CN113872760A - SM9 key infrastructure and security system - Google Patents
SM9 key infrastructure and security system Download PDFInfo
- Publication number
- CN113872760A CN113872760A CN202111292912.7A CN202111292912A CN113872760A CN 113872760 A CN113872760 A CN 113872760A CN 202111292912 A CN202111292912 A CN 202111292912A CN 113872760 A CN113872760 A CN 113872760A
- Authority
- CN
- China
- Prior art keywords
- key
- things
- internet
- encryption
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of information security networks, and particularly relates to an SM9 secret key infrastructure and a security system, which comprise a secret key production subsystem, a terminal identification management module, an SM9 encryption and decryption calculation module and a registration authentication subsystem; registering the equipment identification as a public key ID through a registration authentication subsystem, then sending the equipment identification to a terminal identification management module, and storing the identification and subsequently applying, distributing and canceling a user private key by the terminal identification management module; the user private key application of the terminal identification management module is sent to the key production subsystem, the key production subsystem calculates the user private key according to the user identification by using the main private key and the public parameters, and the user private key is distributed to the equipment terminal through the terminal identification management module, so that the key preparation is completed. An SM9 secret key infrastructure architecture is designed, a system implementation approach is analyzed, and safety problems of equipment access and management, peer-to-peer identity verification, secret communication, key data protection and the like are solved.
Description
Technical Field
The invention belongs to the technical field of information security networks, and particularly relates to SM9 secret key infrastructure and a security system.
Background
In the ubiquitous internet of things environment, the data volume is increased, the service types are increased, the information interaction is complex, and the risk access, the data leakage and the malicious attack are increased rapidly. The continuous evolution of the cooperative work framework of the internet of things enables a large number of independent networks to be accessed into a high-level comprehensive service system, and a cloud platform with a bottom layer supported by various terminals and various data sources is formed. In such an environment, when data relates to sensitive information, once private information is leaked or tampered, serious consequences can be caused, and public interests such as the national civilians and even national security can be damaged. Therefore, technologies such as network identity authentication and trusted information interaction are needed to ensure information confidentiality in a cloud computing scene and safe operation of an internet of things system. The traditional PKI-based security system has the following major disadvantages in the application of internet of things:
1. conventional identity authentication based on Public Key Infrastructure (PKI) needs to rely on a third party Certificate Authority (CA), and a Certificate needs to be created for each terminal, and during system operation, a massive Certificate exchange authentication process occurs, which is complex to manage and is not favorable for deployment and operation and maintenance of a security system in an internet of things environment.
2. The communication process needs to frequently access CA and verify certificates, so that the real-time performance is poor, the system operation efficiency is low, and the real-time requirement of the Internet of things system cannot be met.
China promulgates the cipher industry standard (GM/T0044.1-2016) SM9 mark cipher algorithm of the people's republic of China in 2016, and is a set of commercial standards which have independent intellectual property rights and can replace the RSA cipher system based on PKI. The standard has the characteristics of simple protocol, convenience in deployment, operation and maintenance, no need of certificates and the like, has higher operation efficiency and safety efficiency, and is suitable for application in the environment of the Internet of things.
In a ubiquitous Internet of things environment with a cloud platform as a center, an access main body of the central cloud platform comprises various Internet of things sensing terminals and control terminals, longitudinal instructions and data interaction of a multilayer system structure has high real-time requirements, and the system is required to have high autonomous decision and autonomy capability so as to reduce various delays and meet high real-time requirements.
The identity authentication technology of the access equipment and the source integrity verification technology of the information are key safety technologies in the ubiquitous Internet of things environment, and the legality of the equipment identity needs to be guaranteed, the illegal equipment access is prevented, and the absolute trueness of a control instruction is guaranteed in the equipment access, control and communication processes. The traditional safety system adopts a PKI (public key infrastructure) cryptosystem, and the system has the main problems that a public key certificate is needed to bind an equipment public key, and the legality of the certificate is ensured by a certificate center of a third party, so that the problems of complex protocol, poor real-time performance, difficulty in deployment and management and the like are brought, and the system is not suitable for application in the environment of the ubiquitous Internet of things. Therefore, a safety scheme with light structure, simplified protocol, good real-time performance and convenient deployment, operation and maintenance needs to be researched to ensure the safety of the ubiquitous internet of things system. The identity-based encryption system (IBC) has the characteristics of simple protocol, no need of certificate, simplicity and easiness in deployment and management and the like, and meets the deployment and management requirements of the security system in the ubiquitous Internet of things environment.
The ubiquitous Internet of things enables the Internet of things to be integrated into the Internet, a data island is broken, mass equipment is in a more complex network environment, and safety risks are more prominent. The traditional public key cryptosystem (PKI) security scheme has the defects of high digital certificate management overhead and complex management, and is not suitable for security construction of the ubiquitous Internet of things.
The IBC-based SM9 is an asymmetric cryptosystem, and is characterized in that a certificate and a CA are not required in the system, and a complex certificate verification process is eliminated. The SM9 uses the unique identification of the user as a public key, the public key is identified by an external acknowledged organization or organization, a third party CA is not needed to ensure the authenticity of the public key, the encryption or authentication process does not depend on the CA or other third party online mechanisms, a safety system is constructed based on the SM9, and the system has the advantages of high-efficiency operation, simplicity in deployment and convenience in operation and maintenance. Therefore, the SM9 is adopted to establish a security system of the ubiquitous Internet of things, the problems of complex protocol, difficult deployment and management, poor real-time performance and the like of PKI in the application of the Internet of things are solved, and the security systems of equipment access authentication, secure communication, data confidentiality and the like are established.
Meanwhile, the SM9 cryptosystem has its own systematic security problem, namely, the key escrow problem. Since the Key Generation Center (KGC) generates and stores the master Key and the user private Key is generated by a public algorithm and parameters, the KGC knows the private keys of all users, which results in an open vulnerability of the security system, and the security of the user Key is premised on the trustworthiness of the KGC. The KGC master key or the stored user key may be leaked by active attack of a malicious attacker or careless omission of a manager, so that the user information security is compromised. Therefore, there is a need to solve the key escrow problem of SM9 and to perfect the SM 9-based security architecture.
Disclosure of Invention
The present invention is directed to at least solve one of the technical problems in the prior art, and therefore, an aspect of the present invention is to provide an SM9 key infrastructure, which can solve the key escrow problem of SM9 and improve the security system based on SM 9;
another aspect of the present invention is to provide a ubiquitous internet of things security system based on SM9, to solve the problems of complex protocol, difficult deployment and management, poor real-time performance, and the like in the application of PKI in the internet of things, and establish a security system for device access authentication, secure communication, data confidentiality, and the like.
In order to solve the technical problems, the invention adopts the technical scheme that:
an SM9 key infrastructure comprises a key production subsystem, a terminal identification management module, an SM9 encryption and decryption calculation module and a registration authentication subsystem;
the encryption/decryption application is sent to the SM9 encryption/decryption calculation module by the key production subsystem, and the encryption/decryption result is returned to the key production subsystem by the SM9 encryption/decryption calculation module;
the terminal identification management module sends a private key application to the key production subsystem, and the key production subsystem sends a private key to the terminal identification management module;
registering the equipment identification as a public key ID through a registration authentication subsystem, then sending the equipment identification to a terminal identification management module, and storing the identification and subsequently applying, distributing and canceling a user private key by the terminal identification management module;
the user private key application of the terminal identification management module is sent to the key production subsystem, the key production subsystem calculates the user private key according to the user identification by using the main private key and the public parameters, and the user private key is distributed to the equipment terminal through the terminal identification management module, so that the key preparation is completed.
There are n key production subsystems, n keys are generated by n physically and administratively independent key production subsystems with the same status, and any one independent key production subsystem only possesses the user private key generated by itself.
When the message is encrypted by the private key, n private keys are divided into n sections for encryption, and then the n ciphertexts are accumulated into a final overall cipher text.
The whole plaintext is not encrypted in a segmented manner, and only the key part is encrypted in a segmented manner; dividing the key part of the plaintext into n ends, and randomly distributing one of n secret keys to each segment for encryption; and randomly distributing a key for encryption to other plaintext except for the segmented encryption.
A ubiquitous Internet of things safety system based on SM9 comprises a safety management center, a safety cloud platform, an Internet of things cloud platform and an Internet of things terminal,
the safety management center is a man-machine interface module for all safety management;
the secure cloud platform is an implementation platform of an SM9 cryptographic mechanism and comprises a secure control terminal management system and an SM9 key infrastructure;
the Internet of things cloud platform is a service system ubiquitous in the Internet of things environment;
the terminal module of the internet of things comprises SAM and the node equipment of the internet of things, and the SAM is a special binding interface of the security system and the node equipment of the internet of things.
The communication parties realize mutual identity verification in the SAM module, the registered equipment identification is used as an identification public key, the private key special for the equipment is distributed by the key production subsystem, a certificate authentication process is not needed before the public key is used, and mechanisms such as peer identity verification, non-repudiation of the identity of a message sender and the like are realized by using a private key signature and public key signature verification mode.
The SM9 encryption mechanism can use the owner identification or the storage device identification of the stored data as a public key to encrypt the stored static data, so as to prevent the data from being leaked and stolen; through the digital signature, the data is prevented from being tampered, and meanwhile, the data is bound with the identity of the owner of the data, so that the omnibearing safety protection of the stored data is realized.
Compared with the prior art, the invention has the following beneficial effects:
an SM9 secret key infrastructure architecture is designed, a system implementation approach is analyzed, and safety problems of equipment access and management, peer-to-peer identity verification, secret communication, key data protection and the like are solved. The scheme provided has the characteristics of light weight, low cost, high system autonomy and less manual management amount, and is suitable for deployment, operation and maintenance of the ubiquitous Internet of things environment.
1. The public key may be a public identity; 2. the public key is the public and accepted identity of the user; 3. the sender only needs the identity recognized by the receiver; 4. no certificate is required; 5. no certificate, no verification, no CA; 6. the security policy control of the decryption information can be increased by time or fixed IP and the like; 7. the realization and management cost is low.
Drawings
FIG. 1 is a general block diagram of the ubiquitous security of SM9 according to the present invention;
FIG. 2 is a block diagram of the key infrastructure of the present invention;
FIG. 3 is a schematic diagram of the inventive segment encryption;
FIG. 4 is a security function implementation level block diagram of the SM9 of the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The scheme provides a comprehensive Internet of things, realizes an SM 9-based security system by relying on a cloud computing platform, provides a system overall construction method, security function designs such as security identity authentication, secret communication and data security storage, and forms a complete Internet of things operation security protection system by solving the problem of secret key trusteeship of SM 9.
1. System architecture
The overall structure of the scheme is shown in figure 1. The ubiquitous Internet of things security system based on SM9 mainly comprises a security management module, an Internet of things cloud platform, a security cloud platform, an Internet of things terminal and the like.
The security management center is a man-machine interface module for all security management, and comprises the management of generating and updating a master key of SM9, the management of generating, hosting, storing, distributing, canceling and the like of a user key, the management of authentication, access, removal and the like of a security control module (SAM). The Internet of things cloud platform is a service system in the ubiquitous Internet of things environment. The secure cloud platform is an implementation platform of an SM9 cryptographic mechanism, and comprises an SM9 key infrastructure and a secure control terminal (SAM) management system. The SM9 key infrastructure realizes the basic links of an SM9 security system, including registration and management of terminal identifiers (RA module), generation, hosting, distribution, revocation and the like of a master key pair and a user private key (KGC module), and a cryptographic engine. And the safety control module management is responsible for the record management, the state management and the like of the safety terminal module. The terminal module of the internet of things comprises the SAM and the node equipment of the internet of things, and the SAM is a special binding interface of the safety system and the node equipment of the internet of things.
2. Key infrastructure
(1) SM9 Key infrastructure
The core module of the SM9 key infrastructure is KGC, and in practical applications, other auxiliary modules need to be added to form the key infrastructure. As shown in fig. 2, in a ubiquitous internet of things environment, the SM9 cryptographic application starts with determining a terminal identifier as a public key, registering a device identifier as a public key ID through an RA, submitting the device identifier to an IMC, and storing the device identifier and performing subsequent operations such as application, distribution, revocation and the like on a user private key by the IMC. And the KGC calculates a user private key according to the user identifier by using the main private key and the public parameter, and distributes the user private key to the equipment terminal through the IMC so as to finish the key preparation. The above describes the basic process of the key infrastructure in terms of system architecture when the key is prepared, and the detailed process also includes the implementation of the key encapsulation protocol in key distribution, and the like.
3. Key escrow problem and coping scheme
The key escrow problem of the IBC encryption system is a main safety problem, and the key escrow problem is solved, so that the key escrow problem has important significance for perfecting the safety system of the scheme.
(1) IBC Key escrow problem
One of the main problems of the IBC encryption mechanism is that KGC masters the master key, and the private key of the user is generated by a public algorithm and parameters, so that KGC knows the private keys of all users, which results in the opening vulnerability of the security system, and the security of the user key is premised on the trustworthiness of KGC. The KGC master key or the stored user key may be leaked by active attack of a malicious attacker or careless omission of a manager, so that the user information security is compromised.
(2) Measures taken in the scheme
By combining the scheme, a new key escrow scheme with more advantages is provided. We propose another idea to solve the key escrow problem below. It is set that n KGCs exist in the system, n keys are generated by n KGCs which are independent physically and administratively and have the same status, and any independent KGC only has a user private key generated by itself. In consideration of ciphertext, the message encapsulated in the original algorithm is encrypted by only one private key, if the message to be encrypted is encrypted by dividing n private keys into n sections, the n ciphertexts are accumulated into a final overall ciphertext. Thus, since the user has all n private keys, decryption is possible; even if an attacker obtains the user's private key in one or a few, but not all, KGCs, the ciphertext cannot be decrypted.
The safety and the operation efficiency of the scheme are comprehensively considered, and the above idea is further optimized: the whole plaintext is not encrypted in a segmented manner, and only the key part is encrypted in a segmented manner, so that the implementation is facilitated and the expenditure is saved. Specifically, the key part of the plaintext is divided into n ends, and each segment is randomly allocated with one of n keys for encryption. The other plaintext except the segmented encryption is randomly distributed with a key for encryption, and certainly, the key distribution results of the segmented encryption and the non-segmented encryption are recorded for decryption, so that both confidentiality and time overhead can be considered. Here, the key part of the plaintext may be key metadata of a general document, a header of an executable file; an optional piece of binary file, etc. As shown in fig. 4, Kus _ n is the user private key generated by the nth KGC. Segment encryption is as in fig. 3.
4. Secure function implementation based on SM9
As a system with higher complexity, the scheme is realized by adopting a hierarchical division thought to gradually decompose the top module so as to realize the function cohesion and module multiplexing of the final bottom module, so that the realized structure is clearer. As shown in fig. 4, the implementation of the present solution can be divided into an application layer, an SM9 algorithm layer, a function layer, and a bottom layer computation layer, where the layers are called from top to bottom.
The IBC-based ubiquitous Internet of things security scheme can provide multiple security protection functions for the nodes/terminals of the Internet of things.
(1) SM 9-based peer-to-peer identity authentication
In the scheme, mutual identity verification is realized by two communication parties in an SAM module, equipment identification registered by a system is used as an identification public key, a KGC distributes an exclusive private key of the equipment, a certificate authentication process is not needed before the public key is used, and mechanisms such as peer identity verification, undeniable identity of a message sender and the like are realized by using a private key signature and public key signature verification mode. The authentication process does not interact with the secure cloud platform or any third-party CA mechanism, and is completely carried out by both communication parties. The authentication function module is deployed in the SAM, and in implementation, the authentication function module is in the form of an independent module, is located at an application layer of the SM9 security function implementation hierarchy block diagram in fig. 4, and multiplexes implementation of lower layers with other modules, so that upgrading and maintenance are facilitated.
The identity authentication of the SM9 is also applicable to access control and authorization policies, such as multiple processes of accessing the cloud internet-of-things platform by devices, accessing between users and devices, and the like, so that unauthorized access is avoided, and transverse control is realized.
(2) SM 9-based key encapsulation and secure transport
The SM9 is asymmetric encryption, is not suitable for large data volume encryption/decryption, and when the secure encryption transmission is realized, a symmetric encryption mechanism is adopted to carry out encryption/decryption on transmission data according to a common method, and the SM9 encryption mechanism is used as a channel [10,11] for secure transmission of a secret key. According to the standard SM9 identification cryptographic algorithm, namely a fourth part key packaging mechanism and public key encryption, before secret communication, between peer parties A, B, an initiator A generates a symmetric key by using an identification public key of B, the symmetric key is encrypted by using the public key of B, the result is transmitted to B, and the B decrypts the symmetric key by using a private key of the B to complete a key packaging and transmitting process. Both parties can then A, B use the symmetric key to encrypt the transmission information peer-to-peer. By combining peer-to-peer identity authentication based on SM9 and encrypting the exchange key in the key agreement process, security risks such as man-in-the-middle attack can be effectively prevented. The safe transmission process is also not interacted with the safe cloud platform or the CA mechanism of any third party, and is completely carried out by the two communication parties. The functional module is deployed in the SAM and is deployed in a dynamic library mode, and upgrading and improvement are facilitated.
(3) Data storage security protection
The SM9 encryption mechanism can use the owner identification or the storage device identification of the stored data as a public key to encrypt the stored static data, so as to prevent the data from being leaked and stolen; through the digital signature, the data is prevented from being tampered, and meanwhile, the data is bound with the identity of the owner of the data, so that the omnibearing safety protection of the stored data is realized.
Although only the preferred embodiments of the present invention have been described in detail, the present invention is not limited to the above embodiments, and various changes can be made without departing from the spirit of the present invention within the knowledge of those skilled in the art, and all changes are encompassed in the scope of the present invention.
Claims (7)
1. An SM9 key infrastructure, characterized by: the system comprises a key production subsystem, a terminal identification management module, an SM9 encryption and decryption calculation module and a registration authentication subsystem;
the encryption/decryption application is sent to the SM9 encryption/decryption calculation module by the key production subsystem, and the encryption/decryption result is returned to the key production subsystem by the SM9 encryption/decryption calculation module;
the terminal identification management module sends a private key application to the key production subsystem, and the key production subsystem sends a private key to the terminal identification management module;
registering the equipment identification as a public key ID through a registration authentication subsystem, then sending the equipment identification to a terminal identification management module, and storing the identification and subsequently applying, distributing and canceling a user private key by the terminal identification management module; the user private key application of the terminal identification management module is sent to the key production subsystem, the key production subsystem calculates the user private key according to the user identification by using the main private key and the public parameters, and the user private key is distributed to the equipment terminal through the terminal identification management module, so that the key preparation is completed.
2. An SM9 key infrastructure, according to claim 1, wherein: there are n key production subsystems, n keys are generated by n physically and administratively independent key production subsystems with the same status, and any one independent key production subsystem only possesses the user private key generated by itself.
3. An SM9 key infrastructure, according to claim 2, wherein: when the message is encrypted by the private key, n private keys are divided into n sections for encryption, and then the n ciphertexts are accumulated into a final overall cipher text.
4. A SM9 key infrastructure according to claim 3, wherein the whole plaintext is not encrypted in sections, only the key parts are encrypted in sections; dividing the key part of the plaintext into n ends, and randomly distributing one of n secret keys to each segment for encryption; and randomly distributing a key for encryption to other plaintext except for the segmented encryption.
5. A ubiquitous Internet of things security system based on SM9, characterized in that: comprises a safety management center, a safety cloud platform, an Internet of things cloud platform and an Internet of things terminal,
the safety management center is a man-machine interface module for all safety management;
the secure cloud platform is an implementation platform of an SM9 cryptographic mechanism, comprising a security control terminal management system and an SM9 key infrastructure of any one of claims 1 to 4;
the Internet of things cloud platform is a service system ubiquitous in the Internet of things environment;
the terminal module of the internet of things comprises SAM and the node equipment of the internet of things, and the SAM is a special binding interface of the security system and the node equipment of the internet of things.
6. The SM 9-based ubiquitous internet of things security system according to claim 1, wherein: the communication parties realize mutual identity verification in the SAM module, the registered equipment identification is used as an identification public key, the private key special for the equipment is distributed by the key production subsystem, a certificate authentication process is not needed before the public key is used, and mechanisms such as peer identity verification, non-repudiation of the identity of a message sender and the like are realized by using a private key signature and public key signature verification mode.
7. The SM 9-based ubiquitous internet of things security system according to claim 1, wherein: the SM9 encryption mechanism can use the owner identification or the storage device identification of the stored data as a public key to encrypt the stored static data, so as to prevent the data from being leaked and stolen; through the digital signature, the data is prevented from being tampered, and meanwhile, the data is bound with the identity of the owner of the data, so that the omnibearing safety protection of the stored data is realized.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111292912.7A CN113872760A (en) | 2021-11-03 | 2021-11-03 | SM9 key infrastructure and security system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111292912.7A CN113872760A (en) | 2021-11-03 | 2021-11-03 | SM9 key infrastructure and security system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113872760A true CN113872760A (en) | 2021-12-31 |
Family
ID=78986837
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111292912.7A Pending CN113872760A (en) | 2021-11-03 | 2021-11-03 | SM9 key infrastructure and security system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113872760A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114567479A (en) * | 2022-02-28 | 2022-05-31 | 中国科学院软件研究所 | Intelligent equipment safety control reinforcement and monitoring early warning method |
| CN115001717A (en) * | 2022-08-03 | 2022-09-02 | 中国电力科学研究院有限公司 | Terminal equipment authentication method and system based on identification public key |
| CN115277090A (en) * | 2022-06-24 | 2022-11-01 | 南京南瑞信息通信科技有限公司 | Security authentication system based on lightweight algorithm and working method thereof |
| CN115361134A (en) * | 2022-07-19 | 2022-11-18 | 深圳市证通电子股份有限公司 | Terminal identity authentication method, device, equipment and medium based on Hongming system |
| WO2024000999A1 (en) * | 2022-06-28 | 2024-01-04 | 天翼数字生活科技有限公司 | National secret sm9 identity public key generation method and system for intelligent device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130191632A1 (en) * | 2012-01-25 | 2013-07-25 | Certivox, Ltd. | System and method for securing private keys issued from distributed private key generator (d-pkg) nodes |
| CN107025409A (en) * | 2017-06-27 | 2017-08-08 | 中经汇通电子商务有限公司 | A kind of data safety storaging platform |
| CN108595974A (en) * | 2018-05-07 | 2018-09-28 | 襄阳市尚贤信息科技有限公司 | A kind of fast verification system of electronic product code |
| CN108768635A (en) * | 2018-06-01 | 2018-11-06 | 武汉珈港科技有限公司 | A kind of cipher mark administrative model and method suitable for Internet of things system |
| CN110519238A (en) * | 2019-08-08 | 2019-11-29 | 北京安御道合科技有限公司 | A kind of Internet of Things security system and communication means based on cryptographic technique |
| CN110972136A (en) * | 2018-09-29 | 2020-04-07 | 上海灵慧软件科技有限公司 | Internet of things safety communication module, terminal, safety control system and authentication method |
| CN112511566A (en) * | 2021-02-02 | 2021-03-16 | 北京信安世纪科技股份有限公司 | SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium |
| CN213403064U (en) * | 2020-11-12 | 2021-06-08 | 中电科鹏跃电子科技有限公司 | Industrial network security communication system based on identification password |
-
2021
- 2021-11-03 CN CN202111292912.7A patent/CN113872760A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130191632A1 (en) * | 2012-01-25 | 2013-07-25 | Certivox, Ltd. | System and method for securing private keys issued from distributed private key generator (d-pkg) nodes |
| CN107025409A (en) * | 2017-06-27 | 2017-08-08 | 中经汇通电子商务有限公司 | A kind of data safety storaging platform |
| CN108595974A (en) * | 2018-05-07 | 2018-09-28 | 襄阳市尚贤信息科技有限公司 | A kind of fast verification system of electronic product code |
| CN108768635A (en) * | 2018-06-01 | 2018-11-06 | 武汉珈港科技有限公司 | A kind of cipher mark administrative model and method suitable for Internet of things system |
| CN110972136A (en) * | 2018-09-29 | 2020-04-07 | 上海灵慧软件科技有限公司 | Internet of things safety communication module, terminal, safety control system and authentication method |
| CN110519238A (en) * | 2019-08-08 | 2019-11-29 | 北京安御道合科技有限公司 | A kind of Internet of Things security system and communication means based on cryptographic technique |
| CN213403064U (en) * | 2020-11-12 | 2021-06-08 | 中电科鹏跃电子科技有限公司 | Industrial network security communication system based on identification password |
| CN112511566A (en) * | 2021-02-02 | 2021-03-16 | 北京信安世纪科技股份有限公司 | SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114567479A (en) * | 2022-02-28 | 2022-05-31 | 中国科学院软件研究所 | Intelligent equipment safety control reinforcement and monitoring early warning method |
| CN115277090A (en) * | 2022-06-24 | 2022-11-01 | 南京南瑞信息通信科技有限公司 | Security authentication system based on lightweight algorithm and working method thereof |
| CN115277090B (en) * | 2022-06-24 | 2024-05-28 | 南京南瑞信息通信科技有限公司 | Security authentication system based on lightweight algorithm and working method thereof |
| WO2024000999A1 (en) * | 2022-06-28 | 2024-01-04 | 天翼数字生活科技有限公司 | National secret sm9 identity public key generation method and system for intelligent device |
| CN115361134A (en) * | 2022-07-19 | 2022-11-18 | 深圳市证通电子股份有限公司 | Terminal identity authentication method, device, equipment and medium based on Hongming system |
| CN115001717A (en) * | 2022-08-03 | 2022-09-02 | 中国电力科学研究院有限公司 | Terminal equipment authentication method and system based on identification public key |
| CN115001717B (en) * | 2022-08-03 | 2022-10-25 | 中国电力科学研究院有限公司 | Terminal equipment authentication method and system based on identification public key |
| WO2024027070A1 (en) * | 2022-08-03 | 2024-02-08 | 中国电力科学研究院有限公司 | Terminal device authentication method and system based on identification public key, and computer-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113872760A (en) | SM9 key infrastructure and security system | |
| CN101094394A (en) | Method for guaranteeing safe transmission of video data, and video monitoring system | |
| CN102710605A (en) | Information security management and control method under cloud manufacturing environment | |
| CN111130777B (en) | Issuing management method and system for short-lived certificate | |
| CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
| CN116614599B (en) | Video monitoring method, device and storage medium for secure encryption | |
| CN112487443A (en) | Energy data fine-grained access control method based on block chain | |
| CN114697040B (en) | Electronic signature method and system based on symmetric key | |
| CN114172930B (en) | Large-scale Internet of things service domain isolated communication method and device, electronic equipment and storage medium | |
| CN114024698A (en) | Power distribution Internet of things service safety interaction method and system based on state cryptographic algorithm | |
| CN115514474A (en) | Industrial equipment trusted access method based on cloud-edge-end cooperation | |
| CN116668167A (en) | Intelligent contract method for data communication based on block chain | |
| CN116192432A (en) | Security authentication and authority control method and device under micro-application architecture and storage medium | |
| CN111444268A (en) | Data encryption method based on block chain | |
| CN113329003B (en) | Access control method, user equipment and system for Internet of things | |
| CN114091009A (en) | Method for establishing secure link by using distributed identity | |
| CN114036472A (en) | Cross-domain authentication method between Kerberos and PKI security domains based on alliance chain | |
| GB2543359A (en) | Methods and apparatus for secure communication | |
| CN111447174A (en) | Data encryption method based on block chain | |
| CN113676330B (en) | Digital certificate application system and method based on secondary secret key | |
| WO2023010688A1 (en) | Key management method and apparatus | |
| CN112906032B (en) | File secure transmission method, system and medium based on CP-ABE and block chain | |
| CN117675177A (en) | Internet of things terminal secure access method and system based on identification key | |
| CN112019553B (en) | Data sharing method based on IBE/IBBE | |
| Alston | Attribute-based encryption for attribute-based authentication, authorization, storage, and transmission in distributed storage systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |