CN113595985A - Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip - Google Patents
Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip Download PDFInfo
- Publication number
- CN113595985A CN113595985A CN202110738387.0A CN202110738387A CN113595985A CN 113595985 A CN113595985 A CN 113595985A CN 202110738387 A CN202110738387 A CN 202110738387A CN 113595985 A CN113595985 A CN 113595985A
- Authority
- CN
- China
- Prior art keywords
- internet
- certificate
- platform
- things
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The invention discloses a realization method of an Internet of things security cloud platform based on a state cryptographic algorithm security chip, wherein the Internet of things security cloud platform based on the state cryptographic algorithm security chip comprises an Internet of things security cloud platform, a security chip and communication encryption, and the realization method of the collaborative signature of the Internet of things security cloud platform comprises the following steps: s1, generating a key: firstly, a client of the Internet of things security cloud platform calls a collaborative signature SDK package to generate a key pair, a public key component, a private key component 1 and a user unique ID; s2, identity authentication: and then the client side passes the identity authentication of the service system. The Internet of things security cloud platform, the security chip and the communication encryption are combined together to form the security cloud platform, wherein the Internet of things security cloud is responsible for identity security authentication and key management of Internet of things equipment and providing functions of key agreement, encryption and decryption services and the like for the Internet of things service platform, and the security of private key storage and use is improved.
Description
Technical Field
The invention relates to the technical field of Internet of things security, in particular to a realization method of an Internet of things security cloud platform based on a security chip of a national cryptographic algorithm.
Background
In recent years, along with the rapid development of the internet of things and the internet of vehicles, security problems frequently occur, common damage modes of the internet of things comprise various types such as privacy disclosure, local network damage, illegal intrusion and DDOS attack controlled to be initiated by a botnet network, and the like.
In the traditional network, the safety supervision of a network layer and an application layer are mutually independent, the Internet of things is bound to construct a top-down safety architecture for ensuring the correct acquisition, transmission and query of information, the authentication safety mechanism in the existing transmission network is not enough to complete the aim, and in the existing authentication technology, the password-based identity authentication needs an additional application program or protocol for connection and cannot be used in the Internet of things equipment without input equipment such as a keyboard, a mouse and the like; authentication based on the MAC address is easy to forge, so that the authentication is easy to be attacked by cheating behaviors such as forgery; identity authentication spoofing attack and other defects based on the public identity of the user; biometric-based authentication, with the rapid development of technology, biometric features sometimes become easily counterfeited, and for this reason, it is necessary to develop biometric technology that is not easily counterfeited.
Disclosure of Invention
The invention provides a realization method of an Internet of things security cloud platform based on a security chip of a cryptographic algorithm, aiming at the defects in the background art.
The invention aims to solve the phenomenon, adopts the following technical scheme, and provides an implementation method of an internet of things security cloud platform based on a state cryptographic algorithm security chip, wherein the internet of things security cloud platform based on the state cryptographic algorithm security chip comprises the internet of things security cloud platform, a security chip and communication encryption, and the implementation steps of the collaborative signature of the internet of things security cloud platform comprise the following steps:
s1, firstly, a client of the Internet of things security cloud platform calls a collaborative signature SDK package to generate a key pair, a public key component, a private key component 1 and a user unique ID;
s2, the client end passes the identity authentication of the service system, namely the original system, and sends the key pair and the unique ID of the user to the service system;
s3, calling the SDK package by the service system, and sending the key pair and the unique ID of the user to the collaborative signature server of the unified authentication system;
s4, the cooperative signature server calls the encryptor through the key management system to generate a private key component 2 and a certificate request file;
s5, then the certificate request file is returned to the service system;
and S6, the service system sends a certificate request file to the CA of the unified authentication system, the CA returns a national secret certificate, and the key management system stores the user ID, the public key, the national secret certificate and the private key component 2 in a database.
As a further preferred embodiment of the present invention, the step of implementing one-way authentication for communication encryption includes the following steps:
a: firstly, a terminal acquires an equipment certificate and an equipment random number from an SE through an SE-SDK;
b: then the terminal initiates a networking authentication request and sends the equipment certificate and the equipment random number to the IOT platform;
c: and then the IOT service platform requests the certificate verification service of the Internet of things security cloud equipment through the platform SDK.
As a further preferred embodiment of the present invention, the bidirectional authentication implementation procedure for communication encryption includes the following steps:
a: firstly, a terminal acquires an equipment certificate and an equipment random number from an SE through an SE-SDK;
b: then the terminal initiates a networking authentication request and sends the equipment certificate and the equipment random number to the IOT platform;
c: then the IOT service platform requests a certificate verification service of the Internet of things security cloud equipment through the platform SDK, and meanwhile, bidirectional authentication is carried out;
d: when the security cloud of the Internet of things returns the verification result and the random number of the platform, if the equipment is successfully verified;
e: the IOT service platform sends the platform certificate and the platform random number to the terminal.
