CN111711603A - Identity authentication system based on terminal equipment of Internet of things - Google Patents

Identity authentication system based on terminal equipment of Internet of things Download PDF

Info

Publication number
CN111711603A
CN111711603A CN202010400037.9A CN202010400037A CN111711603A CN 111711603 A CN111711603 A CN 111711603A CN 202010400037 A CN202010400037 A CN 202010400037A CN 111711603 A CN111711603 A CN 111711603A
Authority
CN
China
Prior art keywords
authentication system
terminal device
internet
user authentication
terminal equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010400037.9A
Other languages
Chinese (zh)
Inventor
罗凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010400037.9A priority Critical patent/CN111711603A/en
Publication of CN111711603A publication Critical patent/CN111711603A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to the technical field of identity authentication of terminals of the Internet of things, and discloses an identity authentication system based on terminal equipment of the Internet of things, which comprises: terminal device U running with user authentication system software and connected in Internet of things systemiAuthentication server S running user authentication system softwareCAAnd the system is deployed in the Internet of things system and is connected with a terminal device UiCloud Computing Server (CCS) for communication connectioni(ii) a Operating in an authentication server SCAThe user authentication system starts to perform authentication on the terminal device U connected in the Internet of things systemiThe identity of the user is subjected to safety certification, and only the terminal equipment U connected in the Internet of things systemiThe identity of the cloud computing server is allowed to pass the security authentication of the user authentication systemiAnd terminal equipment UiFor data communication or using terminal equipment UiAnd (5) data acquisition is carried out. The invention solves the problem of how to preventTerminal device U connected in Internet of things systemiAnd malicious replacement.

Description

Identity authentication system based on terminal equipment of Internet of things
Technical Field
The invention relates to the technical field of identity authentication of terminals of the Internet of things, in particular to an identity authentication system based on terminal equipment of the Internet of things.
Background
In an internet of things system, terminal equipment relates to identification of an object and acquisition of data information; the information security relates to the reliability of the identity of the terminal equipment, the confidentiality of data transmission, the security of data storage and the like; the communication network of the internet of things has threats such as information leakage, information tampering, replay attack, denial of service and the like which are faced by a common network, and also faces that a terminal device node can be easily damaged for an attacker, and device replacement, data interception, information tampering and the like can be carried out. For the identification of the terminal device, there are currently various technologies to verify the authenticity thereof, such as barcode and RFID technologies based on ID identification, radar technologies and infrared technologies based on object properties, and the like. For terminal devices, since they can detect, store, process and fuse various information related to objects, and can provide these data to the network, various security measures are required to secure the data.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an identity authentication system based on terminal equipment of the Internet of things, which aims to solve the problem of how to prevent terminal equipment U connected in the Internet of things systemiThe technical problem of being replaced maliciously.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
an identity authentication system based on terminal equipment of the Internet of things comprises: terminal device U running with user authentication system software and connected in Internet of things systemiAuthentication server S running user authentication system softwareCAAnd the system is deployed in the Internet of things system and is connected with a terminal device UiCloud Computing Server (CCS) for communication connectioni
Terminal device UiAuthentication server on user authentication system through network communication equipmentCATo perform communication connection between them, and authenticate the server SCAThrough network communication equipment and cloud computing server CCSiCarry out communication connection between each other, and the cloud computing server CCSiPassing authentication server SCAAnd terminal equipment UiPerforming communication connection between each other;
operating in an authentication server SCAThe user authentication system on the system is used for the terminal device U connected in the Internet of things systemiThe identity of the user is subjected to security authentication, and the security authentication method specifically comprises the following steps:
step S1: terminal device UiAt an authentication server SCAThe user registration on the user authentication system specifically includes:
terminal device UiSelecting a third node of a graph G having t nodesThe coloring scheme is used for sending the graph G to a user authentication system by taking one three coloring schemes of the graph G as a private key;
step S2: in cloud computing server CCSiIn and out terminal device UiFor data communication or using terminal equipment UiBefore data acquisition, the user authentication system performs authentication on the terminal device UiThe identity of the user is subjected to security authentication, and the specific authentication process is as follows:
(1) terminal device UiPrepare the user authentication system for the following locked opaque box Bi
Figure BDA0002489047690000021
BijWherein i is more than or equal to 1 and less than or equal to 3t, i is more than or equal to 1 and less than or equal to 3t<j≤3t;
Each BiThe box is provided with a node, each
Figure BDA0002489047690000022
The box is filled with one color in the following mode: for each pair (i)lC) there is one i, such that ilIn BiIn c is
Figure BDA0002489047690000023
Wherein 1 is not more than il≤t,c=B,R,W;
(ilAnd, c) the pairs appear in the box pairs in a random order
Figure BDA0002489047690000031
Performing the following steps;
each BijThe box contains 0 or 1, i being present if and only if the following two conditions are metlAnd jlRespectively appear in box BiAnd BjIn graph G, there is a connection ilAnd jlThe edge of (1);
in the trichromatic scheme, give ilThe coloring appears in the box
Figure BDA0002489047690000032
In, give jlThe coloring appears in the boxSeed of Japanese apricot
Figure BDA0002489047690000033
In (B)i
Figure BDA0002489047690000034
BijRespectively called node box, color box and edge box;
(2) the user authentication system 0/1 selects a digit 0 or 1 and sends it to the terminal device Ui
(3) Terminal device UiIf the received number is:
a.0, opening all node boxes and edge boxes;
b.1, opening all color boxes and the side boxes: at terminal equipment UiIn the trichromatic scheme BiAnd BjThe nodes installed have the same color;
c. if not, rejecting the test result;
(4) user authentication system verification terminal device UiIf the user authentication system sends to the terminal device UiThe numbers of (a) are:
a.0, the user authentication system verifies that the user has arrived at the copy of G and 2t isolated nodes; if so, the user authentication system accepts, otherwise, rejects;
b.1, the user authentication system verifies that all open 3t (t-1)/2 side boxes contain 0, and the occurrence number of each color in the color box is t times, if so, the user authentication system accepts, otherwise, the user authentication system rejects.
Further, the authentication server SCAThe user authentication system starts to perform authentication on the terminal device U connected in the Internet of things systemiThe identity of the user is subjected to safety certification, and only the terminal equipment U connected in the Internet of things systemiThe identity of the cloud computing server is allowed to pass the security authentication of the user authentication systemiAnd terminal equipment UiFor data communication or using terminal equipment UiAnd (5) data acquisition is carried out.
Further, theCloud computing server CCSiIn and out terminal device UiFor data communication or using terminal equipment UiBefore data collection, the authentication server S operatesCAThe user authentication system starts to perform authentication on the terminal device U connected in the Internet of things systemiThe identity of (2) is securely authenticated.
Further, the private key is a unique legal certification key and is only the terminal device UiOwn alone, i.e., the user authentication system is not aware of a three coloring scheme of graph G.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
