for IoT smart home using cumulative Keyed-hash chain"", 《《JOURNAL OF INFORMATION SECURITY AND APPLICATIONS》》 *
CHIEN-LUNG HSU: ""A Privacy-Preserved E2E Authenticated Key Exchange Protocol for Multi-Server Architecture in Edge Computing Networks "", 《 IEEE ACCESS》 *
曹小坤: ""边缘云计算体系结构及数据迁移方法研究"", 《中国优秀硕士学位论文全文数据库》 *

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115843447A (en) * 2020-08-06 2023-03-24 苹果公司 Network authentication of user equipment access to edge data networks
CN112636977A (en) * 2020-12-23 2021-04-09 四川虹微技术有限公司 Internet of things equipment management method, registration method, device and system and electronic equipment
CN112636977B (en) * 2020-12-23 2022-09-27 四川虹微技术有限公司 Internet of things equipment management method, registration method, device and system and electronic equipment
GB2617017A (en) * 2020-12-26 2023-09-27 China Iwncomm Co Ltd Identity authentication method and apparatus
WO2022135376A1 (en) * 2020-12-26 2022-06-30 西安西电捷通无线网络通信股份有限公司 Identity authentication method and apparatus
WO2022135387A1 (en) * 2020-12-26 2022-06-30 西安西电捷通无线网络通信股份有限公司 Identity authentication method and apparatus
CN112291773A (en) * 2020-12-31 2021-01-29 飞天诚信科技股份有限公司 Authenticator and communication method thereof
CN112822274B (en) * 2021-01-08 2022-06-21 苏州蓝赫朋勃智能科技有限公司 Safety verification method and device for household edge computing system
CN112822274A (en) * 2021-01-08 2021-05-18 苏州蓝赫朋勃智能科技有限公司 Safety verification method and device for household edge computing system
CN112822018B (en) * 2021-04-21 2021-07-02 北京电信易通信息技术股份有限公司 Mobile equipment security authentication method and system based on bilinear pairings
CN112822018A (en) * 2021-04-21 2021-05-18 北京电信易通信息技术股份有限公司 Mobile equipment security authentication method and system based on bilinear pairings
WO2022236606A1 (en) * 2021-05-10 2022-11-17 Apple Inc. Mec authentication between edge enabler client and edge configuration or enabler server based on akma
CN113315762A (en) * 2021-05-20 2021-08-27 西安电子科技大学 Distributed network authentication method for realizing secure communication by identity cryptography
WO2022247765A1 (en) * 2021-05-28 2022-12-01 京东方科技集团股份有限公司 Authentication method and authentication apparatus
CN113872992A (en) * 2021-11-03 2021-12-31 管芯微技术(上海)有限公司 Method for realizing strong security authentication of remote Web access in BMC system
CN114124548A (en) * 2021-11-26 2022-03-01 中通服咨询设计研究院有限公司 Data cross-domain flow safety method based on edge calculation
CN114124548B (en) * 2021-11-26 2024-01-26 中通服咨询设计研究院有限公司 Data cross-domain flow security method based on edge calculation
CN114205132A (en) * 2021-12-02 2022-03-18 北京八分量信息科技有限公司 Access authentication method and device in heterogeneous network and related products
CN114501440A (en) * 2022-01-04 2022-05-13 中国人民武装警察部队工程大学 Authentication key protocol applied to edge of wireless sensor network by block chain
CN114501440B (en) * 2022-01-04 2024-02-09 中国人民武装警察部队工程大学 Authentication key protocol for block chain application at edge of wireless sensor network
CN114500049B (en) * 2022-01-26 2022-11-11 北京邮电大学 Identity authentication method and system for mobile terminal equipment in Internet of things system
CN114500049A (en) * 2022-01-26 2022-05-13 北京邮电大学 Mobile terminal equipment identity authentication method and system in Internet of things system
CN114978635A (en) * 2022-05-11 2022-08-30 中国电信股份有限公司 Cross-domain authentication method and device, and user registration method and device
CN114978635B (en) * 2022-05-11 2023-10-03 中国电信股份有限公司 Cross-domain authentication method and device, user registration method and device
CN114900288B (en) * 2022-05-23 2023-08-25 北京科技大学 Industrial environment authentication method based on edge service
CN114900288A (en) * 2022-05-23 2022-08-12 科大天工智能装备技术(天津)有限公司 Industrial environment authentication method based on edge service
CN115333747A (en) * 2022-07-26 2022-11-11 国网湖北省电力有限公司信息通信公司 Safety protection method, equipment and storage medium based on multi-factor authentication
CN115333747B (en) * 2022-07-26 2024-08-09 国网湖北省电力有限公司信息通信公司 Multi-factor authentication-based safety protection method, equipment and storage medium
CN115460589A (en) * 2022-08-11 2022-12-09 西安电子科技大学 Terminal anonymous access and switching authentication method and system in vehicle-mounted edge computing
CN115460589B (en) * 2022-08-11 2024-08-20 西安电子科技大学 Terminal anonymous access and switching authentication method and system in vehicle-mounted edge calculation
CN115834104A (en) * 2022-09-26 2023-03-21 中国电子科技集团公司第三十研究所 Data safety circulation method and system
CN117955649A (en) * 2024-03-26 2024-04-30 杭州海康威视数字技术股份有限公司 Safe and efficient data transmission method and system for Internet of things and electronic equipment

Also Published As

Publication number Publication date
CN111355745B (en) 2021-07-06

Similar Documents

Publication Publication Date Title
CN111355745B (en) Cross-domain identity authentication method based on edge computing network architecture
Wang et al. HDMA: Hybrid D2D message authentication scheme for 5G-enabled VANETs
Zhang et al. Data security and privacy-preserving in edge computing paradigm: Survey and open issues
Belguith et al. Proud: Verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted iot applications
Liu et al. Achieving reliable and secure services in cloud computing environments
Al-Janabi et al. Public-key cryptography enabled kerberos authentication
Gnanaraj et al. Smart card based time efficient authentication scheme for global grid computing
Ullah et al. A secure NDN framework for Internet of Things enabled healthcare
Qin et al. An ECC-based access control scheme with lightweight decryption and conditional authentication for data sharing in vehicular networks
Mahmood et al. A provably secure mobile user authentication scheme for big data collection in IoT-enabled maritime intelligent transportation system
Anand et al. EECDH to prevent MITM attack in cloud computing
Dougherty et al. APECS: A distributed access control framework for pervasive edge computing services
CN116208330A (en) Industrial Internet cloud-edge cooperative data secure transmission method and system based on quantum encryption
Shashidhara et al. On the design of lightweight and secure mutual authentication system for global roaming in resource-limited mobility networks
Yang et al. LARP: A lightweight auto-refreshing pseudonym protocol for V2X
Braeken et al. ECQV-IBI: Identity-based identification with implicit certification
Chien et al. A hybrid authentication protocol for large mobile network
CN117221883B (en) Security authentication method for 5G mobile edge calculation and related equipment
CN116318739B (en) Electronic data exchange method and system
KR100456624B1 (en) Authentication and key agreement scheme for mobile network
CN114584975B (en) SDN-based anti-quantum satellite network access authentication method
CN115715004A (en) Privacy protection cross-domain authentication method for large-scale heterogeneous network
CN116015906A (en) Node authorization method, node communication method and device for privacy calculation
CN112671729B (en) Internet of vehicles oriented anonymous key leakage resistant authentication method, system and medium
Wei et al. A general compiler for password-authenticated group key exchange protocol in the standard model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant