CN112040483A - Lightweight efficient identity authentication method and system - Google Patents

Abstract

The invention discloses a lightweight high-efficiency identity authentication method and a system, which are executed by equipment A, and the method comprises the following steps: responding to the authentication start, and sending an authentication request to a hierarchical identity authentication system HIBE; generating public parameters and a master key of identity information of the associated equipment A; generating a private key associating public parameters of the device A and the master key; generating a public key and private key pair based on the public parameters of the associated device A and the private key of the master key; receiving a public key-private key pair of the authentication server B in response to a key agreement request of the authentication server B, and generating a broadcast chain T based on the public key-private key pair of the authentication server B_ASending the information to an authentication server B; receiving a broadcast chain T generated by an authentication server B based on a public key and private key pair of a device A_BIf the session key SK is generated_AIf not, the authentication is not successful. The invention adopts an authentication mechanism based on multi-level identity, thereby further improving the overall performance of the network; using a Hash keychain, trueNow the Hash chain length is extended as required.

Description

Lightweight efficient identity authentication method and system

Technical Field

The invention relates to a lightweight high-efficiency identity authentication method and system, which are applied to an electric wireless private network and belong to the technical field of communication.

Background

With the wide application of the wireless private network in the power system, a convenient access means is provided for control services such as power distribution automation and source network charge storage interaction and management services such as power utilization information acquisition, mobile operation and video monitoring. The electric power wireless private network can effectively supplement a wired transmission network and efficiently solve the problem of 'last kilometer' access of electric power communication.

However, with the rapid increase of the number of access terminals of the private wireless network, under the scenario of unified access of various mixed services such as source network load storage, distribution monitoring, mobile application, etc., the currently commonly adopted centralized processing mode through the core network cannot meet the real-time requirement of the load control type electric power service, and in addition, great potential hazards are brought to the safety of the private wireless power network.

The technical scheme of the prior art I is as follows: for the problem of heterogeneous access technology and device access network, some researchers have proposed Identity-Based encryption systems and signature mechanisms (IBCs), in which a public Key of a user can be easily obtained from user Identity information, and a Private Key of the user needs to be obtained through a Private Key Generation (PKG) service application. The identity-based key authentication mechanism has the advantages of simple and convenient generation of the user public key and low calculation amount for obtaining the public key, and has obvious advantages for improving the overall performance of the network.

The second technical scheme in the prior art is as follows: aiming at an authentication key mechanism, a scholart provides an MCEPAK protocol, realizes a hierarchical authorization and authentication key negotiation mechanism for a grid system, and improves identity authentication capability and overall network performance by using a key negotiation protocol based on a public key cryptographic algorithm principle.

Disclosure of Invention

The first prior art has the following disadvantages: although the IBC security protocol provides an efficient and flexible authentication mechanism, the identity registration and private key generation services in the IBC system are independently completed by private key generation, and in the power system, a single PKG cannot afford the registration and private key generation services of the entire network, which has a certain impact on resource consumption to some extent and is difficult to meet large-scale real-time requirements.

The second prior art has the following defects: public keys in an authentication key agreement protocol such as MCEPAK are all random sequences, and a public key certificate is required to bind user identity information. The Certificate generation, update and logout processes of a Public Key Infrastructure (PKI) system are complex, and when a communication entity cannot establish communication with a Certificate Authority (CA), an authentication Key agreement mechanism established based on the PKI system loses necessary security assurance.

The invention provides a lightweight high-efficiency identity authentication method and system aiming at the problems of low authentication efficiency and high resource consumption. In order to reduce the consumption of resources for storing and releasing certificates, an authentication mechanism based on multi-level identity is adopted, and the overall performance of the network is further improved; in order to reduce the calculation overhead and the communication overhead and aim at the problem of controlling multiple devices in the broadcast of the power wireless private network, a Hash key chain based on a Merkle Tree is adopted to realize the on-demand expansion of the length of the Hash chain. The protocol reduces protocol redundancy and improves the real-time performance of operation.

The invention adopts the following technical scheme: a lightweight, efficient identity authentication method, performed by a device A, the method comprising:

responding to the authentication start, and sending an authentication request to a hierarchical identity authentication system HIBE;

calling an identity hierarchical registration function of a hierarchical identity authentication system HIBE to generate public parameters and a master key of identity information of the associated equipment A;

calling a private key grading function of a hierarchical identity authentication system HIBE to generate a public parameter of the associated equipment A and a private key of a master key;

calling an authentication key negotiation function of a hierarchical identity authentication system HIBE, and generating a public key and private key pair based on public parameters of the associated equipment A and a private key of a master key;

receiving a public key and private key pair of the authentication server B in response to a key agreement request of the authentication server B, and generating a broadcast chain T based on the public key and private key pair of the authentication server B_ASending the information to an authentication server B; receiving a broadcast chain T generated by an authentication server B based on a public key and private key pair of a device A_BIf the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AThen "authentication fails and the authentication server B does not have the legal private key information matched with the alleged identity information" is sent to the authentication server B.

As a preferred embodiment, the associating the public parameter and the master key of the identity information of the device a specifically includes:

when the k-th layer of the device A needs to be authenticated, the identity hierarchical registration function of the hierarchical identity authentication system HIBE constructs the identity information thereof into

Wherein I_kRepresenting the k-th layer identity information;

if the upper limit of the level number of the hierarchical identity authentication system HIBE is set to be l, a generator G belongs to G and a random number alpha belongs to Z_pThereby obtaining g₁＝g^α；

Further selecting g₂，g₃，h₁，…，h_lE G, get the common parameter p ═ G, (G, G) for device a₁,g₂,g₃,h₁,…,_lh and generates a master key

As a preferred embodiment, the associating the public parameter of the device a and the private key of the master key specifically includes: hierarchical identity authentication system HIBE (hierarchical identity authentication protocol) is a k-th layer of equipment A

When k is less than l and a pairing private key is generated, r, t epsilon to Z are selected arbitrarily_pAnd simultaneously generating a private key according to the master key and the public parameter:

as a preferred embodiment, the generating a public key and a private key pair based on the public parameter of the associated device a and the master key and the private key specifically includes:

when the level of the equipment A is k (k is less than l), the level of the authentication server B is m (m is less than k is less than l), and the equipment A and the authentication server B have common nodes in the ith layer 1 which is less than i and less than l, the public key and the private key pair of the equipment A are generated by the private key grading function of the hierarchical identity authentication system HIBE

Wherein the content of the first and second substances,

as a preferred embodiment, the method further comprises: device A random selection

According to ID_BGenerating a broadcast chain T_AAnd sends it to authentication server B; selecting a new alpha by the device A in the key negotiation process each time;

authentication server B random selection

And according to the ID_AGenerating a broadcast chain T_BAnd sends it to device a; selecting a new B by the authentication server B in the key agreement process each time;

device A according to the broadcast chain T_BComputing a shared secret S_A；

Authentication server B according to broadcast chain T_AComputing a shared secret S_B；

The device A and the authentication server B respectively generate session keys

sk_A＝H(ID_A，ID_B，T_A，T_B，S_A) And sk_B＝H(ID_A，ID_B，T_A，T_B，S_B) According to whether a session key SK can be generated or not_AAnd SK_BJudging whether the authentication is successful;

if the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AIf the authentication fails, the authentication server B does not have legal private key information matched with the alleged identity information, and the legal private key information is sent to the authentication server B;

if the session key SK is generated_BIf so, sending the authentication success information toDevice A, if it cannot generate session key SK_BThen "authentication fails and device a does not have the legal private key information matching its purported identity information" is sent to device a.

