CN112887338A - Identity authentication method and system based on IBC identification password - Google Patents

Identity authentication method and system based on IBC identification password Download PDF

Info

Publication number
CN112887338A
CN112887338A CN202110292374.5A CN202110292374A CN112887338A CN 112887338 A CN112887338 A CN 112887338A CN 202110292374 A CN202110292374 A CN 202110292374A CN 112887338 A CN112887338 A CN 112887338A
Authority
CN
China
Prior art keywords
key
sensing layer
terminal
layer terminal
edge internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110292374.5A
Other languages
Chinese (zh)
Other versions
CN112887338B (en
Inventor
练永兵
韦小刚
屠正伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
NARI Group Corp
Nari Information and Communication Technology Co
Original Assignee
State Grid Corp of China SGCC
NARI Group Corp
Nari Information and Communication Technology Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, NARI Group Corp, Nari Information and Communication Technology Co filed Critical State Grid Corp of China SGCC
Priority to CN202110292374.5A priority Critical patent/CN112887338B/en
Publication of CN112887338A publication Critical patent/CN112887338A/en
Application granted granted Critical
Publication of CN112887338B publication Critical patent/CN112887338B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention aims to provide an identity authentication method and system based on an IBC identification password, wherein the system comprises a sensing layer terminal, an edge Internet of things agent and a key generation center; the key generation center generates an IBC key of the edge Internet of things agent according to registration request information sent by the edge Internet of things agent; the sensing layer terminal sends a registration message to the key generation center when the sensing layer terminal is online; the key generation center generates a private key intermediate value of a terminal user of a sensing layer according to the registration message and sends the private key intermediate value to a corresponding terminal of the sensing layer; the sensing layer terminal calculates a local IBC private key according to the private key intermediate value; the sensing layer terminal and the edge Internet of things agent perform identity authentication and key agreement before communication based on respective IBC private keys, and perform data communication encryption by using the obtained symmetric key. The method and the device can realize the trusted access and the data security transmission of the Internet of things equipment, enhance the security protection capability of the sensing layer of the Internet of things, and reduce the communication and storage overhead between the equipment.

Description

Identity authentication method and system based on IBC identification password
Technical Field
The invention relates to the technical field of terminal communication of an electric power Internet of things, in particular to a lightweight identity authentication method and system based on an IBC identification password, which can be suitable for a massive terminal of the electric power Internet of things.
Background
With the advance of the construction of the power internet of things, the internet of things terminal equipment has the trends of large scale, complex structure, various types and the like, and the network security protection faces a plurality of new problems. Firstly, the credible identity authentication capability facing the internet of things terminal is not enough, so that the risk of counterfeiting, sensitive data leakage and the like exists in the internet of things terminal. The mass and heterogeneous internet of things terminals lack an authentication mechanism, and trusted network access and data encryption transmission are difficult to realize. The second is that the open and shared network tip extension causes the internet of things boundary to be more fuzzy. The construction of the power internet of things breaks through the original network isolation-based security protection system, the network security exposure surface is continuously increased, and the boundary security protection difficulty is increased day by day.
The architecture form of the electric power internet of things is the same as the internet of things system in other forms, and is divided into 4 layers which are respectively: a sensing layer, a network layer, a platform layer and an application layer. The sensing layer is mainly used for information acquisition and signal processing and is formed by combining various field acquisition components, an intelligent service terminal, a local communication network and an edge Internet of things agent. The number of terminal devices of the power internet of things is extremely large, data not only has the characteristic of strong time sequence but also has the property of sometimes being empty, so that if calculation is carried out on a platform layer, great pressure is generated on a server cluster, the edge calculation is utilized to process some regional calculation tasks on a gateway, a good means for reducing the calculation pressure of the server cluster on the platform layer is provided, and the integration processing of partial data and information is completed on a perception layer.
Although the existing PKI system has a perfect key management system, the following problems exist in the application of the internet of things:
(1) certificate management and maintenance is complex. At present, the number of terminals designed by the internet of things is generally in the order of ten million, ten million certificates are required to be created and maintained by ten million devices, keys related to the certificates are required to be updated continuously, and old keys are required to be stored. After the device holding the certificate is destroyed, the relevant certificate is to be revoked, and therefore, the revocation list is also to be maintained, issued, and continuously updated. The complexity and maintenance cost of digital certificate management are increased;
(2) communication and storage overhead increases. When identity authentication and key agreement are carried out between the devices, the two parties need to exchange digital certificates first, and 13 steps are needed for completing one-time complete identity authentication, so that the communication efficiency is reduced, and the certificates are stored locally, so that storage resources are occupied;
(3) the dependence degree of the business system on the certificate center is high. The system has strong coupling among systems, is easy to conduct faults, has too many components and high complexity, is easy to cause security loopholes in a service system, and has more complex implementation process;
therefore, in the face of the internet of things terminal with a large number of terminals and limited computing and storing resources, the PKI system cannot meet the requirements of high performance, economy and usability.
Noun interpretation
Pki (public Key infrastructure): a public key infrastructure. The system is a universal technical specification and standard which is realized by utilizing the principle and the technology of the asymmetric encryption algorithm and provides security service, and is a system which manages the key and the confirmation information of the asymmetric encryption algorithm and integrates a digital certificate, a public key encryption technology and CA.
Ca (certificate authority): a certificate authority.
RA (registration authority): certificate registration, registration authority.
VA (differentiation authority): a certificate authority.
SM9 identifies cryptographic algorithms, an Identity-Based Encryption (IBE) algorithm issued by the national crypto authority. The IBE algorithm uses the identity of the user as a public key and does not rely on a digital certificate.
IBC (Identity-Based cryptography): an identification-based cryptosystem.
Disclosure of Invention
The invention aims to provide an identity authentication method and system based on an IBC identification password, which can reduce communication and storage overhead between devices on the basis of the technology of realizing trusted access and data secure transmission of Internet of things devices. The technical scheme adopted by the invention is as follows.
In one aspect, the present invention provides an identity authentication method, executed by a sensing layer terminal, including:
generating a registration message, and sending the registration message to a key generation center;
receiving an intermediate value of a private key of a sensing layer terminal IBC generated by the key generation center according to a registration message;
calculating a local sensing layer terminal IBC private key according to the intermediate value of the sensing layer terminal IBC private key;
when authentication is needed, exchanging an IBC public key with the edge Internet of things agent;
selecting an initial symmetric key, and encrypting the initial symmetric key by using an edge Internet of things proxy public key obtained by exchange;
signing the encrypted initial symmetric key by using an IBC private key of a local sensing layer terminal;
generating an authentication message comprising the encrypted initial symmetric key and the signed information thereof, and sending the authentication message to the edge Internet of things agent;
and carrying out key agreement between the authentication message and the edge Internet of things agent to obtain a symmetric key for encrypting communication with the edge Internet of things agent.
Based on the IBC technology, each device has a public key and a private key thereof, the public key and the private key comprise a public private key of a sensing layer terminal, a public private key of an edge Internet of things agent and a public private key of a key generation center, and the public key is related to the ID of each device, so that the public key does not need to be verified in the identity authentication process, only the private key is calculated by the key generation center, and the identity authentication and key agreement stage and the subsequent communication encryption stage do not need to interact with the key generation center, thereby simplifying the flows of identity authentication and key agreement among the devices, reducing the communication and storage expenses and reducing the dependence on the key generation center. In the above scheme, the public keys of the sensing layer terminal and the edge internet of things agent may be formed by combining a device ID + application time + validity period, and the device ID may be configurable, and may be a device model or the like.
According to the scheme, the sensing layer terminal can forward the registration message to the key generation center through the edge Internet of things agent, and then the edge Internet of things agent receives the intermediate value of the sensing layer terminal IBC private key generated by the key generation center.
Optionally, the generating the registration packet includes:
combining the equipment ID, the application time and the validity period information into a public key of a local sensing layer terminal;
a public key of a center is generated by using a random number r and a pre-stored secret key, and the public key of the local sensing layer terminal is encrypted;
generating a registration message comprising encrypted public key information of the sensing layer terminal;
the intermediate value of the IBC private key of the sensing layer terminal is as follows: and the key generation center calculates and obtains a signature private key and an encryption private key of the terminal user of the sensing layer by using an SM9 algorithm according to the encrypted public key information of the terminal of the sensing layer in the registration message, and then encrypts the signature private key and the encryption private key of the terminal user of the sensing layer by using a random number r to obtain a result.
Optionally, calculating the local sensing layer terminal IBC private key according to the intermediate value of the sensing layer terminal IBC private key includes:
and decrypting the intermediate value of the IBC private key of the sensing layer terminal by using the random number r to obtain a signature private key and an encryption private key of a local sensing layer terminal user.
In the subsequent identity authentication process, the terminal signs the message by adopting the signature private key and encrypts the message by adopting the encryption private key.
Optionally, the performing key agreement with the edge internet of things agent includes:
