CN113452671A - Terminal access authentication method based on equipment identity - Google Patents
Terminal access authentication method based on equipment identity Download PDFInfo
- Publication number
- CN113452671A CN113452671A CN202110508257.8A CN202110508257A CN113452671A CN 113452671 A CN113452671 A CN 113452671A CN 202110508257 A CN202110508257 A CN 202110508257A CN 113452671 A CN113452671 A CN 113452671A
- Authority
- CN
- China
- Prior art keywords
- internet
- platform
- trust anchor
- things
- anchor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The invention discloses a terminal access authentication method based on equipment identity. The method aims to solve the problems that mutual authentication of equipment and a network platform cannot be realized and anonymity is not supported in the equipment access identity authentication method in the prior art; the invention comprises the following steps: s1: constructing a network model, wherein the network model comprises intelligent equipment, an Internet of things platform and a trust anchor; s2: defining a bilinear pairing and bilinear pairing mapping relation, and selecting bilinear pairing mapping by a trust anchor; the trust anchor selects a main private key of the trust anchor and keeps the main private key secret; s3: registering the intelligent equipment or the Internet of things platform with the trust anchor, and distributing respective private keys to the intelligent equipment or the Internet of things platform by the trust anchor; s4: and bidirectional identity authentication is performed between the intelligent equipment and the Internet of things platform through a private key. The intelligent terminal can use one private key to realize safety certification without the help of a trust anchor, so that the service provided by the Internet of things platform can be accessed anonymously.
Description
Technical Field
The invention relates to the field of equipment access authentication, in particular to a method for terminal access authentication based on equipment identity.
Background
The information security is the first link for ensuring the information interaction of the pumped storage power station, wherein the identity authentication is the premise of the secure access. At present, a great deal of research is carried out on the security access of intelligent equipment by a great deal of researchers at home and abroad, but the problems of a great amount of calculation at the intelligent equipment, unsuitability for an intelligent power grid, incapability of realizing mutual authentication and incapability of supporting anonymity exist.
For example, an "identity authentication method for an intelligent mobile wireless terminal to access a cloud server" disclosed in chinese patent literature, whose publication number CN102571792A includes: 1) the intelligent wireless mobile terminal sends an identity authentication request when accessing the cloud server through a wireless broadband mobile network; 2) the cloud server sends an identity authentication response; 3) the intelligent wireless mobile terminal sends an access link authentication request to the cloud server; 4) the cloud server confirms that the access is legal by comparing the attributes of the intelligent wireless mobile terminal such as identity, password and the like, and returns an access link authentication response; 5) the intelligent wireless mobile terminal sends an access link association request; 6) the cloud server responds to an access link association response and allows the two parties to establish link connection; 7) and completing the reliable access process between the intelligent wireless mobile terminal and the cloud server. Although the scheme can prevent information leakage and prevent unsafe access, the scheme cannot realize mutual authentication and also has the problem of non-support of anonymity.
Disclosure of Invention
The invention mainly solves the problems that the mutual authentication of the equipment and a network platform cannot be realized and the anonymity is not supported in the equipment access identity authentication method in the prior art; the intelligent terminal realizes mutual security authentication by using a private key without the help of a trust anchor in the authentication process, so that the service provided by the Internet of things platform is accessed anonymously.
The technical problem of the invention is mainly solved by the following technical scheme:
a terminal access authentication method based on equipment identity comprises the following steps:
s1: constructing a network model, wherein the network model comprises intelligent equipment, an Internet of things platform and a trust anchor;
s2: defining a bilinear pairing and bilinear pairing mapping relation, and selecting bilinear pairing mapping by a trust anchor; the trust anchor selects a main private key thereof, calculates a main public key according to the main private key and keeps the main private key secret;
s3: carrying out an intelligent device extraction process and an Internet of things platform extraction process, wherein the extraction process comprises a stage of registering the intelligent device or the Internet of things platform to a trust anchor and a stage of distributing respective private keys of the intelligent device or the Internet of things platform to the intelligent device or the Internet of things platform by the trust anchor;
s4: and bidirectional identity authentication is performed between the intelligent equipment and the Internet of things platform through a private key.
According to the scheme, the intelligent device and the Internet of things platform register to the trust anchor, the trust anchor distributes respective private keys to the Internet of things platform and the intelligent device, bidirectional identity verification is carried out between the intelligent device and the Internet of things platform through the private keys, and the intelligent terminal can use one private key to realize safety certification without the help of the trust anchor, so that services provided by the Internet of things platform can be accessed anonymously.
Preferably, the trust anchor is a trusted third party, and the trust anchor is used for respectively distributing the private keys of the intelligent device or the internet of things platform in the extraction process; the intelligent device and the Internet of things platform both comprise anti-tampering modules, and the anti-tampering modules are used for storing private keys received from the trust anchor.
Preferably, the step S2 includes the following steps:
s21: defining a bilinear pairing; let G1For additive cyclic groups, G2For multiplication loop groups, g1For addition of cyclic groups G1The generator of (1); wherein the addition cycles group G1And multiplication cyclic group G2Has a prime order q;
s22: defining a bilinear pairing mapping relation e: g1×G1→G2;
S23: the trust anchor selects a bilinear pairing mapping relationship e: g1×G1→G2And five one-way hash functions H: {0,1}*→G1(ii) a The five one-way hash functions are respectively H1:
And
s24: the trust anchor selects a random number as its primary private key kanchor,privateCalculating the mapping relation e (g)1,g1) And a master public key kanchor,public=kanchor,privateg1;
S25: the trust anchor issues a public parameter and the master private key kanchor,privateKeeping secret; the common parameters include { G1,G2,g1,e,H,H1,H2,H3,H4,H5,q,kanchor,public,e(g1,g1)}。
Preferably, the bilinear pairing mapping relation e meets three properties of bilinear property, non-degeneration property and computability; bilinear:
given g11,g12,g13,g14∈G1;
Then e (g)11+g12,g13)=e(g11,g13)e(g12,g13);
e(g11,g13+g14)=e(g11,g13)e(g11,g14);
Given a, b ∈ Zq;
Then
e(ag11,bg12)=e(abg11,g12)=e(g11,abg12)=e(g11,g12)ab=e(bg11,ag12);
Non-degradability: in the presence of g11∈G1And g12∈G1So that
Calculability: for any g11∈G1And g12∈G1Can effectively calculatee(g11,g12) A value of (d);
wherein Z isqIs a prime q-order cyclic group;
g11,g12,g13,g14for addition of cyclic groups G1The elements of (1);
a, b are prime q-order cyclic groups ZqThe elements of (1);
Preferably, the smart device extraction process includes:
S31A: intelligent equipment EUiIdentify the identity of the user through a secure channel
Sending to a trust anchor, the trust anchor computing the intelligent device EUiPrivate key of
Wherein the content of the first and second substances,
for the intelligent equipment EUiThe public key of (2);
S32A: trust anchor passes through secure channel with smart machine EUiPrivate key of
And a common parameter { G1,G2,g1,e,H,H1,H2,H3,H4,H5,q,kanchor,Fublic,e(g1,g1) Sending to the intelligent equipment EUi;
S33A: intelligent equipment EUiAfter receiving data from the trust anchor, storing the data in the intelligent device EUiIn the tamper-resistant module of (1).
Preferably, the internet of things platform extraction process includes:
S31B: internet of things platform SPjIdentify the identity of the user through a secure channel
Sending the data to a trust anchor, and calculating the platform SP of the Internet of things by the trust anchorjPrivate key of
Wherein the content of the first and second substances,
for the platform SP of the Internet of thingsjThe public key of (2);
S32B: trust anchor passes through secure channel with thing networking platform SPjPrivate key of
And a common parameter { G1,G2,g1,e,H,H1,H2,H3,H4,H5,q,kanchor,public,e(g1,g1) Sending the data to an Internet of things platform SPj;
S33B: internet of things platform SPjAfter receiving data from the trust anchor, storing the data to the platform SP of the Internet of thingsjIn the tamper-resistant module of (1).