The invention also provides a lightweight high-efficiency identity authentication method which is executed by an authentication server B and is characterized by comprising the following steps:

responding to an authentication request of the device A, and sending an authentication request to a hierarchical identity authentication system HIBE;

calling an identity hierarchical registration function of a hierarchical identity authentication system HIBE to generate a public parameter and a master key which are related to identity information of an authentication server B;

calling a private key grading function of a hierarchical identity authentication system HIBE to generate a public parameter of an associated authentication server B and a private key of a master key;

calling an authentication key negotiation function of a hierarchical identity authentication system HIBE, and generating a public key and private key pair based on public parameters of an associated authentication server B and a private key of a master key;

in response to device A's key agreement request, device A's public-private key pair is received and broadcast chain T is generated based on device A's public-private key pair_BAnd sending the data to the equipment A; broadcast chain T generated by receiving device A based on public key and private key pair of authentication server B_AIf the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BThen, the device a is sent "the authentication fails and the device a does not have the legal private key information matched with the asserted identity information".

As a preferred embodiment, the associating the public parameter and the master key of the identity information of the authentication server B specifically includes:

when the m layer of the authentication server needs to be authenticated, the identity hierarchical registration function of the hierarchical identity authentication system HIBE constructs the identity information thereof into

Wherein I_mRepresenting the m-th layer identity information;

if the upper limit of the level number of the hierarchical identity authentication system HIBE is set to be l, a generator G belongs to G and a random number alpha belongs to Z_pThereby obtaining g₁＝g^α；

Further selecting g₂，g₃，h₁，…，h_lE.g., G, obtains the public parameter p ═ G (G, G) of the authentication server B₁,g₂,g₃,h₁,…,h_l) And generates a master key

As a preferred embodiment, the associating the public parameter of the authentication server B with the private key of the master key specifically includes:

the hierarchy level realizes the private key hierarchy function of the HIBE system as the mth layer of the authentication server B

When generating the pairing private key, randomly selecting r, t epsilon to Z_pAnd simultaneously generating a private key according to the master key and the public parameter:

as a preferred embodiment, the generating a public key and private key pair based on the public parameter of the associated authentication server B and the private key of the master key specifically includes:

when the device A is located at the level k (k < l), the authentication server B is located at the level m (m < k < l), and the devices A and B have a common node at the ith level 1 < i < l: the public key and the private key pair of the authentication server B are generated by the private key grading function of the hierarchical identity authentication system HIBE

Wherein

i＜m＜l，

As a preferred embodiment, the method further comprises: device A random selection

According to ID_BGenerating a broadcast chain T_AAnd sends it to authentication server B; selecting a new alpha by the device A in the key negotiation process each time;

authentication server B random selection

And according to the public key ID of device A_AGenerating a broadcast chain T_BAnd sends it to device a; selecting a new B by the authentication server B in the key agreement process each time;

device A according to the broadcast chain T_BComputing a shared secret S_A；

Authentication server B according to broadcast chain T_AComputing a shared secret S_B；

The device A and the authentication server B respectively generate session keys

sk_A＝H(ID_A，ID_B，T_A，T_B，S_A) And sk_B＝H(ID_A，ID_B，T_A，T_B，S_B) According to whether a session key SK can be generated or not_AAnd SK_BJudging whether the authentication is successful;

if the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AIf the authentication fails, the authentication server B does not have legal private key information matched with the alleged identity information, and the legal private key information is sent to the authentication server B;

if the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BThen "authentication fails and device a does not have the legal private key information matching its purported identity information" is sent to device a.

The invention also provides a lightweight high-efficiency identity authentication method which is executed by the hierarchical identity authentication system HIBE and is characterized by comprising the following steps:

receiving an authentication request of the equipment A, and generating a public parameter and a master key of the identity information of the associated equipment A through an identity hierarchical registration function; generating a public parameter of the associated equipment A and a private key of the master key through a private key grading function according to the public parameter and the master key of the identity information of the equipment A; generating a public key and private key pair based on the public parameters of the associated equipment A and the private key of the master key through a certification key negotiation function according to the public parameters of the equipment A and the private key of the master key, and sending the public key and private key pair to the authentication server B;

receiving an authentication request of an authentication server B, and generating a public parameter and a master key which are related to identity information of the authentication server B through an identity hierarchical registration function; generating a public parameter of the associated authentication server B and a private key of the master key through a private key grading function according to the public parameter of the identity information of the authentication server B and the master key; generating a public key and private key pair based on the public parameter of the associated authentication server B and the private key of the master key through an authentication key negotiation function according to the public parameter of the authentication server B and the private key of the master key, and sending the public key and private key pair to the equipment A;

in response to device A's key agreement request, device A's public-private key pair is received and broadcast chain T is generated based on device A's public-private key pair_BAnd sending the data to the equipment A; broadcast chain T generated by receiving device A based on public key and private key pair of authentication server B_AIf the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BIf the authentication fails, the device A does not have legal private key information matched with the alleged identity information, and the authentication fails, the device A sends the legal private key information to the device A;

receiving a public key and private key pair of the authentication server B in response to a key agreement request of the authentication server B, and generating a broadcast chain T based on the public key and private key pair of the authentication server B_ASending the information to an authentication server B; receiving authentication server B generated based on device A's public key-private key pairBroadcasting chain T_BIf the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AThen "authentication fails and the authentication server B does not have the legal private key information matched with the alleged identity information" is sent to the authentication server B.

The invention also provides a lightweight high-efficiency identity authentication system which is characterized by comprising a hierarchical identity authentication system HIBE, equipment A and an authentication server B, wherein the hierarchical identity authentication system HIBE is respectively in communication connection with the equipment A and the authentication server B, and the equipment A is in communication connection with the authentication server B;

the device A sends an authentication request to a hierarchy level identity authentication system HIBE; a hierarchical identity authentication system HIBE generates public parameters and a master key of identity information of associated equipment A through an identity hierarchical registration function; the hierarchical identity authentication system HIBE generates a public parameter of the associated equipment A and a private key of a master key through a private key hierarchical function; the hierarchical identity authentication system HIBE generates a public key and private key pair based on the public parameters of the associated equipment A and the private key of the master key through an authentication key negotiation function;

the authentication server B sends an authentication request to a hierarchy level identity authentication system HIBE; the hierarchical identity authentication system HIBE generates public parameters and a master key related to the identity information of the authentication server B through an identity hierarchical registration function; the hierarchical identity authentication system HIBE generates a private key associating public parameters of an authentication server B with a master key through a private key hierarchical function; the hierarchical identity authentication system HIBE generates a public key and private key pair based on public parameters of the associated authentication server B and a private key of a master key through an authentication key negotiation function;

the device A receives a key agreement request of the authentication server B, receives a public key and private key pair of the authentication server B, and generates a broadcast chain T based on the public key and private key pair of the authentication server B_ASending the information to an authentication server B; receiving a broadcast chain T generated by an authentication server B based on a public key and private key pair of a device A_BIf the session key SK is generated_AThen the hierarchical identity authentication system HIBE sends out the authenticationThe successful information of the certification is sent to the authentication server B, if the session key SK can not be generated_AIf the hierarchical identity authentication system HIBE sends the authentication failure and the authentication server B does not have the legal private key information matched with the alleged identity information to the authentication server B, the hierarchical identity authentication system HIBE sends the legal private key information to the authentication server B;

the authentication server B receives the key negotiation request of the device A, receives the public key and private key pair of the device A, and generates a broadcast chain T based on the public key and private key pair of the device A_BAnd sending the data to the equipment A; broadcast chain T generated by receiving device A based on public key and private key pair of authentication server B_AIf the session key SK is generated_BThe hierarchical identity authentication system HIBE sends successful authentication information to the device A, and if the session key SK cannot be generated_BThen, the hierarchical identity authentication system HIBE sends "authentication failed and the device a does not have the legal private key information matched with the purported identity information" to the device a.

As a preferred embodiment, the lightweight and efficient identity authentication system further comprises:

device A random selection

According to ID_BGenerating a broadcast chain T_AAnd sends it to authentication server B; selecting a new alpha by the device A in the key negotiation process each time;

authentication server B random selection

And according to the ID_AGenerating a broadcast chain T_BAnd sends it to device a; selecting a new B by the authentication server B in the key agreement process each time;

device A is according to T_BComputing a shared secret S_A；

Authentication server B according to T_AComputing a shared secret S_B；

The device A and the authentication server B respectively generate session keys

sk_A＝H(ID_A，ID_B，T_A，T_B，S_A) And sk_B＝H(ID_A，ID_B，T_A，T_B，S_B) According to whether a session key SK can be generated or not_AAnd SK_BAnd judging whether the authentication is successful.

As a preferred embodiment, the method for generating a broadcast chain specifically includes: a broadcast self-regeneration authentication model based on a short Hash chain is designed, on the basis of a Merkle Tree, a key chain self-regeneration protocol is adopted to carry out secure connection among the Hash chains on a path on a message line, and the length of the short key chain when the calculation overhead and the communication overhead reach the lowest value in the short key chain self-regeneration authentication model is obtained.

As a preferred embodiment, the broadcast chain T_BThe generation method specifically comprises the following steps: a Hash chain pre-distribution step; a Hash chain using step; and a Hash chain expanding step.

As a preferred embodiment, the Hash chain pre-allocating step specifically includes: the authentication server B needs to generate a random value in advance

As a seed, generating a Hash chain according to the self requirement of the network:

before the node equipment is deployed, all the common nodes R need to be stored in advance

The ordinary node R thus authenticates the broadcast key according to the one-way nature of the Hash chain.

As a preferred embodiment, the Hash chain using step specifically includes: if the number of used Hash chains does not exceed the specified number n₀Then, the use mode of the Hash chain is unchanged; the authentication server B needs to release broadcast data in a specified time period, then the common node R needs to receive and store the data first, and then waits for the authentication server B to follow the subsequentAnd authenticating the data in a time period by broadcasting a related key by the authentication server B.

As a preferred embodiment, the Hash chain expanding step specifically includes:

step S1: when the Hash chain is used

When (at this time, the common node R is stored with

) The authentication server B selects a new random seed according to the formula (1)

And generating a new Hash chain using the random value:

step S2: redeploying the Hash on the basis of ensuring the authenticable characteristic of the Hash chain; at this time, the authentication server B calculates first

And

then calculate

Step S3: after the common node R receives the broadcast message, if

Then store

And discard

Meanwhile, storing the received broadcast message for message verification of the next stage; when the Hash chain is used

Time, calculate

Step S4: after the common node R receives the message, if

Then store

And discard

At the same time, utilize

Calculating the verification code of the message at the last stage and verifying the validity of the verification code so as to verify the validity of the stored information S 'in the last time period, and simultaneously verifying the validity of S' by using S '═ h (S');

step S5: if the common node R needs to store the message of this time period, in the following multicast key authentication process, the following calculation is performed:

step S6: the common node R, after receiving the message (2), uses the stored

And received

To verify

When the validity is verified, the common node R stores the message (2) for the verification of the next message; to prevent loss of authentication packets, the method is implemented in advance

Authentication but to guarantee

In the Hash chain to

Can be released only when the user wants to use the system.

The invention achieves the following beneficial effects: firstly, the invention provides a distributed lightweight high-efficiency identity authentication scheme for supporting multi-service attributes facing an electric power wireless private network, and designs a hierarchical-based identity authentication system HIBE (high-level identity authentication object), so that an entity can safely negotiate a session key under the condition of not authenticating the identity of the other party, and simultaneously, a session key negotiation mechanism is provided for entities belonging to different levels; secondly, by applying the framework aiming at the physical layer authentication of the power wireless terminal, the consumption of an identity authentication protocol can be reduced by combining multiple methods aiming at the low-delay access requirement under an industrial control scene, the authentication efficiency is greatly improved, the high-real-time operation requirement is met, and the resource consumption is reduced by adopting an elliptic curve password mechanism with low resource overhead; thirdly, the trust domain in the cloud power wireless private network is hierarchically divided, so that different entities can register identity information at each level of PKG and obtain corresponding legal private keys, the operation pressure of a root PKG is relieved, the bearing capacity of the system is improved, the constituent elements of the private keys are reconstructed on the basis, a hierarchical identity authentication system HIBE is designed by utilizing the power finger operation characteristic in bilinear mapping on an elliptic curve multiplication circulating group, and the entities can safely negotiate a session key under the condition of not authenticating the identity of each other and also provide a session key negotiation mechanism for the entities belonging to different levels of different layers through the identity hierarchical registration function, the private key hierarchical function and the authentication key negotiation function HIBE of the hierarchical identity authentication system HIBE; fourthly, the entity identity information in the invention is a public key, if the entity does not have a legal private key matched with the claimed identity, a correct session key cannot be calculated, thereby realizing the implicit authentication of the protocol to the entity identity information.