As a further preferable mode of the present invention, in step S6, after the certificate is stored in the database, the collaborative signing server needs to send the country secret certificate to the service system, and then the service system sends the country secret certificate to the client.
As a further preferred mode of the present invention, in step c, after the platform SDK requests the certificate verification service of the internet-of-things security cloud device, the internet-of-things security cloud needs to return a verification result, and then key agreement or other service processes can be performed after the verification is successful.
As a further preferred mode of the present invention, in step five, after the platform certificate and the platform random number are sent to the terminal, the terminal invokes the SE-SDk to request to verify the platform certificate, and then returns the verification result, and then the key agreement process or other service processes can be performed after the verification is successful.
The Internet of things security cloud platform, the security chip and the communication encryption are combined together to form the security cloud platform, wherein the Internet of things security cloud is responsible for identity security authentication and key management of Internet of things equipment and providing functions of key agreement, encryption and decryption services and the like for the Internet of things service platform, the security authentication platform interface is packaged by the platform SDK and is deployed on the service side platform to support rapid integration of the service side security authentication services, and the collaborative signature of the Internet of things security cloud platform is based on the SSL Internet of things cloud platform service side and can be matched with the collaborative signature equipment side to divide the private key of the equipment side into two parts, one part is stored and used at the equipment side, and the other part is at the service side, so that the security of private key storage and use is improved.
Drawings
FIG. 1 is a flow diagram of the operation of the collaborative signature of the present invention;
FIG. 2 is a one-way authentication flow diagram of the present invention;
fig. 3 is a flowchart of mutual authentication according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a technical scheme that: a realization method of an Internet of things security cloud platform based on a state cryptographic algorithm security chip comprises the steps of the Internet of things security cloud platform, the security chip and communication encryption, wherein the realization steps of a collaborative signature of the Internet of things security cloud platform comprise the following steps:
s1, firstly, a client of the Internet of things security cloud platform calls a collaborative signature SDK package to generate a key pair, a public key component, a private key component 1 and a user unique ID;
s2, the client end passes the identity authentication of the service system, namely the original system, and sends the key pair and the unique ID of the user to the service system;
s3, calling the SDK package by the service system, and sending the key pair and the unique ID of the user to the collaborative signature server of the unified authentication system;
s4, the cooperative signature server calls the encryptor through the key management system to generate a private key component 2 and a certificate request file;
s5, then the certificate request file is returned to the service system;
and S6, the service system sends a certificate request file to the CA of the unified authentication system, the CA returns a national secret certificate, and the key management system stores the user ID, the public key, the national secret certificate and the private key component 2 in a database.
The one-way authentication implementation steps of the communication encryption comprise the following steps:
a: firstly, a terminal acquires an equipment certificate and an equipment random number from an SE through an SE-SDK;
b: then the terminal initiates a networking authentication request and sends the equipment certificate and the equipment random number to the IOT platform;
c: and then the IOT service platform requests the certificate verification service of the Internet of things security cloud equipment through the platform SDK.
The bidirectional authentication implementation steps of the communication encryption comprise the following steps:
a: firstly, a terminal acquires an equipment certificate and an equipment random number from an SE through an SE-SDK;
b: then the terminal initiates a networking authentication request and sends the equipment certificate and the equipment random number to the IOT platform;
c: then the IOT service platform requests a certificate verification service of the Internet of things security cloud equipment through the platform SDK, and meanwhile, bidirectional authentication is carried out;
d: when the security cloud of the Internet of things returns the verification result and the random number of the platform, if the equipment is successfully verified;
e: the IOT service platform sends the platform certificate and the platform random number to the terminal.
In step S6, after the certificate is stored in the database, the collaborative signature server needs to send the country secret certificate to the service system, and then the service system sends the country secret certificate to the client.
In the step c, after the platform SDK requests the certificate verification service of the Internet of things security cloud equipment, the Internet of things security cloud needs to return a verification result, and then key agreement or other business processes can be carried out after the verification is successful.
In the fifth step, after the platform certificate and the platform random number are sent to the terminal, the terminal calls the SE-SDk to request to verify the platform certificate, then the verification result is returned, and then the key agreement process or other service processes can be carried out after the verification is successful.