Preferably, the step S4 includes the following steps:
s41: intelligent equipment EUiCalculating C1And C2;
Wherein ai and n are two random numbers; c1、C2A request parameter for initiating verification to the platform for the device;
is an XOR operator; h2() Is a one-way hash function representation;
s42: intelligent equipment EUiWill (C)1,C2) Send to thing networking platform SPjPlatform SP of internet of thingsjSearch intelligent equipment EUiIdentification of
And a random number n;
s43: internet of things platform SPjCalculation of R1And R2And will be (R)1,R2) Send back smart machine EUi
ksession=biC1
Wherein, biIs a random number;
s44: intelligent equipment EUiAfter receiving the data, calculate R'2And judging the calculated R'2With the received R2Whether the data are equal or not, if so, the platform of the Internet of things is verifiedSPjCarrying out identity authentication, otherwise, ending;
ksession=H5(ai·R1)
s45: intelligent equipment EUiComputing a signature C3And sign C3Returns to the platform SP of the Internet of thingsj;
S46: internet of things platform SPjVerify signature C by whether the following equation holds3The effectiveness of the (c),
if the formula is established, the two-way identity authentication is successful, otherwise, the two-way identity authentication fails.
The invention has the beneficial effects that:
according to the scheme, the intelligent terminal can use one private key to realize safety certification without the help of a trust anchor, so that services provided by an Internet of things platform can be accessed anonymously.
Drawings
Fig. 1 is a flowchart of a terminal access authentication method according to the present invention.
Fig. 2 is a schematic diagram of a network model connection structure according to the present invention.
In the figure, 1 is an intelligent device, 2 is an internet of things platform, and 3 is a trust anchor.
Detailed Description
The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.
Example (b):
in this embodiment, a method for terminal access authentication based on device identity, as shown in fig. 1, includes the following steps: s1: and constructing a network model, wherein the network model comprises intelligent equipment, an Internet of things platform and a trust anchor.
The trust anchor is a trusted third party and is used for distributing private keys of the intelligent equipment or the Internet of things platform in the extraction process.
The intelligent device and the Internet of things platform both comprise anti-tampering modules, and the anti-tampering modules are used for storing the private key received from the trust anchor.
In this embodiment, the internet of things platform is an internet of things platform for providing services in a pumped storage power station system, and the intelligent equipment is intelligent equipment in the pumped storage power station internet of things system; this embodiment adopts the set SP ═ SP j1, 2, m represents a group of distributed internet of things platforms; using the set EU ═ { EU ═ EUiI 1, 2.., n } represents a set of smart devices.
Wherein, SPjThe Internet of things platform provides service for the jth in the pumped storage power station system; m is the total number of the Internet of things platforms providing services in the pumped storage power station system; EUiThe method comprises the steps that the intelligent equipment is the ith intelligent equipment in the pumped storage power station Internet of things system; and n is the total number of intelligent equipment in the pumped storage power station Internet of things system.
S2: defining a bilinear pairing and bilinear pairing mapping relation, and selecting bilinear pairing mapping by a trust anchor; the trust anchor selects its master private key, computes the master public key from the master private key, and keeps the master private key secret.
S21: defining a bilinear pairing; let G1For additive cyclic groups, G2For multiplication loop groups, g1For addition of cyclic groups G1The generator of (1); wherein the addition cycles group G1And multiplication cyclic group G2Having a prime order q.
S22: defining a bilinear pairing mapping relation e: g1×G1→G2。
S23: the trust anchor selects a bilinear pairing mapping relationship e: g1×G1→G2And five one-way hash functions H: {0,1}*→G1(ii) a The five one-way hash functions are respectively H1:
And
the one-way hash function refers to a function that changes an input sequence with any length into an output sequence with a fixed length and the process is irreversible, in this embodiment, the function is not limited to a specific function, the specific function may be redefined and parametered according to an application scenario, and the more commonly used one-way hash functions include: MD5, SHA, MAC, CRC, etc.
The bilinear pairing mapping relation e meets three properties of bilinear property, non-degeneracy property and computability.
Bilinear:
given g11,g12,g13,g14∈G1;
Then e (g)11+g12,g13)=e(g11,g13)e(g12,g13);
e(g11,g13+g14)=e(g11,g13)e(g11,g14)。
Given a, b ∈ Zq;
Then
e(ag11,bg12)=e(abg11,g12)=e(g11,abg12)=e(g11,g12)ab=e(bg11,ag12);
Non-degradability: in the presence of g11∈G1And g12∈G1So that
Calculability: for any g11∈G1And g12∈G1Can effectively calculate e (g)11,g12) The value of (c).
Wherein the content of the first and second substances,
is a prime q-order cyclic group;
g11,g12,g13,g14for addition of cyclic groups G1The elements of (1);
a, b are prime q-order cyclic groups
Element (c), in the present embodiment, Z for bilinear pairing is introducedqIndicate, at the time of application, use
Represents;
S24: the trust anchor selects a random number as its primary private key kanchor,privateCalculate e (g)1,g1) And a master public key kanchor ,public;kanchor,public=kanchor,privateg1。
Wherein, e (g)1,g1) For generalized representation of mapping relationships, mapping relationships satisfying three properties of bilinear pairings can be used here, and specific mapping relationships can be changed according to requirements, wherein g1Is a random number.
S25: the trust anchor issues a public parameter and the master private key kanchor,privateKeeping secret; the common parameters include { G1,G2,g1,e,H,H1,H2,H3,H4,H5,q,kancnor,public,e(g1,g1)}。
S3: and carrying out an intelligent device extraction process and an Internet of things platform extraction process, wherein the extraction process comprises a stage of registering the intelligent device or the Internet of things platform to the trust anchor and a stage of distributing respective private keys of the intelligent device or the Internet of things platform to the intelligent device or the Internet of things platform by the trust anchor.
The intelligent equipment extraction process comprises the following steps:
S31A: intelligent equipment EUiIdentify the identity of the user through a secure channel
Sending to a trust anchor, the trust anchor computing the intelligent device EUiRust of private parts
Wherein the content of the first and second substances,
for the intelligent equipment EUiThe public key of (2);
is a one-way hash function.
S32A: trust anchor passes through secure channel with smart machine EUiPrivate key of
And a common parameter { G1,G2,g1,e,H,H1,H2,H3,H4,H5,q,kanchor,public,e(g1,g1) Sending to the intelligent equipment EUi;
S33A: intelligent equipment EUiAfter receiving data from the trust anchor, storing the data in the intelligent device EUiIn the tamper-resistant module of (1).
The Internet of things platform extraction process comprises the following steps:
S31B: internet of things platform SPjThrough a secure channel willIts identity mark
Sending the data to a trust anchor, and calculating the platform SP of the Internet of things by the trust anchorjPrivate key of
Wherein the content of the first and second substances,
for the platform SP of the Internet of thingsjThe public key of (2);
is a one-way hash function process.
S32B: trust anchor passes through secure channel with thing networking platform SPjPrivate key of
And a common parameter { G1,G2,g1,e,H,H1,H2,H3,H4,H5,q,kanchor,public,e(g1,g1) Sending the data to an Internet of things platform SPj;
S33B: internet of things platform SPjAfter receiving data from the trust anchor, storing the data to the platform SP of the Internet of thingsjIn the tamper-resistant module of (1).
S4: and bidirectional identity authentication is performed between the intelligent equipment and the Internet of things platform through a private key.
S41: intelligent equipment EUiCalculating C1And C2;
Wherein, aiAnd n is two random numbers;
C1、C2a request parameter for initiating verification to the platform for the device;
S42: intelligent equipment EUiWill (C)1,C2) Send to thing networking platform SPjPlatform SP of internet of thingsjSearch intelligent equipment EUiIdentification of
And a random number n; in this embodiment, the random number n is the total number n of the intelligent devices in the pumped storage power station internet of things system.
S43: internet of things platform SPjCalculation of R1And R2And will be (R)1,R2) Send back smart machine EUi
ksession=biC1
Wherein, biIs a random number;
R1、R2verification parameters returned to the device for the platform;
ksessionis the session key between the smart device and the platform.
H3() For one-way hash function representation
S44: intelligent equipment EUiAfter receiving the data, calculate R'2And judging the calculated R'2With the received R2Whether the data are equal or not, if so, the platform SP of the Internet of things is judgedjCarrying out identity authentication, otherwise, ending;
ksession=H5(ai·R1)
s45: intelligent equipment EUiComputing a signature C3And sign C3Returns to the platform SP of the Internet of thingsj;
S46: internet of things platform SPjVerify signature C by whether the following equation holds3The effectiveness of the (c),
if the formula is established, the two-way identity authentication is successful, otherwise, the two-way identity authentication fails.
According to the scheme, the intelligent terminal can use one private key to realize safety certification without the help of a trust anchor, so that services provided by the Internet of things platform can be accessed anonymously.
It should be understood that the examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Further, it should be understood that various changes or modifications of the present invention may be made by those skilled in the art after reading the teaching of the present invention, and such equivalents may fall within the scope of the present invention as defined in the appended claims.
Claims (7)
1. A terminal access authentication method based on equipment identity is characterized by comprising the following steps:
s1: constructing a network model, wherein the network model comprises intelligent equipment, an Internet of things platform and a trust anchor;
s2: defining a bilinear pairing and bilinear pairing mapping relation, and selecting bilinear pairing mapping by a trust anchor; the trust anchor selects a main private key thereof, calculates a main public key according to the main private key and keeps the main private key secret;
s3: carrying out an intelligent device extraction process and an Internet of things platform extraction process, wherein the extraction process comprises a stage of registering the intelligent device or the Internet of things platform to a trust anchor and a stage of distributing respective private keys of the intelligent device or the Internet of things platform to the intelligent device or the Internet of things platform by the trust anchor;
s4: and bidirectional identity authentication is performed between the intelligent equipment and the Internet of things platform through a private key.
2. The method for terminal access authentication based on the device identity as claimed in claim 1, wherein the trust anchor is a trusted third party, and the trust anchor is used for distributing private keys of the smart device or the internet of things platform respectively in the extraction process; the intelligent device and the Internet of things platform both comprise anti-tampering modules, and the anti-tampering modules are used for storing private keys received from the trust anchor.
3. The method for terminal access authentication based on device identity as claimed in claim 1, wherein the step S2 includes the following steps:
s21: defining a bilinear pairing; let G1For additive cyclic groups, G2For multiplication loop groups, g1For addition of cyclic groups G1The generator of (1);
wherein the addition cycles group G1And multiplication cyclic group G2Has a prime order q;
s22: defining a bilinear pairing mapping relation e: g1×G1→G2;
S23: trust anchor selection bilinear pairingsAnd e is the relation of e: g1×G1→G2And five one-way hash functions H: {0,1}*→G1(ii) a The five one-way hash functions are respectively
And
s24: the trust anchor selects a random number as its primary private key kanchor,privateCalculating the mapping relation e (g)1,g1) And a master public key kanchor,public=kanchor,privateg1;
S25: the trust anchor issues a public parameter and the master private key kanchor,privateKeeping secret; the common parameters include { G1,G2,g1,e,H,H1,H2,H3,H4,H5,q,kanchor,public,e(g1,g1)}。
4. The method according to claim 3, wherein the bilinear pairing mapping relationship e satisfies three properties of bilinear, non-degeneracy and computability;
bilinear:
given g11,g12,g13,g14∈G1;
Then e (g)11+g12,g13)=e(g11,g13)e(g12,g13);
e(g11,g13+g14)=e(g11,g13)e(g11,g14);
Given a, b ∈ Zq;
Then
e(ag11,bg12)=e(abg11,g12)=e(g11,abg12)=e(g11,g12)ab=e(bg11,ag12);
Non-degradability: in the presence of g11∈G1And g12∈G1So that e (g)11,g12)≠1G2;
Calculability: for any g11∈G1And g12∈G1Can effectively calculate e (g)11,g12) A value of (d);
wherein Z isqIs a prime q-order cyclic group;
g11,g12,g13,g14for addition of cyclic groups G1The elements of (1);
a, b are prime q-order cyclic groups ZqThe elements of (1);
1G2for multiplication loop group G2A unit cell of (a).