Drawings

Fig. 1 is a schematic topology diagram of an application embodiment of the present invention.

Detailed Description

The invention is further described below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical solutions of the present invention, and the protection scope of the present invention is not limited thereby.

Example 1: a lightweight, efficient method of identity authentication, performed by a device a, the method comprising:

responding to the authentication start, and sending an authentication request to a hierarchical identity authentication system HIBE;

calling an identity hierarchical registration function of a hierarchical identity authentication system HIBE to generate public parameters and a master key of identity information of the associated equipment A;

calling a private key grading function of a hierarchical identity authentication system HIBE to generate a public parameter of the associated equipment A and a private key of a master key;

calling an authentication key negotiation function of a hierarchical identity authentication system HIBE, and generating a public key and private key pair based on public parameters of the associated equipment A and a private key of a master key;

receiving a public key and private key pair of the authentication server B in response to a key agreement request of the authentication server B, and generating a broadcast chain T based on the public key and private key pair of the authentication server B_ASending the information to an authentication server B; receiving a broadcast chain T generated by an authentication server B based on a public key and private key pair of a device A_BIf the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AThen, the authentication server B sends the 'authentication failure and the authentication server B does not have the legal private key information matched with the alleged identity information' to the authentication server BAnd (4) a certificate server B.

Optionally, the public parameter and the master key of the identity information of the associated device a specifically include:

when the k-th layer of the device A needs to be authenticated, the identity hierarchical registration function of the hierarchical identity authentication system HIBE constructs the identity information thereof into

Wherein I_kRepresenting the k-th layer identity information;

if the upper limit of the level number of the hierarchical identity authentication system HIBE is set to be l, a generator G belongs to G and a random number alpha belongs to Z_pThereby obtaining g₁＝g^α；

Further selecting g₂，g₃，h₁，…，h_lE G, get the common parameter p ═ G, (G, G) for device a₁，g₂，g₃，h₁，…，h_I) And generates a master key

Optionally, the associating the public parameter of the device a and the private key of the master key specifically includes: hierarchical identity authentication system HIBE (hierarchical identity authentication protocol) is a k-th layer of equipment A

When k is less than l and a pairing private key is generated, r, t epsilon to Z are selected arbitrarily_pAnd simultaneously generating a private key according to the master key and the public parameter:

optionally, the generating a public key and a private key pair based on the public parameter of the associated device a, the master key and the private key specifically includes:

when the device A is positioned at the level of k (k < l), the authentication server B is positioned at the level of m (m < k <)l), when the device A and the authentication server B have public nodes in the ith layer 1 < i < l, generating a public key and a private key pair of the device A by a private key grading function of a hierarchical identity authentication system HIBE into

Wherein the content of the first and second substances,

optionally, the method further includes: device A random selection

According to ID_BGenerating a broadcast chain T_AAnd sends it to authentication server B; selecting a new alpha by the equipment A in the key negotiation process each time;

authentication server B random selection

And according to the ID_AGenerating a broadcast chain T_BAnd sends it to device a; selecting a new B by the authentication server B in the key agreement process each time;

device A according to the broadcast chain T_BComputing a shared secret S_A；

Authentication server B according to broadcast chain T_AComputing a shared secret S_B；

The device A and the authentication server B respectively generate session keys

sk_A＝H(ID_A，ID_B，T_A，T_B，S_A) And sk_B＝H(ID_A，ID_B，T_A，T_B，S_B) According to whether a session key SK can be generated or not_AAnd SK_BJudging whether the authentication is successful;

if the session key SK is generated_AIf so, sending authentication success information to the authentication serviceDevice B, if it can not generate the session key SK_AIf the authentication fails, the authentication server B does not have legal private key information matched with the alleged identity information, and the legal private key information is sent to the authentication server B;

if the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BThen "authentication fails and device a does not have the legal private key information matching its purported identity information" is sent to device a.

Example 2: the invention also provides a lightweight high-efficiency identity authentication method which is executed by an authentication server B and is characterized by comprising the following steps:

responding to an authentication request of the device A, and sending an authentication request to a hierarchical identity authentication system HIBE;

calling an identity hierarchical registration function of a hierarchical identity authentication system HIBE to generate a public parameter and a master key which are related to identity information of an authentication server B;

calling a private key grading function of a hierarchical identity authentication system HIBE to generate a public parameter of an associated authentication server B and a private key of a master key;

calling an authentication key negotiation function of a hierarchical identity authentication system HIBE, and generating a public key and private key pair based on public parameters of an associated authentication server B and a private key of a master key;

in response to device A's key agreement request, device A's public-private key pair is received and broadcast chain T is generated based on device A's public-private key pair_BAnd sending the data to the equipment A; broadcast chain T generated by receiving device A based on public key and private key pair of authentication server B_AIf the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BThen, the device a is sent "the authentication fails and the device a does not have the legal private key information matched with the asserted identity information".

Optionally, the public parameter and the master key of the identity information associated with the authentication server B specifically include:

hierarchical identity authentication when authentication server mth layer needs to perform authenticationThe identity hierarchical registration function of the system HIBE constructs the identity information thereof into

Wherein I_mRepresenting the m-th layer identity information;

if the upper limit of the level number of the hierarchical identity authentication system HIBE is set to be l, a generator G belongs to G and a random number alpha belongs to Z_pThereby obtaining g₁＝g^α；

Further selecting g₂，g₃，h₁，…，h_lE.g., G, obtains the public parameter p ═ G (G, G) of the authentication server B₁,g₂,g₃,h₁,…,h_l) And generates a master key

Optionally, the associating the public parameter of the authentication server B with the private key of the master key specifically includes:

the hierarchy level realizes the private key hierarchy function of the HIBE system as the mth layer of the authentication server B

When generating the pairing private key, randomly selecting r, t epsilon to Z_pAnd simultaneously generating a private key according to the master key and the public parameter:

optionally, the generating a public key and a private key pair based on the public parameter of the associated authentication server B and the private key of the master key specifically includes:

when the device A is located at the level k (k < l), the authentication server B is located at the level m (m < k < l), and the devices A and B have a common node at the ith level 1 < i < l: the public key and the private key pair of the authentication server B are generated by the private key grading function of the hierarchical identity authentication system HIBE

Wherein

i＜m＜l，

Optionally, the method further includes: device A random selection

According to ID_BGenerating a broadcast chain T_AAnd sends it to authentication server B; selecting a new alpha by the equipment A in the key negotiation process each time;

authentication server B random selection

And according to the ID_AGenerating a broadcast chain T_BAnd sends it to device a; selecting a new B by the authentication server B in the key agreement process each time;

device A according to the broadcast chain T_BComputing a shared secret S_A；

Authentication server B according to broadcast chain T_AComputing a shared secret S_B；

The device A and the authentication server B respectively generate session keys

sk_A＝H(ID_A，ID_B，T_A，T_B，S_A) And sk_B＝H(ID_A，ID_B，T_A，T_B，S_B) According to whether a session key SK can be generated or not_AAnd SK_BJudging whether the authentication is successful;

if the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AIf the authentication fails, the authentication server B does not have legal private key information matched with the alleged identity information, and the legal private key information is sent to the authentication server B;

if the session key SK is generated_BIf the authentication is successful, the authentication information is sent to the equipment A, and if the authentication information cannot be generated, the session secret is generatedKey SK_BThen "authentication fails and device a does not have the legal private key information matching its purported identity information" is sent to device a.

Example 3: the invention also provides a lightweight high-efficiency identity authentication method which is executed by the hierarchical identity authentication system HIBE and is characterized by comprising the following steps:

receiving an authentication request of the equipment A, and generating a public parameter and a master key of the identity information of the associated equipment A through an identity hierarchical registration function; generating a public parameter of the associated equipment A and a private key of the master key through a private key grading function according to the public parameter and the master key of the identity information of the equipment A; generating a public key and private key pair based on the public parameters of the associated equipment A and the private key of the master key through a certification key negotiation function according to the public parameters of the equipment A and the private key of the master key, and sending the public key and private key pair to the authentication server B;

receiving an authentication request of an authentication server B, and generating a public parameter and a master key which are related to identity information of the authentication server B through an identity hierarchical registration function; generating a public parameter of the associated authentication server B and a private key of the master key through a private key grading function according to the public parameter of the identity information of the authentication server B and the master key; generating a public key and private key pair based on the public parameter of the associated authentication server B and the private key of the master key through an authentication key negotiation function according to the public parameter of the authentication server B and the private key of the master key, and sending the public key and private key pair to the equipment A;

in response to device A's key agreement request, device A's public-private key pair is received and broadcast chain T is generated based on device A's public-private key pair_BAnd sending the data to the equipment A; broadcast chain T generated by receiving device A based on public key and private key pair of authentication server B_AIf the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BIf the authentication fails, the device A does not have legal private key information matched with the alleged identity information, and the authentication fails, the device A sends the legal private key information to the device A;

receiving an authentication in response to a key agreement request of authentication server BA public key and private key pair of the certificate server B and a broadcast chain T is generated based on the public key and private key pair of the certificate server B_ASending the information to an authentication server B; receiving a broadcast chain T generated by an authentication server B based on a public key and private key pair of a device A_BIf the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AThen "authentication fails and the authentication server B does not have the legal private key information matched with the alleged identity information" is sent to the authentication server B.

Example 4: the invention also provides a lightweight high-efficiency identity authentication system which is characterized by comprising a hierarchical identity authentication system HIBE, equipment A and an authentication server B, wherein the hierarchical identity authentication system HIBE is respectively in communication connection with the equipment A and the authentication server B, and the equipment A is in communication connection with the authentication server B;

the device A sends an authentication request to a hierarchy level identity authentication system HIBE; a hierarchical identity authentication system HIBE generates public parameters and a master key of identity information of associated equipment A through an identity hierarchical registration function; the hierarchical identity authentication system HIBE generates a public parameter of the associated equipment A and a private key of a master key through a private key hierarchical function; the hierarchical identity authentication system HIBE generates a public key and private key pair based on the public parameters of the associated equipment A and the private key of the master key through an authentication key negotiation function;

the authentication server B sends an authentication request to a hierarchy level identity authentication system HIBE; the hierarchical identity authentication system HIBE generates public parameters and a master key related to the identity information of the authentication server B through an identity hierarchical registration function; the hierarchical identity authentication system HIBE generates a private key associating public parameters of an authentication server B with a master key through a private key hierarchical function; the hierarchical identity authentication system HIBE generates a public key and private key pair based on public parameters of the associated authentication server B and a private key of a master key through an authentication key negotiation function;

the device A receives the key agreement request of the authentication server B, receives the public key and private key pair of the authentication server B, and generates a broadcast based on the public key and private key pair of the authentication server BChain T_ASending the information to an authentication server B; receiving a broadcast chain T generated by an authentication server B based on a public key and private key pair of a device A_BIf the session key SK is generated_AIf the hierarchical identity authentication system HIBE can not generate the session key SK, the hierarchical identity authentication system HIBE sends authentication success information to the authentication server B_AIf the hierarchical identity authentication system HIBE sends the authentication failure and the authentication server B does not have the legal private key information matched with the alleged identity information to the authentication server B, the hierarchical identity authentication system HIBE sends the legal private key information to the authentication server B;

the authentication server B receives the key negotiation request of the device A, receives the public key and private key pair of the device A, and generates a broadcast chain T based on the public key and private key pair of the device A_BAnd sending the data to the equipment A; broadcast chain T generated by receiving device A based on public key and private key pair of authentication server B_AIf the session key SK is generated_BThe hierarchical identity authentication system HIBE sends successful authentication information to the device A, and if the session key SK cannot be generated_BThen, the hierarchical identity authentication system HIBE sends "authentication failed and the device a does not have the legal private key information matched with the purported identity information" to the device a.

As a preferred embodiment, the lightweight and efficient identity authentication system further comprises:

device A random selection

According to ID_BGenerating a broadcast chain T_AAnd sends it to authentication server B; selecting a new alpha by the device A in the key negotiation process each time;

authentication server B random selection

And according to the ID_AGenerating a broadcast chain T_BAnd sends it to device a; selecting a new B by the authentication server B in the key agreement process each time;

device A is according to T_BComputing a shared secret S_A；

Authentication server B according to T_AComputing a shared secret S_B；

The device A and the authentication server B respectively generate session keys

sk_A＝H(ID_A，ID_B，T_A，T_B，S_A) And sk_B＝H(ID_A，ID_B，T_A，T_B，S_B) According to whether a session key SK can be generated or not_AAnd SK_BAnd judging whether the authentication is successful.