In summary, the internet of things security cloud platform, the security chip and the communication encryption are combined together to form the security cloud platform, wherein the internet of things security cloud is responsible for identity security authentication and key management of the internet of things equipment and providing functions such as key agreement and encryption and decryption services for the internet of things service platform; the Internet of things security chip is mounted in the equipment and is used as an identity of the Internet of things equipment, and is responsible for generating a unique serial number, encrypting, storing and managing information such as a secret key and the like, providing encryption, decryption and authentication services, packaging a communication and instruction interface of the security chip, integrating with terminal equipment, reducing a development threshold of a client side, facilitating functions such as rapid integration of business functions and the like; finally, the application level data encryption is realized by communication encryption without depending on the security of a communication channel; the platform has the advantages of being wide in application, effectively solving privacy disclosure, local network damage, illegal invasion, being controlled to be a botnet to initiate DDOS attack and the like, providing comprehensive safety support from cloud to end, achieving safety connection and data protection, being convenient to access, and providing a platform SD for national security cloud.
While there have been shown and described what are at present considered the fundamental principles and essential features of the invention and its advantages, it will be apparent to those skilled in the art that the invention is not limited to the details of the foregoing exemplary embodiments, but is capable of other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (6)
1. The method for realizing the Internet of things security cloud platform based on the national cryptographic algorithm security chip is characterized in that the Internet of things security cloud platform based on the national cryptographic algorithm security chip comprises the Internet of things security cloud platform, the security chip and communication encryption, wherein the cooperative signature realization step of the Internet of things security cloud platform comprises the following steps:
s1, generating a key: firstly, a client of the Internet of things security cloud platform calls a collaborative signature SDK package to generate a key pair, a public key component, a private key component 1 and a user unique ID;
s2, identity authentication: then the client side passes the identity authentication of the service system, namely the original system, and sends the key pair and the unique ID of the user to the service system;
s3, information sending: then the service system calls a collaborative signature SDK package and sends the key pair and the unique ID of the user to a collaborative signature server of the unified authentication system;
s4, generating a certificate: the collaborative signature server calls an encryption machine through a key management system to generate a private key component 2 and a certificate request file;
s5, issuing a request: then the certificate request file is returned to the service system;
and S6, storing: and finally, the business system sends a certificate request file to a CA of the unified authentication system, the CA returns a national secret certificate, and the secret key management system stores the user ID, the public key, the national secret certificate and the private key component 2 in a database.
2. The method for realizing the Internet of things security cloud platform based on the cryptographic algorithm security chip as claimed in claim 1, wherein the step of realizing the one-way authentication of the communication encryption comprises the following steps:
a: firstly, a terminal acquires an equipment certificate and an equipment random number from an SE through an SE-SDK;
b: then the terminal initiates a networking authentication request and sends the equipment certificate and the equipment random number to the IOT platform;
c: and then the IOT service platform requests the certificate verification service of the Internet of things security cloud equipment through the platform SDK.
3. The method for realizing the Internet of things security cloud platform based on the cryptographic algorithm security chip as claimed in claim 1, wherein the bidirectional authentication realization step of the communication encryption comprises the following steps:
firstly, the method comprises the following steps: firstly, a terminal acquires an equipment certificate and an equipment random number from an SE through an SE-SDK;
II, secondly: then the terminal initiates a networking authentication request and sends the equipment certificate and the equipment random number to the IOT platform;
thirdly, the method comprises the following steps: then the IOT service platform requests a certificate verification service of the Internet of things security cloud equipment through the platform SDK, and meanwhile, bidirectional authentication is carried out;
fourthly, the method comprises the following steps: when the security cloud of the Internet of things returns the verification result and the random number of the platform, if the equipment is successfully verified;
fifthly: the IOT service platform sends the platform certificate and the platform random number to the terminal.
4. The method for implementing the internet of things security cloud platform based on the security chip of the national cryptographic algorithm of claim 1, wherein in step S6, after the security chip is stored in the database, the collaborative signature server needs to send the national cryptographic certificate to the service system, and then the service system sends the national cryptographic certificate to the client.
5. The method for realizing the Internet of things security cloud platform based on the security chip of the national cryptographic algorithm as claimed in claim 2, wherein in the step c, after the platform SDK requests the certificate verification service of the Internet of things security cloud equipment, the Internet of things security cloud returns a verification result, and then the key agreement or other business processes can be performed after the verification is successful.
6. The method for realizing the Internet of things security cloud platform based on the security chip of the national cryptographic algorithm as claimed in claim 3, wherein in the fifth step, after the platform certificate and the platform random number are sent to the terminal, the terminal calls the SE-SDk to request the verification of the platform certificate, then the verification result is returned, and then the key agreement process or other service processes can be carried out after the verification is successful.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110738387.0A CN113595985A (en) | 2021-06-30 | 2021-06-30 | Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110738387.0A CN113595985A (en) | 2021-06-30 | 2021-06-30 | Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113595985A true CN113595985A (en) | 2021-11-02 |
Family
ID=78245248
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110738387.0A Pending CN113595985A (en) | 2021-06-30 | 2021-06-30 | Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113595985A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070649A (en) * | 2021-12-15 | 2022-02-18 | 武汉天喻信息产业股份有限公司 | Method and system for secure communication between devices |
| CN114401087A (en) * | 2022-01-24 | 2022-04-26 | 北京仁信证科技有限公司 | Passive lock identity authentication and key agreement system based on state cryptographic algorithm |
| CN114915443A (en) * | 2022-03-09 | 2022-08-16 | 深圳市明泰智能技术有限公司 | Industrial edge operating system supporting national encryption algorithm |
| CN115102710A (en) * | 2022-05-06 | 2022-09-23 | 广州运通数达科技有限公司 | Internet of things equipment secure access method and equipment in digital RMB consumption scene |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109246129A (en) * | 2018-10-12 | 2019-01-18 | 天津赢达信科技有限公司 | A kind of SM2 collaboration endorsement method and system can verify that client identity |
| CN110932850A (en) * | 2019-11-29 | 2020-03-27 | 杭州安恒信息技术股份有限公司 | Communication encryption method and system |
| CN111193748A (en) * | 2020-01-06 | 2020-05-22 | 惠州市德赛西威汽车电子股份有限公司 | Interactive key security authentication method and system |
| US20200228349A1 (en) * | 2019-01-15 | 2020-07-16 | 0Chain, LLC | Systems and methods of aggregate signing of digital signatures on multiple messages simultaneously using key splitting |
| CN112202721A (en) * | 2020-09-08 | 2021-01-08 | 辽宁丰沃新能源有限公司 | Intelligent safety system of power enterprise internet of things terminal |
-
2021
- 2021-06-30 CN CN202110738387.0A patent/CN113595985A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109246129A (en) * | 2018-10-12 | 2019-01-18 | 天津赢达信科技有限公司 | A kind of SM2 collaboration endorsement method and system can verify that client identity |
| US20200228349A1 (en) * | 2019-01-15 | 2020-07-16 | 0Chain, LLC | Systems and methods of aggregate signing of digital signatures on multiple messages simultaneously using key splitting |
| CN110932850A (en) * | 2019-11-29 | 2020-03-27 | 杭州安恒信息技术股份有限公司 | Communication encryption method and system |
| CN111193748A (en) * | 2020-01-06 | 2020-05-22 | 惠州市德赛西威汽车电子股份有限公司 | Interactive key security authentication method and system |
| CN112202721A (en) * | 2020-09-08 | 2021-01-08 | 辽宁丰沃新能源有限公司 | Intelligent safety system of power enterprise internet of things terminal |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070649A (en) * | 2021-12-15 | 2022-02-18 | 武汉天喻信息产业股份有限公司 | Method and system for secure communication between devices |
| CN114401087A (en) * | 2022-01-24 | 2022-04-26 | 北京仁信证科技有限公司 | Passive lock identity authentication and key agreement system based on state cryptographic algorithm |
| CN114915443A (en) * | 2022-03-09 | 2022-08-16 | 深圳市明泰智能技术有限公司 | Industrial edge operating system supporting national encryption algorithm |
| CN115102710A (en) * | 2022-05-06 | 2022-09-23 | 广州运通数达科技有限公司 | Internet of things equipment secure access method and equipment in digital RMB consumption scene |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3661120B1 (en) | Method and apparatus for security authentication | |
| US8275984B2 (en) | TLS key and CGI session ID pairing | |
| CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
| CN113595985A (en) | Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip | |
| US20080010673A1 (en) | System, apparatus, and method for user authentication | |
| CN103747036A (en) | Trusted security enhancement method in desktop virtualization environment | |
| CN113301022B (en) | Internet of things equipment identity security authentication method based on block chain and fog calculation | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN113612605A (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
| CN109525565B (en) | Defense method and system for short message interception attack | |
| CN107612949B (en) | Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint | |
| CN113473458B (en) | Device access method, data transmission method and computer readable storage medium | |
| EP2414983B1 (en) | Secure Data System | |
| CN113886771A (en) | Software authorization authentication method | |
| CN110505055A (en) | Based on unsymmetrical key pond to and key card outer net access identity authentication method and system | |
| CN114567470B (en) | SDK-based multi-system key splitting verification system and method | |
| CN109272314A (en) | A kind of safety communicating method and system cooperateing with signature calculation based on two sides | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN110035035B (en) | Secondary authentication method and system for single sign-on | |
| CN116192432A (en) | Security authentication and authority control method and device under micro-application architecture and storage medium | |
| CN107864136A (en) | A kind of stolen method of anti-locking system short message service | |
| CN113592484A (en) | Account cubing method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20211102 |
|
| WD01 | Invention patent application deemed withdrawn after publication |