1. the invention relates to a cloud computing server CCSiIn and out terminal device UiFor data communication or using terminal equipment UiBefore data collection, the authentication server S operatesCAThe user authentication system starts to perform authentication on the terminal device U connected in the Internet of things systemiThe identity of the user is subjected to safety certification, and only the terminal equipment U connected in the Internet of things systemiPasses the security authentication of the user authentication system, authentication server SCAJust allow cloud computing server CCSiAnd terminal equipment UiFor data communication or using terminal equipment UiData acquisition is carried out, if the terminal equipment U is connected in the Internet of things systemiIf it is maliciously replaced, it will not pass the security authentication of the user authentication system, at which time the authentication server SCAWill prevent the cloud computing server CCSiAnd terminal equipment UiThe communication connection between the terminal equipment and the terminal equipment effectively ensures that the terminal equipment U is connected in the Internet of things systemiThe reliability of the performance of the device.
2. After the authentication of the invention is completed, the user authentication system only knows the terminal equipment UiIs not aware of the terminal device U, whether the identity of (b) is legitimate or notiI.e. the terminal device UiThe safety authentication of identity is completed without revealing the private key of the user, and the authentication mode obviously proposesIs higher than terminal equipment UiSecurity of the identity authentication process.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An identity authentication system based on terminal equipment of the Internet of things comprises: terminal device U running with user authentication system software and connected in Internet of things systemiAuthentication server S running user authentication system softwareCAAnd the system is deployed in the Internet of things system and is connected with a terminal device UiCloud Computing Server (CCS) for communication connectioni
Terminal device UiAuthentication server on user authentication system through network communication equipmentCATo perform communication connection between them, and authenticate the server SCAThrough network communication equipment and cloud computing server CCSiCarry out communication connection between each other, and the cloud computing server CCSiPassing authentication server SCAAnd terminal equipment UiPerforming communication connection between each other;
for preventing terminal equipment U connected in Internet of things systemiMaliciously replaced, cloud computing server CCSiIn and out terminal device UiFor data communication or using terminal equipment UiBefore data collection, the authentication server S operatesCAThe user authentication system starts to perform authentication on the terminal device U connected in the Internet of things systemiThe identity of the user is subjected to safety certification, and only the terminal equipment U connected in the Internet of things systemiPasses the security authentication of the user authentication system, authentication server SCAJust allow cloud computing server CCSiAnd terminal equipment UiFor data communication or using terminal equipment UiNumber of advancesCollecting;
operating in an authentication server SCAThe user authentication system starts to perform authentication on the terminal device U connected in the Internet of things systemiThe identity of the user is subjected to security authentication, and the security authentication method specifically comprises the following steps:
step S1: terminal device UiAt an authentication server SCAThe user registration on the user authentication system specifically includes:
terminal device UiSelecting a three-coloring scheme of a graph G with t nodes, taking the three-coloring scheme of the graph G as a private key, and sending the graph G to a user authentication system;
wherein, one three-coloring scheme of the graph G is a private key which is a unique legal certification key and is only a terminal device UiOwn alone, i.e., the user authentication system is not aware of a three coloring scheme of graph G;
step S2: in cloud computing server CCSiIn and out terminal device UiFor data communication or using terminal equipment UiBefore data acquisition, the user authentication system performs authentication on the terminal device UiThe identity of the user is subjected to security authentication, and the specific authentication process is as follows:
(1) terminal device UiPrepare the user authentication system for the following locked opaque box Bi
Figure BDA0002489047690000061
BijWherein i is more than or equal to 1 and less than or equal to 3t, i is more than or equal to 1 and less than or equal to 3t<j≤3t;
Each BiThe box is provided with a node, each
Figure BDA0002489047690000062
The box is filled with one color in the following mode: for each pair (i)lC) there is one i, such that ilIn BiIn c is
Figure BDA0002489047690000063
Wherein 1 is not more than il≤t,c=B,R,W;
(ilAnd, c) the pairs appear in the box pairs in a random order
Figure BDA0002489047690000064
Performing the following steps;
each BijThe box contains 0 or 1, i being present if and only if the following two conditions are metlAnd jlRespectively appear in box BiAnd BjIn graph G, there is a connection ilAnd jlThe edge of (1);
in the trichromatic scheme, give ilThe coloring appears in the box
Figure BDA0002489047690000071
In, give jlThe coloring appears in the box
Figure BDA0002489047690000072
In (B)i
Figure BDA0002489047690000073
BijRespectively called node box, color box and edge box;
(2) the user authentication system 0/1 selects a digit 0 or 1 and sends it to the terminal device Ui
(3) Terminal device UiIf the received number is:
a.0, opening all node boxes and edge boxes;
b.1, opening all color boxes and the side boxes: at terminal equipment UiIn the trichromatic scheme BiAnd BjThe nodes installed have the same color;
c. if not, rejecting the test result;
(4) user authentication system verification terminal device UiIf the user authentication system sends to the terminal device UiThe numbers of (a) are:
a.0, the user authentication system verifies that the user has arrived at the copy of G and 2t isolated nodes; if so, the user authentication system accepts, otherwise, rejects;
b.1, the user authentication system confirms that all opened 3t (t-1)/2 side boxes contain 0, the occurrence frequency of each color in the color box is t times, if so, the user authentication system accepts, otherwise, the user authentication system rejects;
at terminal equipment UiAfter the identity authentication is completed, the user authentication system only knows the terminal device UiIs not aware of the terminal device U, whether the identity of (b) is legitimate or notiA triple coloring scheme of the private key map G, i.e. the terminal device UiThe identity security authentication is completed on the premise of not revealing a three-coloring scheme of a private key graph G of the terminal device, and the authentication mode remarkably improves the terminal device UiSecurity performance of the identity authentication process;
if the terminal device U is connected in the Internet of things systemiIf it is maliciously replaced, it will not pass the security authentication of the user authentication system, at which time the authentication server SCAWill prevent the cloud computing server CCSiAnd terminal equipment UiThe communication connection between the terminal equipment and the terminal equipment effectively ensures that the terminal equipment U is connected in the Internet of things systemiThe reliability of the performance of the device.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. The utility model provides an identity authentication system based on thing networking terminal equipment which characterized in that includes: terminal device U running with user authentication system software and connected in Internet of things systemiAuthentication server S running user authentication system softwareCAAnd the system is deployed in the Internet of things system and is connected with a terminal device UiCloud Computing Server (CCS) for communication connectioni
Terminal device UiAuthentication at a user through a network communication deviceAuthentication system and authentication server SCATo perform communication connection between them, and authenticate the server SCAThrough network communication equipment and cloud computing server CCSiCarry out communication connection between each other, and the cloud computing server CCSiPassing authentication server SCAAnd terminal equipment UiPerforming communication connection between each other;
operating in an authentication server SCAThe user authentication system on the system is used for the terminal device U connected in the Internet of things systemiThe identity of (2) is securely authenticated, and the authentication method comprises the following steps:
step S1: terminal device UiAt an authentication server SCAThe user registration on the user authentication system specifically includes:
terminal device UiSelecting a three-coloring scheme of a graph G with t nodes, taking the three-coloring scheme of the graph G as a private key, and sending the graph G to a user authentication system;
step S2: in cloud computing server CCSiIn and out terminal device UiFor data communication or using terminal equipment UiBefore data acquisition, the user authentication system performs authentication on the terminal device UiThe identity of the user is subjected to security authentication, and the specific authentication process is as follows:
(1) terminal device UiPrepare the user authentication system for the following locked opaque box Bi
Figure FDA0002489047680000011
BijWherein i is more than or equal to 1 and less than or equal to 3t, i is more than or equal to 1 and less than or equal to 3t<j≤3t;
Each BiThe box is provided with a node, each
Figure FDA0002489047680000021
The box is filled with one color in the following mode: for each pair (i)lC) there is one i, such that ilIn BiIn c is
Figure FDA0002489047680000022
Wherein 1 is not more than il≤t,c=B,R,W;
(ilAnd, c) the pairs appear in the box pairs in a random order
Figure FDA0002489047680000023
Performing the following steps;
each BijThe box contains 0 or 1, i being present if and only if the following two conditions are metlAnd jlRespectively appear in box BiAnd BjIn graph G, there is a connection ilAnd jlThe edge of (1);
in the trichromatic scheme, give ilThe coloring appears in the box
Figure FDA0002489047680000024
In, give jlThe coloring appears in the box
Figure FDA0002489047680000025
In (B)i
Figure FDA0002489047680000026
BijRespectively called node box, color box and edge box;
(2) the user authentication system 0/1 selects a digit 0 or 1 and sends it to the terminal device Ui
(3) Terminal device UiIf the received number is:
a.0, opening all node boxes and edge boxes;
b.1, opening all color boxes and the side boxes: at terminal equipment UiIn the trichromatic scheme BiAnd BjThe nodes installed have the same color;
c. if not, rejecting the test result;
(4) user authentication system verification terminal device UiIf the user authentication system sends to the terminal device UiThe numbers of (a) are:
a.0, the user authentication system verifies that the user has arrived at the copy of G and 2t isolated nodes; if so, the user authentication system accepts, otherwise, rejects;
b.1, the user authentication system verifies that all open 3t (t-1)/2 side boxes contain 0, and the occurrence number of each color in the color box is t times, if so, the user authentication system accepts, otherwise, the user authentication system rejects.
2. The identity authentication system based on the terminal equipment of the internet of things according to claim 1, wherein the authentication server SCAThe user authentication system starts to perform authentication on the terminal device U connected in the Internet of things systemiThe identity of the user is subjected to safety certification, and only the terminal equipment U connected in the Internet of things systemiThe identity of the cloud computing server is allowed to pass the security authentication of the user authentication systemiAnd terminal equipment UiFor data communication or using terminal equipment UiAnd (5) data acquisition is carried out.
3. The identity authentication system based on the terminal equipment of the internet of things of claim 2, wherein the cloud computing server CCSiIn and out terminal device UiFor data communication or using terminal equipment UiBefore data collection, the authentication server S operatesCAThe user authentication system starts to perform authentication on the terminal device U connected in the Internet of things systemiThe identity of (2) is securely authenticated.
4. The identity authentication system based on the terminal equipment of the internet of things as claimed in claim 3, wherein the private key is a unique legal certification key and is only the terminal equipment UiOwn alone, i.e., the user authentication system is not aware of a three coloring scheme of graph G.
CN202010400037.9A 2020-05-13 2020-05-13 Identity authentication system based on terminal equipment of Internet of things Withdrawn CN111711603A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010400037.9A CN111711603A (en) 2020-05-13 2020-05-13 Identity authentication system based on terminal equipment of Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010400037.9A CN111711603A (en) 2020-05-13 2020-05-13 Identity authentication system based on terminal equipment of Internet of things

Publications (1)

Publication Number Publication Date
CN111711603A true CN111711603A (en) 2020-09-25

Family

ID=72537070

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010400037.9A Withdrawn CN111711603A (en) 2020-05-13 2020-05-13 Identity authentication system based on terminal equipment of Internet of things

Country Status (1)

Country Link
CN (1) CN111711603A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112543311A (en) * 2020-12-01 2021-03-23 杭州思源信息技术股份有限公司 Forest area visual management system based on internet of things technology
CN113068188A (en) * 2021-03-16 2021-07-02 贺良良 External user identity authentication system based on wireless sensor node

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112543311A (en) * 2020-12-01 2021-03-23 杭州思源信息技术股份有限公司 Forest area visual management system based on internet of things technology
CN113068188A (en) * 2021-03-16 2021-07-02 贺良良 External user identity authentication system based on wireless sensor node

Similar Documents

Publication Publication Date Title
CN101248613B (en) Authentic device admission scheme for a secure communication network, especially a secure ip telephony network
CN100496025C (en) Ternary equal identification based reliable network access control method
CN105450442B (en) A kind of network topology investigation method and its system
US8255977B2 (en) Trusted network connect method based on tri-element peer authentication
US6865673B1 (en) Method for secure installation of device in packet based communication network
CN110086821A (en) The authentication method of electric power things-internet gateway and the access of electric power internet-of-things terminal based on block chain
CN104335546B (en) The method and apparatus that trust information is created for other application using neighbours&#39; discovery
CN110830446B (en) SPA security verification method and device
Hijazi et al. Address resolution protocol spoofing attacks and security approaches: A survey
CN111770071B (en) Method and device for gateway authentication of trusted device in network stealth scene
CN110830447A (en) SPA single packet authorization method and device
CN104869111B (en) A kind of trusted end-user access authentication system and method
CN111711603A (en) Identity authentication system based on terminal equipment of Internet of things
CN109302432B (en) Network communication data combination encryption transmission method based on network security isolation technology
GB2469287A (en) Authentication of a nodes identity using a certificate comparison
CN106899561A (en) A kind of TNC authority control methods and system based on ACL
CN115550069B (en) Intelligent charging system of electric automobile and safety protection method thereof
CN105978883A (en) Large-scale IoV security data acquisition method
CN108011873A (en) A kind of illegal connection determination methods based on set covering
CN111212430A (en) Wireless local area network protection system based on zero knowledge proof
CN111031537A (en) Wireless local area network management system for preventing illegal user access
CN107995216A (en) A kind of safety certifying method, device, certificate server and storage medium
CN113949414A (en) Low-voltage power line carrier communication trusted security access method
CN101272379A (en) Improving method based on IEEE802.1x safety authentication protocol
CN117201077A (en) Internet of things access scene identity modeling and trust evaluation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20200925