As a preferred embodiment, the method for generating a broadcast chain specifically includes: a broadcast self-regeneration authentication model based on a short Hash chain is designed, on the basis of a Merkle Tree, a key chain self-regeneration protocol is adopted to carry out secure connection among the Hash chains on a path on a message line, and the length of the short key chain when the calculation overhead and the communication overhead reach the lowest value in the short key chain self-regeneration authentication model is obtained.

As a preferred embodiment, the broadcast chain T_BThe generation method specifically comprises the following steps: a Hash chain pre-distribution step; a Hash chain using step; and a Hash chain expanding step.

As a preferred embodiment, the Hash chain pre-allocating step specifically includes: the authentication server B needs to generate a random value in advance

As a seed, generating a Hash chain according to the self requirement of the network:

before the node equipment is deployed, all the common nodes R need to be stored in advance

The ordinary node R thus authenticates the broadcast key according to the one-way nature of the Hash chain.

As a preferred embodiment, the Hash chain using step specifically includes: if the number of used Hash chains does not exceed the specified number n₀Then, the use mode of the Hash chain is unchanged; the authentication server B needs to release broadcast data in a specified time period, then the common node R needs to receive and store the data first, and then waits for the authentication server B to authenticate the data in a subsequent time period, wherein the authentication mode is that the authentication server B broadcasts a related key.

As a preferred embodiment, the Hash chain expanding step specifically includes:

step S1: when the Hash chain is used

When (at this time, the common node R is stored with

) The authentication server B selects a new random seed according to the formula (1)

And generating a new Hash chain using the random value:

step S2: redeploying the Hash on the basis of ensuring the authenticable characteristic of the Hash chain; at this time, the authentication server B calculates first

And

then calculate

Step S3: after the common node R receives the broadcast message, if

Then store

And discard

Meanwhile, storing the received broadcast message for message verification of the next stage; when the Hash chain is used

Time, calculate

Step S4: after the common node R receives the message, ifThen store

And discard

At the same time, utilize

Calculating the verification code of the message at the last stage and verifying the validity of the verification code so as to verify the validity of the stored information S 'in the last time period, and simultaneously verifying the validity of S' by using S '═ h (S');

step S5: if the common node R needs to store the message of this time period, in the following multicast key authentication process, the following calculation is performed:

step S6: the common node R, after receiving the message (2), uses the stored

And received

To verify

When the validity is verified, the common node R stores the message (2) for the verification of the next message; to prevent loss of authentication packets, the method is implemented in advance

Authentication but to guarantee

In the Hash chain to

Can be released only when the user wants to use the system.

A framework aiming at the physical layer authentication of the electric power wireless terminal is designed, a safety protection device and a wireless access safety control device (namely a safety access platform) are added outside an original wireless access point, the safety protection device and the wireless access safety control device cooperate to complete the access of a legal wireless terminal and the blocking of an illegal wireless terminal, and meanwhile, the safety rules of traditional three-layer and four-layer networks are processed. The structure and the position are shown in figure 1:

the authentication framework comprises terminal authentication, data encryption, access authority control and the like.

Terminal authentication: and extracting the fingerprint of the wireless equipment at the wireless end, and performing fingerprint identification and matching at the local end. Recent studies have shown that the radio frequency characteristics of its transmitting device can be extracted by radio electromagnetic waves. As each person has a different fingerprint, the hardware of each rf device will also differ, and this difference in rf hardware is called "wireless device fingerprint".

Data encryption: the message authentication code MACKi is generated by utilizing the encryption scheme of the wireless communication protocol, so that the confidentiality and the integrity of point-to-point communication data of the equipment can be ensured, and the design of a wireless terminal original factory is not damaged.

The message authentication code MACKi generation algorithm is as follows: inputting: a secret key Ki, a message M, wherein the secret key length is l, and the message M is decomposed into data blocks with the size of b; to facilitate the calculation, the data is not made to output: the message authentication code is MACK_i；

Step 1: filling key K with bytes 0x00_iThe tail part of the character string is reached to b;

step 2: carrying out XOR calculation on the b-word length character string generated in the step 1 and the ipad to generate a key character string;

and 3, step 3: filling the message M to the tail part of the key character string generated in the step 2 to generate a message data stream;

and 4, step 4: using a Hash function h () based on the SHA-1 algorithm to act on the message data stream generated in the step 3;

and 5, step 5: carrying out XOR calculation on the b-word length character string generated in the step 1 and the opad;

and 6, step 6: filling the calculation result of the 4 th step into the tail part of the calculation result of the 5 th step;

and 7, step 7: acting a Hash function h (.) on the generated result of the step 6 to obtain a final result MACK_i。

And (3) access authority control: the access control function of the safety control assembly can not only realize the data packet discarding function on the wireless access safety control assembly as the existing safety equipment, but also can link the front-end wireless access safety protection equipment to realize the wireless access blocking function at the front end. The speed of message authentication under the condition that the density of the power equipment is high is improved, the message delay and the message loss rate are reduced, and the loss of a large number of messages due to the fact that timely authentication cannot be achieved under the condition of high traffic density is avoided.

The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (17)

1. A lightweight, efficient identity authentication method, performed by a device A, the method comprising:

responding to the authentication start, and sending an authentication request to a hierarchical identity authentication system HIBE;

calling an identity hierarchical registration function of a hierarchical identity authentication system HIBE to generate public parameters and a master key of identity information of the associated equipment A;

calling a private key grading function of a hierarchical identity authentication system HIBE to generate public parameters of identity information of the associated equipment A and a private key of a master key;

calling an authentication key negotiation function of a hierarchical identity authentication system HIBE, and generating a public key and private key pair based on public parameters of identity information of the associated equipment A, a master key and a private key;

receiving a public key-private key pair of the authentication server B in response to a key agreement request of the authentication server B, and generating a broadcast chain T based on the public key-private key pair of the authentication server B_ASending the information to an authentication server B; receiving a broadcast chain T generated by an authentication server B based on a public key and private key pair of a device A_BIf the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AThen, the authentication server B sends the information that the authentication fails and the authentication server B does not have the legal private key information matched with the alleged identity information to the authentication server B.

2. The method according to claim 1, wherein the generating public parameters and master keys of the identity information of the associated device a specifically includes:

when the k-th layer of the device A needs to be authenticated, the identity hierarchical registration function of the hierarchical identity authentication system HIBE constructs the identity information thereof into

Wherein I_kRepresenting the k-th layer identity information;

if the upper limit of the level number of the hierarchical identity authentication system HIBE is set to be l, then a generator G E G is selected arbitrarily, andrandom number alpha belongs to Z_pThereby obtaining g₁＝g^α；

Further selecting g₂，g₃，h₁，…，h_lE G, get the common parameter p ═ G, (G, G) for device a₁，g₂，g₃，h₁，…，h_l) And generates a master key

3. The method according to claim 2, wherein the generating public parameters of the identity information of the associated device a and the private key of the master key specifically includes: hierarchical identity authentication system HIBE (hierarchical identity authentication protocol) is a k-th layer of equipment A

When generating the pairing private key, randomly selecting r, t epsilon to Z_pAnd simultaneously generating a private key according to the master key and the public parameter:

4. the method of claim 3, wherein the generating a public key and private key pair based on the public parameter of the identity information of the associated device A and the master key and private key specifically comprises:

when the device A is located at the level k (k)<l), the authentication server B is located at a hierarchy level of m (m)<k<l), and the device a and the authentication server B are on the i-th layer 1<i<When l has public node, the public key and the private key of the device A are generated by the private key grading function of the hierarchical identity authentication system HIBE

Wherein the content of the first and second substances,

5. a lightweight, efficient identity authentication method as defined in claim 4, further comprising: device A random selection

According to public key ID of authentication server B_BGenerating a broadcast chain T_AAnd sends it to authentication server B; selecting a new alpha by the device A in the key negotiation process each time;

authentication server B random selection

And according to the public key ID of device A_AGenerating a broadcast chain T_BAnd sends it to device a; selecting a new B by the authentication server B in the key agreement process each time;

device A according to the broadcast chain T_BComputing a shared secret S_A；

Authentication server B according to broadcast chain T_AComputing a shared secret S_B；

The device A and the authentication server B respectively generate session keys

sk_A＝H(ID_A，ID_B，T_A，T_B，S_A) And sk_B＝H(ID_A，ID_B，T_A，T_B，S_B) According to whether a session key SK can be generated or not_AAnd SK_BJudging whether the authentication is successful;

if the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AThen "authentication failure" is issuedThe authentication server B does not have legal private key information matched with the alleged identity information thereof to send the authentication server B;

if the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BThen, the device a is sent the "authentication fails and the device a does not have the legal private key information matched with the asserted identity information".

6. A lightweight, efficient identity authentication method performed by an authentication server B, the method comprising:

responding to an authentication request of the device A, and sending the authentication request to a hierarchical identity authentication system HIBE;

calling an identity hierarchical registration function of a hierarchical identity authentication system HIBE to generate a public parameter and a master key which are related to identity information of an authentication server B;

calling a private key grading function of a hierarchical identity authentication system HIBE to generate a public parameter of the identity information of the associated authentication server B and a private key of a master key;

calling an authentication key negotiation function of a hierarchical identity authentication system HIBE, and generating a public key and private key pair based on public parameters of identity information of an associated authentication server B, a master key and a private key;

in response to device A's key agreement request, device A's public-private key pair is received and broadcast chain T is generated based on device A's public-private key pair_BAnd sending the data to the equipment A; broadcast chain T generated by receiving device A based on public key and private key pair of authentication server B_AIf the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BThen, the device a is sent the "authentication fails and the device a does not have the legal private key information matched with the asserted identity information".

7. The lightweight, efficient identity authentication method according to claim 6, wherein the generating public parameters and master keys associated with the identity information of the authentication server B specifically comprises:

when the m layer of the authentication server needs to be authenticated, the identity hierarchical registration function of the hierarchical identity authentication system HIBE constructs the identity information thereof into

Wherein I_mRepresenting the m-th layer identity information;

if the upper limit of the level number of the hierarchical identity authentication system HIBE is set to be l, a generator G belongs to G and a random number alpha belongs to Z_pThereby obtaining g₁＝g^α；

Further selecting g₂,g₃,h₁,…,h_lE.g., G, and obtaining the public parameter p of the authentication server B as (G, G)₁,g₂,g₃,h₁,…,h_l) And generates a master key

8. The method according to claim 7, wherein the generating a public parameter associated with the identity information of the authentication server B and a private key of a master key specifically comprises:

the hierarchy level realizes the private key hierarchy function of the HIBE system as the mth layer of the authentication server B

When generating the pairing private key, randomly selecting r, t epsilon to Z_pAnd simultaneously generating a private key according to the master key and the public parameter:

9. the method according to claim 8, wherein the generating a public key and a private key pair based on the public parameter of the identity information of the associated authentication server B and the master key and the private key specifically comprises:

when the device A is located at the level k (k)<l), the authentication server B is located at a hierarchy level of m (m)<k<l) and devices A and B are on the ith layer 1<i<l has a common node: the public key and the private key pair of the authentication server B are generated by the private key grading function of the hierarchical identity authentication system HIBE

Wherein

10. A lightweight, efficient method of identity authentication as defined in claim 9, further comprising: device A random selection

According to ID_BGenerating a broadcast chain T_AAnd sends it to authentication server B; selecting a new alpha by the device A in the key negotiation process each time;

authentication server B random selection

And according to the ID_AGenerating a broadcast chain T_BAnd sends it to device a; selecting a new B by the authentication server B in the key agreement process each time;

device A according to the broadcast chain T_BComputing a shared secret S_A；

Authentication server B according to broadcast chain T_AComputing a shared secret S_B；

The device A and the authentication server B respectively generate a session key sk_A＝H(ID_A，ID_B，T_A，T_B，S_A) And sk_B＝H(ID_A，ID_B，T_A，T_B，S_B) According to whether a session key SK can be generated or not_AAnd SK_BJudging whether the authentication is successful;

if the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AIf the authentication fails, the authentication server B does not have the legal private key information matched with the alleged identity information, and the legal private key information is sent to the authentication server B;

if the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BThen, the device a is sent the "authentication fails and the device a does not have the legal private key information matched with the asserted identity information".

11. A lightweight high-efficiency identity authentication method is executed by a hierarchical identity authentication system (HIBE), and is characterized by comprising the following steps:

receiving an authentication request of the equipment A, and generating public parameters and a master key of the identity information of the associated equipment A through an identity hierarchical registration function; generating a public parameter of the associated equipment A and a private key of the master key through a private key grading function according to the public parameter of the identity information of the equipment A and the master key; generating a public key and private key pair based on the public parameters of the associated equipment A and the private key of the master key through an authentication key negotiation function according to the public parameters of the equipment A and the private key of the master key, and sending the public key and private key pair to the authentication server B;

receiving an authentication request of an authentication server B, and generating a public parameter and a master key which are related to identity information of the authentication server B through an identity hierarchical registration function; generating a public parameter of the associated authentication server B and a private key of the master key through a private key grading function according to the public parameter of the identity information of the authentication server B and the master key; generating a public key and private key pair based on the public parameter of the associated authentication server B and the private key of the master key through an authentication key negotiation function according to the public parameter of the authentication server B and the private key of the master key, and sending the public key and private key pair to the equipment A;

in response to device A's key agreement request, device A's public-private key pair is received and broadcast chain T is generated based on device A's public-private key pair_BAnd sending the data to the equipment A; broadcast chain T generated by receiving device A based on public key and private key pair of authentication server B_AIf the session key SK is generated_BIf the authentication success information is sent to the equipment A, the session key SK can not be generated_BIf the authentication fails, the device A does not have the legal private key information matched with the alleged identity information, and the authentication fails, the device A sends the legal private key information to the device A;

receiving a public key-private key pair of the authentication server B in response to a key agreement request of the authentication server B, and generating a broadcast chain T based on the public key-private key pair of the authentication server B_ASending the information to an authentication server B; receiving a broadcast chain T generated by an authentication server B based on a public key and private key pair of a device A_BIf the session key SK is generated_AIf the authentication success information is sent to the authentication server B, the session key SK can not be generated_AThen, the authentication server B sends the information that the authentication fails and the authentication server B does not have the legal private key information matched with the alleged identity information to the authentication server B.

12. A lightweight high-efficiency identity authentication system is characterized by comprising a hierarchical identity authentication system HIBE, a device A and an authentication server B, wherein the hierarchical identity authentication system HIBE is respectively in communication connection with the device A and the authentication server B, and the device A is in communication connection with the authentication server B;

the device A sends an authentication request to a hierarchy level identity authentication system HIBE; the hierarchical identity authentication system HIBE generates public parameters and a master key of the identity information of the associated equipment A through an identity hierarchical registration function; the hierarchical identity authentication system HIBE generates a public parameter of the associated equipment A and a private key of a master key through a private key hierarchical function; the hierarchical identity authentication system HIBE generates a public key and private key pair based on the public parameters of the associated equipment A and the private key of the master key through an authentication key negotiation function;

the authentication server B sends an authentication request to a hierarchy level identity authentication system HIBE; the hierarchical identity authentication system HIBE generates public parameters and a master key related to the identity information of the authentication server B through an identity hierarchical registration function; the hierarchical identity authentication system HIBE generates a private key associating public parameters of an authentication server B with a master key through a private key hierarchical function; the hierarchical identity authentication system HIBE generates a public key and private key pair based on the public parameters of the associated authentication server B and the private key of the master key through an authentication key negotiation function;

the device A receives a key negotiation request of the authentication server B, receives a public key and private key pair of the authentication server B, and generates a broadcast chain T based on the public key and private key pair of the authentication server B_ASending the information to an authentication server B; receiving a broadcast chain T generated by an authentication server B based on a public key and private key pair of a device A_BIf the session key SK is generated_AIf the hierarchical identity authentication system HIBE sends successful authentication information to the authentication server B, the hierarchical identity authentication system HIBE can not generate the session key SK_AIf the hierarchical identity authentication system HIBE sends the authentication failure and the authentication server B does not have the legal private key information matched with the alleged identity information to the authentication server B, the hierarchical identity authentication system HIBE sends the legal private key information to the authentication server B;

the authentication server B receives the key negotiation request of the device A, receives the public key and private key pair of the device A, and generates a broadcast chain T based on the public key and private key pair of the device A_BAnd sending the data to the equipment A; broadcast chain T generated by receiving device A based on public key and private key pair of authentication server B_AIf the session key SK is generated_BThe hierarchical identity authentication system HIBE sends successful authentication information to the equipment A, and if the session key SK cannot be generated_BThen, the hierarchical identity authentication system HIBE sends "authentication failed and the device a does not have the legal private key information matched with the purported identity information" to the device a.

13. A lightweight, efficient identity authentication system as recited in claim 12, further comprising:

device A random selection

According to public key ID of authentication server B_BGenerating a broadcast chain T_AAnd sends it to authentication server B; selecting a new alpha by the device A in the key negotiation process each time;

authentication server B random selection

And according to the ID_AGenerating a broadcast chain T_BAnd sends it to device a; selecting a new B by the authentication server B in the key agreement process each time;

device A is according to T_BComputing a shared secret S_A；

Authentication server B according to T_AComputing a shared secret S_B；

The device A and the authentication server B respectively generate a session key sk_A＝H(ID_A，ID_B，T_A，T_B，S_A) And sk_B＝H(ID_A，ID_B，T_A，T_B，S_B) According to whether a session key SK can be generated or not_AAnd SK_BAnd judging whether the authentication is successful.

14. A lightweight, efficient identity authentication system as claimed in claim 12, wherein said broadcast chain T_BThe generation method specifically comprises the following steps: a Hash chain pre-distribution step; a Hash chain using step; and a Hash chain expanding step.

15. The lightweight, efficient identity authentication system of claim 14, wherein the Hash chain pre-assigning step specifically comprises: the authentication server B needs to generate a random value in advance

As a seed, generating a Hash chain according to the self requirement of the network:

before the node equipment is deployed, all the common nodes R need to be stored in advance

Thus, the common node R authenticates the broadcast key according to the unidirectional property of the Hash chain.

16. The system according to claim 14, wherein the Hash chain using step specifically comprises: if the number of used Hash chains does not exceed the specified number n₀Then, the use mode of the Hash chain is unchanged; the authentication server B needs to release broadcast data in a specified time period, then the common node R needs to receive and store the data first, and then waits for the authentication server B to authenticate the data in a subsequent time period, wherein the authentication mode is that the authentication server B broadcasts a related key.

17. The lightweight, efficient identity authentication system of claim 14, wherein the Hash chain expansion step specifically comprises:

step S1: when the Hash chain is used

When (at this time, the common node R is stored with

) The authentication server B selects a new random seed according to the formula (1)

And generating a new Hash chain using the random value:

step S2: on the basis of ensuring the authenticable characteristic of the Hash chain, the Hash is required to be matchedRedeploying; at this time, the authentication server B calculates first

And

then calculate

Step S3: after the common node R receives the broadcast message, if

Then store

And discard

Meanwhile, storing the received broadcast message for message verification of the next stage; when the Hash chain is used

Time, calculate

Step S4: after the common node R receives the message, if

Then store

And discard

At the same time, utilize

Calculating the verification code of the message at the last stage and verifying the validity of the message to verify the validity of the stored information S 'in the last time period, and simultaneously verifying the validity of S' by means of S '═ h (S');

step S5: if the common node R needs to store the message of this time period, in the following multicast key authentication process, the following calculation is performed:

step S6: the common node R, after receiving the message (2), uses the stored

And received

To verify

When the validity is verified, the common node R stores the message (2) for the verification of the next message; to prevent loss of authentication packets, the method is implemented in advance

Authentication but to guarantee

In the Hash chain to

Can be released only when the user wants to use the system.

Images