CN113704736A - Lightweight access authentication method and system for power Internet of things equipment based on IBC system - Google Patents

Lightweight access authentication method and system for power Internet of things equipment based on IBC system Download PDF

Info

Publication number
CN113704736A
CN113704736A CN202110830359.1A CN202110830359A CN113704736A CN 113704736 A CN113704736 A CN 113704736A CN 202110830359 A CN202110830359 A CN 202110830359A CN 113704736 A CN113704736 A CN 113704736A
Authority
CN
China
Prior art keywords
key
target
equipment
public
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110830359.1A
Other languages
Chinese (zh)
Inventor
付义伦
许海清
孙炜
赵兵
岑炜
翟峰
梁晓兵
曹永峰
刘鹰
李保丰
王晖南
刘佳易
许进
武文萍
徐萌
许斌
孔令达
冯云
冯占成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Marketing Service Center of State Grid Shanxi Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Marketing Service Center of State Grid Shanxi Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, China Electric Power Research Institute Co Ltd CEPRI, Marketing Service Center of State Grid Shanxi Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202110830359.1A priority Critical patent/CN113704736A/en
Publication of CN113704736A publication Critical patent/CN113704736A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an IBC system-based lightweight access authentication method and system for power Internet of things equipment, and belongs to the technical field of information security. The method comprises the following steps: the application of the public and private key pair of the target equipment to the ciphertext comprises the following steps: after the target equipment generates a key application parameter, a key generation center KGC generates a target equipment identity public and private key pair according to the unique identification ID of the target equipment, and transmits a public and private key pair ciphertext to the target equipment after encrypting by using a symmetric key; the negotiation of the encryption key between the target equipment and other equipment comprises the steps of introducing a random number negotiation main key based on the identity public and private key pairs of the target equipment and other equipment when the target equipment and other equipment perform information interaction, generating a data encryption key after calculation by adopting a key derivation algorithm, and accessing authentication through the data encryption key. The method provided by the invention can realize efficient and safe access authentication of the power Internet of things equipment and enhance the safety and intelligent management level of the Internet of things equipment.