receiving a symmetric key determining message sent by the edge internet of things agent after the edge internet of things agent verifies and passes the authentication message by using the sensing layer terminal public key and decrypts the authentication message by using the edge internet of things agent private key to obtain an initial symmetric key;
and in response to receiving the symmetric key determination message, using the initial symmetric key as a symmetric key for encryption of communication with the edge Internet of things agent.
The above process implements a one-way authentication process. The initial symmetric key may employ a random number.
As an embodiment capable of implementing bidirectional authentication, optionally, the performing key agreement with the edge internet of things agent includes:
receiving a reverse authentication message sent by an edge Internet of things agent; the reverse authentication message information comprises a second symmetric key;
checking the sign of the reverse authentication message by using the edge Internet of things proxy public key, and decrypting the reverse authentication message by using a local sensing layer terminal IBC private key after the sign is checked to obtain a second symmetric key;
carrying out XOR operation on the initial symmetric key and the second symmetric key, carrying out hash processing, and sending the obtained processing result to the edge Internet of things agent;
receiving the symmetric key determination information sent by the edge Internet of things agent after the local confirmation of the processing result is passed;
and taking the processing result as a symmetric key for carrying out communication encryption with the edge Internet of things agent.
Optionally, the initial symmetric key is a random number r 1;
after receiving the authentication message, the edge internet of things agent checks the signature of the authentication message by using a sensing layer terminal public key, decrypts the authentication message by using an edge internet of things agent private key after the signature passes to obtain r1, then selects a random number r2, encrypts r2 by using the sensing layer terminal public key, signs the encrypted information by using the edge internet of things agent private key, and generates a reverse authentication message comprising the encrypted r2 and the signed information;
and the edge Internet of things agent performs exclusive-OR operation on r1 and r2, performs hash processing, compares the result with the received processing result of the sensing layer terminal, and if the result is consistent with the received processing result, the processing result is used as a symmetric key for communication encryption, and the symmetric key determining information is sent to the sensing layer terminal.
In a second aspect, the present invention provides an identity authentication method, performed by an edge internet of things agent, including:
sending registration request information to a key generation center;
receiving an IBC private key generated and sent by a key generation center in response to the registration request information;
exchanging an IBC public key with a quality inspection terminal of a perception layer to be authenticated;
and receiving an authentication message sent by the sensing layer terminal to be authenticated, and performing key agreement between the authentication message and the sensing layer terminal to be authenticated to obtain a symmetric key for communication encryption with the corresponding sensing layer terminal.
Optionally, the method further comprises: receiving a registration message sent by a sensing layer terminal, and forwarding the registration message to a key generation center;
receiving an intermediate value of a private key of a sensing layer terminal IBC generated and sent by a key generation center according to the registration message;
and forwarding the received intermediate value of the IBC private key of the sensing layer terminal to the corresponding sensing layer terminal.
Optionally, the authentication message sent by the sensing layer terminal includes an initial symmetric key encrypted by the edge internet of things proxy public key, and a signed message obtained by signing the encrypted initial symmetric key by the sensing layer terminal private key;
the key negotiation with the terminal of the sensing layer comprises:
verifying the signature of the authentication message by using a public key of a perception layer terminal;
and decrypting the authentication message after the verification is passed by using the local edge Internet of things agent IBC private key to obtain an initial symmetric key which is used as a symmetric key for communication encryption with the corresponding sensing layer terminal.
The above process implements a one-way authentication process.
As an implementation manner capable of implementing bidirectional authentication, optionally, the authentication message sent by the sensing layer terminal includes an initial symmetric key r1 encrypted by using the edge internet of things proxy public key, and a signed message obtained by signing the encrypted r1 by using the sensing layer terminal private key;
the key negotiation with the terminal of the sensing layer comprises:
verifying the signature of the authentication message by using a public key of a perception layer terminal;
decrypting the authentication message after the verification is passed by using the local edge Internet of things agent IBC private key to obtain r 1;
selecting a random number r2, and encrypting r2 by using a public key of a sensing layer terminal;
signing the encrypted r2 by using a local edge Internet of things agent (IBC) private key;
generating a reverse authentication message comprising the encrypted r2 and the signed information thereof, and sending the reverse authentication message to the sensing layer terminal;
receiving authentication result data obtained by the sensing layer terminal performing reverse authentication operation after responding to the received reverse authentication message; wherein the reverse authentication operation comprises performing exclusive-or operation and hash processing on r1 and r2, and the authentication result data comprises the results of performing exclusive-or operation and hash processing on r1 and r 2;
and performing exclusive-or operation and hash processing on r1 and r2, comparing the result with the received authentication result data, if the result is the same as the result, performing exclusive-or operation and hash processing on r1 and r2 to serve as a symmetric key for communication encryption with the corresponding sensing layer terminal, and sending a symmetric key determination message to the sensing layer terminal.
Optionally, the reverse authentication operation further includes: the sensing layer terminal checks the reverse authentication message by using the edge Internet of things agent convention;
and after the signature verification is passed, the sensing layer terminal performs exclusive OR operation and hash processing on r1 and r2, and the obtained result is used as the authentication result data.
In the bidirectional authentication process, the sensing layer terminal and the edge internet of things all comprise signature checking processes, if any signature does not pass through, the authentication process is finished, the authentication is unsuccessful, and the symmetric key for communication encryption cannot be determined.
Optionally, the symmetric key r1 is a random number.
In a third aspect, the present invention provides an identity authentication method, executed by a key generation center, including:
receiving registration request information sent by an edge Internet of things agent to be registered;
responding to the received registration request information, generating an IBC private key of the edge Internet of things agent, and sending the IBC private key to the edge Internet of things agent;
receiving a registration message of a sensing layer terminal to be registered;
and responding to the received registration message, generating an intermediate value of an IBC private key of the sensing layer terminal according to the registration message, and forwarding the intermediate value to the corresponding sensing layer terminal through the edge Internet of things agent.
Optionally, the registration packet is: after the perception layer terminal obtains a perception layer terminal public key by combining the device ID, the application time and the validity period, a terminal public key and a random number r are encrypted by using a key generation center public key to obtain the terminal public key;
the generating of the intermediate value of the private key of the sensing layer terminal IBC according to the registration message information comprises the following steps:
decrypting the registration message by using a private key of a key generation center to obtain an equipment ID, application time, validity period and a random number r;
matching the equipment ID and the validity period with a preset equipment ID and validity period database information database, and if the matching is successful, judging that the sensing layer terminal passes validity check;
calculating the IBC private key of the terminal user of the sensing layer by using an SM9 algorithm according to the terminal public key of the terminal of the sensing layer which passes the validity check;
and encrypting the IBC private key of the terminal user of the sensing layer by using a random number r to obtain an intermediate value of the IBC private key of the terminal of the sensing layer.
The IBC private key of the terminal of the sensing layer comprises an IBC signature private key and an encryption private key, so that the intermediate value of the private key comprises an intermediate value of the signature private key and an intermediate value of the encryption private key.
In a fourth aspect, the invention provides an identity authentication system, which comprises a sensing layer terminal, an edge internet of things agent and a key generation center;
the edge Internet of things agent sends registration request information to a key generation center when the edge Internet of things agent is online; the key generation center generates an IBC key of the edge Internet of things agent according to the registration request information;
the sensing layer terminal sends a registration message to a key generation center when the sensing layer terminal is online; the key generation center generates an intermediate value of a private key of the sensing layer terminal IBC according to the registration message and sends the intermediate value to the corresponding sensing layer terminal; the sensing layer terminal calculates the IBC private key of the local sensing layer terminal according to the intermediate value of the IBC private key;
the sensing layer terminal and the edge Internet of things agent perform identity authentication and key agreement before communication based on respective IBC private keys, determine a symmetric key, and perform data communication encryption by using the symmetric key.
In the system, the sensing layer terminal, the edge internet of things agent and the key generation center can respectively adopt: the sensing layer terminal of the first aspect, the edge internet of things agent of the second aspect, and the key generation center of the third aspect.
Optionally, the key generation center is arranged on an internet of things platform layer, and the edge internet of things agent is arranged on an internet of things sensing layer; the edge Internet of things agent is in communication connection with the key generation center through a trusted channel;
the sensing layer terminal sends a registration message to the key generation center through the edge Internet of things agent; and the intermediate value of the IBC private key of the sensing layer terminal generated by the key generation center is forwarded to the corresponding sensing layer terminal through the edge Internet of things agent.
The trusted channel can adopt a private optical network, a wireless APN and the like.
Advantageous effects
According to the identity authentication method, identity authentication between the sensing layer terminal and the edge Internet of things agent is carried out by utilizing the IBC identity authentication identification technology, a certificate-free lightweight interaction scheme is realized, trusted access and data safe transmission of the Internet of things equipment can be realized, and the safety protection capability of the sensing layer of the Internet of things is enhanced. Because certificate exchange is not needed in the identity authentication stage, a large number of certificates are not transmitted, the interaction flow is reduced, the network bandwidth is saved, the communication efficiency can be improved, and the communication and storage expenses among the devices are reduced.
In addition, the invention is based on an identification cryptosystem, the equipment identification is a public key, and the public key is bound with the equipment without verifying the public key. The key generation center is only responsible for distributing the private key of the user, and only participates in the stage of terminal private key application, and the identity authentication and key agreement stage and the subsequent communication encryption stage do not need to interact with the key generation center, so that the dependence on the key generation center can be greatly reduced. Meanwhile, the certificate is not required to be stored, and the certificate is not required to be managed and maintained, so that the system construction cost can be reduced to a greater extent.
In addition, the invention supports the online distribution of the certificate, and is convenient for the unified management of the equipment. For the electric power Internet of things with massive terminals, manual operation can be reduced, and labor cost is saved.
Drawings
FIG. 1 is a schematic diagram illustrating the operation of the identity authentication system of the present invention;
FIG. 2 is a schematic diagram illustrating a principle of implementing the distribution of a terminal private key of a sensing layer by the identity authentication system of the present invention;
fig. 3 is a schematic diagram illustrating an embodiment of an identity authentication system implementing identity authentication and key agreement between an edge internet of things agent and a sensing layer terminal according to the present invention;
fig. 4 is a schematic diagram illustrating a second embodiment of the identity authentication system according to the present invention for implementing identity authentication and key agreement between the edge internet of things proxy and the sensing layer terminal.
Detailed Description
The following further description is made in conjunction with the accompanying drawings and the specific embodiments.
The PKI system cannot be applied to the internet of things, and the CA is a performance bottleneck of the internet of things, and the basic reason is that the public key of the CA is randomly generated and has no natural binding relationship with the user.
The technical concept of the invention is that a complete lightweight identity authentication system suitable for the safe access of the terminal of the Internet of things is formed on the basis of an IBC system realized by SM9 national cryptographic algorithm. The core of the IBC system is that a public key is strongly related to the identification of the equipment, and the certificate is not needed, so that the certificate is not needed to be managed and maintained; the procedures of identity authentication and key agreement between the devices are simplified under the condition of ensuring the safety, and the communication and storage expenses are reduced; the public key is strongly related to the self identification of the equipment, and the identity authentication and key agreement process does not need the participation of an authentication center, so that the method is suitable for the characteristic of Internet of things object-to-object interconnection.
Example 1
Referring to fig. 1, this embodiment introduces an identity authentication system, which includes a sensing layer terminal, an edge internet of things agent, and a key generation center;
the edge Internet of things agent sends registration request information to a key generation center when the edge Internet of things agent is online; the key generation center generates an IBC key of the edge Internet of things agent according to the registration request information;
the sensing layer terminal sends a registration message to the key generation center through the edge Internet of things agent when the sensing layer terminal is online; the key generation center generates a private key intermediate value of a terminal user of a sensing layer according to the registration message information, and forwards the private key intermediate value to a corresponding sensing layer terminal through the edge Internet of things agent; the sensing layer terminal calculates the private key of the local sensing layer terminal IBC according to the intermediate value of the private key;
the sensing layer terminal and the edge Internet of things agent perform identity authentication and key agreement before communication based on respective IBC keys, determine a symmetric key, and perform data communication encryption by using the symmetric key.
In the IBC identification cryptosystem, an IBC key consists of an IBC public key and an IBC private key, wherein the public key is bound with the equipment identification, so that the public key does not need to be verified in the identity authentication process, the key generation center can only be responsible for calculating the equipment private key, and the identity authentication and key agreement stage and the subsequent communication encryption stage do not need to interact with the key generation center, thereby reducing the dependence on the key generation center.
When the method is applied, the key generation center can be arranged on an internet of things platform layer, and the edge internet of things agent is arranged on an internet of things sensing layer; the edge internet of things agent is in communication connection with the key generation center through a trusted channel. The trusted channel can adopt a private optical network, a wireless APN and the like.
Example 2
This embodiment introduces an identity authentication method for the system of embodiment 1, which is specifically described below in terms of edge internet of things agent registration, sensing layer terminal registration, and identity authentication key agreement between the sensing layer terminal and the edge internet of things agent.
Edge Internet of things proxy registration
The edge internet of things agent is a portal for sensing the terminal data of the layer to enter the upper layer, the key generation center is generally deployed on the platform layer, a trusted channel (such as an optical fiber private network, a wireless APN and the like) is established between the edge internet of things agent and the key generation center after the edge internet of things agent is on line, and the edge internet of things agent registers in the key generation center through the trusted channel.
As shown in fig. 1, the registration process of the edge internet of things agent in this embodiment is as follows:
1.1 when the edge Internet of things agent is online, sending registration request information to a key generation center;
1.2 after responding to the received registration request information of the edge internet of things agent, the key generation center calculates and generates an IBC private key of the edge internet of things agent by using an SM9 algorithm, and returns the private key to the corresponding edge internet of things agent.
The registration request information sent by the edge internet of things agent to the key generation center includes self equipment identification information, namely an IBC public key, and can adopt a form of equipment ID + application time + validity period, the key generation center calculates a corresponding IBC private key according to the IBC public key of the edge internet of things agent by using an SM9 algorithm, and the specific calculation can adopt the prior art.
Second, registration of the terminal of the sensing layer
When a sensing layer terminal which needs data access and communication is online, first, an IBC private key needs to be applied to a key generation center, and referring to fig. 2, a registration process of the sensing layer terminal in this embodiment is as follows.
2.1 the sensing layer terminal sends a registration message to the edge Internet of things agent when on-line, and the registration message is forwarded to the key generation center through the edge Internet of things agent;
the generation process of the registration message comprises the following steps: the sensing layer terminal uses the combination of the device ID, the application time and the validity period to obtain the sensing layer terminal IBC public key, and then uses the key generation center public key to encrypt the terminal public key and the random number r.
2.2 the key generation center generates an intermediate value of a private key of the sensing layer terminal IBC according to the registration message information, and forwards the intermediate value to the corresponding sensing layer terminal through the edge Internet of things agent; the specific process is as follows:
the key generation center decrypts the registration message by using a private key of the key generation center to obtain the equipment ID, the application time, the validity period and the random number r;
matching the equipment ID and the validity period with a preset equipment ID and validity period database information database, and if the matching is successful, judging that the sensing layer terminal passes validity check;
calculating the IBC private key of the terminal user of the sensing layer by using an SM9 algorithm according to the terminal public key of the terminal of the sensing layer which passes the validity check;
and encrypting the IBC private key of the terminal user of the sensing layer by using a random number r to obtain an intermediate value of the IBC private key of the terminal of the sensing layer.
The intermediate value of the private key comprises an intermediate value of the signature private key and an intermediate value of the encryption private key.
And 2.3, the terminal of the sensing layer transmits the received intermediate value of the IBC private key of the terminal of the sensing layer to the corresponding terminal of the sensing layer.
2.4, the terminal of the sensing layer receives the intermediate value of the private key of the corresponding local terminal IBC of the sensing layer, and calculates the private key of the local terminal IBC of the sensing layer according to the intermediate value; the specific process comprises the following steps: and decrypting the intermediate value of the IBC private key of the sensing layer terminal by using the random number r to obtain a signature private key and an encryption private key of a local sensing layer terminal user.
In the subsequent identity authentication process, the terminal signs the message by adopting the signature private key and encrypts the message by adopting the encryption private key.
Thirdly, identity authentication key agreement is carried out between the terminal of the sensing layer and the edge Internet of things agent
Before the registered sensing layer terminal is accessed to the upper layer, identity authentication and key agreement are firstly required to be carried out between the registered sensing layer terminal and the sensing layer terminal so as to obtain a symmetric key for encrypting a message in a communication process. Referring to fig. 3, this embodiment provides a one-way authentication process, and fig. 4 provides a two-way authentication process, which can be respectively used for determining the symmetric key, and the latter can further improve the system security than the former.
The key agreement of the one-way authentication shown in fig. 3 includes the following processes:
3.1.1 exchanging an IBC public key between a sensing layer terminal needing authentication and an edge Internet of things agent;
3.2.1 the sensing layer terminal selects an initial symmetric key, such as a random number r1, encrypts r1 by using an edge Internet of things proxy public key obtained by exchange, then performs message signing by using a local sensing layer terminal IBC private key, generates an authentication message comprising the encrypted initial symmetric key and a signed message, and sends the authentication message to an edge Internet of things proxy; (ii) a
3.3.1 the edge internet of things agent checks the signature with the authentication message received by the public key of the corresponding sensing layer terminal, if the signature passes, the authentication message after passing the signature is decrypted by the IBC private key of the local edge internet of things agent to obtain an initial symmetric key r1, and r1 is used as the symmetric key for communication encryption with the corresponding sensing layer terminal;
3.4.1 the edge internet of things agent sends a symmetric key determination message to the sensing layer terminal, and determines that the symmetric key is r 1. The subsequent two utilize the determined symmetric key and the symmetric encryption algorithm to carry out secure communication.
The key agreement for mutual authentication shown in fig. 4 includes the following procedures:
3.1.2 exchanging an IBC public key between the sensing layer terminal needing authentication and the edge Internet of things agent;
3.2.2 the sensing layer terminal selects an initial symmetric key, such as a random number r1, encrypts r1 by using an edge Internet of things proxy public key obtained by exchange, then performs message signing by using a local sensing layer terminal IBC private key, generates an authentication message comprising the encrypted initial symmetric key and a signed message, and sends the authentication message to an edge Internet of things proxy;
3.3.2 the edge Internet of things agent checks the signature with the authentication message received by the public key of the corresponding sensing layer terminal, and if the signature passes the check, the authentication message after passing the check is decrypted by the IBC private key of the local edge Internet of things agent to obtain an initial symmetric key r 1;
3.4.2 the agent selects the second symmetric key, such as random number r2, encrypts r2 with the public key of the sensing layer terminal, signs the encrypted information with the private key of the agent, generates the reverse authentication message including r2 and the signed information, and sends it to the sensing layer terminal;
3.5.2 the sensing layer terminal receives a reverse authentication message sent by the edge internet of things agent, the public key of the edge internet of things agent is used for checking the sign of the reverse authentication message, and the local sensing layer terminal IBC private key is used for decrypting the reverse authentication message after the sign is checked to obtain a second symmetric key r 2;
3.6.2 the perception layer terminal carries out bitwise XOR and hash processing on the initial symmetric key r1 and the second symmetric key r2, and sends the obtained processing result to the edge Internet of things agent;
the edge Internet of things agent end also carries out bitwise XOR and hash processing on r1 and r 2;
3.7.2 the edge Internet of things terminal compares the local XOR and hash processing result with the received processing result of the sensing layer terminal, if the two are consistent, the processing result is used as a symmetric key for communication encryption, and symmetric key determining information is sent to the sensing layer terminal;
3.8.2, the symmetric key determination information sent by the edge agent is received, and the processed result of bitwise exclusive-or and hash is used as the symmetric key for communication encryption with the edge agent.
And at this moment, the processes of identity authentication and key agreement are completed between the edge Internet of things agent and the sensing layer terminal. When the two devices communicate, the negotiated symmetric key can be used to combine the symmetric encryption algorithm to encrypt the data communication, thereby ensuring the secure access of the terminal of the sensing layer.
The embodiments can see that the identity authentication between the sensing layer terminal and the edge internet of things agent is performed by using the IBC identity authentication identification technology, so that a certificate-free lightweight interaction scheme is realized, the trusted access and data security transmission of the Internet of things equipment can be realized, and the security protection capability of the sensing layer of the Internet of things is enhanced. Because certificate exchange is not needed in the identity authentication stage, a large number of certificates are not transmitted, the interaction flow is reduced, the network bandwidth is saved, the communication efficiency can be improved, and the communication and storage expenses among the devices are reduced. Meanwhile, the invention supports online distribution of certificates, is convenient for unified management of equipment, and can reduce manual operation and save labor cost for the power Internet of things with massive terminals.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (14)

1. An identity authentication method is executed by a sensing layer terminal, and is characterized by comprising the following steps:
generating a registration message, and sending the registration message to a key generation center;
receiving an intermediate value of a private key of a sensing layer terminal IBC generated by the key generation center according to a registration message;
calculating a local sensing layer terminal IBC private key according to the intermediate value of the sensing layer terminal IBC private key;
when authentication is needed, exchanging an IBC public key with the edge Internet of things agent;
selecting an initial symmetric key, and encrypting the initial symmetric key by using an edge Internet of things proxy public key obtained by exchange;
signing the encrypted initial symmetric key by using an IBC private key of a local sensing layer terminal;
generating an authentication message comprising the encrypted initial symmetric key and the signed information thereof, and sending the authentication message to the edge Internet of things agent;
and carrying out key agreement between the authentication message and the edge Internet of things agent to obtain a symmetric key for encrypting communication with the edge Internet of things agent.
2. The method of claim 1, wherein generating the registration message comprises:
combining the equipment ID, the application time and the validity period information into a public key of a local sensing layer terminal;
a public key of a center is generated by using a random number r and a pre-stored secret key, and the public key of the local sensing layer terminal is encrypted;
generating a registration message comprising encrypted public key information of the sensing layer terminal;
the intermediate value of the IBC private key of the sensing layer terminal is as follows: and the key generation center calculates and obtains a signature private key and an encryption private key of the terminal user of the sensing layer by using an SM9 algorithm according to the encrypted public key information of the terminal of the sensing layer in the registration message, and then encrypts the signature private key and the encryption private key of the terminal user of the sensing layer by using a random number r to obtain a result.
3. The method of claim 2, wherein calculating the local sensing layer terminal IBC private key according to the intermediate value of the sensing layer terminal IBC private key comprises:
and decrypting the intermediate value of the IBC private key of the sensing layer terminal by using the random number r to obtain a signature private key and an encryption private key of a local sensing layer terminal user.
4. The method of claim 1, wherein the negotiating a key with the edge internet of things agent comprises:
receiving a symmetric key determining message sent by the edge internet of things agent after the edge internet of things agent verifies and passes the authentication message by using the sensing layer terminal public key and decrypts the authentication message by using the edge internet of things agent private key to obtain an initial symmetric key;
and in response to receiving the symmetric key determination message, using the initial symmetric key as a symmetric key for encryption of communication with the edge Internet of things agent.
5. The method of claim 1, wherein the negotiating a key with the edge internet of things agent comprises:
receiving a reverse authentication message sent by an edge Internet of things agent; the reverse authentication message information comprises a second symmetric key;
checking the sign of the reverse authentication message by using the edge Internet of things proxy public key, and decrypting the reverse authentication message by using a local sensing layer terminal IBC private key after the sign is checked to obtain a second symmetric key;
carrying out XOR operation on the initial symmetric key and the second symmetric key, carrying out hash processing, and sending the obtained processing result to the edge Internet of things agent;
receiving the symmetric key determination information sent by the edge Internet of things agent after the local confirmation of the processing result is passed;
and taking the processing result as a symmetric key for carrying out communication encryption with the edge Internet of things agent.
6. The method of claim 5, wherein the initial symmetric key is a random number r 1;
after receiving the authentication message, the edge internet of things agent checks the signature of the authentication message by using a sensing layer terminal public key, decrypts the authentication message by using an edge internet of things agent private key after the signature passes to obtain r1, then selects a random number r2, encrypts r2 by using the sensing layer terminal public key, signs the encrypted information by using the edge internet of things agent private key, and generates a reverse authentication message comprising the encrypted r2 and the signed information;
and the edge Internet of things agent performs exclusive-OR operation on r1 and r2, performs hash processing, compares the result with the received processing result of the sensing layer terminal, and if the result is consistent with the received processing result, the processing result is used as a symmetric key for communication encryption, and the symmetric key determining information is sent to the sensing layer terminal.
7. An identity authentication method executed by an edge Internet of things agent is characterized by comprising the following steps:
sending registration request information to a key generation center;
receiving an IBC private key generated and sent by a key generation center in response to the registration request information;
exchanging an IBC public key with a terminal of a perception layer to be authenticated;
and receiving an authentication message sent by the sensing layer terminal to be authenticated, and performing key agreement between the authentication message and the sensing layer terminal to be authenticated to obtain a symmetric key for communication encryption with the corresponding sensing layer terminal.
8. The method as claimed in claim 7, wherein the authentication message sent by the sensing layer terminal includes an initial symmetric key encrypted by the edge internet of things proxy public key, and a signed message obtained by signing the encrypted initial symmetric key by the sensing layer terminal private key;
the key negotiation with the terminal of the sensing layer comprises:
verifying the signature of the authentication message by using a public key of a perception layer terminal;
and decrypting the authentication message after the verification is passed by using the local edge Internet of things agent IBC private key to obtain an initial symmetric key which is used as a symmetric key for communication encryption with the corresponding sensing layer terminal.
9. The method as claimed in claim 7, wherein the authentication message sent by the terminal of the sensing layer includes an initial symmetric key r1 encrypted by the public key of the edge internet of things proxy and a signed message obtained by signing the encrypted r1 by the private key of the terminal of the sensing layer;
the key negotiation with the terminal of the sensing layer comprises:
verifying the signature of the authentication message by using a public key of a perception layer terminal;
decrypting the authentication message after the verification is passed by using the local edge Internet of things agent IBC private key to obtain r 1;
selecting a random number r2, and encrypting r2 by using a public key of a sensing layer terminal;
signing the encrypted r2 by using a local edge Internet of things agent (IBC) private key;
generating a reverse authentication message comprising the encrypted r2 and the signed information thereof, and sending the reverse authentication message to the sensing layer terminal;
receiving authentication result data obtained by the sensing layer terminal performing reverse authentication operation after responding to the received reverse authentication message; wherein the reverse authentication operation comprises performing exclusive-or operation and hash processing on r1 and r2, and the authentication result data comprises the results of performing exclusive-or operation and hash processing on r1 and r 2;
and performing exclusive-or operation and hash processing on r1 and r2, comparing the result with the received authentication result data, if the result is the same as the result, performing exclusive-or operation and hash processing on r1 and r2 to serve as a symmetric key for communication encryption with the corresponding sensing layer terminal, and sending a symmetric key determination message to the sensing layer terminal.
10. The method of claim 9, wherein the reverse authentication operation further comprises: the sensing layer terminal checks the reverse authentication message by using the edge Internet of things agent convention;
and after the signature verification is passed, the sensing layer terminal performs exclusive OR operation and hash processing on r1 and r2, and the obtained result is used as the authentication result data.
11. An identity authentication method performed by a key generation center, comprising:
receiving registration request information sent by an edge Internet of things agent to be registered;
responding to the received registration request information, generating an IBC private key of the edge Internet of things agent, and sending the IBC private key to the edge Internet of things agent;
receiving a registration message of a sensing layer terminal to be registered;
and responding to the received registration message, generating a sensing layer terminal IBC private key intermediate value according to the registration message, and sending the sensing layer terminal IBC private key intermediate value to a corresponding sensing layer terminal.
12. The method of claim 11, wherein the registration message is: after the perception layer terminal obtains a perception layer terminal public key by combining the device ID, the application time and the validity period, a terminal public key and a random number r are encrypted by using a key generation center public key to obtain the terminal public key;
the generating of the intermediate value of the private key of the sensing layer terminal IBC according to the registration message information comprises the following steps:
decrypting the registration message by using a private key of a key generation center to obtain an equipment ID, application time, validity period and a random number r;
matching the equipment ID and the validity period with preset equipment ID and validity period database information, and if the matching is successful, judging that the sensing layer terminal passes validity check;
calculating the IBC private key of the terminal user of the sensing layer by using an SM9 algorithm according to the terminal public key of the terminal of the sensing layer which passes the validity check;
and encrypting the IBC private key of the terminal user of the sensing layer by using a random number r to obtain an intermediate value of the IBC private key of the terminal of the sensing layer.
13. An identity authentication system comprises a sensing layer terminal, an edge Internet of things agent and a key generation center;
the edge Internet of things agent sends registration request information to a key generation center when the edge Internet of things agent is online; the key generation center generates an IBC key of the edge Internet of things agent according to the registration request information;
the sensing layer terminal sends a registration message to a key generation center when the sensing layer terminal is online; the key generation center generates an intermediate value of a private key of the sensing layer terminal IBC according to the registration message and sends the intermediate value to the corresponding sensing layer terminal; the sensing layer terminal calculates the IBC private key of the local sensing layer terminal according to the intermediate value of the IBC private key;
the sensing layer terminal and the edge Internet of things agent perform identity authentication and key agreement before communication based on respective IBC private keys, determine a symmetric key, and perform data communication encryption by using the symmetric key.
14. The identity authentication system of claim 13, wherein the key generation center is disposed on an internet of things platform layer, and the edge internet of things agent is disposed on an internet of things sensing layer; the edge Internet of things agent is in communication connection with the key generation center through a trusted channel;
the sensing layer terminal sends a registration message to the key generation center through the edge Internet of things agent; and the intermediate value of the IBC private key of the sensing layer terminal generated by the key generation center is forwarded to the corresponding sensing layer terminal through the edge Internet of things agent.
CN202110292374.5A 2021-03-18 2021-03-18 Identity authentication method and system based on IBC identification password Active CN112887338B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110292374.5A CN112887338B (en) 2021-03-18 2021-03-18 Identity authentication method and system based on IBC identification password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110292374.5A CN112887338B (en) 2021-03-18 2021-03-18 Identity authentication method and system based on IBC identification password

Publications (2)

Publication Number Publication Date
CN112887338A true CN112887338A (en) 2021-06-01
CN112887338B CN112887338B (en) 2022-08-05

Family

ID=76041278

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110292374.5A Active CN112887338B (en) 2021-03-18 2021-03-18 Identity authentication method and system based on IBC identification password

Country Status (1)

Country Link
CN (1) CN112887338B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113489585A (en) * 2021-07-02 2021-10-08 北京明朝万达科技股份有限公司 Identity authentication method and system of terminal equipment, storage medium and electronic equipment
CN113591103A (en) * 2021-06-29 2021-11-02 中国电力科学研究院有限公司 Identity authentication method and system between intelligent terminals of power internet of things
CN113591058A (en) * 2021-07-28 2021-11-02 四川美康医药软件研究开发有限公司 Processing method and device for online verification plug-in and electronic equipment
CN113904830A (en) * 2021-09-29 2022-01-07 北京天融信网络安全技术有限公司 SPA authentication method and device, electronic equipment and readable storage medium
CN113949414A (en) * 2021-09-09 2022-01-18 广东电网有限责任公司电力调度控制中心 Low-voltage power line carrier communication trusted security access method
CN113965323A (en) * 2021-10-26 2022-01-21 云南大学 Certificateless body measurement data tamper-proof method and certificateless body measurement data tamper-proof system
CN114024757A (en) * 2021-11-09 2022-02-08 国网山东省电力公司电力科学研究院 Electric power Internet of things edge terminal access method and system based on identification cryptographic algorithm
CN114172696A (en) * 2021-11-23 2022-03-11 国网江西省电力有限公司电力科学研究院 Terminal authentication method for cloud-side cooperative dual authentication in power Internet of things
CN114244502A (en) * 2021-11-18 2022-03-25 中国南方电网有限责任公司 Signature key generation method and device based on SM9 algorithm and computer equipment
CN114422588A (en) * 2022-01-19 2022-04-29 南京南瑞信息通信科技有限公司 Safety autonomous implementing system and method for authenticating terminal access by edge internet of things agent
CN114531680A (en) * 2022-03-07 2022-05-24 国网福建省电力有限公司信息通信分公司 Lightweight IBC bidirectional identity authentication system and method based on quantum key
CN115314278A (en) * 2022-08-04 2022-11-08 长扬科技(北京)股份有限公司 Trusted network connection identity authentication method, electronic equipment and storage medium
WO2024027070A1 (en) * 2022-08-03 2024-02-08 中国电力科学研究院有限公司 Terminal device authentication method and system based on identification public key, and computer-readable storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327309A (en) * 2018-11-08 2019-02-12 北京中电华大电子设计有限责任公司 A kind of domain traversal key management method based on IBC Yu PKI mixed system
CN110635899A (en) * 2019-09-03 2019-12-31 核芯互联科技(青岛)有限公司 IBC user key updating method and device
CN111083131A (en) * 2019-12-10 2020-04-28 南瑞集团有限公司 Lightweight identity authentication method for power Internet of things sensing terminal
CN111147472A (en) * 2019-12-23 2020-05-12 全球能源互联网研究院有限公司 Lightweight authentication method and system for intelligent electric meter under edge computing scene
CN111447187A (en) * 2020-03-19 2020-07-24 重庆邮电大学 Cross-domain authentication method for heterogeneous Internet of things
CN111556136A (en) * 2020-04-26 2020-08-18 全球能源互联网研究院有限公司 Data interaction method between internal containers of power edge Internet of things agent
CN112468490A (en) * 2020-11-25 2021-03-09 国网辽宁省电力有限公司信息通信分公司 Authentication method for power grid terminal layer equipment access

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327309A (en) * 2018-11-08 2019-02-12 北京中电华大电子设计有限责任公司 A kind of domain traversal key management method based on IBC Yu PKI mixed system
CN110635899A (en) * 2019-09-03 2019-12-31 核芯互联科技(青岛)有限公司 IBC user key updating method and device
CN111083131A (en) * 2019-12-10 2020-04-28 南瑞集团有限公司 Lightweight identity authentication method for power Internet of things sensing terminal
CN111147472A (en) * 2019-12-23 2020-05-12 全球能源互联网研究院有限公司 Lightweight authentication method and system for intelligent electric meter under edge computing scene
CN111447187A (en) * 2020-03-19 2020-07-24 重庆邮电大学 Cross-domain authentication method for heterogeneous Internet of things
CN111556136A (en) * 2020-04-26 2020-08-18 全球能源互联网研究院有限公司 Data interaction method between internal containers of power edge Internet of things agent
CN112468490A (en) * 2020-11-25 2021-03-09 国网辽宁省电力有限公司信息通信分公司 Authentication method for power grid terminal layer equipment access

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
任晓龙;韩大为;杨海文: "《电力物联网传感装置安全接入技术》", 《农村电气化》 *
林俊燕;张兆雷;袁智伟: "《物联网中基于IBC的认证加密机制研究》", 《信息安全与通信保密》 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113591103A (en) * 2021-06-29 2021-11-02 中国电力科学研究院有限公司 Identity authentication method and system between intelligent terminals of power internet of things
CN113591103B (en) * 2021-06-29 2024-02-23 中国电力科学研究院有限公司 Identity authentication method and system between intelligent terminals of electric power Internet of things
CN113489585A (en) * 2021-07-02 2021-10-08 北京明朝万达科技股份有限公司 Identity authentication method and system of terminal equipment, storage medium and electronic equipment
CN113489585B (en) * 2021-07-02 2023-12-05 北京明朝万达科技股份有限公司 Identity authentication method and system of terminal equipment, storage medium and electronic equipment
CN113591058A (en) * 2021-07-28 2021-11-02 四川美康医药软件研究开发有限公司 Processing method and device for online verification plug-in and electronic equipment
CN113949414A (en) * 2021-09-09 2022-01-18 广东电网有限责任公司电力调度控制中心 Low-voltage power line carrier communication trusted security access method
CN113904830B (en) * 2021-09-29 2023-11-10 北京天融信网络安全技术有限公司 SPA authentication method, SPA authentication device, electronic equipment and readable storage medium
CN113904830A (en) * 2021-09-29 2022-01-07 北京天融信网络安全技术有限公司 SPA authentication method and device, electronic equipment and readable storage medium
CN113965323A (en) * 2021-10-26 2022-01-21 云南大学 Certificateless body measurement data tamper-proof method and certificateless body measurement data tamper-proof system
CN114024757B (en) * 2021-11-09 2024-02-02 国网山东省电力公司电力科学研究院 Electric power internet of things edge terminal access method and system based on identification password algorithm
CN114024757A (en) * 2021-11-09 2022-02-08 国网山东省电力公司电力科学研究院 Electric power Internet of things edge terminal access method and system based on identification cryptographic algorithm
CN114244502A (en) * 2021-11-18 2022-03-25 中国南方电网有限责任公司 Signature key generation method and device based on SM9 algorithm and computer equipment
CN114172696B (en) * 2021-11-23 2023-09-12 国网江西省电力有限公司电力科学研究院 Terminal authentication method for cloud edge end cooperative dual authentication in electric power Internet of things
CN114172696A (en) * 2021-11-23 2022-03-11 国网江西省电力有限公司电力科学研究院 Terminal authentication method for cloud-side cooperative dual authentication in power Internet of things
CN114422588A (en) * 2022-01-19 2022-04-29 南京南瑞信息通信科技有限公司 Safety autonomous implementing system and method for authenticating terminal access by edge internet of things agent
CN114422588B (en) * 2022-01-19 2023-12-19 南京南瑞信息通信科技有限公司 Security autonomous realization system and method for authenticating terminal access by edge internet of things agent
CN114531680A (en) * 2022-03-07 2022-05-24 国网福建省电力有限公司信息通信分公司 Lightweight IBC bidirectional identity authentication system and method based on quantum key
CN114531680B (en) * 2022-03-07 2023-06-27 国网福建省电力有限公司信息通信分公司 Light-weight IBC bidirectional identity authentication system and method based on quantum key
WO2024027070A1 (en) * 2022-08-03 2024-02-08 中国电力科学研究院有限公司 Terminal device authentication method and system based on identification public key, and computer-readable storage medium
CN115314278A (en) * 2022-08-04 2022-11-08 长扬科技(北京)股份有限公司 Trusted network connection identity authentication method, electronic equipment and storage medium
CN115314278B (en) * 2022-08-04 2023-06-30 长扬科技(北京)股份有限公司 Trusted network connection identity authentication method, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN112887338B (en) 2022-08-05

Similar Documents

Publication Publication Date Title
CN112887338B (en) Identity authentication method and system based on IBC identification password
CN111835752B (en) Lightweight authentication method based on equipment identity and gateway
CN110380852B (en) Bidirectional authentication method and communication system
CN101090316B (en) Identify authorization method between storage card and terminal equipment at off-line state
CN111552270B (en) Safety authentication and data transmission method and device for vehicle-mounted diagnosis
CN111756529B (en) Quantum session key distribution method and system
CN104144413A (en) Approval method and system based on mobile terminal
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN104424446A (en) Safety verification and transmission method and system
CN113704736A (en) Lightweight access authentication method and system for power Internet of things equipment based on IBC system
CN114553441B (en) Electronic contract signing method and system
CN111539496A (en) Vehicle information two-dimensional code generation method, two-dimensional code license plate, authentication method and system
CN114398602A (en) Internet of things terminal identity authentication method based on edge calculation
CN114650173A (en) Encryption communication method and system
CN116743372A (en) Quantum security protocol implementation method and system based on SSL protocol
CN113676330B (en) Digital certificate application system and method based on secondary secret key
CN113839786B (en) Key distribution method and system based on SM9 key algorithm
CN113329003B (en) Access control method, user equipment and system for Internet of things
JP5393594B2 (en) Efficient mutual authentication method, program, and apparatus
CN114070570A (en) Safe communication method of power Internet of things
CN114679262A (en) Quantum key distribution system and method fusing asymmetric system
CN113301026A (en) Method for communication between servers
CN112422563A (en) Weather data encryption and decryption service system based on hybrid cryptography
CN114696999A (en) Identity authentication method and device
CN114448636A (en) Quantum-resistant computing digital currency system based on digital certificate and anonymous communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant