CN112423295A - Lightweight security authentication method and system based on block chain technology - Google Patents

Abstract

A lightweight security authentication method and system based on block chain technology, the authentication method includes storing certificates of intelligent mobile terminals in classification, so that certificates of the same organization information are stored in the same block chain; constructing an identity authentication message, signing the identity authentication message of the newly-accessed intelligent mobile terminal B by using an ECC algorithm, and sending the signed identity authentication message to the opposite intelligent mobile terminal; the intelligent mobile terminal A receives the message, detects the certificate of the intelligent mobile terminal B, judges whether the certificate is a legal certificate or not, if the certificate is successfully authenticated by a legal rule, and if the certificate is illegal, the intelligent mobile terminal A refuses to join the network; the certificates are broadcasted to update the certificates of other intelligent mobile terminals, and the transmitted certificates are encrypted by using the CTR mode based on the SM4 algorithm, so that real-time updating and safe transmission of the certificates are realized. The invention also provides a system for realizing the method. The invention can realize higher security by safer certificate storage, shorter key length and smaller calculation amount.

Description

Lightweight security authentication method and system based on block chain technology

Technical Field

The invention belongs to the field of mobile internet, and relates to a lightweight security authentication method and system based on a block chain technology.

Background

In recent years, with the rapid development of mobile internet and the rapid growth of mobile applications, Android devices have become the most common internet access tools for people. Under the background of the era of mobile internet, intelligent mobile terminals have been incorporated into people's daily lives. People use the intelligent mobile terminal to carry out mobile payment, online shopping, online meeting, movie and television shooting and the like. In modern smart cities, Android devices interact remotely through base stations, with the devices under each base station communicating over a single wireless transmission channel, such as a cellular network. Due to the openness and the expandability of the Android intelligent mobile terminal, the Android equipment is vulnerable to attackers. A large number of manufacturers choose to develop their mobile devices by customizing the original Android system, which also results in a severe disruption of the Android ecosystem. In order to ensure the safety of the Android device, identity authentication of the Android device is an effective solution. The identity authentication can prevent unauthorized users from entering the system, and ensure that only the intelligent mobile terminal with legal identity can enter the block chain network. The identity authentication is to verify the identity of the intelligent mobile terminal by issuing a certificate and a certificate signature. Theoretically, the method can effectively prevent illegal intelligent mobile terminals from entering the network, and meanwhile, attackers are prevented from stealing authentication information.

Traditional authentication mechanisms can resist partial attacks, but still have many problems: first, a large amount of computing and storage resources are wasted. The traditional user authentication protocol based on the RSA public key system and the Diffie-Hellman key agreement consumes a lot of computing and storage resources, which requires higher hardware equipment requirements for the intelligent mobile terminal. Meanwhile, the operation efficiency of the Android device during the authentication of the intelligent mobile terminal is greatly reduced, and the intelligent mobile terminal cannot perform big data analysis or massive information processing. Second, the security is low. The traditional authentication mechanism can only resist some common attacks, but has no resistance to some more complex attacks or needs to consume huge resources. Third, it is easily tampered with. Due to the openness of the Android device, when the Android device sends a message to other devices, the message is easily tampered, and the Android device cannot verify the correctness of the message. If the information transmitted between the intelligent mobile terminals cannot be encrypted and protected, great potential safety hazards exist, and immeasurable loss is generated. In the current identity authentication mechanism, the problem that a key is easily tampered in the authentication process between Android devices is not solved, and meanwhile, the authentication security cannot be realized. Using only a resource-intensive authentication scheme is not sufficient to protect smart mobile terminal users from attacks.

Disclosure of Invention

The present invention provides a lightweight security authentication method and system based on a block chain technique, which can achieve higher security with safer certificate storage, shorter key length, and smaller calculation amount, aiming at the problems of higher storage resource consumption and lower security of the identity authentication mechanism in the prior art.

In order to achieve the purpose, the invention has the following technical scheme:

a lightweight security authentication method based on a block chain technology comprises the following steps:

step one, classified storage is carried out on intelligent mobile terminal certificates, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;

secondly, constructing an identity authentication message, signing the identity authentication message of the newly-accessed intelligent mobile terminal B by using an ECC algorithm, and sending the signed identity authentication message to the opposite intelligent mobile terminal A;

step three, the intelligent mobile terminal A receives the signed identity authentication message, detects the certificate of the intelligent mobile terminal B, judges whether the certificate is a legal certificate, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, adds the number of the intelligent mobile terminal B to the list of the intelligent mobile terminals which have accessed the network, and if the certificate is illegal, refuses to join the network;

and step four, broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other intelligent mobile terminals, and encrypting the transmitted certificate by using the CTR mode based on the SM4 algorithm to realize real-time updating and safe transmission of the certificate.

Preferably, in the authentication process, whether the intelligent mobile terminals of the two parties belong to a unified organization is judged, and if the intelligent mobile terminals of the two parties belong to the unified organization, the inquiry or the exchange of certificates is allowed; then distributing the certificate, and generating an X.509CA root certificate in a PEM format by an OpenSSL (public switched socket layer socket) according to a self-issuing function; and the CA issues the certificate request files of the intelligent mobile terminal A and the intelligent mobile terminal B to generate digital certificates.

Preferably, in the second step, the intelligent mobile terminal a first generates a random number r, and sends the random number r and the identity identifier ID_ATime stamp T_ACombining the identity authentication request messages; then, the message m is generated by using the public key encryption of the intelligent mobile terminal B and the private key signature of the intelligent mobile terminal A_r。

Preferably, the message m_rCalculated according to the following formula:

m_r＝{E_privA(E_pubB(r||ID_A||T_A))}

where, | | represents a data connector, E_privA(E_pubB(r||ID_A||T_A) ID) an identity number representing the smart mobile terminal a_ATime stamp T_AAnd encrypting the random number r by a public key of the intelligent mobile terminal B and signing by a private key of the intelligent mobile terminal A.

Preferably, in the third step, the public key of the smart mobile terminal a is used to decrypt the authentication request message m sent by the smart mobile terminal B_rThe calculation formula is as follows:

D_pubA((r||ID_A||T_A))＝(r||ID_A||T_A)

where | represents a data connector.

Preferably, the third step is to compare the timestamp T of the smart mobile terminal a first_ATimestamp T with intelligent mobile terminal B_BIf T is_B＜T_AIf the difference value of the two is within a reasonable time delay range, verifying whether the random number r is used by the intelligent mobile terminal A; if the random number r is not used, the intelligent mobile terminal A adds the random number r to a random number list used by the intelligent mobile terminal A through verification, and adds the serial number ID of the intelligent mobile terminal A_AAdding the calculation formula into the intelligent mobile terminal list as follows:

in the formula, U is an intelligent mobile terminal list, and R is a random number list used by the intelligent mobile terminal a.

Preferably, the third step authenticates the certificate of the smart mobile terminal a according to the following formula:

Ver_k(A，S)＝1→m_r＝{E_privB(E_pubA(r′||ID_B||T_B))}

authenticating the certificate A of the intelligent mobile terminal according to the prestored ECC digital certificate, if the Ver is_kIf the (A, S) is 1, the verification is successful; the intelligent mobile terminal B sends an authentication request message m of the intelligent mobile terminal B to the intelligent mobile terminal A_r′；

Repeating the authentication process to realize bidirectional authentication between the intelligent mobile terminals;

the following calculation verifies whether the signature of the intelligent mobile terminal A is correct:

preferably, the step four of CTR mode encryption based on SM4 algorithm includes the following steps:

the intelligent mobile terminal A firstly cuts the plaintext data P into n plaintext variables P₁，P₂，...，P_nGenerating Key X of HMAC₀＝E_k(T₀) Performing hash calculation on the counting sequence

Then, for plaintext data i 1, 2.., n-1, ciphertext variables are generated:

1, 2.. n-1, generating cipher text variables for less than 128-bit plaintext blocks

Then, the ciphertext variable is intercepted according to the plaintext data to obtain a final ciphertext variable C_n(ii) a And then carrying out HMAC (high-rate memory access) on the ciphertext message and the initial counter to obtain H ═ HMAC (X)₀，C||T₀) (ii) a Finally, the cipher text variable, the counter and the message abstract variable are connected C₁||C₂||...C_n||T₀And | H forms ciphertext data and sends the ciphertext data to the intelligent mobile terminal B.

Preferably, in the fourth step, the intelligent mobile terminal B first decomposes the received message into a ciphertext message C and an initial counter T₀Generating a key X of the HMAC simultaneously with a message digest variable H₀＝E_k(T₀) (ii) a Then generating a ciphertext message and a message digest of the initial counter; judging whether the message digest is consistent with the received message digest, and if not, directly discarding the plaintext message; if they are consistent, the cipher text is countedDecomposition of data into ciphertext variables C₁，C₂，...，C_nAnd encrypting the counting sequence

Generating plaintext variables for plaintext data

Intercepting plaintext variable to generate P_n(ii) a Finally, P is added₁，P₂，...P_nAnd forming plaintext data to complete the safe communication between the intelligent mobile terminal A and the intelligent mobile terminal B.

The invention also provides a lightweight security authentication system based on the block chain technology, which comprises the following steps:

the intelligent mobile terminal certificate classified storage module is used for storing the intelligent mobile terminal certificates in a classified manner, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;

the identity authentication message construction module is used for signing the identity authentication message of the newly-accessed intelligent mobile terminal B by utilizing an ECC algorithm and sending the signature to the opposite intelligent mobile terminal A;

the authentication module is used for detecting the certificate of the intelligent mobile terminal B after the intelligent mobile terminal A receives the signature, judging whether the certificate is a legal certificate or not, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, the number of the intelligent mobile terminal B is added to the list of the accessed intelligent mobile terminals, and if the certificate is illegal, the intelligent mobile terminal A refuses to join the network;

and the certificate updating and transmitting module is used for broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other intelligent mobile terminals, and encrypting the transmitted certificate by using the CTR mode based on the SM4 algorithm to realize real-time updating and safe transmission of the certificate.

Compared with the prior art, the invention has the following beneficial effects:

1) has the characteristics of light weight and safety. The invention does not need to consume a large amount of computing resources, converts the long secret key and the RSA digital certificate with low safety of the traditional method into the ECC digital certificate on the whole thinking, has less computing resource consumption by using an identity authentication mechanism based on the ECC algorithm, and has the speed of generating the secret key about 10 times of that of the RSA algorithm. And the same security can be realized under the condition of shorter key length, and the authentication speed is greatly improved.

2) Has the characteristic of being not tampered. The invention stores the certificate in the block chain, classifies and stores the certificate according to different organization information, and effectively improves the access efficiency of the certificate by storing and inquiring the certificate through the block chain. In addition, the block chain has the characteristic of being not tampered, so that the certificate is prevented from being tampered in the authentication process.

3) A highly robust message broadcast. The invention can encrypt the broadcast message of the certificate which is successfully authenticated, can encrypt and decrypt in parallel by the communication encryption method based on the SM4-CTR mode, can improve the encryption and decryption efficiency, and realizes the safe communication method which supports high real-time performance and tolerates disorder of the ciphertext.

Drawings

FIG. 1 is an overall flow diagram of the security authentication method of the present invention;

FIG. 2 is a schematic diagram of the smart mobile terminal certificate store of the present invention;

FIG. 3 is a flowchart illustrating the identity authentication of an intelligent mobile terminal according to the present invention;

FIG. 4 is a time consuming diagram of the present invention for verifying a signature.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples.

The lightweight security authentication method based on the block chain technology mainly comprises three stages: pre-stored certificate information, identity authentication and broadcasting certificate encryption based on the CTR mode.

Firstly, storing certificates of two authentication parties to a block chain to realize high security of the certificates in the authentication process, then realizing lightweight security characteristics by using an authentication mechanism based on an ECC algorithm, completing the lightweight security authentication process by encrypting the cochain intelligent mobile terminal broadcasting the certificates to other nodes after the authentication is successful, and simultaneously giving a specific attack model.

The method and the device are realized by adopting ECC authentication scheme codes developed by an OpenSSL development software package in the embodiment, and can distribute certificates for the intelligent mobile terminal.

Referring to fig. 1, the lightweight security authentication method based on the block chain technology of the present invention includes the following steps:

step one, storing a certificate;

(1a) private keys of the authentication center CA and the intelligent mobile terminal A, B are generated by using an ECC key generation algorithm, and meanwhile, a CA root certificate is generated by using the self-issuing certificate function of the OpenSSL software library. A certificate request file is generated through a private key of the smart mobile terminal A, B, and then the CA is used to issue the request file of the smart mobile terminal A, B to generate an ECC digital certificate of the smart mobile terminal A, B.

(1b) And in the subsequent authentication process, only two parties with the same organization attribute can execute inquiry and exchange operations to find the storage block of the other party and acquire the certificate information.

Referring to fig. 2, an intelligent mobile terminal has a corresponding organization information, and the intelligent mobile terminals with different organization information are classified and stored in different block chains.

Step two, identity authentication;

(2a) constructing an identity authentication request message according to the result of (1b) the intelligent mobile terminal storing the certificate information, wherein the identity authentication request message comprises a random number r and an identity identifier ID_ATime stamp T_AAnd encrypting the identity authentication request message by using an ECC algorithm and sending the encrypted identity authentication request message to the intelligent mobile terminal B. After the intelligent mobile terminal B decrypts the message, firstly, whether the timestamp of the intelligent mobile terminal A is in a time delay range is judged, if the timestamp of the intelligent mobile terminal A meets the requirement, whether the random number is used is judged, and if not, the authentication fails. And if the random number is not used, judging the validity of the certificate of the intelligent mobile terminal A by using an ECDSA signature algorithm. And if the certificate is legal, performing identity authentication of the intelligent mobile terminal A, otherwise, failing to perform authentication.

Referring to fig. 3, the steps of performing identity authentication on the intelligent mobile terminal in the present invention are as follows:

(2a1) encrypting the identity authentication request message:

m_r＝{E_privA(E_pubB(r||ID_A||T_A))} <1>

(2a2) decrypting the identity authentication request message by using the public key of the intelligent mobile terminal A:

D_pubA((r||ID_A||T_A))＝(r||ID_A||T_A) <2>

(2a3) the timestamp is within the experimental range and the random number is not used, add the smart mobile terminal number and the random number to the used list:

(2a4) judging whether the certificate is legal:

(2b) and authenticating the certificate of the intelligent mobile terminal A according to the prestored ECC digital certificate. If Ver_kIf (A, S) ═ 1, the verification is successful. The intelligent mobile terminal B sends an authentication request message m of the intelligent mobile terminal B to the intelligent mobile terminal A_r' repeating the authentication process to realize the bidirectional authentication between the intelligent mobile terminals.

Step three, encrypting a broadcast certificate based on the CTR mode;

(3a) and (3) obtaining plaintext data of the intelligent mobile terminal A in the step (2b), carrying out hash calculation on the counter sequence by utilizing a hash algorithm, and carrying out XOR on the counter sequence and the plaintext sequence to generate a ciphertext. And then intercepting the ciphertext variable according to the plaintext data to obtain a final ciphertext variable. And finally, carrying out HMAC on the ciphertext message and the initial counter to obtain a message digest variable H.

(3a1) Cutting plaintext data P into n plaintext variables P₁，P₂，P₃，...，P_n；

(3a2) Performing hash calculation on the counting sequence:

(3a3) generating a ciphertext variable:

(3a4) generating a message digest variable:

H＝HMAC(X₀，C||T₀) <7>

and connecting the ciphertext data, the counter and the message digest variable to form ciphertext data and sending the ciphertext data to the intelligent mobile terminal B.

(3b) And receiving the ciphertext data, decomposing the message, and generating the ciphertext message and the message digest of the initial counter. And judging whether the message digest is consistent with the received message digest. If so, the count sequence is encrypted. Otherwise, the ciphertext data is discarded. And generating a plaintext variable for the ciphertext data, and intercepting the plaintext variable.

(3b1) And (3) generating a message abstract:

H′＝HMAC(X₀，C||T₀) <8>

(3b2) encryption of the count sequence:

(3b3) generating a plaintext variable:

finally, intercepting the plaintext variable P₁，P₂，P₃，...，P_nAnd forming plaintext data to finish encryption of the broadcast certificates of the other intelligent mobile terminals of the intelligent mobile terminal A.

The invention also provides a lightweight security authentication system based on the block chain technology, which comprises the following steps:

the intelligent mobile terminal certificate classified storage module is used for storing the intelligent mobile terminal certificates in a classified manner, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;

the identity authentication message construction module is used for signing the identity authentication message of the newly-accessed intelligent mobile terminal B by utilizing an ECC algorithm and sending the signature to the opposite intelligent mobile terminal A;

the authentication module is used for detecting the certificate of the intelligent mobile terminal B after the intelligent mobile terminal A receives the signature, judging whether the certificate is a legal certificate or not, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, the number of the intelligent mobile terminal B is added to the list of the accessed intelligent mobile terminals, and if the certificate is illegal, the intelligent mobile terminal A refuses to join the network;

and the certificate updating and transmitting module is used for broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other terminals, and encrypting the transmitted certificate by using the CTR mode based on the SM4 algorithm to realize real-time updating and safe transmission of the certificate.

Referring to fig. 4, the length of the ECC key selected by the present invention is 256bits, and the length of the RSA key is 2048bits, and compared with the conventional RSA-based authentication method, the authentication method of the present invention can achieve faster authentication with a shorter key length, and when the number of experiments is larger, the average time consumed by the ECC authentication method is shorter.

The above description is only a preferred embodiment of the present invention, and is not intended to limit the technical solution of the present invention, and it should be understood by those skilled in the art that the technical solution can be modified and replaced by a plurality of simple modifications and replacements without departing from the spirit and principle of the present invention, and the modifications and replacements also fall within the protection scope covered by the claims.

Claims (10)

1. A lightweight security authentication method based on a block chain technology is characterized by comprising the following steps:

step one, classified storage is carried out on intelligent mobile terminal certificates, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;

secondly, constructing an identity authentication message, signing the identity authentication message of the newly-accessed intelligent mobile terminal B by using an ECC algorithm, and sending the signed identity authentication message to the opposite intelligent mobile terminal A;

step three, the intelligent mobile terminal A receives the signed identity authentication message, detects the certificate of the intelligent mobile terminal B, judges whether the certificate is a legal certificate, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, adds the number of the intelligent mobile terminal B to the list of the intelligent mobile terminals which have accessed the network, and if the certificate is illegal, refuses to join the network;

and step four, broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other intelligent mobile terminals, and encrypting the transmitted certificate by using the CTR mode based on the SM4 algorithm to realize real-time updating and safe transmission of the certificate.

2. The lightweight security authentication method based on the blockchain technology of claim 1, wherein: judging whether the intelligent mobile terminals of the two parties belong to a unified organization or not in the authentication process, and if so, allowing the inquiry or exchange of certificates; then distributing the certificate, and generating an X.509CA root certificate in a PEM format by the OpenSSL according to the self-issuing function; and the CA issues the certificate request files of the intelligent mobile terminal A and the intelligent mobile terminal B to generate digital certificates.

3. The lightweight security authentication method based on the blockchain technology of claim 1, wherein: secondly, the intelligent mobile terminal A firstly generates a random number r and sends the random number r and the identity identifier ID_ATime stamp T_ACombining the identity authentication request messages; then, the message m is generated by using the public key encryption of the intelligent mobile terminal B and the private key signature of the intelligent mobile terminal A_r。

4. The blockchain-based technology of claim 3A lightweight security authentication method for a surgery, characterized in that said message m_rCalculated according to the following formula:

m_r＝{E_privA(E_pubB(r||ID_A||T_A))}

where, | | represents a data connector, E_privA(E_pubB(r||ID_A||T_A) ID) an identity number representing the smart mobile terminal a_ATime stamp T_AAnd encrypting the random number r by a public key of the intelligent mobile terminal B and signing by a private key of the intelligent mobile terminal A.

5. The lightweight security authentication method based on the blockchain technology as claimed in claim 3, wherein the third step decrypts the authentication request message m sent by the smart mobile terminal B by using the public key of the smart mobile terminal a_rThe calculation formula is as follows:

D_pubA((r||ID_A||T_A))＝(r||ID_A||T_A)

where | represents a data connector.

6. The lightweight security authentication method based on blockchain technology as claimed in claim 1, wherein said third step is to compare the timestamp T of the smart mobile terminal a first_ATimestamp T with intelligent mobile terminal B_BIf T is_B＜T_AIf the difference value of the two is within a reasonable time delay range, verifying whether the random number r is used by the intelligent mobile terminal A; if the random number r is not used, the intelligent mobile terminal A adds the random number r to a random number list used by the intelligent mobile terminal A through verification, and adds the serial number ID of the intelligent mobile terminal A_AAdding the calculation formula into the intelligent mobile terminal list as follows:

in the formula, U is an intelligent mobile terminal list, and R is a random number list used by the intelligent mobile terminal a.

7. The lightweight security authentication method based on the blockchain technology as claimed in claim 1, wherein the certificate of the smart mobile terminal a is authenticated according to the following formula:

Ver_k(A，S)＝1→m_r＝{E_privB(E_pubA(r′||ID_B||T_B))}

authenticating the certificate A of the intelligent mobile terminal according to the prestored ECC digital certificate, if the Ver is_kIf the (A, S) is 1, the verification is successful; the intelligent mobile terminal B sends an authentication request message m of the intelligent mobile terminal B to the intelligent mobile terminal A_r′；

Repeating the authentication process to realize bidirectional authentication between the intelligent mobile terminals;

the following calculation verifies whether the signature of the intelligent mobile terminal A is correct:

8. the lightweight security authentication method based on blockchain technology as claimed in claim 1, wherein said step four of CTR mode encryption based on SM4 algorithm comprises the steps of:

the intelligent mobile terminal A firstly cuts the plaintext data P into n plaintext variables P₁，P₂，...，P_nGenerating Key X of HMAC₀＝E_k(T₀) Performing hash calculation on the counting sequence

Then, for plaintext data i 1, 2.., n-1, ciphertext variables are generated:

generating ciphertext variables for less than 128-bit plaintext blocks

Then, the ciphertext variable is intercepted according to the plaintext data to obtain a final ciphertext variable C_n(ii) a And then carrying out HMAC (high-rate memory access) on the ciphertext message and the initial counter to obtain H ═ HMAC (X)₀，C||T₀) (ii) a Finally, the cipher text variable, the counter and the message abstract variable are connected C₁||C₂||...C_n||T₀And | H forms ciphertext data and sends the ciphertext data to the intelligent mobile terminal B.

9. The lightweight security authentication method based on the block chaining technique as claimed in claim 8, wherein said intelligent mobile terminal B in step four first decomposes the received message into a ciphertext message C and an initial counter T₀Generating a key X of the HMAC simultaneously with a message digest variable H₀＝E_k(T₀) (ii) a Then generating a ciphertext message and a message digest of the initial counter; judging whether the message digest is consistent with the received message digest, and if not, directly discarding the plaintext message; if so, decomposing the ciphertext data into ciphertext variables C₁，C₂，...，C_nAnd encrypting the counting sequence

Generating plaintext variables for plaintext data

Intercepting plaintext variable to generate P_n(ii) a Finally, P is added₁，P₂，...P_nAnd forming plaintext data to complete the safe communication between the intelligent mobile terminal A and the intelligent mobile terminal B.

10. A lightweight security authentication system based on block chaining technology, comprising:

the intelligent mobile terminal certificate classified storage module is used for storing the intelligent mobile terminal certificates in a classified manner, so that the intelligent mobile terminal certificates with the same organization information are stored in the same block chain;

the identity authentication message construction module is used for signing the identity authentication message of the newly-accessed intelligent mobile terminal B by utilizing an ECC algorithm and sending the signature to the opposite intelligent mobile terminal A;

the authentication module is used for detecting the certificate of the intelligent mobile terminal B after the intelligent mobile terminal A receives the signature, judging whether the certificate is a legal certificate or not, if the certificate is legal, the intelligent mobile terminal A successfully authenticates, the number of the intelligent mobile terminal B is added to the list of the accessed intelligent mobile terminals, and if the certificate is illegal, the intelligent mobile terminal A refuses to join the network;

and the certificate updating and transmitting module is used for broadcasting the certificate of the intelligent mobile terminal B to update the certificates of other intelligent mobile terminals, and encrypting the transmitted certificate by using the CTR mode based on the SM4 algorithm to realize real-time updating and safe transmission of the certificate.

Images