5. The method of claim 1, wherein the smart device extraction process comprises:
S31A: intelligent equipment EUiIdentify the identity of the user through a secure channel
Sending to a trust anchor, the trust anchor computing the intelligent device EUiPrivate key of
Wherein the content of the first and second substances,
for the intelligent equipment EUiThe public key of (2);
S32A: trust anchor passes through secure channel with smart machine EUiPrivate key of
And a common parameter { G1,G2,g1,e,H,H1,H2,H3,H4,H5,q,kanchor,public,e(g1,g1) Sending to the intelligent equipment EUi;
S33A: intelligent equipment EUiAfter receiving data from the trust anchor, storing the data in the intelligent device EUiIn the tamper-resistant module of (1).
6. The method for terminal access authentication based on device identity as claimed in claim 1 or 5, wherein the IOT platform extraction process comprises:
S31B: internet of things platform SPjIdentify the identity of the user through a secure channel
Sending the data to a trust anchor, and calculating the platform SP of the Internet of things by the trust anchorjPrivate key of
Wherein the content of the first and second substances,
for the platform SP of the Internet of thingsjThe public key of (2);
S32B: trust anchor passes through secure channel with thing networking platform SPjOfKey with a key body
And a common parameter { G1,G2,g1,e,H,H1,H2,H3,H4,H5,q,kanchor,public,e(g1,g1) Sending the data to an Internet of things platform SPj;
S33B: internet of things platform SPjAfter receiving data from the trust anchor, storing the data to the platform SP of the Internet of thingsjIn the tamper-resistant module of (1).
7. The method for terminal access authentication based on device identity as claimed in claim 1, wherein the step S4 includes the following steps:
s41: intelligent equipment EUiCalculating C1And C2;
Wherein, aiAnd n is two random numbers; c1、C2A request parameter for initiating verification to the platform for the device;
is an XOR operator; h2() Is a one-way hash function representation;
s42: intelligent equipment EUiWill (C)1,C2) Send to thing networking platform SPjPlatform SP of internet of thingsjSearch intelligent equipment EUiIdentification of
And a random number n;
s43: internet of things platform SPjCalculation of R1And R2And will be (R)1,R2) Send back smart machine EUi
ksession=biC1
Wherein, biIs a random number;
s44: intelligent equipment EUiAfter receiving the data, calculate R'2And judging the calculated R'2With the received R2Whether the data are equal or not, if so, the platform SP of the Internet of things is judgedjCarrying out identity authentication, otherwise, ending;
ksession=H5(ai·R1)
s 45: intelligent equipment EUiComputing a signature C3And sign C3Returns to the platform SP of the Internet of thingsj;
S46: internet of things platform SPjVerify signature C by whether the following equation holds3Is effectiveThe nature of the Chinese herbal medicine is that,
if the formula is established, the two-way identity authentication is successful, otherwise, the two-way identity authentication fails.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110508257.8A CN113452671A (en) | 2021-05-10 | 2021-05-10 | Terminal access authentication method based on equipment identity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110508257.8A CN113452671A (en) | 2021-05-10 | 2021-05-10 | Terminal access authentication method based on equipment identity |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113452671A true CN113452671A (en) | 2021-09-28 |
Family
ID=77809618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110508257.8A Pending CN113452671A (en) | 2021-05-10 | 2021-05-10 | Terminal access authentication method based on equipment identity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113452671A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005125A1 (en) * | 2003-07-04 | 2005-01-06 | Information And Communications University Educational Foundation | Apparatus and method for generating and verifying ID-based blind signature by using bilinear parings |
| WO2009065356A1 (en) * | 2007-11-19 | 2009-05-28 | Huawei Technologies Co., Ltd. | A method, system and network device for mutual authentication |
| CN106411533A (en) * | 2016-11-10 | 2017-02-15 | 西安电子科技大学 | On-line fingerprint authentication system and method based on bidirectional privacy protection |
| CN108923923A (en) * | 2018-07-31 | 2018-11-30 | 淮北师范大学 | A kind of design and its implementation of the code key agreement protocol based on trusted third party |
| CN108964919A (en) * | 2018-05-02 | 2018-12-07 | 西南石油大学 | The lightweight anonymous authentication method with secret protection based on car networking |
-
2021
- 2021-05-10 CN CN202110508257.8A patent/CN113452671A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005125A1 (en) * | 2003-07-04 | 2005-01-06 | Information And Communications University Educational Foundation | Apparatus and method for generating and verifying ID-based blind signature by using bilinear parings |
| WO2009065356A1 (en) * | 2007-11-19 | 2009-05-28 | Huawei Technologies Co., Ltd. | A method, system and network device for mutual authentication |
| CN106411533A (en) * | 2016-11-10 | 2017-02-15 | 西安电子科技大学 | On-line fingerprint authentication system and method based on bidirectional privacy protection |
| CN108964919A (en) * | 2018-05-02 | 2018-12-07 | 西南石油大学 | The lightweight anonymous authentication method with secret protection based on car networking |
| CN108923923A (en) * | 2018-07-31 | 2018-11-30 | 淮北师范大学 | A kind of design and its implementation of the code key agreement protocol based on trusted third party |
Non-Patent Citations (5)
| Title |
|---|
| JIA-LUN TSAI: "Secure Anonymous Key Distribution Scheme for Smart Grid", 《IEEE TRANSACTIONS ON SMART GRID》 * |
| 刘斌等: "基于身份的双向认证及密钥协商协议", 《巢湖学院学报》 * |
| 张鑫等: "移动网络可信匿名认证协议", 《计算机应用》 * |
| 文松等: "基于可信计算的车载网认证方案", 《湖北文理学院学报》 * |
| 赵娜等: "一种适用于物联网环境的匿名认证与隐私保护方案", 《信息网络安全》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108270571B (en) | Internet of Things identity authorization system and its method based on block chain | |
| Ren et al. | Mutual verifiable provable data auditing in public cloud storage | |
| Zhu | An efficient authentication scheme for telecare medicine information systems | |
| US9698985B2 (en) | Authentication | |
| Chen et al. | Mobile device integration of a fingerprint biometric remote authentication scheme | |
| US8971540B2 (en) | Authentication | |
| US9106644B2 (en) | Authentication | |
| Azrour et al. | New efficient and secured authentication protocol for remote healthcare systems in cloud-iot | |
| Gong et al. | A secure chaotic maps-based key agreement protocol without using smart cards | |
| Lou et al. | Efficient three‐party password‐based key exchange scheme | |
| CN106487786B (en) | Cloud data integrity verification method and system based on biological characteristics | |
| Tsai et al. | Provably secure revocable id‐based signature in the standard model | |
| Hwang et al. | An efficient user identification scheme based on ID-based cryptosystem | |
| CN105376064A (en) | Anonymous message authentication system and message signing method thereof | |
| Verma et al. | PF-DA: Pairing free and secure data aggregation for energy internet-based smart meter-to-grid communication | |
| Chen et al. | A biometrics-based mutual authentication and key agreement protocol for TMIS using elliptic curve cryptography | |
| US20120066497A1 (en) | Method and device for enabling portable user reputation | |
| CN114095162A (en) | Connection verification method and device for certificateless power consumption information acquisition system | |
| CN106230840A (en) | A kind of command identifying method of high security | |
| Zhao et al. | An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment | |
| Chen et al. | An Advanced ECC ID-Based remote mutual authentication scheme for mobile devices | |
| Phimphinith et al. | An enhanced mutual authentication scheme based on ECDH for IoT devices using ESP8266 | |
| CN113452671A (en) | Terminal access authentication method based on equipment identity | |
| Zhou et al. | PAMI-Anonymous password authentication protocol for medical Internet of Things | |
| Wang et al. | Server-aided verification proxy re-signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210928 |
|
| RJ01 | Rejection of invention patent application after publication |