CN112468983A

CN112468983A - Low-power-consumption access authentication method for intelligent equipment of power internet of things and auxiliary device thereof

Info

Publication number: CN112468983A
Application number: CN202011501163.XA
Authority: CN
Inventors: 赵百捷; 曾四鸣; 赵建利; 王卓然; 刘婷; 冯海燕; 王志辉
Original assignee: State Grid Corp of China SGCC; Electric Power Research Institute of State Grid Hebei Electric Power Co Ltd
Current assignee: State Grid Corp of China SGCC; Electric Power Research Institute of State Grid Hebei Electric Power Co Ltd
Priority date: 2020-12-18
Filing date: 2020-12-18
Publication date: 2021-03-09
Anticipated expiration: 2040-12-18
Also published as: CN112468983B

Abstract

The invention discloses an STD access authentication method and an auxiliary device thereof for an electric power Internet of things, and belongs to the electric power Internet of thingsThe method comprises a server preliminary authentication stage and a terminal authentication stage, wherein the server preliminary authentication stage comprises the steps of inquiring a designated gateway and a terminal, calculating a one-time identifier, calculating anti-tampering CAAS authentication credential information and encrypting a gateway ID_gAnd sending an access instruction. In the technical scheme of the invention, in the aspect of computing resource consumption, the SGW needs less computing resources to finish identity authentication and key agreement. The short-distance wireless communication device only needs three times of hash operation to finish identity authentication, and both communication parties do not need to store information of the other party in advance in the aspect of storage resource consumption, so that a large amount of storage space can be saved, and particularly when the STD (standard deviation) required to be linked by the gateway is more, the saved storage resources are more, and in the aspect of communication resources.

Description

Low-power-consumption access authentication method for intelligent equipment of power internet of things and auxiliary device thereof

Technical Field

The invention belongs to the technical field of electric power Internet of things safety communication, and particularly relates to an access authentication method and an auxiliary device of electric power Internet of things intelligent terminal equipment.

Background

The intelligent terminal devices such as massive intelligent sensors, electric energy meters, controllers, charging piles, electricity selling terminals and the like deployed in the power grid are called STDs for short hereinafter, and a huge power internet of things is formed. The STD region has wide distribution range, large variety and quantity in terms of spatial distribution characteristics, but is usually deployed in a relatively small equipment room or distribution cabinet in a set or group in part. In view of this, in the prior art, an intelligent gateway, referred to as SGW hereinafter, is used to transfer a certain number of STDs, routes or relays, within a certain local range, to an upstream public network of the power internet of things. Obviously, in this scenario, when the SGW and the STD communicate with each other via short-range wireless, the cost for constructing and maintaining the system can be reduced.

However, when communication is performed using short-range wireless, the prior art has the following problems: 1. an external attacker can attack the electric power Internet of things system through a short-distance wireless network between the SGW and the STD, so that the safety of the electric power system is damaged, and the safety is poor; 2. the calculation consumes more resources and occupies large storage space. 3. A network attacker can identify and track the specified equipment through key information such as equipment ID and the like, analyze the running state of the specified equipment and acquire sensitive information of a user related to the equipment.

Disclosure of Invention

The invention aims to provide a low-power-consumption access authentication method for intelligent equipment of the power internet of things. The method can meet the safety requirements of bidirectional identity authentication of SGW and STD of the power Internet of things and prevention of equipment data tracking under the assistance of a cloud assistant authentication server (hereinafter referred to as CAAS) serving as an auxiliary device. And the performance requirements of lower computing, communication and storage resource consumption when the SGW and the STD carry out bidirectional identity authentication are met.

The embodiment of the first aspect of the invention provides a low-power-consumption access authentication method for intelligent equipment of an electric power internet of things, which comprises the following steps:

the CAAS sends a first message containing the one-time identity of the SWG, the one-time identity of the specified STD and the one-time certificate of the second message to the specified SWG in a first session symmetrically encrypted by a first key; the SWG forwards the one-time identity, the one-time certificate and the one-time verification information of the SWG to the STD through the second message in a second session; the STD verifies the second message through the one-time certificate and sends one-time response information for solving the one-time verification information to the SWG in a third session symmetrically encrypted through a second key;

wherein the first key is elliptically signed by the long-term identities of the CAAS and the SWG, the one-time credential is elliptically signed by the long-term identities of the CAAS and the SWG, and the second key is elliptically signed by the one-time identities of the SWG and the STD; the one-time identities of the SWG and the STD are created by the CAAS for their long-term identities based on the same salting operation.

The elliptic signature described herein is different from the ECDSA in the prior art, and the elliptic signature herein is a point-to-point hybrid signature, i.e., a signer provides a proof of witness to a complete message content to a verifier, and others except the verifier cannot read even if the public key of the signer is taken. The signer provides witness certificate for the whole information content, and the verifier verifies the witness certificate to know the correctness and integrity of the received information content, namely, the witness certificate is the same as the witness content of the signer. It is readily understood that the data on the transmission link comprises said information content and witness certificates for the information content. The process of implementing the text elliptic signature including signature and verification at least needs to have a prime number domain elliptic curve E_pA base point G on (a, b), a predetermined rule and a predetermined one-way hash function. Specifically, one process of elliptic signature herein is to assign an identity (Q, Q) in the form of a key pair to each of the signer and the verifier, where the private key Q is an element field F_pThe random large number is used for signing and verifying the signature, and a determined prime number domain elliptic curve E is selected_pThe base point G on (a, b) and the public key Q ═ Q · G are used for public switching. The signer uses the dot product of the private key of the signer and the public key of the opposite party as a signature identification K to be put into summary data through a preset rule combination, other data in the summary data are witness information, and a preset one-way hash function is used for processing the summary data to obtain a witness certificate. The witness certificate is freely forwarded to the designated verifier in the network link, and each summary item in the summary data can be provided to the designated verifier by the same or different equipment at the same time or at different times. After obtaining the data except K in the abstract data, the verifier calculates a local signature identification K 'by multiplying the public key point of the signer by the private key of the verifier, replaces the K with K', combines the local abstract data according to the same preset rule, processes the local abstract data by using the same preset one-way hash function,and comparing the local result with the received witness certificate, and if the local result is consistent with the received witness certificate, confirming the integrity and correctness of the local summary data. It is easy to understand that, in the above process, when the digest data only includes K, the verification is necessarily consistent due to the consistency of the preset rule of G, the combined digest data, and the preset one-way hash function. It is readily appreciated that one purpose of the elliptic signature herein is to let the verifier know that summary items obtained from various places, which are not repudiatable, have been witnessed by the signer. Another purpose of the elliptic signature is to let the verifier know that the summary items obtained from all over are completely witnessed by the same signer in the same batch, and the relationship between the summary items is not repudiatable. It will be readily appreciated that the preset rules may include one-way information processing, such as one-way hash functions, to face complex information exchange requirements, and that the preset one-way hash functions may use more complex one-way encryption processes to balance complexity and computational resource consumption.

It can be seen that, for the access authentication method of the intelligent device of the power internet of things, the idea of at least one aspect is to change the method flow of the existing access authentication method, that is, when an access request for accessing a specified STD to a specified SWG is responded, the one-time identity of the specified SWG and the specified STD and the one-time certificate are created and sent to the specified SWG through a first message; the appointed SWG creates a second message containing the one-time certificate and the one-time verification information according to the first message and sends the second message to an appointed STD; the designated STD verifies the integrity of the second message according to the one-time certificate, creates a third message containing one-time response information and sends the third message to the designated STD; and the designated SWG verifies the identity of the designated STD according to the one-time response information to obtain an access authentication result of the designated STD. The process does not necessarily require auxiliary devices other than STDs and SWGs.

In some preferred embodiments, the process of access authentication of the smart device of the power internet of things comprises the following three stages:

the first stage, system initialization and device registration stage. At this stage, the SGW or STD, which completes access authentication using the method herein, registers basic information in the CAAS. It will be appreciated that such registration need not be permanent, and that the same SGW or STD may replace its basic information at a time that is not outside of the other stages below. In some preferred embodiments, the basic information of the SGW or STD includes at least one long-term identity to identify the identity of the two communicating parties in the second phase. It will be appreciated that if in some embodiments the ECC is used to create a device specific key pair identification to use the public key therein as the device's long term identity at other devices, then in the first stage in these embodiments the generation of these key pairs should be done. To save the transmission process, these long-term id public keys are stored on the CAAS as part of the basic information.

The second phase, the CAAS authorization phase. At this stage, the CAAS receives an access request specifying STD access to a specified SWG and makes a series of responses to the access request. These responses include: retrieving the basic information of the SWG and the basic information of the STD from the registered basic information, and generating one-time identification of the SWG and the STD by using the basic information, wherein the one-time identification is used for providing the encrypted identification information of the opposite party to the SWG and the STD and is valid only in a third stage; creating a one-time credential that is forwarded to the STD via the SWG, the one-time credential being used to verify the security of the third phase overall communication link at the STD.

And the third phase, accessing authentication phase. In the stage, firstly, the SWG appointed by the access request receives the allocated disposable identity information and verifies the validity, then forwards the disposable identity information and the disposable certificate of the SWG to the STD appointed by the access request, and creates a disposable verification information for providing a specific problem for the STD; the STD appointed by the access request receives the distributed disposable identity information and uses the disposable identity information to verify the validity of the disposable certificate, then solves the problem of the disposable verification information, and puts the answer into the disposable response information to transmit back to the SWG; and finally, the SWG receives the one-time response information and judges whether the one-time response information is correct, and if the one-time response information is correct, the access authentication is considered to be successful. It can be understood that, if any link in the third stage is abnormal, the access authentication is considered to be failed, and the access authentication is terminated.

In some preferred embodiments, the long-term identity of the devices (CAAS, SWG and STD) in the above solution is determined using a determined prime field elliptic curve E_p(a, b) a created key pair comprising a field F taken from the prime number_pThe long-term identity identification private key and the elliptic curve E based on the prime number domain_pAnd (a, b) generating a long-term identity public key by the same base point G, wherein the long-term identity public key is a long-term identity private key G. Accordingly, the one-time ids of the SWG and the STD are dot products P of a random prime number r and the long-term id public key thereof, i.e., the one-time ids are the salting results of the long-term id public key. In practice, if r is a random number, the finite prime field F_pWhile if Q is a finite cyclic group E (F)_p) Is then also E (F)_p) One of the points in (a) is that for the long-term identity (Q, Q) herein, the new identity (Q, P) formed by salting Q also satisfies the identity requirements of the signer and verifier required in the elliptic encryption herein.

In some preferred embodiments, the third phase is explicitly divided into an SGW access STD phase, an STD authentication SGW identity phase, and an SGW authentication STD identity phase. And the SGW authentication STD stage completes the third session and establishes the long session by using the second key after the access is successful. This division facilitates establishing a flexible session protocol, such as combining the second session and the third session, which are separated by a short time, into one long session, so as to reduce the resources consumed for establishing a data link for the session, and also can set the second session and the third session as two independent communications, which are separated by a long time, so as to prevent the listener in the short-range wireless network from discovering the communication response logical relationship between the SWG and a specific STD. This benefit is not limited to wireless networks, and may be equally present in some embodiments where the SWG and STD are located in a local limited network.

In a preferred embodiment, the access authentication method for the smart device of the power internet of things comprises steps 100 to 500, wherein,

step 100, configuring long-term identity identification private keys q for CAAS, SWG and STD respectively_s、q_gAnd q is_dAnd generating respective long-term identity identification public keys Q based on the same base point G on the elliptic curves of the same prime number domain_s、Q_gAnd Q_d. It is easy to understand that, except for the case where CAAS needs to use the long-term id public keys of all SWGs and all STDs, for any SWG, it does not need to store the long-term id public key of any accessed or unaccessed STD, and at the same time, it also does not need to store the one-time id public key of any STD which has been accessed but not accessed to the SWG, and only after the first message is verified, the signature K for elliptic signature is calculated and stored once_g,dThe subsequent third session and possible access session can be maintained; for STD, only the long-term identity public key of CAAS needs to be used, and there is no need to store any SWG identity or identity verification data, and at the same time, the long-term identity public key itself is also used for disclosure, and there is no need to consume resources for secret processing. It will be readily appreciated that in some other embodiments, the associated K is used as a result of the computation of the one-time-credential information and the one-time-identity information_s,gAnd K_s,dAfter one-time calculation, K used for the authentication can be stored in an encrypted manner in order to save or balance the calculation resources_s,gAnd K_s,dOr, K is calculated for each device at idle time_s,gOr K_s,dAnd the data is stored in a post-encryption mode so that the response speed is improved by later retrieval and calling.

Step 200, as a response to an access request for accessing a designated STD to a designated SWG, the CAAS initiates a first session containing a first message to the designated SWG; said first message containing a one-time identity P specifying a SWG_gSpecifying the one-time identity P of the STD_dAnd a disposable certificate V_s,d(ii) a The first session uses a first key SK_s,gSymmetric encryption. In some improvements, the CAAS calculates a one-time credential as another response to the access requestInformation and one-time identity information; in other improvements, only the time t is created in the one-time certificate information_sWhen the change occurs or only the salt value x in the one-time identity information changes, the processing time of the CAAS to the access request can be saved by storing the intermediate operation result.

Step 300, as a response to said first message, designating the SWG to initiate a second session comprising a second message to the designated STD; said second message containing a one-time identity P specifying a SWG_gDisposable certificate V_s,dAnd one-time authentication information V_g,d(ii) a The one-time authentication information V of the specified STD_g,dUsing a second key SK_g,dSymmetric encryption. One of the steps is preferably that the steps are all in the SGW access STD phase, where the SGW computes a second key for the third and subsequent access sessions with the STD, organizes a second message of the access STD authentication and sends it to the specified STD. In other embodiments, it is not limited that each processing step in this step is time-continuous and is completed in one session.

Step 400, as a response to said second message, designating the STD to initiate a third session comprising a third message to the designated SWG; the third message comprises the one-time verification information V_g,dCorresponding one-time response message V_d,g(ii) a The third session uses a second key SK_g,dSymmetric encryption. One of the steps is preferably that the steps are all in the STD SGW identity authentication phase, in which the STD verifies the timeliness and integrity of the information and the identity of the SGW in turn, calculates the second key for the session and solves its own one-time identity verification information. In other embodiments, the STD may prioritize low computational sub-steps in the task queue, or steps in the task queue that are not relevant for multi-threaded processing, for each sub-step of this step.

Step 500, in response to said third message, assigning an SWG to verify said one-time response information V_d,gAnd if so, the designated SGW successfully authenticates the designated STD identity. One of the steps is preferably that the steps are all in the SGW authentication STD identity phase. SGW verifies the identity of the STD by the correctness of the session key. In other embodiments, it is not limited that the third message must be in a session only including the third message, for example, after the second key is obtained, an encrypted session can be prepared to be established, and preparation is made for a task of quickly opening a subsequent access session, because an encrypted session channel can be established through the second key, the probability of being able to be forged is low, and the encrypted channel can be disconnected when the third message is not received in the encrypted channel after time-out, that is, the third session may be under the same protocol as the second session, and may also be the access session itself.

Obviously, based on the core technical concept of the present invention, the present embodiment is based on a preferred, and in each step, the first key SK_s,gPerforming dot multiplication K on a local equipment long-term identity identification private key and a remote equipment long-term identity identification public key in a session_s,gOr K_g,sThe hash value of (a); the second key SK_g,dMultiplying the long-term identity identification private key of the local equipment and the one-time identity identification point of the remote equipment in the session by K_d,gOr K_g,dThe hash value of (a); the disposable voucher V_s,dBy containing q_s·Q_dThe certificate abstract data segment is obtained after one-way hashing; after the designated SGW successfully authenticates the identity of the designated STD, the designated SGW and the designated STD are authenticated by using the second key SK_g,dSymmetrically encrypted conversational communication.

The improvement of one aspect of each technical scheme is as follows:

the CAAS, the SWG and the STD are provided with clocks which are basically synchronous with each other; so that the control error is within a controllable range of the timeout decision. On the premise that the improvement comprises one or more of the following items:

first, the first message, the second message and/or the third message contain the one-time-use credential V_s,dCreation time t of_sSo that the message receiver can make time-out judgment and/or content verification;

second, the credential digest data segment contains the one-time credential V_s,dCreation time t of_sTo specify the STD for the secondThe timeliness, correctness and/or integrity verification is carried out on the message;

thirdly, the one-time authentication information V_g,dContaining said one-time voucher V_s,dCreation time t of_s。

As can be readily appreciated, in these improved solutions, the time t is created_sAt least on the one hand, provides the basis for the timeout determination in the overall authentication, and on the other hand, the creation time is inserted in the witness certificate, such as the above-mentioned one-time certificate, representing the guarantee of the witness by the witness for the witness.

Another aspect of the above technical solutions is improved by:

the one-time authentication information V_g,dContaining random data x, the one-time response information V_d,gContains response data y ═ f (x); wherein, the mapping method f is such that for any x, y ≠ x.

Another aspect of the above technical solutions is improved by:

the designated SWG and the designated STD are respectively configured with a unique identification ID_gAnd ID_d；

The first message includes the ID_gAnd the ID_dSaid one-time authentication information V_g,dIncluding the ID_dAnd/or the credential digest data segment contains the ID_gAnd the ID_d。

In some technical solutions of the first aspect of the present invention described above, the CAAS is a device that processes the access request and specifies the first message sent by the SWG to the access request. Therefore, the following provides an access authentication assisting device according to a second aspect of the present invention, and the CAAS mentioned herein may be an access authentication assisting device itself or a server installed with the access authentication assisting device. The hardware part of the access authentication auxiliary device at least comprises a first communication interface used for establishing a communication link with the SWG and a first processing module used for realizing data calculation.

In an embodiment of the second aspect, the first processing module comprises at least the following sub-modules:

the first hash module reads a signature identifier of an elliptic signature and unidirectionally scatters the signature identifier as a first key;

the certificate combination module reads data through an input end, wherein the data at least comprises a signature identification for reading an elliptic signature, and combines the read data into a certificate abstract data segment according to an internal preset rule;

the second hash module receives the certificate abstract data segment of the certificate combination module and unidirectionally scatters the certificate abstract data segment into disposable certificates;

the first combination module reads data through an input end, the data at least comprises the disposable certificate output by the second hash module, and the read data are combined into a first message according to the internal preset rule of the first combination module;

and the number of the first and second groups,

the first symmetric encryption module encrypts and/or decrypts the session message established on the first communication interface according to the first secret key provided by the first hash module; the session message includes a first message.

In an embodiment of the server having the above-mentioned access authentication assisting device installed therein, the first processing module is a processor of the server, which processor is configured, in at least one aspect, to execute certain program instructions that cause the processor to receive an access request specifying STD access to a specified SWG, and in response to execute the steps of:

generating a random prime number r and calculating the one-time identity P of the designated SWG and the designated STD_gAnd P_dWherein P is_g＝r·Q_g，P_d＝r·Q_d；

Call the first Hash Module h₁Computing a first key SK_s,g，SK_s,g＝h₁(K_s,g)，K_s,g＝q_s·Q_g；

Call the second Hash Module h₂Calculating a one-time voucher V_s,d，V_s,d＝h₂(credential digest data segment), wherein the credential digest data segment contains K_s,d，K_s,d＝q_s·Q_d；

Establishing a first session with a designated SWG through the first communication interface, and sending a first message of the first aspect of the present invention to the designated SWG in the first session; the first session uses a first key SK_s,gSymmetric encryption.

An improvement of one aspect of the access authentication assisting apparatus in the above technical solution is that it includes a memory;

the memory is used for storing a long-term identity public key Q of a specified SWG and a specified STD_gAnd Q_dUnique identification ID specifying SWG and STD_gAnd ID_dLong-term identity identification private key q of the device_sK to_s,gAnd/or K_s,d。

Another aspect of the access authentication assisting apparatus in the above technical solution is improved in that it includes a random prime number generating module; the random prime number generation module is used for generating random prime numbers so as to calculate the disposable identity.

The invention provides an intelligent gateway auxiliary device, which comprises a second communication interface, a third communication interface and a second processing module. Wherein, the second communication interface is used for establishing a communication link with the access authentication auxiliary device; the third communication interface is used for establishing a communication link with the STD;

in an embodiment of the third aspect, the second processing module comprises at least the following sub-modules:

The first extraction module reads the first message through the input end and extracts each data of the first message from the first message according to a preset rule of the first extraction module, wherein the preset rule of the first extraction module is the same as that of the first combination module; the data at least comprises a disposable certificate output by the second hash module, a disposable identity of a designated SWG and a disposable identity of a designated STD;

the third hash module receives the point product of the one-time identity of the specified STD and the long-term identity private key of the specified SWG and unidirectionally scatters the point product as a second key;

the second combination module reads data through the input end and combines the read data into a verification information data segment according to the internal preset rule of the second combination module;

the second symmetric encryption module encrypts the verification information data segment output by the second combination module according to a second secret key provided by the third hash module and outputs one-time verification information;

the third combination module reads data through the input end and combines the read data into a second message according to the internal preset rule of the third combination module; the data read by the input end of the system comprises the disposable verification information output by the second symmetric encryption module and the disposable identification of the appointed SWG extracted by the first extraction module; the second message is used for sending to a specified STD through a third communication interface;

the third symmetric encryption module encrypts and/or decrypts the session message established on the third communication interface according to the second key provided by the third hash module; the session message comprises a third message;

the fourth extraction module reads the third message decrypted by the third symmetric encryption module through the input end and extracts response data from the third message according to a preset rule in the fourth extraction module;

and the number of the first and second groups,

a mapping module that reads one data and outputs a mapping value of the data based on a mapping method f, where f is such that for any x, y ≠ x.

In an embodiment of the intelligent gateway with the intelligent gateway auxiliary device installed thereon, the second processing module is a processor of the intelligent gateway, and at least one aspect of the processor is used for executing specific program instructions, the program instructions cause the processor to execute the following steps:

reading the length of the access authentication assistance devicePublic key Q for phase identity identification_sAnd the long-term identity identification private key q of the intelligent gateway_gCall the first hash module h₁Computing a first key SK_s,g，SK_s,g＝h₁(K_g,s)，K_g,s＝q_g·Q_s；

Receiving a first message through a first session established by the access authentication assistance device at the second communication interface and using the first key SK_s,gObtaining a plaintext of the first message; calling a first extraction module to extract the one-time identity P of the designated SWG in the first message_gSpecifying the one-time identity P of the STD_dAnd a disposable certificate V_s,d；

Calling a third Hash Module h₃Computing a second Key SK_g,d，SK_g,d＝h₃(q_g·P_d)＝h₃(q_g·r·q_dG); creating a second digest data segment, using the second key SK_g,dSymmetrically encrypting the second summary data segment to obtain one-time verification information V_g,d(ii) a The second summary data segment contains a random data x;

initiating a second session with the specified STD through the third communication interface, sending a second message in the second session; said second message containing a one-time identity P specifying a SWG_gDisposable certificate V_s,dAnd one-time authentication information V_g,dAnd removing K from the credential digest data segment_s,dOther data than the above;

set up by the second key SK at the third communication interface by specifying STD_g,dA third session of symmetric encryption receives a third message and uses the second key SK_g,dObtaining one-time response information V in the clear text of the third message_d,g(ii) a Calling a second extraction module to extract the one-time response information V_d,gThe answer data y' in (1) is used for access authentication;

if y' (x), establishing an access session with a specified STD at the third communication interface; the access session passes through the second key SK_g,dSymmetric encryption.

In the above technical solution, an aspect of the intelligent gateway assistance device is improved by including a random data generation module, configured to generate random data x and send the random data x to the second combination module.

An intelligent terminal comprises a fourth communication interface and a third processing module; and the fourth communication interface is used for establishing a communication link with the intelligent gateway auxiliary device.

In an embodiment of the fourth aspect, the third processing module comprises at least the following sub-modules:

the third extraction module reads a second message through an input end and extracts data from the second message according to a preset rule in the third extraction module; the data comprises one-time verification information and one-time identification of a designated SWG;

the certificate combination module reads data through an input end and combines the read data into a certificate abstract data segment according to an internal preset rule of the certificate combination module; the data at least comprises a signature identification for reading an elliptic signature;

the third hash module receives the point product of the one-time identity of the designated SWG and the long-term identity private key of the STD, and unidirectionally scatters the point product as a second key;

the second symmetric encryption module reads the one-time verification information output by the third extraction module through an input end, and decrypts the one-time verification information according to a second secret key provided by the third Hash module to obtain a verification information data segment;

the second extraction module reads the verification information data segment through the input end and extracts random data x from the verification information data segment according to a preset rule in the second extraction module;

a mapping module which reads random data x and outputs a mapping value y of the random data x based on a mapping method f, wherein for y ≠ f (x), f is that for any x, y ≠ x;

the fourth combination module reads data through an input end and combines the data into a third message according to a preset rule in the fourth combination module; the data comprises a mapping value y output by the mapping module;

and the number of the first and second groups,

the third symmetric encryption module encrypts and/or decrypts the session message established on the fourth communication interface according to the second key provided by the third hash module; the conversation message comprises a third message output by the fourth assembly module.

In an embodiment of the intelligent terminal, the third processing module is a processor of the intelligent terminal, and at least one aspect of the processor is used for executing specific program instructions, the program instructions cause the processor to execute the following steps:

reading the long-term identity public key Q of the CAAS_sAnd the long-term identity identification private key q of the intelligent terminal_dCalculating K_d,s,K_d,s＝q_d·Q_s＝K_s,d；

Receiving a second message through a second session established by the SWG at the fourth communication interface, and calling a second hash module h₂Verifying the integrity of the second message;

reading the one-time identity P of the designated SWG in the second message_gAnd the long-term identity identification private key q of the intelligent terminal_dAnd call the third hash module h₃Computing a second Key SK_g,d，SK_g,d＝h₃(q_d·P_g)＝h₃(q_d·r·q_g·G)；

Reading random data x in the second message, and calculating response data y, y ═ f (x); wherein, the mapping method f is such that for any x, y ≠ x.

Initiating a third session with the designated SWG through the fourth communication interface, and sending a third message in the third session; the third message contains response data y ═ f (x); wherein, the mapping method f is such that for any x, y ≠ x.

According to the above description of various aspects of the technical solutions herein, compared with the prior art, the beneficial effects of the present invention include, but are not limited to:

1. in terms of computing resource consumption, the SGW needs to consume less computing resources to complete the identity authentication and the key agreement. When the short-distance wireless communication is accessed to the STD, only three times of hash operation are needed for completing the identity authentication, in the aspect of storage resource consumption, both sides of SWG and STD communication do not need to store the information of the other side in advance, a large amount of storage space can be saved, especially, when the SWG needs to link more STDs, the saved storage resources are more, in the aspect of communication resources, the SWG only needs to carry out one-time communication when completing the identity authentication and key agreement work, and the short-distance wireless communication device (namely the STD) only needs to receive one-time information.

2. The security is higher, the negotiation of the device session key is completely generated by the calculation of both communication parties, the CAAS and the administrator do not know the content of the session key, an attacker cannot calculate the session key according to the information intercepted in the communication process, and the tracking can be prevented, so the security is higher.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:

FIG. 1 is a schematic diagram of a network topology according to an embodiment of the present invention;

FIG. 2 is a system block diagram of a first processing module in one embodiment of the invention;

FIG. 3 is a system block diagram of a second processing module in one embodiment of the invention;

FIG. 4 is a system block diagram of a third processing module in one embodiment of the invention;

FIG. 5 is a timing diagram illustrating the system initialization and device registration phases in accordance with one embodiment of the present invention;

FIG. 6 is a flow chart illustrating the CAAS authorizing the SGW to access the STD according to an embodiment of the present invention;

fig. 7 is a schematic flowchart illustrating bidirectional authentication and session key agreement between the SGW and the STD according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that, in the present invention, the term "one-time" means that a new P is calculated each time an access request is involved and a corresponding authentication process is performed_g，P_d，V_s,d，C_s,dAnd the like, and the numerical values are different. If the SGW or STD receives the same value as the previous time within the valid time Δ t, it is considered that the received information is retransmitted by a malicious terminal and may be attacked by man-in-the-middle, so the device such as CAAS or STD, SWG, etc. which processes the data information will directly discard the datagram and terminate the authentication process. In this document, P is the one-time authentication information, V is the one-time authentication credential information, C is the one-time identity information, s is CAAS, g is SWG, d is STD in each symbol subscript, and the sequence of s, g, and d in the subscript is only the method of obtaining the value for distinguishing the symbols, and does not represent the difference or the same value.

The embodiment is an electric power internet of things, wherein the SWG1 and the SWG2 are gateways of two wireless local area networks, respective second communication interfaces of the SWG1 and the SWG2 are connected with a first communication interface of the CAAS through a network, the network is an optical fiber network, and the STD11, the STD12, the STD21 and the STD22 are wirelessly connected with a third communication interface of the SWG of the respective local area network through a fourth communication interface of the STD11, the STD12, the STD21 and the STD22, so as to access and interact with other STDs through the respective SWG or communicate with devices outside the local area network. The electric power internet of things has high safety requirements, so that the STD needs to complete access authentication when accessing. The electric power internet of things uses the access authentication method provided by the first aspect of the invention to perform auxiliary authentication on a request of a specified STD (session initiation protocol) access to a specified SWG in the electric power internet of things, and after the authentication is successful, the specified STD access to the specified SWG starts an access session.

Referring to fig. 1, the present embodiment is different from the prior art mainly in that:

in one aspect, the cloud auxiliary authentication server CAAS is added in the embodiment as a request for responding to a specified STD to access a specified SWG in the power internet of things, for example, the STD12 requests to access the SWG1, or the STD21 requests to access the SWG2, so that the CAAS is equivalent to the access authentication auxiliary device provided by the second aspect of the present invention. It is understood that the CAAS is not limited to a specific physical server or a distributed server, and for low load or other situations, in other embodiments, the access authentication assisting device may also be a computing device using a dedicated chip, and the first processing module of the CAAS at least includes the sub-modules shown in fig. 2.

In one aspect, in order to use the access authentication method provided in the first aspect of the present invention, all SWGs in the system implement installation of the intelligent gateway auxiliary device provided in the third aspect of the present invention by modifying existing program modules. In other embodiments, the intelligent gateway assisting apparatus is a separate hardware installed on the existing SWG, so that the existing SWG supports the access authentication method provided by the present invention, and in these embodiments, the second processing module of the intelligent gateway assisting apparatus at least includes the sub-modules shown in fig. 3.

In one aspect, in order to use the access authentication method provided in the first aspect of the present invention, all STDs in the system implement the intelligent terminal provided in the fourth aspect of the present invention by modifying existing program modules. In other embodiments, the existing intelligent terminals may add a specific hardware circuit module to the existing STD to implement the intelligent terminal of the fourth aspect of the present invention, so as to support the access authentication method provided by the first aspect of the present invention, where the intelligent terminals need to include a third processing module, and the third processing module at least includes each sub-module shown in fig. 4.

The access authentication method of the present invention is further explained below by a basic method embodiment and related modified embodiments based on the above network structure and network device. The embodiment of the mode comprises the following five steps:

step 100, a system initialization and equipment registration stage; at this stage, the SGW or STD related to access authentication registers information in the CAAS within a field range of short-distance wireless communication of the power Internet of things;

step 200, CAAS authorization phase; CAAS calculates disposable authentication information, authentication certificate information and disposable identity information according to the information of a local database; in other embodiments, the information of the local database may also be stored on a distributed store;

step 300, the SGW accesses the STD stage; the SGW calculates a session key of the specified STD, organizes an authentication message of the access STD and sends the authentication message to the specified STD;

step 400, STD authentication SGW identity phase; STD verifies timeliness and integrity of the authentication information and identity of SGW, and calculates session key and STD identity verification information;

step 500, SGW authenticates STD identity phase. The SGW verifies the identity of the STD by the correctness of the session key.

Wherein, for all SWGs and STDs needing to be accessed by CAAS assistance to be registered once in step 100, it can be seen that steps 200 to 500 are procedures that need to be implemented for each access, and each time SGW accesses a new STD, steps 100, 200, 300 and 400 are implemented once. In this embodiment, the overall process is described by taking the example of implementing one STD to access one SWG.

Specifically, referring to fig. 5, in step 100, the system initialization and device registration phase includes the following steps:

at step 110, the device initializes. Specifically, when the power internet of things is deployed, a determined prime number domain elliptic curve E is configured for CAAS_p(a, b) and in E_pA base point G is designated on (a, b); CAAS calculates its own long-term identity key pair (q)_s,Q_s),where Q_s＝q_s·G，q_s∈F_pAnd stored locally, wherein q_sFor CAAS long-term identityIdentification of the private key, Q_sAs the CAAS long-term identity public key for public. Configure the same E for all SWGs and all STDs_p(a, b) and a base point G, such that they each independently generate their own long-term identity key pair (q)_g,Q_g)，(q_d,Q_d). In other embodiments, SWG and STD need not be configured with E_p(a, b) and the base point G, the G value specified by CAAS may be provided to SWG and STD at the time of device registration in a secure environment.

Step 120, register all devices on the CAAS. The device includes STD and SWG all requiring assisted access by CAAS. After leaving the factory, each SGW or STD is configured with a fixed unique identifier, which is respectively ID_g、ID_dIndicating the identity of the SGW, STD. Each SGW or STD has an independent clock to synchronize with the CAAS clock. Use of t_s、t_g、t_dRespectively showing one clock time of the CAAS, accessed SGW and accessed STD in this embodiment. The registration in this step needs to be performed in advance in a secure network environment. The registration aims at enabling the CAAS to uniquely identify the relevant equipment when responding to the access request and facilitating the subsequent access authentication step. Each device typically only needs to register once.

In this embodiment, step 120 includes the following steps 121 to 124. Wherein the content of the first and second substances,

step 121, the device calculates its own long-term identity key pair.

For an SGW, it is in prime number domain F by a computation module_pIn (1), an integer q is randomly selected_gAnd using formula Q_g＝q_gG, calculating the long-term identity public key Q of the SGW_g。

For an STD, likewise, it is in the prime field F by a calculation module_pIn (1), an integer q is randomly selected_dAnd using formula Q_d＝q_dG, calculating the long-term identity public key Q of the STD_d。

The device calculates its own session key with the CAAS, step 122.

CAAS provides its own and STD long-term identification public key Q for each SWG in turn_sEach SWG or STD in turn provides its long-term identity public key Q to the CAAS_gOr Q_dTo establish a symmetrically encrypted registration session between the device and the CAAS. Specifically, the symmetric encryption key is a dot product of a local long-term identity private key and a remote long-term identity public key of both parties of the session. E.g., for SGW, the session key with CAAS is q_g·Q_s＝q_s·Q_gFor STD, likewise, the session key with CAAS is q_d·Q_s＝q_s·Q_d. The key obtained at this stage can be used as a session key at a low level of security for establishing an encrypted communication link between the SWG and the CAAS or between the STD and the CAAS.

In step 123, the devices send registration messages to the CAAS, respectively. In each secure registration session established, the SGW will contain its own { ID }_g,Q_gThe registration message of { C } is sent to CAAS. Likewise, the STD will contain its own { ID_d,Q_dThe second registration message of } is sent to CAAS. At the same time, the clocks of the various devices are synchronized using the clocks of the CAAS in the registration session.

The CAAS encrypts the storage device registration message, step 124. And after receiving the registration message, the CAAS stores the registration message and the key combination of the registration session as the basic information of the equipment, and encrypts and stores the basic information. For example, for the first registration message, CAAS stores the basic information { ID ] of the SWG encrypted in its local database_g,Q_g,K_g,s},K_g,s＝q_s·Q_g(ii) a For the second registration message, CAAS stores the essential information ID of the STD encrypted in its local database_d,Q_d,K_d,s},K_d,s＝q_s·Q_dFor subsequent use each time in an access authentication procedure involving the device. Due to K_d,sOr K_g,sThe calculation itself takes time, and the present embodiment preferably stores the parameters in advance in order to shorten the response time and save the calculation resources.

It is easy to understand that the initialization requirements and basic information exchange of CAAS, SWG and STD are mainly involved in step 100. Other methods of exchanging the above information in a secure manner are also possible in the prior art as other embodiments of the invention.

Step 200, the CAAS authorization phase, specifically includes steps of calculating the one-time authentication information, the authentication credential information and the one-time identity information, which includes the following steps.

Step 210, the CAAS receives an access request relating to a specific STD to access a specific SWG, according to which the CAAS queries its local database for the basic information { ID ] of the specific SGW_g,Q_g,K_g,sAnd basic information { ID of the specified STD_d,Q_d,K_d,s}. In this embodiment, the access request includes a unique identification ID specifying the STD_dAnd a unique identification ID specifying the SWG_gFor use in retrieving an index.

Step 220, CAAS passes Q in the basic information of SGW_gCalculating the one-time identity information P of the SGW_g，P_g＝r_g·Q_gWherein r is_gIs a random number finite prime number field F_pIs a random integer of (1), i.e. r_g∈F_pThe random prime number is generated by a random prime number generation module of the CAAS; p_gAs one-time identity information for the specified SGW, and due to Q_gIs a finite circulating group E (F)_p) One point of, so P_gIs also E (F)_p) One point of (i.e. Q)_g,P_g∈E(F_p) Thus for the key pair (q)_g,P_g) The requirement of the elliptic signature on the identity is met.

In this embodiment, the step is performed by CAAS computing power:

select(r_g),where r_g∈F_p,r_g·G∈E(F_p) (11)

P_g＝r_g·Q_g (12)

step 230, CAAS passes Q in the basic information of STD_dCalculating the one-time identity information P of the STD_d，P_d＝r·Q_d，P_dIs the fingerDetermine the one-time identity information of STD, and due to Q_dIs a finite circulating group E (F)_p) One point of, so P_dIs also E (F)_p) One point of (i.e. Q)_d,P_d∈E(F_p) Likewise, for the key pair (q)_d,P_d) The requirement of the elliptic signature on the identity is met.

In this embodiment, the step is performed by CAAS computing power:

P_d＝r_g·Q_d (13)

CAAS uses the formula SK 240_s,g＝h₁(K_g,s) Calculating a session key SK of CAAS and specified SGW communication_s,gNamely:

SK_s,g＝h₁(q_s,Q_g)＝h₁(K_g,s) (14)

SK_s,gis a first key used to symmetrically encrypt a first session.

Step 250, CAAS uses the voucher combination module and the second hash module h₂Creating a one-time voucher V_s,dThe certificate summary data segment obtained by the certificate combination module is t_s||ID_d||q_s·Q_d||P_gWhere | represents a direct connection of data, t_sIs the CAAS current system time. Thus, calculating a one-time voucher may be performed using the formula V_s,d＝h₂(t_s||ID_d||q_s·Q_d||P_g) And (4) showing. In this embodiment, the second hash module is a one-way hash function h₂() Mapping any numerical value and character string to 0-2²⁵⁶-1. The step uses elliptic signature to finish the CAAS to complete t in the content of the voucher abstract data segment_s、ID_d、q_s·Q_dAnd P_gIs a one-time tamper-proof authentication credential information, q_s·Q_dI.e. signature identification, specifying that STD can pass through the one-time voucher V_s,dAnd corresponding calculation, verifying whether the content forwarded by the second message is tampered, i.e. verifying whether the access request message forwarded by SWG is tamperedAnd (4) tampering. By the above method, the CAAS can calculate a theoretically unique 256-bit value. Since the numerical space of the values is sufficiently large and t_sAnd P_gIs new generated by each calculation, and is theoretically disposable. And when the attacker does not know P_gAnd Q_dIn the case of (2), there is almost no possibility that the value is calculated. It is easy to understand that the number and form of the certificate combination module and the second hash module are not unique, and in another embodiment, the formula for realizing the elliptic signature by combining the certificate combination module and the plurality of hash modules is

However, since the computation is also performed at the STD with the same load, the person skilled in the art can further optimize the elliptic signature method of the present invention herein to reduce the computation time at the STD side.

In this embodiment, the credential information is processed by CAAS calculation, and the calculation formula is:

V_s,d＝h₂(t_s||ID_d||q_s·Q_d||P_g) (15)

step 260, CAAS uses the formula:

M_s,g＝{ID_g||ID_d||t_s||P_g||P_d||V_s,d} (16)

obtaining the authorization authentication message M after using the first combination module to calculate and combine each information_s,g。V_s,dI.e. authentication credential information, using q_s·Q_dAs a result, t is shown_s、ID_dAnd P_gIs temporarily disposable, each access authentication is due to P_gThe one-way hash results in different credentials. It can be seen that M_s,gAs plaintext of the first message, the one-time identity P of the SWG is included_gSpecifying the one-time identity P of the STD_dAnd a one-time voucher V of a second message_s,d。

Step 270, CAAS uses the formula:

calculating to obtain ciphertext C_s,gSensitive information such as the equipment ID of STD and SGW is prevented from being leaked, and the safety requirement of the electric power internet of things for preventing equipment data tracking is met. Wherein, Enc (…)_KeyIt can represent a symmetric encryption algorithm based on Key, such as AES, DES or SM4, implemented by the first symmetric encryption module.

Step 280, the CAAS starts the first session and will carry the authorization message C_s,gThe first message is sent to the designated SGW.

Step 300, the SGW accesses the STD phase. After the SGW receives the access intelligent terminal message sent by the CAAS, that is, after receiving the first message, the SGW starts the operation process of the SGW access STD stage described in the following process, that is, the SGW access STD stage. Which comprises the following steps.

In step 310, the SGW uses the formula:

decrypting message plaintext M 'of access STD transmitted by CAAS'_s,g. Wherein, Dec (…)_KeyEnc (…) corresponding to step 270_KeyAnd the corresponding symmetric decryption algorithm is realized by the first symmetric encryption module.

In step 320, the SGW uses the formula:

from M'_s,gTo obtain t'_sAnd ID'_gAnd verifies ID'_gWhether or not to associate with local ID_gAnd if not, the authentication fails. getM_s,g() For the first extraction module corresponding to the first combination module, both hold the combination rule of the first message, such as frame structure, to put and extract data at specific positions。

Step 330, the SGW uses the formula:

and verifying the identity of the CAAS and the timeliness, correctness and integrity of the message. In the formula? "in logical comparison for judging whether both ends of formula satisfy below"<And "or" ═ and the like. And when the authentication fails, the attacker pretends to be CAAS to send the message, and the authentication fails. If | t_g-t′_sIf | ≧ Δ t, the creation time t of the first message is described_sCurrent time t with SGW_gIs greater than the preset timeout period deltat, which is considered not to meet the safety requirements in this embodiment. If analyzed ID'_gWith locally stored ID_gIf the communication is abnormal, the communication is considered to be abnormal

Step 340, SGW extracts from M 'according to the first extraction Module'_s,gP obtained in_dAnd using a random integer q generated during the registration phase_g∈F_pAnd the formula:

SK_g,d＝h₃(q_g·P_d)＝h₃(q_g·r_g·q_d·G) (21)

calculating a session key SK with the STD_g,dFor STD to verify the identity of the SGW. Wherein h is₃I.e., the third hash module. In this embodiment, the hash value SK obtained by hashing is obtained in this step_g,dFor providing the third symmetric cryptographic module with the key of the third session on the one hand and for generating the one-time authentication information issued by the SWG on the other hand, it is clear that SK_g,dI.e. the second key of the present invention.

Step 350, the formula used by the SWG:

x＝random( ) (22)

a random integer x of length 160bits is calculated. The identity and session key for the specified SGW verifies the STD.

Step 360, the formula used by the SGW:

V_g,d＝{x||t_s||ID_g||ID_d} (23)

the formula is reused:

authentication message C for computing SGW_g,d. The STD further verifies the identity of the SGW, preventing network attackers from accessing the STD by impersonating the SGW. Wherein, the formula (23) is the combination rule of the second combination module, and the formula (24) is the encryption process of the second symmetric encryption module.

Step 370, the SGW uses the rule formula message from the third module₁＝{t′_s,P_g,V_s,d,C_g,dOrganizing an authentication message for accessing the STD₁I.e. the second message. And a second session established over the public wireless network with the specified STD is sent to the STD in clear text. Its plaintext contents except t_sThe external data is temporarily generated, so that the analysis is difficult under the condition of not knowing the structure, and the tracking is prevented. It can be seen that step 300, in the above manner, implements forwarding the one-time identity P of the SWG to the specified STD through the second message_gDisposable certificate V_s,dAnd generates one-time authentication information C_g,dFor its verification and solution.

Step 400, STD authenticates SGW identity phase, including the following steps.

Step 410, the STD receives the message₁Then, the message is extracted through a third extraction module corresponding to the third combination module₁T 'of'_sThen, using the formula:

and verifying the timeliness of the received information for preventing an attacker from starting a replay attack. Likewise, "? "indicates whether or not it is satisfied"<"is used in the above-mentioned conditions. If not, the command is timed out, and the STD discards the message₁And terminates the subsequent authentication operation. t is t_dThe time at which the message was received for the STD. It will be appreciated that, similar to but different from equation (20), equation (25) checks whether the time difference between the time the STD receives the second message and the SWG-asserted one-time credential creation time satisfies a timeout condition, while equation (20) checks whether the time difference between the SWG receive the first message time and the CAAS create one-time credential time satisfies a timeout condition, which may be the same or different, where at may be the same or different preset thresholds.

Step 420, STD uses P obtained by the third extraction module_gAnd its own long-term identity private key q_dCalculating K_d,s＝q_d·Q_sThen read its own ID_dAfter the same certificate combination modules are combined, data for verification, namely a formula, is obtained through a second hash module:

authentication message₁Middle { t }_s,P_g,V_s,dThe integrity of the layer. To determine that the access request is authorized by the CAAS. When the' failure is not satisfied, the attacker pretends to be CAAS and tampers the authentication message. The STD discards the message and terminates the subsequent authentication operation.

Step 430, STD Slave message₁The identity authentication information P 'of the specified SGW is extracted'_gAnd using the formula:

SK_d,g＝h₃(q_d·P′_g)＝h₃(q_d·r_g·q_g·G) (27)

calculating a session key SK with the specified SGW_d,g. I.e. through the third hashing module h₃A key for the third session is obtained.

Step 440, the STD obtains a second extraction using a third extraction moduleC 'in message'_g,dThen with SK_d,gTo decrypt the key, the formula is used:

to the message₁C of'_g,dCarries out decryption operation to obtain data V'_g,d。

For the decryption unit in the second symmetric encryption module, and

and (7) corresponding.

Step 450, STD uses the formula:

ID′_d＝getV_g,d(ID_d),t″_s＝getV_g,d(t_s) (29)

from V'_g,dIs extracted with ID'_dAnd t ″)_s。getV_g,d() That is, the second extraction module corresponding to the second combination module grasps the same information combination rule.

Step 460, STD uses the formula:

further verifying the identity and SK of the SGW_d,gThe correctness of the operation. Likewise, "? "indicates whether or not the condition of" ═ is satisfied. When "═" is not satisfied, V is specified_g′_,dTampered or secret key SK_d,gIn error, the STD fails to authenticate the SGW. The STD terminates the subsequent authentication operation. When "═ satisfies, V 'is specified'_g，d＝V_g，dAnd the STD successfully authenticates the identity of the SGW and negotiates a session key, and continues to execute subsequent operations.

Step 470, the STD uses the formula:

y＝getV_g,d(x)+1 (31)

the value of the variable y used by the SGW to verify the identity of the STD, i.e. the authentication variable, is calculated. getV_g,d(x) Finger is extracted from V by a second extraction module_d,gAnd taking out the information of x and assigning values to serve as an input variable x of the mapping module. Other analogous getV herein_g,d(x) The operation principle of the extraction module is similar to that of the present step, and does not mean that the information of x is obtained before the extraction module processes. It can be seen that the mapping method in the mapping module in this embodiment is y ═ f (x) ═ x +1, where the generated response data after the solution is used different from the data carried by the second message, so as to prevent the tracing of the man-in-the-middle in the communication link,

using the formula:

ID′_g＝getV_g,d(ID_g) (32)

extracting ID 'of SWG'_gAnd the legal identity of the user is partially proved in a returned form.

Step 480, the STD uses the rule formula of the fourth assembly module:

V_d,g＝{y||t_s||ID_d||ID_g}

forming a third message, and establishing a third session with the SWG encrypted using a third symmetric encryption module, the key of which is the hash output SK of the third hash module_d,gThe specific formula is as follows:

generating a message C for the SGW to verify the STD identity_d,gI.e. the third message.

Step 490, STD combines ciphertext message C_d,gAnd sending the information to the SGW. And completing the identity authentication work of the STD on the SGW. It can be seen that the STD verifies the second message through the one-time-certificate through the above steps, and transmits the one-time-response information C solving the one-time-verification information to the SWG in the third session_d,g。

Step 500, SGW authenticates STD identity phase, including the following steps.

In step 510, the SGW decrypts the STD authentication message, i.e., the plaintext of the third message, through the third symmetric encryption module. Specifically, SGW uses the formula:

decrypting the authentication message C from the STD_d,gAcquiring clear text authentication message V'_d,g. In which SK_g,dCalculated for the step S340.

In step 520, the SGW uses the formula:

from a separate message V'_d,gGet y ', t'_sAnd ID'_gEtc. to verify the required information. getV'_d,g(…) is a fourth extraction module corresponding to the fourth combination module rule.

At step 530, the SGW verifies the identity of the STD using the following formula,

and when the logic judges that all the STDs are true, the SGW successfully authenticates the STD identity. When one of the expressions is false, the authentication fails, where x +1, the mapping rule of the mapping module in the SWG, is the same as the mapping module of the STD.

After the above processes, the SGW and the STD complete the identity authentication and negotiate a consistent session key SK. Subsequent communications will communicate information encrypted using the session key SK. Referring to fig. 6 and 7, in some improved embodiments, in order to save computing and storage resources, the first hashing module, the second hashing module, and the third hashing module in this embodiment may use the same hashing matrix, or other same one-way hashing modules.

The embodiment further includes a system for implementing the STD access authentication in the embodiment, where the system includes a cloud-assisted authentication server CAAS, an SWG, and an STD. It is easy to understand that the CAAS, the SWG, and the STD in this embodiment all include respective calculation modules, so as to calculate data information such as the one-time authentication information, the authentication credential information, and the one-time identity information; the CAAS queries the specified SGW and STD from the local database according to the query instruction; encrypting the disposable identity information of the appointed SGW, combining the disposable authentication information, the authentication certificate information and the disposable identity information, sending the combined information to the appointed SGW, and commanding the appointed SGW to access the STD for terminal verification; after the SWG processing is forwarded to the STD, the STD extracts the one-time authentication information and calculates a session key of the designated SGW and the STD.

It is easy to understand that the access authentication method for the intelligent terminal device of the power internet of things provided by the above embodiments of the present invention may also be considered to include a CAAS preliminary authentication stage and a terminal authentication stage between the SWG and the STD, where the preliminary authentication stage includes querying a specified gateway and a terminal, calculating a one-time identifier, calculating tamper-resistant CAAS authentication credential information, and encrypting a gateway ID_gThe terminal authentication phase comprises a gateway ID_gComputing a long-term session key K (an encrypted session key SK for symmetric encrypted communication or other purposes in a secure environment and for one-way hashing to generate a response in an unsecure environment), a gateway ID_gEncryption authentication information, gateway ID_gSending an access request, a terminal ID_dVerification time t_sValidity of and ID, terminal ID_dExtracting identity authentication information and terminal ID of gateway_dVerification V_s，g，dValidity of (2), terminal ID_dCalculating session key, terminal ID_dVerifying session keys and gateway IDs_gIdentity.

In the context of the above, according to the inventive concept, in the following method embodiment, in particular, calculating a one-time stamp refers to selecting a random number r_gAnd satisfies the formula r_g∈E_p. Multiplying formula P using Elliptic Curve (EC) numbers_g＝r_g·Q_gAnd P_d＝r_g·Q_dRespectively calculate gateway ID_gAnd terminal ID_dThe one-time authentication information of (1). And after the primary authentication stage of the server is completed, a terminal authentication stage is carried out. Gateway ID_gExtraction of P_dAnd using the formula K ═ h (q)_g·P_d)＝h(q_d·q_g·r_gG) independently of the terminal ID_dThe session key of (1). Gateway ID_gUsing formula C_g，d＝Enc(R(x)，h(t_s||ID_g||ID_d)))_SKSession key verification information C_g，d. Wherein

Representing AES, DES or SM4, etc. The working principle and the using flow of the embodiment are as follows:

the first step, inquiring the appointed gateway and terminal, assisting the authentication server CAAS to inquire the appointed intelligent gateway ID from the local database according to the instructions of the engineer_g(abbreviation: gateway ID)_g) And the intelligent terminal equipment is identified as ID_d(abbreviation: terminal ID)_d)。

Second, calculate the one-time mark, choose a random number r_gAnd satisfies the formula r_g∈E_p. Multiplying formula P using Elliptic Curve (EC) numbers_g＝r_g·Q_gAnd P_d＝r_g·Q_dRespectively calculate gateway ID_gAnd terminal ID_dOne-time authentication information P of_gAnd P_d. Wherein Q is_g、Q_dAre respectively gateway ID_gTerminal ID_dThe registered long-term identification public key is encrypted in the CAAS database.

Thirdly, calculating the anti-tampering CAAS authentication voucher information V_s，g，dCAAS uses a hash function formula

Computing tamper-resistant disposable CAAS credential information V_s，g，d。

The fourth step, encryptionGateway ID_gThe CAAS use formula

Encrypting gateway ID_gThe disposable identity information of (1), wherein Enc_KeyIt may represent an encryption algorithm for the key such as AES, DES or SM 4.

Fifthly, sending an access instruction, and combining the information obtained in the third, fourth and fifth steps into { ID by CAAS_g，ID_d，t_s，C_s，d，P_d，V_s，g，dIs sent to the gateway ID_gCommand gateway ID_gAccess terminal ID_d。

At this time, the authentication method is shifted to a terminal authentication stage; the terminal authentication phase comprises the following steps:

first step, gateway ID_gCalculating the session key K, gateway ID_gExtraction of P_dAnd using the formula K ═ h (q)_g·P_d)＝h(q_d·q_g·r_gG) independently of the terminal ID_dWherein h () hash function.

Second step, gateway ID_gEncrypting authentication information, gateway ID_gUsing formula C_g，d＝Enc(R(x)，h(t_s||ID_g||ID_d)))_SKSession key verification information C_g，dWherein

Representing AES, DES or SM4, etc.

Third step, gateway ID_gSending an Access request, gateway ID_gWith terminal ID over short-range wireless network_dEstablish a common link and associate the information ID_d，ID_g，t_s，C_s，d，C_g，d，V_s，g，dIs sent to ID_d. Requesting access terminal ID_d。

Fourth, terminal ID_dVerifying the validity of ts and ID, extracting t_s，ID_dIs marked t'_s，ID′_dUsing the formula | t_d-t′_s|＜＝Δt，ID_d？＝ID′_dAnd verifying whether the validity period of the received information is in compliance with the destination ID, if not, the authentication fails, and terminating the subsequent operation.

Fifth, terminal ID_dExtracting identity authentication information of gateway, using formula

Extracting encrypted gateway ID of CAAS in server preliminary authentication stage_gOf the disposable identity information P_gAnd is denoted as P'_g. Wherein Dec ()_keyIs the puzzle solving algorithm corresponding to the fourth encryption algorithm in the server preliminary authentication phase.

Sixth, terminal ID_dVerification V_s，g，dValidity of (2), terminal ID_dExtracting V in request information_s，g，dAnd make a formula

Verifying an ID in a request message_d，ID_g，t_s，C_s，d，V_s，g，dAnd if the information is tampered, the information is not tampered, the authentication fails and the link is terminated. And if the two are equal, the next step is carried out.

Seventh step, terminal ID_dCalculating a session key using the formula SK ═ h (q)_d·P′_g)＝h(q_d·q_g·r_gG) calculating the ID_dAnd gateway ID_gThe session key SK of this communication.

Eighth step, terminal ID_dVerifying session keys and gateway IDs_gIdentity, terminal ID_dUsing the formula h (t)_s||ID_g||ID_d)′？＝geth(Dec(C)_SK) Extracting and verifying gateway ID_gAt the second step of this stage, h (t) is encrypted_s||ID_g||ID_d) If equal, the gateway ID is stated_gThe access request is authorized by the server CAAS and the gateway ID_gTerminal ID without tampering with all messages sent_dThe identity authentication of the accessed power Internet of things is successful, and through the process, the ID of the intelligent gateway_gWith short-range wireless communication device ID_dAnd the two parties finish identity authentication and negotiate out a consistent session key SK. Subsequent communications will communicate information encrypted using the session key SK.

It is easily understood that the processing module herein may be an integrated chip, such as an SoC in a von neumann or huffman architecture, which reads external input data and performs computation according to preset instructions and preset data, or a specific number of program modules when functions are realized by a general-purpose CPU in a distributed manner based on software, or a large-scale arithmetic circuit module which realizes specific computation functions by a PFGA, a dedicated processor, or the like. In the embodiment of the invention, data transmission among all the sub-modules of the processing module can be controlled internally or externally.

It should be understood that although the various arrows in the timing diagrams of the embodiments of the present invention are information transfer directions, the steps are not necessarily performed in the order indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in various embodiments may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed.

The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims

1. A low-power-consumption access authentication method for intelligent equipment of an electric power Internet of things comprises the following steps: the CAAS sends a first message containing the one-time identity of the SWG, the one-time identity of the specified STD and the one-time certificate of the second message to the specified SWG in a first session symmetrically encrypted by a first key; the SWG forwards the one-time identity, the one-time certificate and the one-time verification information of the SWG to the STD through the second message in a second session; the STD verifies the second message through the one-time certificate and sends one-time response information for solving the one-time verification information to the SWG in a third session symmetrically encrypted through a second key; wherein the first key is elliptically signed by the long-term identities of the CAAS and the SWG, the one-time credential is elliptically signed by the long-term identities of the CAAS and the SWG, and the second key is elliptically signed by the one-time identities of the SWG and the STD; the one-time identities of the SWG and the STD are created by the CAAS for their long-term identities based on the same salting operation.

2. A low-power-consumption access authentication method for intelligent equipment of an electric power Internet of things comprises the following steps:

step 100, CAAS,SWG and STD configure long-term identity identification private key q_s、q_gAnd q is_dAnd generating respective long-term identity identification public keys Q based on the same ECC base point G_s、Q_gAnd Q_d；

Step 200, as a response to an access request for accessing a designated STD to a designated SWG, the CAAS initiates a first session containing a first message to the designated SWG;

said first message containing a one-time identity P specifying a SWG_gSpecifying the one-time identity P of the STD_dAnd a disposable certificate V_s,d(ii) a The first session uses a first key SK_s,gSymmetric encryption;

step 300, as a response to said first message, designating the SWG to initiate a second session comprising a second message to the designated STD;

said second message containing a one-time identity P specifying a SWG_gDisposable certificate V_s,dAnd one-time authentication information V_g,d(ii) a The one-time authentication information V of the specified STD_g,dUsing a second key SK_g,dSymmetric encryption;

step 400, as a response to said second message, designating the STD to initiate a third session comprising a third message to the designated SWG; the third message comprises the one-time verification information V_g,dCorresponding one-time response message V_d,g(ii) a The third session uses a second key SK_g,dSymmetric encryption;

step 500, in response to said third message, assigning an SWG to verify said one-time response information V_d,gIf the authentication is correct, the specified STD identity is successfully authenticated by the specified SGW;

wherein the content of the first and second substances,

the first key SK_s,gA hash value obtained by dot multiplication of a local equipment long-term identity identification private key and a remote equipment long-term identity identification public key in a session; the second key SK_g,dThe hash value of the long-term identity identification private key of the local equipment in the session and the one-time identity identification dot product of the remote equipment; the disposable voucher V_s,dBy containing q_s·Q_dBy means ofObtaining the certificate digest data section after one-way hashing; after the designated SGW successfully authenticates the identity of the designated STD, the designated SGW and the designated STD are authenticated by using the second key SK_g,dSymmetrically encrypted conversational communication.

3. The access authentication method for intelligent equipment of the power internet of things according to claim 2, characterized in that:

the CAAS, the SWG and the STD are provided with clocks which are mutually synchronous;

the first message, the second message and/or the third message contain the one-time-use credential V_s,dCreation time t of_sSo that the message receiver can make time-out judgment and/or content verification;

the certificate abstract data section contains the disposable certificate V_s,dCreation time t of_sSpecifying that the STD perform timeliness, correctness, and/or integrity verification on the second message;

and/or the presence of a gas in the gas,

the one-time authentication information V_g,dContaining said one-time voucher V_s,dCreation time t of_s。

4. The access authentication method for intelligent equipment of the power internet of things according to claim 2, characterized in that: the long-term identity public key of the equipment is a dot product of a long-term identity private key and the base point G; the one-time identity of the equipment is the dot product of the long-term identity public key and the random prime number r.

5. The access authentication method for intelligent equipment of the power internet of things according to claim 2, characterized in that:

6. The access authentication method for intelligent equipment of the power internet of things according to claim 1, characterized in that:

7. An access authentication assisting apparatus comprising a first communication interface and a processing module;

the first communication interface is used for establishing a communication link with a designated SWG;

the first processing module comprises at least the following sub-modules:

and the number of the first and second groups,

the first symmetric encryption module encrypts and/or decrypts the session message established on the first communication interface according to the first secret key provided by the first hash module; the session message comprises a first message output by the first combining module.

8. The assist device according to claim 7, comprising:

a memory; the memory is used for storing a designated SWG and a designated STD long-term identity public key Q_gAnd Q_dUnique identification ID specifying SWG and STD_gAnd ID_dLong-term identity identification private key q of the device_sK to_s,gAnd/or K_s,d(ii) a And/or the presence of a gas in the gas,

a random prime number generation module; the random prime number generation module is used for generating a random prime number r so as to calculate the one-time identity.

9. An intelligent gateway auxiliary device comprises a second communication interface, a third communication interface and a second processing module;

the second communication interface is used for establishing a communication link with the access authentication assisting device of any one of claims 7 and 8;

the third communication interface is used for establishing a communication link with the STD;

the second processing module comprises at least the following sub-modules:

and the number of the first and second groups,

10. An intelligent terminal comprises a fourth communication interface and a third processing module;

the fourth communication interface is configured to establish a communication link with the intelligent gateway assistance apparatus of claim 9;

the third processing module comprises at least the following sub-modules:

and the number of the first and second groups,