Description

Lightweight access authentication method and system for power Internet of things equipment based on IBC system
Technical Field
The invention relates to the technical field of information security, in particular to a lightweight access authentication method and system for power internet of things equipment based on an IBC system.
Background
With the development of new technologies such as mobile interconnection, artificial intelligence and the like, bidirectional interaction between power users and a smart power grid is more and more frequent, and the requirements of the users on the service form and the service quality of the power grid are higher and higher. In order to meet the application requirements of power consumers and enhance the perception and participation of the power consumers to the smart grid, the power internet of things is generated. The network environment of the power internet of things is open and complex, the access control is flexible and changeable, the accessed devices are various, the number is large, and the safety performance is different. The devices generate a large amount of data in the process of participating in power grid interaction, and severe challenges are brought to terminal trust management and network security, so that research on a safety access authentication technology of massive power internet of things devices needs to be developed.
The traditional equipment security authentication is mainly based on a PKI system and is realized by adopting a digital certificate. However, PKI certificate management is complex, a multi-level CA system needs to be constructed, and issuing, revoking, verifying and storing of certificates occupy more resources. The device access authentication technology based on the IBC identification authentication system can effectively avoid the problem of complex certificate management, but the traditional IBC password system has the problems of private key escrow, relatively complex password operation and the like. The technology is not suitable for access authentication of mass power Internet of things equipment.
Disclosure of Invention
In order to solve the problems, the invention provides a lightweight access authentication method for power internet of things equipment based on an IBC system, which comprises the following steps:
the application of the public and private key pair of the target equipment to the ciphertext comprises the following steps: after the target equipment generates a key application parameter, a key generation center KGC generates a target equipment identity public and private key pair according to the unique identification ID of the target equipment, and transmits a public and private key pair ciphertext to the target equipment after encrypting by using a symmetric key;
the negotiation of the encryption key between the target equipment and other equipment comprises the steps of introducing a random number negotiation main key based on the identity public and private key pairs of the target equipment and other equipment when the target equipment and other equipment perform information interaction, generating a data encryption key after calculation by adopting a key derivation algorithm, and accessing authentication through the data encryption key.
Optionally, the application of the public and private key pair ciphertext by the target device specifically includes:
the target device selects a random number r first1And is
Figure BDA0003175300270000021
Wherein the group of the circulation groups is a circulation group,
Figure BDA0003175300270000022
is of order q and is set
Figure BDA0003175300270000023
A secure one-way hash function of
Figure BDA0003175300270000024
According to r1
Figure BDA0003175300270000025
q、
Figure BDA0003175300270000026
And target equipment ID, generating the identity key pair application parameter paramas of the target equipment0={ID,r1,q,H(ID||r1) Will apply for the parameter paramas0={ID,r1,q,H(ID||r1) Sending the key to a key generation center KGC;
the KGC of the key generation center receives the application parameter paramas0={ID,r1,q,H(ID||r1) After that, calculating a safety parameter to see k,
Figure BDA00031753002700000212
the security parameter k is input into a parameter generator for operation to generate a system parameter paramas1
Wherein the content of the first and second substances,
Figure BDA0003175300270000027
wherein q is a security prime, G1To satisfy the q-order additive subgroup on an elliptic curve of the bilinear mapping property, G2A sub-group of order q of a multiplicative group over a finite field,
Figure BDA0003175300270000028
is G1×G1→G2N is the plaintext data length, P is G1I.e. P ∈ G1,PpubIs the system public key, PpubKs, P, s is the master key factor of the system,
Figure BDA0003175300270000029
Pr=ks,Ppuband PrIs a public and private key pair of the system, H1,H2Is a systematic hash function, where H1:{0,1}*→G1,H2:{0,1}n→G2
The key generation center KGC uses the system parameters paramas1Sending to the target device and saving the system paramas through the target device1
Target device generates random number r2For a random number r2Obtaining a symmetric key k from a key derivation algorithm2,k2=KDF(r2) Symmetric key k is generated by key generation center KGC2Encrypting to obtain encrypted symmetric key
Figure BDA00031753002700000210
And calculating a symmetric key based on the target device ID
Figure BDA00031753002700000211
Applying for the parameters, and applying the symmetric key
Figure BDA0003175300270000031
Sending the application parameters to a key generation center KGC;
wherein the symmetric key
Figure BDA0003175300270000032
The application parameters are as follows:
Figure BDA0003175300270000033
the key generation center KGC receives the symmetric key
Figure BDA0003175300270000034
After applying for the parameters, the symmetric key is verified
Figure BDA0003175300270000035
If the integrity of the application parameter is verified, the symmetric key is decrypted to obtain the integrity of the application parameter
Figure BDA0003175300270000036
And extracting the ID of the target equipment, detecting whether the ID of the target equipment is legal or not, and if so, calculating the identity public key P of the target equipmentpub1,Ppub1=H1(ID||Tv) Wherein, TvIs the validity period of the equipment;
the key generation center KGC calculates the identity private key of the target equipment based on the system master key factor and the security parameter
Figure BDA0003175300270000037
Symmetric key k for target equipment identity private key2After encryption, obtain
Figure BDA0003175300270000038
For the ciphertext of the private key
Figure BDA0003175300270000039
Device identity public key Ppub1And TvThe device has an expiration date signature, and obtains signed information
Figure BDA00031753002700000310
And will be
Figure BDA00031753002700000311
Sending the data to target equipment;
target device receives
Figure BDA00031753002700000312
Then, verify
Figure BDA00031753002700000313
If the signature information passes the verification, the identity public key P of the target equipment is obtainedpub1Using a symmetric key k2The identity private key of the target equipment is obtained after the private key ciphertext information is decrypted
Figure BDA00031753002700000314
Optionally, the negotiating an encryption key between the target device and another device includes:
the target device is set as a device 1, the other devices are set as devices 2, and the device ID is set by the device 11And the validity period T of the private keyv1Sent to device 2, device 2 receives the device ID1And the validity period T of the private keyv1Thereafter, the public key of the device 1 is determined, the public key
Figure BDA00031753002700000315
Device 2 connects device ID2And the validity period T of the private keyv2Sent to the device 1, and the device 1 receives the device ID2And the validity period T of the private keyv2Determining the public key of the device 2, the public key
Figure BDA00031753002700000316
Device 1 selects a random number r1Using the public key of device 2
Figure BDA00031753002700000317
Encrypting random number r1Then obtaining a ciphertext M1
Figure BDA00031753002700000318
Private key pair M by device 11Obtaining a signature after signing, signature S1=H1(M1||r1) The ciphertext M1And S1Sending to the device 2;
device 2 receives M1And S1Then, decrypt M1To obtain
Figure BDA00031753002700000319
And verifies the signature S1If the verification is passed, selecting a random number r2Using the public key of the device 1
Figure BDA00031753002700000320
Encrypting random number r2Then obtaining a ciphertext M2
Figure BDA00031753002700000321
Private key pair M by device 22Obtaining a signature after signing, signature S2=H1(M2||r2||r1) The ciphertext M2And S2Sending to the device 1;
device 1 receives M2And S2Then, decrypt M2To obtain
Figure BDA00031753002700000322
After comparison and decryption r1Whether or not to match a random number r1Is equal, if so, the signature S is verified2If the verification is passed, the validity of (1) is obtained
Figure BDA0003175300270000041
By key derivationAlgorithm derived master key
Figure BDA0003175300270000042
Public key passing through device 2
Figure BDA0003175300270000043
Encrypting random number r2Then obtaining the ciphertext
Figure BDA0003175300270000044
Will verify the passing information VpCiphertext M3,r1,r2Obtaining S after signature3=H1(Vp||M3||r1||r2) And M is3And S3Sending to the device 2;
device 2 receives M3And S3After transmission, decrypt M3To obtain
Figure BDA0003175300270000045
After comparison and decryption r2Whether or not to match a random number r2Equality, if equal, verifies the signature S3If the verification is passed, the validity of (1) is obtained
Figure BDA0003175300270000046
Obtaining an encryption key by a key derivation algorithm
Figure BDA0003175300270000047
Device 1 and device 2 pass encryption keys
Figure BDA0003175300270000048
And (3) information interaction between the protection equipment 1 and the equipment 2, namely, finishing the lightweight access authentication of the power Internet of things equipment.
The invention also provides an IBC system-based lightweight access authentication system for the power Internet of things equipment, which comprises the following steps:
the device identity key pair application module is used for applying a target device public and private key pair ciphertext, and comprises: after the target equipment generates a key application parameter, a key generation center KGC generates a target equipment identity public and private key pair according to the unique identification ID of the target equipment, and transmits a public and private key pair ciphertext to the target equipment after encrypting by using a symmetric key;
the device encryption key negotiation module is used for negotiating the encryption key of the target device and other devices, and comprises the steps of introducing a random number negotiation master key based on the identity public and private key pairs of the target device and other devices when the target device and other devices perform information interaction, generating a data encryption key after calculation by adopting a key derivation algorithm, and accessing authentication through the data encryption key.
Optionally, the application of the public and private key pair ciphertext by the target device specifically includes:
the target device selects a random number r first1And is
Figure BDA0003175300270000049
Wherein the group of the circulation groups is a circulation group,
Figure BDA00031753002700000410
is of order q and is set
Figure BDA00031753002700000411
A secure one-way hash function of
Figure BDA00031753002700000412
According to r1
Figure BDA00031753002700000413
q、
Figure BDA00031753002700000414
And target equipment ID, generating the identity key pair application parameter paramas of the target equipment0={ID,r1,q,H(ID||r1) Will apply for the parameter paramas0={ID,r1,q,H(ID||r1) Sending the key to a key generation center KGC;
the KGC of the key generation center receives the application parameter paramas0={ID,r1,q,H(ID||r1) After that, calculating a safety parameter to see k,
Figure BDA00031753002700000415
the security parameter k is input into a parameter generator for operation to generate a system parameter paramas1
Wherein the content of the first and second substances,
Figure BDA00031753002700000416
wherein q is a security prime, G1To satisfy the q-order additive subgroup on an elliptic curve of the bilinear mapping property, G2A sub-group of order q of a multiplicative group over a finite field,
Figure BDA0003175300270000051
is G1×G1→G2N is the plaintext data length, P is G1I.e. P ∈ G1,PpubIs the system public key, PpubKs, P, s is the master key factor of the system,
Figure BDA0003175300270000052
Pr=ks,Ppuband PrIs a public and private key pair of the system, H1,H2Is a systematic hash function, where H1:{0,1}*→G1,H2:{0,1}n→G2
The key generation center KGC uses the system parameters paramas1Sending to the target device and saving the system paramas through the target device1
Target device generates random number r2For a random number r2Obtaining a symmetric key k from a key derivation algorithm2,k2=KDF(r2) Symmetric key k is generated by key generation center KGC2Encrypting to obtain encrypted symmetric key
Figure BDA0003175300270000053
And calculating a symmetric key based on the target device ID
Figure BDA0003175300270000054
Applying for the parameters, and applying the symmetric key
Figure BDA0003175300270000055
Sending the application parameters to a key generation center KGC;
wherein the symmetric key
Figure BDA0003175300270000056
The application parameters are as follows:
Figure BDA0003175300270000057
the key generation center KGC receives the symmetric key
Figure BDA0003175300270000058
After applying for the parameters, the symmetric key is verified
Figure BDA0003175300270000059
If the integrity of the application parameter is verified, the symmetric key is decrypted to obtain the integrity of the application parameter
Figure BDA00031753002700000510
And extracting the ID of the target equipment, detecting whether the ID of the target equipment is legal or not, and if so, calculating the identity public key P of the target equipmentpub1,Ppub1=H1(ID||Tv) Wherein, TvIs the validity period of the equipment;
the key generation center KGC calculates the identity private key of the target equipment based on the system master key factor and the security parameter
Figure BDA00031753002700000511
Symmetric key k for target equipment identity private key2After encryption, obtain
Figure BDA00031753002700000512
For the ciphertext of the private key
Figure BDA00031753002700000513
Device identity public key Ppub1And TvThe device has an expiration date signature, and obtains signed information
Figure BDA00031753002700000514
And will be
Figure BDA00031753002700000515
Sending the data to target equipment;
target device receives
Figure BDA00031753002700000516
Then, verify
Figure BDA00031753002700000517
If the signature information passes the verification, the identity public key P of the target equipment is obtainedpub1Using a symmetric key k2The identity private key of the target equipment is obtained after the private key ciphertext information is decrypted
Figure BDA00031753002700000518
Optionally, the negotiating an encryption key between the target device and another device includes:
the target device is set as a device 1, the other devices are set as devices 2, and the device ID is set by the device 11And the validity period T of the private keyv1Sent to device 2, device 2 receives the device ID1And the validity period T of the private keyv1Thereafter, the public key of the device 1 is determined, the public key
Figure BDA00031753002700000519
Device 2 connects device ID2And the validity period T of the private keyv2Sent to the device 1, and the device 1 receives the device ID2And the validity period T of the private keyv2Determining the public key of the device 2, the public key
Figure BDA0003175300270000061
Device 1 selects a random number r1Using the apparatus2 public key
Figure BDA0003175300270000062
Encrypting random number r1Then obtaining a ciphertext M1
Figure BDA0003175300270000063
Private key pair M by device 11Obtaining a signature after signing, signature S1=H1(M1||r1) The ciphertext M1And S1Sending to the device 2;
device 2 receives M1And S1Then, decrypt M1To obtain
Figure BDA0003175300270000064
And verifies the signature S1If the verification is passed, selecting a random number r2Using the public key of the device 1
Figure BDA0003175300270000065
Encrypting random number r2Then obtaining a ciphertext M2
Figure BDA0003175300270000066
Private key pair M by device 22Obtaining a signature after signing, signature S2=H1(M2||r2||r1) The ciphertext M2And S2Sending to the device 1;
device 1 receives M2And S2Then, decrypt M2To obtain
Figure BDA0003175300270000067
After comparison and decryption r1Whether or not to match a random number r1Is equal, if so, the signature S is verified2If the verification is passed, the validity of (1) is obtained
Figure BDA0003175300270000068
Deriving master keys through key derivation algorithms
Figure BDA0003175300270000069
Public key passing through device 2
Figure BDA00031753002700000610
Encrypting random number r2Then obtaining the ciphertext
Figure BDA00031753002700000611
Will verify the passing information VpCiphertext M3,r1,r2Obtaining S after signature3=H1(Vp||M3||r1||r2) And M is3And S3Sending to the device 2;
device 2 receives M3And S3After transmission, decrypt M3To obtain
Figure BDA00031753002700000612
After comparison and decryption r2Whether or not to match a random number r2Equality, if equal, verifies the signature S3If the verification is passed, the validity of (1) is obtained
Figure BDA00031753002700000613
Obtaining an encryption key by a key derivation algorithm
Figure BDA00031753002700000614
Device 1 and device 2 pass encryption keys
Figure BDA00031753002700000615
And (3) information interaction between the protection equipment 1 and the equipment 2, namely, finishing the lightweight access authentication of the power Internet of things equipment.
The method provided by the invention can realize efficient and safe access authentication of the power Internet of things equipment and enhance the safety and intelligent management level of the Internet of things equipment.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
FIG. 2 is a flow chart of the device identity key pair application of the present invention;
FIG. 3 is a flowchart of the device encryption key negotiation of the present invention;
FIG. 4 is a flow chart of the system of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
The invention is further illustrated by the following examples and figures:
in order to realize efficient and safe access authentication of power internet-of-things equipment, the invention provides a lightweight access authentication method of the power internet-of-things equipment based on an IBC system, which mainly comprises two processes of equipment identity key pair application and encryption key negotiation, as shown in FIG. 1, firstly, a key application file is generated by the equipment, a key generation center KGC generates an equipment identity public and private key pair based on an equipment unique identifier ID, and a symmetric key is used for encrypting a private key and transmitting the private key to the equipment; when information interaction is needed between the devices, random numbers are introduced to negotiate a master key based on the identity key pair, and then a data encryption key is obtained by adopting a key derivation algorithm.
The encryption key is generated by a key pair application and key agreement method, so that the problems of information leakage and the like caused by unreliable key generation center due to key escrow can be effectively avoided.
The step of applying for the device identity key pair, as shown in fig. 2, is as follows:
the target device first selects a random number
Figure BDA0003175300270000071
Figure BDA0003175300270000072
The order of the cyclic group is q.
Figure BDA0003175300270000073
Is a secure one-way hash function. According to the device ID, generating a device identity key pair application parameter paramas0={ID,r1,q,H(ID||r1) And sending the key to a key generation center KGC.
After the key generation center KGC receives the application parameters, the security parameters are calculated
Figure BDA0003175300270000074
The security parameter k is input into a parameter generator to be operated to generate a system parameter paramas1
Figure BDA0003175300270000081
Wherein q is a security prime, G1To satisfy the q-order additive subgroup on an elliptic curve of the bilinear mapping property, G2A subgroup of order q of the multiplicative group over the finite field.
Figure BDA0003175300270000082
Is G1×G1→G2N is the plaintext data length, P is G1I.e. P ∈ G1,PpubIs the system public key, PpubKs, P, s is the master key factor of the system,
Figure BDA0003175300270000083
Pr=ks,Ppuband PrFor system public and privateA key pair. H1,H2Is a system hash function. Wherein H1:{0,1}*→G1,H2:{0,1}n→G2
The key generation center KGC uses the system parameters paramas1Sent to the device and stored by the device.
Device generating random number r2Obtaining a symmetric key k based on a key derivation algorithm2=KDF(r2) Generating a central public key pair k using the secret key2Is encrypted to obtain
Figure BDA0003175300270000084
Calculating an identity key pair application parameter based on the equipment ID and sending the identity key pair application parameter to a key generation center KGC;
wherein, the identity key pair application parameters are:
Figure BDA0003175300270000085
after receiving the application parameter of the equipment identity key pair, the key generation center KGC firstly verifies the data integrity, and decrypts the data after passing the verification to obtain a symmetric key
Figure BDA0003175300270000086
And extracting the device ID and detecting whether the device ID is legal. If legal, computing equipment identity public key Ppub1I.e. Ppub1=H1(ID||Tv) Wherein, TvIs the device expiration date. Then, the KGC calculates the private key of the equipment identity based on the system master key factor and the security parameter
Figure BDA0003175300270000087
Symmetric key k for private key of equipment identity2After encryption, obtain
Figure BDA0003175300270000088
Cipher text of private key
Figure BDA0003175300270000089
Device identity public key Ppub1And TvDevice validity period signing obtains signed information
Figure BDA00031753002700000810
Then will be
Figure BDA00031753002700000811
And sending the data to the device.
After the equipment receives the response message of the public and private key pair of the identity, firstly, the signature information is verified, and if the signature passes the verification, the equipment identity public key P is obtainedpub1Using a symmetric key k2The private key of the equipment identity is obtained after the private key ciphertext information is decrypted
Figure BDA00031753002700000812
The device encryption key negotiation step, as shown in fig. 3, is as follows:
device 1 (target device) associates its own device ID with1And the validity period T of the private keyv1Sent to device 2 (other device) together, and device 2 receives and then calculates device 1 public key
Figure BDA00031753002700000813
Device 2 identifies itself to device2And the validity period T of the private keyv2Are sent to the device 1 together, and the device 1 receives the public key of the computing device 2
Figure BDA00031753002700000814
Device 1 selects a random number r1With device 2 public key
Figure BDA00031753002700000815
Obtaining a ciphertext after encrypting
Figure BDA00031753002700000816
Then obtaining S after signing by the private key of the equipment 11=H1(M1||r1) The ciphertext M1And S1Sending to the device 2;
after the device 2 receives the informationFirst, decrypt M1To obtain
Figure BDA0003175300270000091
The signature S is then verified1After the verification is passed, a random number r is selected2Public key of device 1
Figure BDA0003175300270000092
Obtaining a ciphertext after encrypting
Figure BDA0003175300270000093
Then the S is obtained after the signature is carried out by the private key of the device 22=H1(M2||r2||r1) The ciphertext M2And S2Sending to the device 1;
after receiving the information, the device 1 first decrypts M2To obtain
Figure BDA0003175300270000094
After comparison and decryption r1Whether or not it is equal to the original value. If equal, verify the signature S2After the verification is passed, calculating
Figure BDA0003175300270000095
Then, a key derivation algorithm is adopted to calculate a master key
Figure BDA0003175300270000096
Thereafter using device 2 public key
Figure BDA0003175300270000097
Encryption r2Then obtaining the ciphertext
Figure BDA0003175300270000098
Will verify the passing information VpCiphertext M3,r1,r2Obtaining S after signature3=H1(Vp||M3||r1||r2) Then M is added3And S3Sending to the device 2;
after receiving the information, the device 2 first decrypts M3To obtain
Figure BDA0003175300270000099
After comparison and decryption r2Whether or not it is equal to the original value. If equal, verify the signature S3After the verification is passed, the same calculation is carried out
Figure BDA00031753002700000910
Computing device encryption key using key derivation algorithm
Figure BDA00031753002700000911
The information interaction between the device 1 and the device 2 is all based on the device encryption key k for security protection.
The invention also provides an IBC system-based lightweight access authentication system 200 for power internet of things devices, as shown in fig. 4, including:
the device identity key pair application module 201 is configured to apply for a target device public and private key pair ciphertext, and includes: after the target equipment generates a key application parameter, a key generation center KGC generates a target equipment identity public and private key pair according to the unique identification ID of the target equipment, and transmits a public and private key pair ciphertext to the target equipment after encrypting by using a symmetric key;
the device encryption key negotiation module 202 is configured to negotiate an encryption key between the target device and another device, and includes that, when the target device and the another device perform information interaction, a random number negotiation master key is introduced based on an identity public and private key pair of the target device and the another device, a data encryption key is generated after calculation by using a key derivation algorithm, that is, authentication is performed through data encryption key access.
Wherein, the application of public and private key pair ciphertext of the target device specifically includes:
the target device selects a random number r first1And is
Figure BDA00031753002700000912
Wherein the group of the circulation groups is a circulation group,
Figure BDA00031753002700000913
is of order q and is set
Figure BDA00031753002700000914
A secure one-way hash function of
Figure BDA00031753002700000915
According to r1
Figure BDA00031753002700000916
q、
Figure BDA00031753002700000917
And target equipment ID, generating the identity key pair application parameter paramas of the target equipment0={ID,r1,q,H(ID||r1) Will apply for the parameter paramas0={ID,r1,q,H(ID||r1) Sending the key to a key generation center KGC;
the KGC of the key generation center receives the application parameter paramas0={ID,r1,q,H(ID||r1) After that, calculating a safety parameter to see k,
Figure BDA0003175300270000101
the security parameter k is input into a parameter generator for operation to generate a system parameter paramas1
Wherein the content of the first and second substances,
Figure BDA0003175300270000102
wherein q is a security prime, G1To satisfy the q-order additive subgroup on an elliptic curve of the bilinear mapping property, G2A sub-group of order q of a multiplicative group over a finite field,
Figure BDA0003175300270000103
is G1×G1→G2N is the plaintext data length, P is G1I.e. P ∈ G1,PpubIs the system public key, PpubKs, P, s is the master key factor of the system,
Figure BDA0003175300270000104
Pr=ks,Ppuband PrIs a public and private key pair of the system, H1,H2Is a systematic hash function, where H1:{0,1}*→G1,H2:{0,1}n→G2
The key generation center KGC uses the system parameters paramas1Sending to the target device and saving the system paramas through the target device1
Target device generates random number r2For a random number r2Obtaining a symmetric key k from a key derivation algorithm2,k2=KDF(r2) Symmetric key k is generated by key generation center KGC2Encrypting to obtain encrypted symmetric key
Figure BDA0003175300270000105
And calculating a symmetric key based on the target device ID
Figure BDA0003175300270000106
Applying for the parameters, and applying the symmetric key
Figure BDA0003175300270000107
Sending the application parameters to a key generation center KGC;
wherein the symmetric key
Figure BDA0003175300270000108
The application parameters are as follows:
Figure BDA0003175300270000109
the key generation center KGC receives the symmetric key
Figure BDA00031753002700001010
After applying for the parameters, the symmetric key is verified
Figure BDA00031753002700001011
If the integrity of the application parameter is verified, the symmetric key is decrypted to obtain the integrity of the application parameter
Figure BDA00031753002700001012
And extracting the ID of the target equipment, detecting whether the ID of the target equipment is legal or not, and if so, calculating the identity public key P of the target equipmentpub1,Ppub1=H1(ID||Tv) Wherein, TvIs the validity period of the equipment;
the key generation center KGC calculates the identity private key of the target equipment based on the system master key factor and the security parameter
Figure BDA00031753002700001013
Symmetric key k for target equipment identity private key2After encryption, obtain
Figure BDA00031753002700001014
For the ciphertext of the private key
Figure BDA00031753002700001015
Device identity public key Ppub1And TvThe device has an expiration date signature, and obtains signed information
Figure BDA00031753002700001016
And will be
Figure BDA00031753002700001017
Sending the data to target equipment;
target device receives
Figure BDA00031753002700001018
Then, verify
Figure BDA00031753002700001019
If the signature information passes the verification, the identity public key P of the target equipment is obtainedpub1Using a symmetric key k2The identity private key of the target equipment is obtained after the private key ciphertext information is decrypted
Figure BDA00031753002700001020
The encryption key negotiation between the target device and other devices includes:
the target device is set as a device 1, the other devices are set as devices 2, and the device ID is set by the device 11And the validity period T of the private keyv1Sent to device 2, device 2 receives the device ID1And the validity period T of the private keyv1Thereafter, the public key of the device 1 is determined, the public key
Figure BDA0003175300270000111
Device 2 connects device ID2And the validity period T of the private keyv2Sent to the device 1, and the device 1 receives the device ID2And the validity period T of the private keyv2Determining the public key of the device 2, the public key
Figure BDA0003175300270000112
Device 1 selects a random number r1Using the public key of device 2
Figure BDA0003175300270000113
Encrypting random number r1Then obtaining a ciphertext M1
Figure BDA0003175300270000114
Private key pair M by device 11Obtaining a signature after signing, signature S1=H1(M1||r1) The ciphertext M1And S1Sending to the device 2;
device 2 receives M1And S1Then, decrypt M1To obtain
Figure BDA0003175300270000115
And verifies the signature S1If the verification is passed, selecting a random number r2Using the public key of the device 1
Figure BDA0003175300270000116
Encrypting random number r2Then obtaining a ciphertext M2
Figure BDA0003175300270000117
Private key pair M by device 22Obtaining a signature after signing, signature S2=H1(M2||r2||r1) The ciphertext M2And S2Sending to the device 1;
device 1 receives M2And S2Then, decrypt M2To obtain
Figure BDA0003175300270000118
After comparison and decryption r1Whether or not to match a random number r1Is equal, if so, the signature S is verified2If the verification is passed, the validity of (1) is obtained
Figure BDA0003175300270000119
Deriving master keys through key derivation algorithms
Figure BDA00031753002700001110
Public key passing through device 2
Figure BDA00031753002700001111
Encrypting random number r2Then obtaining the ciphertext
Figure BDA00031753002700001112
Will verify the passing information VpCiphertext M3,r1,r2Obtaining S after signature3=H1(Vp||M3||r1||r2) And M is3And S3Sending to the device 2;
device 2 receives M3And S3After transmission, decrypt M3To obtain
Figure BDA00031753002700001113
After comparison and decryption r2Whether or not to match a random number r2Equality, if equal, verifies the signature S3Is a law ofSex, if the verification is passed, obtaining
Figure BDA00031753002700001114
Obtaining an encryption key by a key derivation algorithm
Figure BDA00031753002700001115
Device 1 and device 2 pass encryption keys
Figure BDA00031753002700001116
And (3) information interaction between the protection equipment 1 and the equipment 2, namely, finishing the lightweight access authentication of the power Internet of things equipment.
The method provided by the invention can realize efficient and safe access authentication of the power Internet of things equipment and enhance the safety and intelligent management level of the Internet of things equipment.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The scheme in the embodiment of the invention can be realized by adopting various computer languages, such as object-oriented programming language Java and transliterated scripting language JavaScript.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (6)

1. A lightweight access authentication method for power Internet of things equipment based on an IBC system comprises the following steps:
the application of the public and private key pair of the target equipment to the ciphertext comprises the following steps: after the target equipment generates a key application parameter, a key generation center KGC generates a target equipment identity public and private key pair according to the unique identification ID of the target equipment, and transmits a public and private key pair ciphertext to the target equipment after encrypting by using a symmetric key;
the negotiation of the encryption key between the target equipment and other equipment comprises the steps of introducing a random number negotiation main key based on the identity public and private key pairs of the target equipment and other equipment when the target equipment and other equipment perform information interaction, generating a data encryption key after calculation by adopting a key derivation algorithm, and accessing authentication through the data encryption key.
2. The method of claim 1, wherein the application of the target device public and private key pair ciphertext specifically comprises:
the target device selects a random number r first1And is
Figure FDA0003175300260000011
Wherein the group of the circulation groups is a circulation group,
Figure FDA0003175300260000012
is of order q and is set
Figure FDA0003175300260000013
A secure one-way hash function of
Figure FDA0003175300260000014
According to r1
Figure FDA0003175300260000015
q、
Figure FDA0003175300260000016
And target equipment ID, generating the identity key pair application parameter paramas of the target equipment0={ID,r1,q,H(ID||r1) Will apply for the parameter paramas0={ID,r1,q,H(ID||r1) Sending the key to a key generation center KGC;
the KGC of the key generation center receives the application parameter paramas0={ID,r1,q,H(ID||r1) After that, calculating a safety parameter to see k,
Figure FDA0003175300260000017
the security parameter k is input into a parameter generator for operation to generate a system parameter paramas1
Wherein the content of the first and second substances,
Figure FDA0003175300260000018
wherein q is a security prime, G1To satisfy the q-order additive subgroup on an elliptic curve of the bilinear mapping property, G2A sub-group of order q of a multiplicative group over a finite field,
Figure FDA0003175300260000019
is G1×G1→G2N is the plaintext data length, P is G1I.e. P ∈ G1,PpubIs the system public key, PpubKs, P, s is the master key factor of the system,
Figure FDA00031753002600000110
Ppuband PrIs a public and private key pair of the system, H1,H2Is a systematic hash function, where H1:{0,1}*→G1,H2:{0,1}n→G2
The key generation center KGC uses the system parameters paramas1Sending to the target device and saving the system paramas through the target device1
Target device generates random number r2For a random number r2Obtaining a symmetric key k from a key derivation algorithm2,k2=KDF(r2) Symmetric key k is generated by key generation center KGC2Encrypting to obtain encrypted symmetric key
Figure FDA0003175300260000021
And according to the target settingSpare ID calculating symmetric key
Figure FDA0003175300260000022
Applying for the parameters, and applying the symmetric key
Figure FDA0003175300260000023
Sending the application parameters to a key generation center KGC;
wherein the symmetric key
Figure FDA0003175300260000024
The application parameters are as follows:
Figure FDA0003175300260000025
the key generation center KGC receives the symmetric key
Figure FDA0003175300260000026
After applying for the parameters, the symmetric key is verified
Figure FDA0003175300260000027
If the integrity of the application parameter is verified, the symmetric key is decrypted to obtain the integrity of the application parameter
Figure FDA0003175300260000028
And extracting the ID of the target equipment, detecting whether the ID of the target equipment is legal or not, and if so, calculating the identity public key P of the target equipmentpub1,Ppub1=H1(ID||Tv) Wherein, TvIs the validity period of the equipment;
the key generation center KGC calculates the identity private key of the target equipment based on the system master key factor and the security parameter
Figure FDA0003175300260000029
Symmetric key k for target equipment identity private key2After encryption, obtain
Figure FDA00031753002600000210
For the ciphertext of the private key
Figure FDA00031753002600000211
Device identity public key Ppub1And TvThe device has an expiration date signature, and obtains signed information
Figure FDA00031753002600000212
And will be
Figure FDA00031753002600000213
Sending the data to target equipment;
target device receives
Figure FDA00031753002600000214
Then, verify
Figure FDA00031753002600000215
If the signature information passes the verification, the identity public key P of the target equipment is obtainedpub1Using a symmetric key k2The identity private key of the target equipment is obtained after the private key ciphertext information is decrypted
Figure FDA00031753002600000216
3. The method of claim 1, the target device's encryption key negotiation with other devices, comprising:
the target device is set as a device 1, the other devices are set as devices 2, and the device ID is set by the device 11And the validity period T of the private keyv1Sent to device 2, device 2 receives the device ID1And the validity period T of the private keyv1Thereafter, the public key of the device 1 is determined, the public key
Figure FDA00031753002600000217
Device 2 connects device ID2And the validity period T of the private keyv2To the device 1, setStandby 1 receives the device ID2And the validity period T of the private keyv2Determining the public key of the device 2, the public key
Figure FDA00031753002600000218
Device 1 selects a random number r1Using the public key of device 2
Figure FDA00031753002600000219
Encrypting random number r1Then obtaining a ciphertext M1
Figure FDA00031753002600000220
Private key pair M by device 11Obtaining a signature after signing, signature S1=H1(M1||r1) The ciphertext M1And S1Sending to the device 2;
device 2 receives M1And S1Then, decrypt M1To obtain
Figure FDA00031753002600000221
And verifies the signature S1If the verification is passed, selecting a random number r2Using the public key of the device 1
Figure FDA00031753002600000222
Encrypting random number r2Then obtaining a ciphertext M2
Figure FDA0003175300260000031
Private key pair M by device 22Obtaining a signature after signing, signature S2=H1(M2||r2||r1) The ciphertext M2And S2Sending to the device 1;
device 1 receives M2And S2Then, decrypt M2To obtain
Figure FDA0003175300260000032
After comparison and decryptionr1Whether or not to match a random number r1Is equal, if so, the signature S is verified2If the verification is passed, the validity of (1) is obtained
Figure FDA0003175300260000033
Deriving master keys through key derivation algorithms
Figure FDA0003175300260000034
Public key passing through device 2
Figure FDA0003175300260000035
Encrypting random number r2Then obtaining the ciphertext
Figure FDA0003175300260000036
Will verify the passing information VpCiphertext M3,r1,r2Obtaining S after signature3=H1(Vp||M3||r1||r2) And M is3And S3Sending to the device 2;
device 2 receives M3And S3After transmission, decrypt M3To obtain
Figure FDA0003175300260000037
After comparison and decryption r2Whether or not to match a random number r2Equality, if equal, verifies the signature S3If the verification is passed, the validity of (1) is obtained
Figure FDA0003175300260000038
Obtaining an encryption key by a key derivation algorithm
Figure FDA0003175300260000039
Device 1 and device 2 pass encryption keys
Figure FDA00031753002600000310
And (3) information interaction between the protection equipment 1 and the equipment 2, namely, finishing the lightweight access authentication of the power Internet of things equipment.
4. An IBC system-based lightweight access authentication system for power Internet of things equipment, the system comprising:
the device identity key pair application module is used for applying a target device public and private key pair ciphertext, and comprises: after the target equipment generates a key application parameter, a key generation center KGC generates a target equipment identity public and private key pair according to the unique identification ID of the target equipment, and transmits a public and private key pair ciphertext to the target equipment after encrypting by using a symmetric key;
the device encryption key negotiation module is used for negotiating the encryption key of the target device and other devices, and comprises the steps of introducing a random number negotiation master key based on the identity public and private key pairs of the target device and other devices when the target device and other devices perform information interaction, generating a data encryption key after calculation by adopting a key derivation algorithm, and accessing authentication through the data encryption key.
5. The system of claim 4, wherein the application of the target device public and private key pair ciphertext specifically comprises:
the target device selects a random number r first1And is
Figure FDA00031753002600000311
Wherein the group of the circulation groups is a circulation group,
Figure FDA00031753002600000312
is of order q and is set
Figure FDA00031753002600000313
A secure one-way hash function of
Figure FDA00031753002600000314
According to r1
Figure FDA00031753002600000315
q、
Figure FDA00031753002600000316
And target equipment ID, generating the identity key pair application parameter paramas of the target equipment0={ID,r1,q,H(ID||r1) Will apply for the parameter paramas0={ID,r1,q,H(ID||r1) Sending the key to a key generation center KGC;
the KGC of the key generation center receives the application parameter paramas0={ID,r1,q,H(ID||r1) After that, calculating a safety parameter to see k,
Figure FDA0003175300260000041
the security parameter k is input into a parameter generator for operation to generate a system parameter paramas1
Wherein the content of the first and second substances,
Figure FDA0003175300260000042
wherein q is a security prime, G1To satisfy the q-order additive subgroup on an elliptic curve of the bilinear mapping property, G2A sub-group of order q of a multiplicative group over a finite field,
Figure FDA0003175300260000043
is G1×G1→G2N is the plaintext data length, P is G1I.e. P ∈ G1,PpubIs the system public key, PpubKs, P, s is the master key factor of the system,
Figure FDA0003175300260000044
Ppuband PrIs a public and private key pair of the system, H1,H2Is a systematic hash function, where H1:{0,1}*→G1,H2:{0,1}n→G2
The key generation center KGC uses the system parameters paramas1Sending to the target device and saving the system paramas through the target device1
Target device generates random number r2For a random number r2Obtaining a symmetric key k from a key derivation algorithm2,k2=KDF(r2) Symmetric key k is generated by key generation center KGC2Encrypting to obtain encrypted symmetric key
Figure FDA0003175300260000045
And calculating a symmetric key based on the target device ID
Figure FDA0003175300260000046
Applying for the parameters, and applying the symmetric key
Figure FDA0003175300260000047
Sending the application parameters to a key generation center KGC;
wherein the symmetric key
Figure FDA0003175300260000048
The application parameters are as follows:
Figure FDA0003175300260000049
the key generation center KGC receives the symmetric key
Figure FDA00031753002600000410
After applying for the parameters, the symmetric key is verified
Figure FDA00031753002600000411
If the integrity of the application parameter is verified, the symmetric key is decrypted to obtain the integrity of the application parameter
Figure FDA00031753002600000412
And extracting the ID of the target device and detecting whether the ID of the target device is presentIf legal, calculating the public key P of target device identitypub1,Ppub1=H1(ID||Tv) Wherein, TvIs the validity period of the equipment;
the key generation center KGC calculates the identity private key of the target equipment based on the system master key factor and the security parameter
Figure FDA00031753002600000413
Symmetric key k for target equipment identity private key2After encryption, obtain
Figure FDA00031753002600000414
For the ciphertext of the private key
Figure FDA00031753002600000415
Device identity public key Ppub1And TvThe device has an expiration date signature, and obtains signed information
Figure FDA00031753002600000416
And will be
Figure FDA00031753002600000417
Sending the data to target equipment;
target device receives
Figure FDA00031753002600000418
Then, verify
Figure FDA00031753002600000419
If the signature information passes the verification, the identity public key P of the target equipment is obtainedpub1Using a symmetric key k2The identity private key of the target equipment is obtained after the private key ciphertext information is decrypted
Figure FDA0003175300260000051
6. The system of claim 4, the target device to encrypt key negotiations with other devices, comprising:
the target device is set as a device 1, the other devices are set as devices 2, and the device ID is set by the device 11And the validity period T of the private keyv1Sent to device 2, device 2 receives the device ID1And the validity period T of the private keyv1Thereafter, the public key of the device 1 is determined, the public key
Figure FDA0003175300260000052
Device 2 connects device ID2And the validity period T of the private keyv2Sent to the device 1, and the device 1 receives the device ID2And the validity period T of the private keyv2Determining the public key of the device 2, the public key
Figure FDA0003175300260000053
Device 1 selects a random number r1Using the public key of device 2
Figure FDA0003175300260000054
Encrypting random number r1Then obtaining a ciphertext M1
Figure FDA0003175300260000055
Private key pair M by device 11Obtaining a signature after signing, signature S1=H1(M1||r1) The ciphertext M1And S1Sending to the device 2;
device 2 receives M1And S1Then, decrypt M1To obtain
Figure FDA0003175300260000056
And verifies the signature S1If the verification is passed, selecting a random number r2Using the public key of the device 1
Figure FDA0003175300260000057
Encrypting random number r2Then obtaining a ciphertext M2
Figure FDA0003175300260000058
Private key pair M by device 22Obtaining a signature after signing, signature S2=H1(M2||r2||r1) The ciphertext M2And S2Sending to the device 1;
device 1 receives M2And S2Then, decrypt M2To obtain
Figure FDA0003175300260000059
After comparison and decryption r1Whether or not to match a random number r1Is equal, if so, the signature S is verified2If the verification is passed, the validity of (1) is obtained
Figure FDA00031753002600000510
Deriving master keys through key derivation algorithms
Figure FDA00031753002600000511
Public key passing through device 2
Figure FDA00031753002600000512
Encrypting random number r2Then obtaining the ciphertext
Figure FDA00031753002600000513
Will verify the passing information VpCiphertext M3,r1,r2Obtaining S after signature3=H1(Vp||M3||r1||r2) And M is3And S3Sending to the device 2;
device 2 receives M3And S3After transmission, decrypt M3To obtain
Figure FDA00031753002600000514
After comparison and decryption r2Whether or not to match a random number r2Equal to, if equal toEtc., verifying the signature S3If the verification is passed, the validity of (1) is obtained
Figure FDA00031753002600000515
Obtaining an encryption key by a key derivation algorithm
Figure FDA00031753002600000516
Device 1 and device 2 pass encryption keys
Figure FDA00031753002600000517
And (3) information interaction between the protection equipment 1 and the equipment 2, namely, finishing the lightweight access authentication of the power Internet of things equipment.
CN202110830359.1A 2021-07-22 2021-07-22 Lightweight access authentication method and system for power Internet of things equipment based on IBC system Pending CN113704736A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110830359.1A CN113704736A (en) 2021-07-22 2021-07-22 Lightweight access authentication method and system for power Internet of things equipment based on IBC system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110830359.1A CN113704736A (en) 2021-07-22 2021-07-22 Lightweight access authentication method and system for power Internet of things equipment based on IBC system

Publications (1)

Publication Number Publication Date
CN113704736A true CN113704736A (en) 2021-11-26

Family

ID=78650381

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110830359.1A Pending CN113704736A (en) 2021-07-22 2021-07-22 Lightweight access authentication method and system for power Internet of things equipment based on IBC system

Country Status (1)

Country Link
CN (1) CN113704736A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363086A (en) * 2022-01-24 2022-04-15 北京北卡星科技有限公司 Industrial internet data encryption transmission method based on stream cipher
CN114900337A (en) * 2022-04-19 2022-08-12 贵州电网有限责任公司 Authentication encryption method and system suitable for power chip
CN114928491A (en) * 2022-05-20 2022-08-19 国网江苏省电力有限公司信息通信分公司 Internet of things security authentication method, device and system based on identification cryptographic algorithm
CN115065466A (en) * 2022-06-23 2022-09-16 中国电信股份有限公司 Key agreement method, key agreement device, electronic equipment and computer-readable storage medium
CN115242468A (en) * 2022-07-07 2022-10-25 广州河东科技有限公司 RS485 bus-based secure communication system and method thereof
CN116192389A (en) * 2023-04-26 2023-05-30 杭州海康威视数字技术股份有限公司 Lightweight device communication key negotiation method, device, equipment and system
WO2024027070A1 (en) * 2022-08-03 2024-02-08 中国电力科学研究院有限公司 Terminal device authentication method and system based on identification public key, and computer-readable storage medium

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363086A (en) * 2022-01-24 2022-04-15 北京北卡星科技有限公司 Industrial internet data encryption transmission method based on stream cipher
CN114363086B (en) * 2022-01-24 2024-04-12 北京北卡星科技有限公司 Industrial Internet data encryption transmission method based on stream cipher
CN114900337A (en) * 2022-04-19 2022-08-12 贵州电网有限责任公司 Authentication encryption method and system suitable for power chip
CN114900337B (en) * 2022-04-19 2024-04-05 贵州电网有限责任公司 Authentication encryption method and system suitable for power chip
CN114928491A (en) * 2022-05-20 2022-08-19 国网江苏省电力有限公司信息通信分公司 Internet of things security authentication method, device and system based on identification cryptographic algorithm
CN115065466A (en) * 2022-06-23 2022-09-16 中国电信股份有限公司 Key agreement method, key agreement device, electronic equipment and computer-readable storage medium
CN115065466B (en) * 2022-06-23 2024-01-19 中国电信股份有限公司 Key negotiation method, device, electronic equipment and computer readable storage medium
CN115242468A (en) * 2022-07-07 2022-10-25 广州河东科技有限公司 RS485 bus-based secure communication system and method thereof
CN115242468B (en) * 2022-07-07 2023-05-26 广州河东科技有限公司 Safe communication system and method based on RS485 bus
WO2024027070A1 (en) * 2022-08-03 2024-02-08 中国电力科学研究院有限公司 Terminal device authentication method and system based on identification public key, and computer-readable storage medium
CN116192389A (en) * 2023-04-26 2023-05-30 杭州海康威视数字技术股份有限公司 Lightweight device communication key negotiation method, device, equipment and system
CN116192389B (en) * 2023-04-26 2023-07-25 杭州海康威视数字技术股份有限公司 Lightweight device communication key negotiation method, device, equipment and system

Similar Documents

Publication Publication Date Title
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
CN113704736A (en) Lightweight access authentication method and system for power Internet of things equipment based on IBC system
CN112887338B (en) Identity authentication method and system based on IBC identification password
US20210111877A1 (en) Systems and methods for generating signatures
EP3349393B1 (en) Mutual authentication of confidential communication
CN109831430B (en) Safe, controllable and efficient data sharing method and system under cloud computing environment
CN108418686A (en) A kind of how distributed SM9 decryption methods and medium and key generation method
US9698984B2 (en) Re-encrypted data verification program, re-encryption apparatus and re-encryption system
US11870891B2 (en) Certificateless public key encryption using pairings
CN110933033B (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
CN109861956B (en) Data verification system, method, device and equipment based on state channel
CN107682152B (en) Group key negotiation method based on symmetric cipher
US20190044922A1 (en) Symmetric key identity systems and methods
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
CN103414559A (en) Identity authentication method based on IBE-like system in cloud computing environment
JP5324813B2 (en) Key generation apparatus, certificate generation apparatus, service provision system, key generation method, certificate generation method, service provision method, and program
CN113098681B (en) Port order enhanced and updatable blinded key management method in cloud storage
CN111245594B (en) Homomorphic operation-based collaborative signature method and system
WO2020115266A1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
CN116232759A (en) Mist-blockchain assisted smart grid aggregation authentication method
CN113572612B (en) Private key distribution method for SM9 cryptographic algorithm, user terminal and key generation center
CN114697001B (en) Information encryption transmission method, equipment and medium based on blockchain
CN115603891A (en) Independently controllable ciphertext data security calculation method and system
CN114070570A (en) Safe communication method of power Internet of things
CN113779593A (en) Identity-based dual-server authorization ciphertext equivalence determination method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination