CN114070559B - Industrial Internet of things session key negotiation method based on multiple factors - Google Patents

Industrial Internet of things session key negotiation method based on multiple factors Download PDF

Info

Publication number
CN114070559B
CN114070559B CN202111621015.6A CN202111621015A CN114070559B CN 114070559 B CN114070559 B CN 114070559B CN 202111621015 A CN202111621015 A CN 202111621015A CN 114070559 B CN114070559 B CN 114070559B
Authority
CN
China
Prior art keywords
user
server
message
things
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111621015.6A
Other languages
Chinese (zh)
Other versions
CN114070559A (en
Inventor
崔杰
程方正
杨明
张庆阳
顾成杰
仲红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui University
Original Assignee
Anhui University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui University filed Critical Anhui University
Priority to CN202111621015.6A priority Critical patent/CN114070559B/en
Publication of CN114070559A publication Critical patent/CN114070559A/en
Application granted granted Critical
Publication of CN114070559B publication Critical patent/CN114070559B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a multi-factor-based industrial Internet of things session key negotiation method, which is characterized in that a user uses a smart card to store personal information, and communicates with intelligent equipment and Internet of things nodes deployed in the industrial Internet of things by connecting mobile phones or other intelligent terminal equipment, so as to acquire equipment state information in real time, and remotely manage and monitor equipment. The invention is based on the environment of the semi-trusted management center, and more accords with reality, and the pseudonym of the user is generated by the user and the server together, and after each key negotiation process, the pseudonym of the user can be updated in real time, so that the identity information of the user is ensured not to be revealed, the anonymity of the user is ensured, the unlinkability and the untraceability are ensured, and the safety is improved. The key pre-distribution method is adopted, and based on a multi-factor authentication mode, namely the biological characteristics, the passwords and the intelligent card, the main encryption operation is bit operation and hash function, so that the calculation cost and the communication cost of a key negotiation scheme are reduced.

Description

Industrial Internet of things session key negotiation method based on multiple factors
Technical Field
The invention belongs to the industrial Internet of things communication technology, and particularly relates to a multi-factor-based industrial Internet of things session key negotiation method.
Background
Internet of things (IoT), i.e., everything interconnected, refers to internet-based extensions and extended networks. It consists of a number of information sensing devices, wherever they are located, that can be accessed and controlled remotely over the internet, anywhere and anytime, to enable interconnection between users, machines and objects. Industrial internet of things (IIoT) is one of the major applications of internet of things. In an internet of things environment, most internet of things devices or nodes have the capability to process information and communications and possess locatable internet protocol addresses (IP addresses), but resources are limited. For internet of things devices in different internet of things environments, users may access and control them through a network.
Industry 4.0 refers to the fourth industrial revolution leading to intelligent manufacturing. The factory integrates production equipment, wireless signal connections, and sensors into one ecosystem to autonomously monitor the entire production process and perform decisions. The highly autonomous and resource limitations of industrial internet of things networks present challenges to the security of industrial internet of things. Authentication and key establishment are important components of industrial internet of things, and key agreement must take security, performance and other factors into account.
As shown in FIG. 1, the existing industrial system model includes a user, an industrial Server, a regional gateway, and an intelligent device. The gateway is used as an area management device and deployed in a corresponding working environment with the area intelligent device. Both the gateway and the device are semi-trusted. Industrial Server deployment is in a physically secure environment where we consider it to be fully trusted. The legal user can send an access request to the Server, and establish contact with the intelligent device through the Server. During authentication and key agreement, the user and device may obtain a session key. Privacy, message integrity, and user authentication are critical in the IIoT environment because an adversary can eavesdrop, modify, and forge communication messages. In the industrial internet of things, the communication between a user and a Server is performed under an open wireless network environment, so that the user is easily attacked by an attacker, and user information (such as user identity, password, position information and the like) is revealed. Therefore, it is necessary to employ an appropriate security scheme to protect the communication link.
In most key protocol schemes, the key protocol flow is not light enough, and the requirements of equipment or sensor nodes with more resource constraints cannot be met, or the security in the environment of the internet of things cannot be met. In terms of functionality, most schemes do not meet more desirable functional features, such as revoking users, dynamically adding devices, dynamically changing personal related key information (including biometric features and passwords), etc.
Disclosure of Invention
The invention aims to: the invention aims to solve the defects existing in the prior art and provides an industrial Internet of things session key negotiation method based on multiple factors.
The technical scheme is as follows: the invention relates to a multi-factor-based industrial Internet of things session key negotiation method, which comprises the steps of industrial Internet of things system initialization, authentication, key negotiation and system update;
step (1), initializing an industrial Internet of things system
(1.1) Server initialization: selecting a biological feature probability generating function Gen (-) and a deterministic restoration function Rep (-) to set a Server private key S with a length of 160 bits for each working environment of the Internet of things, and establishing a private key list; meanwhile, various information tables, such as an equipment information table and a user information table, are established for all the working environments of the Internet of things; selecting a one-way hash function H (;
(1.2) device registration: in an offline state, the device provides registration information to the Server, including a device identification ID j Information such as the like; the Server generates a random value r j Computing device pseudonym RID j =h(ID j ||r j ) The method comprises the steps of carrying out a first treatment on the surface of the The Server calculates the private key Ksd of the device by using the private key S of the working area of the device j =h(RID j ||s); the Server adds the equipment information into an equipment list SDList of the area; various information of Server storage devices including pseudonym RID j =h(ID j ||r j ),Ksd j =h(RID j ||S);
(1.3) user registration: in a secure registration environment, user U i Generating a random value r i And calculates the pseudonym RID of the user i =h(ID i ||r i ) Transmitting the pseudonym to a Server; the Server checks the legitimacy of the user identity and calculates the user private key Ksu using the private key S of the registration area i =h(RID i ||s); transmitting the private key and the device list information in the area to a user; the user generates a function Gen (BIO) using the fuzzy extraction probability i )=(σ ii ) Obtaining a biometric key sigma i Common restoration parameter τ i The method comprises the steps of carrying out a first treatment on the surface of the User U i Setting password PW i The method comprises the steps of carrying out a first treatment on the surface of the The smart card calculates and stores (digital signature of user TPW) i Encrypted user private key Ksu i * Encrypted user pseudonym RID i * Encrypted device information list SDList τ i );σ i And τ i Respectively users U i A biometric key and a public recovery parameter;
step (2), authentication and key negotiation process:
(2.1) user login: the user logs in and performs identity verification with the aid of the smart card; user U i Inputting identity ID i Password PW i And use τ i And a fuzzy extraction deterministic recovery function Rep (·) for recovering the biometric key sigma of the user within a threshold t i The method comprises the steps of carrying out a first treatment on the surface of the The intelligent card calculates the user digital signature TPW to be verified i ’=h(ID i ||PW i ||σ i ) TPW is processed by i TPW in AND storage i And comparing, and verifying the identity of the user.
(2.2) user initiated request: after the user passes the authentication, the smart card calculates the cryptographically stored information, m1 is an encrypted message of a random value of a user, M2 is an authentication message of the user, M3 is a pseudonym encrypted message of the device and M4 is an authenticatable digital signature of the user.
The smart card then generates a random value r i Generating a current timestamp T 1 The method comprises the steps of carrying out a first treatment on the surface of the The smart card calculates the following parameters:
M2=h(Ksu i ||T 1 );
M4=h(RID i ||r u ||Ksu i ||T 1 ||RID j ||M3);
the user sends a request queue MQ1 to a Server, MQ 1= { RID i ,M1,M2,M3,M4,T 1 }。
(2.3) Server response request: after receiving the message MQ1, the Server firstly verifies the message time; the Server generates a current time stamp T 2 If |T 2 -T 1 |>Delta T, authentication operation is not continuously performed and the Server discards the message MQ1; if the time corresponds to the maximum transmission delay, the Server first calculates m2=h (Ksu i ||T 1 ) Verifying whether message queues M2 and M2 are equal and checking RID i Judging whether the message source belongs to a legal user or not;
after verifying the validity of the message, the Server calculates the message queue sequentially by using the private key S of the areaM4’=h(RID i ||r u ’||Ksu i ’||T 1 ||RID j ' M3); here, ksu i ' is the private key of the user to be verified, r u ' is the random value of the user to be verified, RID j ' is the pseudonym of the device to be authenticated;
the Server verifies the calculated message M4 'to be verified, compares M4 with M4', and if the calculated message M4 'and M4' are equal, proves that the message is not modified;
the Server will make new user pseudonymUpdating the user information; server generates a random value r s Calculate temporary authentication voucher ++>New user private keyAnd saving the new private key of the user;
server computing messages
The Server transmits the message queue MQ2 to the device, MQ 2= { Mu5, M6, M7, M8, mu51, T 2 };
Here, mu5 is a new private key encryption message of a user of which the device needs to be re-encrypted, M6 is a random value encryption message of the user, M7 is a random value encryption message of a server, M8 is a digital signature message of the server, and Mu51 is an encryption message for verifying whether the private key of the user is tampered;
(2.4) device authentication and computation of session key:
after receiving the message queue MQ2, the device first verifies the time of the message, SD j Generating a current timestamp T 3 If |T 3 -T 2 |>Δt, the authentication operation will not be continued, and the device discards the message MQ2;
the device uses the private key to sequentially calculate the random value r of the user to be verified u ' and the server random value r to be verified s ’,
Calculate m8' = =h (Mu 5||h (r) u ’||r s ')), verifying whether M8 is identical to the message M8' to be verifiedEtc., to determine if the message was altered; if not modified, device SD j Generating a random value r d Calculated by using the private key of the equipment
The devices calculate sk=h (Mu 9 r, respectively u ||h(r d ||r s )), M13=h(SK||h(r d ||r s )||T 3 ). Wherein SK is the negotiated session key; the device delivers the message queue MQ3 to the user, MQ 3= { Mu51, M10, M11, M12, M13, T 3 };
Mu9 is the encrypted message of the new private key that the user can decrypt, M10 is the encrypted message of the random values of the server and the device, M11 is the signed message of the server about the new private key of the user, M12 is the encrypted message of the random value of the server, and M13 is the digital signature of the device.
(2.5) user authentication and calculation of the key:
after the user receives MQ3, the message time is first verified. U (U) i Generating a current timestamp T 4 If |T 4 -T 3 |>Δt, the authentication operation will not continue and the user discards the message MQ3;
the user sequentially calculates the signature decrypted by the user
The user checks that if Mu9' is not equal to Mu9", the message is modified and the message is discarded; if the authentication message is normal, calculateSK’=h(SK’||h(r d ||r s )’),M13’=h(SK’||h(r d ||r s )’||T 3 );r s 'secret value generated for the server to be authenticated,'>For temporary authentication credentials to be verified, +.>For a new private key of the user to be verified ', mu9' is a signature calculated by the user to be verified, h (r d ||r s ) ' is an encrypted value of a random value to be verified, SK ' is a session key to be verified, and M13' is a signature message to be verified;
verifying M13 and M13 'to check whether the calculation result is correct, and if so, accepting SK' as session key and updating private key of userStep (3), updating industrial Internet of things system
(3.1) user password and biometric update:
in order to simplify user operation and reduce Server usage, legitimate users can update passwords and biological features locally at any time, and U is in a safe operating environment i Reading a smart card SC by a card reader i And provide own ID i Old password PW i old And old biometric information
SC i Calculation ofFurther calculate->By verifying +.>Whether or not to equal TPW i Judging whether the following operations need to be executed or not;
when authentication is completed, SC i Calculation of
User U i Obtaining SC i After the next instruction of U i Inputting new password PW i new And input new biometric informationCalculate->
SC i Using a new password PW i new And biometricsSeparately calculate->
Smart card SC i Ksu in memory i ;RID i ;SDList;TPW i ;τ i Changed toSDList new ;/>At this point, the password and biometric update has been completed. U (U) i Only the password or biometric can be updated, but for security and biometric accuracy reasons, periodic updating of the password and biometric is recommended.
(3.2) device update:
registering Internet of things equipment of different manufacturers on a Server; server using self-generated random secret valuesUnalterable identity of package SD +.>Obtaining a pseudonym identifier different from the existing node
The Server calculates the private key of the Internet of things equipment by using the private key S of the working area where the Internet of things equipment is to be deployedThe Server stores the registration information in the memory of the new Internet of things equipment, and updates the equipment information into an equipment list of the area;
and deploying the Internet of things equipment in the working area, informing legal users in the area of deploying new equipment, wherein the user updating equipment list is safe, and the legal users can communicate with the new equipment to obtain access control and service.
(3.3) user revocation:
in the actual application in a large-scale industrial environment, in order to ensure the traceability of specific implementation steps and record the operation, an industrial Server registers and records legal users which participate in session communication and are authorized; for all registered executable users, the Server may modify its legitimacy and revoke its executable authorization; the Server may re-encrypt and encapsulate the name of the revoked user using a direct long-term keyThe encapsulated user ID is still stored as a record and a certificate in an authorization list of the Internet of things area;
in the session key protocol stage, when a user sends a request message MQ1= { RID to a Server i ,M1,M2,M3,M4,T 1 When the user is authorized, the Server verifies whether the user still has legal authorization and searches the authorized user list; if the user has been revoked, the Server will not retrieve the user's pseudonym information in the list at this point, and the request information sent by the revoked user will not receive a response.
The beneficial effects are that: compared with the prior art, the invention has the following advantages:
(1) The invention is based on multi-factor authentication, and is more in line with reality. Meanwhile, the pseudonym of the user needs to be more than one at a time and is calculated by the Server and the user respectively, so that the anonymity of the user is ensured. In addition, the private key of the user is encrypted once, and after each negotiation of the session key, the Server and the user update the private key of the user respectively. The scheme ensures anonymity and unlinkability of users.
(2) The invention does not adopt a bilinear mapping operation or elliptic curve encryption method which is more complicated in cryptography calculation, but adopts bit operation and hash function with smaller calculation cost, thereby effectively improving the calculation cost and communication cost of session keys in the industrial Internet of things.
(3) The method for pre-distributing the secret key is combined with the certificate-free signature, the revocation operation of the user and the updating operation of the equipment are excluded from the secret key negotiation process, the storage cost, the calculation cost and the searching time are reduced, and the efficiency of message authentication is improved.
Drawings
FIG. 1 is a schematic diagram of a system network architecture according to the present invention;
FIG. 2 is a schematic diagram of a network at various stages of the scheme of the present invention;
FIG. 3 is a process diagram of the main steps of authentication and key agreement of the present invention;
FIG. 4 is an overall flow chart of the solution of the present invention;
FIG. 5 is a response flow chart of the Server receiving a request message in the scheme of the present invention;
fig. 6 is a response flow chart of a device receiving a request message in the solution of the present invention.
Detailed Description
The technical scheme of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.
The meanings of the characters related to this embodiment are as follows:
as shown in fig. 1, the industrial internet of things session key negotiation method based on multiple factors of the invention comprises the following steps:
the system initialization includes three stages of initialization of Server, registration of equipment and registration of user;
the authentication and key agreement step (2) comprises five stages of user login, user initiation request, server response request, equipment authentication and key calculation, user authentication and key calculation;
and (3) updating the system, wherein the updating of the system comprises updating of a user password and a biological characteristic, updating of equipment and revocation of the user.
Step (1) System initialization
The process mainly describes the initialization of the server, the registration of the Internet of things equipment and the registration of legal users. The server distributes the private key and pseudonym to the device and the user.
The Server is a center of the industrial Internet of things, is a completely trusted third party, and has very high computing capacity and capacity storage and is responsible for the operation of the whole industrial Internet of things. The method comprises the following specific steps:
1) The Server selects a biometric probability generation function Gen (-) and a deterministic restoration function Rep (-) to be loaded into the smart card, and simultaneously selects a one-way hash function H (-) to be used.
2) The Server randomly selects S as a system key, and it is noted that, because the Server is a central Server, the selected key is directed to a range key within a single working range of the internet of things, and the Server can select different keys for each region in the industrial internet of things.
3) In addition to establishing regional key list information within the industrial internet of things, the server may establish various backup information tables, such as a device information table, a user information table, and the like. In case of user revocation, and device connection failure, the inquiry can be made through these tables.
Before equipment is deployed to a specific working area, various Internet of things equipment and sensor nodes from different manufacturers are required to be uniformly registered in a server to obtain standard equipment information, and meanwhile, the identification ID of the equipment is changed j Etc. The server will register for each registered device and assign the private key of the device. The method comprises the following specific steps:
1) In an offline state, the device registers with the server to provide device information including a device identification ID j Etc.
2) The server generates a random value r j Computing device pseudonym RID j =h(ID j ||r j )。
3) The server calculates the private key Ksd of the device using the private key S of the device operating area j =h(RID j ||S)
4) The server adds the device information to the device list SDList of the area.
5) The server storing various information of the device, including pseudonym RID j =h(ID j ||r j ),Ksd j =h(RID j ||S)。
Before participating in the operation of the industrial internet of things, the user needs to register himself in the server safely and obtain the device information of the user capable of carrying out the session key from the server. In the key negotiation stage, the user can carry out key negotiation and communication on the internet of things equipment which can communicate with the user, and the server can carry out validity verification on the user. The method comprises the following specific steps:
1) The user conceals the RID from the identity information of the user i =h(ID i ||r i ) A pseudonym is generated and transmitted to the server.
2) The server checks whether the registration of the user is legal and the registration unit of the user. The server transmits the list information of the devices in the area to the user and distributes the private key Ksu of the user i =h(RID i ||S)。
3) The user gets a smart card at registration, and the user extracts his own biological information from Gen (BIO) using a fuzzy extractor i )=(σ ii ) Obtaining sigma i τ i . In the intelligent card, the user uses cipher, the biological characteristic encrypts the own use information, calculates and stores TPW i =h(ID i ||PW i ||σ i ),
Step (2) authentication and key agreement
In the authentication and key negotiation process, the user needs to communicate with the internet of things device to obtain real-time device information.
First the user needs to log in locally and obtain the stored information from the smart card. The method comprises the following specific steps:
1) The user logs in and performs identity verification with the aid of the smart card. User U i Inputting identity ID i Password PW i And use τ i And a fuzzy extraction deterministic recovery function Rep (·) for recovering the user feature key sigma within the threshold t i
2) Smart card computing TPW i ’=h(ID i ||PW i ||σ i ) TPW is processed by i TPW in AND storage i And comparing, and verifying the identity of the user.
Next, after the user passes the local authentication, a session request is initiated. The method comprises the following specific steps:
1) After the user passes the authentication, the smart card calculates the cryptographically stored information,
2) The smart card generates a random value r i Generating a current timestamp T 1
3) Smart card computingM2=h(Ksu i ||T 1 ),/> M4=h(RID i ||r u ||Ksu i ||T 1 ||RID j ||M3)。
4) The user sends a request queue MQ1 to the server, MQ1= { RID i ,M1,M2,M3,M4,T 1 }。
After receiving the user's request, the server verifies the message, including checking the communication delay of the message and whether the message has been tampered with. At the same time, the validity of the user is checked, including whether the user is logged off or is a legal user in the area. The response message is then calculated. Including the new pseudonym and private key of the user. The method comprises the following specific steps:
1) After receiving MQ1, server first verifies message time. The Server generates a current time stamp T 2 If |T 2 -T 1 |>Delta T is notAuthentication operations continue to be performed. The server discards the message MQ1.
2) If the time corresponds to the maximum transmission delay, the server first calculates m2=h (Ksu i ||T 1 ) Verifying whether message queues M2 and M2 are equal or not and checking RID i Whether the message source belongs to a legal user or not is judged.
3) After verifying the validity of the message, the server sequentially calculates Ksu from the message queue by using the affiliated area private key S i ’=h(RID i ||S),M4’=h(RID i ||r u ’||Ksu i ’||T 1 ||RID j ’||M3)。
4) The Server verifies the calculated M4 'and compares M4 with M4'. If equal, the attestation message is not modified.
5) The Server will make new user pseudonymUpdating into user information.
6) The Server generates a random value rs and calculates a temporary authentication certificateNew user private key +.>The new private key of the user is saved.
7) Server computing messages M8=h(Mu5||h(r u ||r s )),/>
8) The Server transmits the message queue MQ2 to the device, MQ 2= { Mu5, M6, M7, M8, mu51, T 2 }。
After receiving the response message of the server, the device judges the delay of the message and checks whether the message is modified or not, and verifies that the source of the message is reliable. Some key values are then decrypted. Because the device's message is not forwarded to the user again, the server includes the user's updated information in the message, which the device cannot calculate, but in order to prevent inadvertent modification of certain values in the calculation, the server includes an interim message in the message that can verify if it has been modified. The method comprises the following specific steps:
1) After the device receives MQ2, it first verifies the message time. SD (secure digital memory card) j Generating a current timestamp T 3 If |T 3 -T 2 |>Δt, the authentication operation is not continued. The device discards the message MQ2.
2) The device calculates r in turn using the device private key u ' and r s ’,
3) Calculate m8' = =h (Mu 5||h (r) u ’||r s ')), verifying that M8 and M8' are equal, to determine if the message has been altered.
4) Device SD j Generating a random value r d Calculated by using the private key of the equipment
5) The devices calculate sk=h (Mu 9 r, respectively u ||h(r d ||r s )), M13=h(SK||h(r d ||r s )||T 3 ). Where SK is the negotiated session key.
6) The device transmits the message queue MQ3 to the user, MQ 3= { MU51, M10, M11, M12, M13, T 3 }。
After receiving the message from the device, the user calculates a hidden message transmitted from the server, and after the time delay and correctness of the message verification of the device, the device updates the identity of the user and the private key of the user.
The method comprises the following specific steps:
1) After the user receives MQ3, the message time is first verified. U (U) i Generating a current timestamp T 4 If |T 4 -T 3 |>Δt, the authentication operation is not continued. The user discards the message MQ3.
2) The user calculates in sequence
3) The user checks that if Mu9' is not equal to Mu9", the message is modified and the message is discarded.
SK’=h(SK’||h(r d ||r s )’),M13’=h(SK’||h(r d ||r s )’||T 3 )。
5) And verifying M13 and M13' to check whether the calculation result is correct. If the check passes, SK' is approved as the session key. And updating the private key of the userStep (3) System update
In order to simplify user operation and reduce server usage, legitimate users can update passwords and biological features locally at any time. In a secure operating environment, user U i Reading a smart card SC by a card reader i And provide own ID i Old passwordAnd old biometric information->The method comprises the following specific steps:
1)SC i calculation ofFurther calculate->
2) Pass verification on smart cardWhether or not to equal TPW i It is determined whether the following operations need to be performed.
3) When authentication is completed, SC i Calculation of
4)U i Obtaining SC i After the next instruction of U i Inputting new password PW i new And input new biometric informationCalculate->
5)SC i Using a new password PW i new And biological characteristicsSeparately calculate->
6) Smart card SC i Ksu in memory i ;RID i ;SDList;TPW i ;τ i Changed toSDList new ;TPW i new ;/>At this point, the password and biometric update has been completed. User U i Only the password or biometric can be updated, but for security and biometric accuracy reasons, periodic updating of the password and biometric is recommended.
In order to adapt to different Internet of things devices, internet of things devices of different manufacturers need to be registered on a Server. Server using self-generated random secret valuesUnalterable identity of package SD +.>Obtain a sum ofDifferent pseudonym identifier of existing node +.>The Server uses a private key S of a working area where the Internet of things equipment is to be deployed to calculate a private key +.> The server stores the registration information in the memory of the new internet of things device. The server updates the device information into the device list for the region. And deploying the Internet of things equipment in the working area, informing legal users in the area of deploying new equipment, wherein the user updating equipment list is safe, and the legal users can communicate with the new equipment to obtain access control and service.
In practical applications in a large-scale industrial environment, in order to ensure traceability of specific implementation steps and record operations, an industrial server registers and records legal users who participate in session communication and are authorized. For all registered executable users, the Server may modify its legitimacy and revoke its executable authorization. The server may re-encrypt and encapsulate the name of the revoked user using a direct long-term key The encapsulated user ID is still stored as a record and certificate in the authorization list of the internet of things area. In the session key protocol stage, when a user sends a request message MQ1= { RID to a Server i ,M1,M2,M3,M4,T 1 When the user is authorized, the Server will verify that the user still has legal authorization and retrieve the list of authorized users. If the user has been revoked, the Server will not retrieve the user's pseudonym information in the list and will be revokedThe user will not receive a response to the request message.
Examples:
the invention uses hash function, bit operation and fuzzy extraction and restoration function, and the specific implementation and calculation steps are as follows:
the execution time of some symbols is defined as follows:
T h approximately 0.0001ms: is the execution time of a one-way hash operation.
T f Approximately 0.442ms: is the execution time of a fuzzy extractor recovery function operation.
In the process of logging in, two-way authentication and finishing a key protocol, the invention has 3 communication messages: mq1= { RID i ,M1,M2,M3,M4,T 1 },MQ2={Mu5,M6,M7,M8,Mu51,T 2 },MQ3={M10,M11,M12,M13,M13,T 3 (160+160+160+160+160+160+160+32) =832 bits, (160+160+160+160+160+32) =832 bits, (160+160+160+160+160+160+32) =832 bits.
Thus, the total communication cost of this embodiment is 832+832+832=2496 bits.
Through the above analysis, the communication overhead results shown in table 2 can be obtained.
TABLE 2
The invention has communication overhead (bits)
User' s 832
Apparatus and method for controlling the operation of a device 832
Server device 832
Overhead of all 2496
The communication cost of the invention mainly considers the communication steps frequently used in the key protocol stage, and calculates the communication cost of the scheme on the basis of uniformly supposing certain parameters. Assume that in the clock synchronization scheme, the size of the timestamp is 32 bits and the identities of all users, devices, or nodes are 160 bits. All random secret values generated are 160 bits in size. In addition, assume that the most commonly used hash function output is consistent with 160 bits.
Through the above analysis, the comparative results shown in Table 3 were obtained.
TABLE 3 Table 3
General procedure Overhead of all
The invention is that 35T h +T f 0.4455ms
According to the industrial Internet of things session key negotiation scheme based on multiple factors, the pseudonym of the user is generated by the user and the server together, and after each key negotiation process, the pseudonym of the user is updated in real time, so that the identity information of the user is ensured not to be revealed, the anonymity of the user is ensured, meanwhile, the unlinkability and untraceability are ensured, and the safety is improved. The invention adopts a method of pre-distributing keys, adopts a multi-factor authentication mode, namely biological characteristics, passwords and intelligent cards, and mainly adopts bit operation and hash functions as encryption operation, thereby reducing the calculation cost and the communication cost of a key negotiation scheme.

Claims (9)

1. A multi-factor-based industrial Internet of things session key negotiation method is characterized in that: the method comprises the steps of initializing an industrial Internet of things system, authenticating, negotiating a key and updating the system;
step (1), initializing an industrial Internet of things system
(1.1) Server initialization: generating a private key S for each Server through a biological feature probability generating function Gen (-) and a deterministic restoration function Rep (-) and establishing a private key list;
(1.2) device registration: providing registration information for Server in off-line state, and generating random value r by Server j To calculate device pseudonym RID j And a device private key Ksd j ,RID j =h(ID j ||r j ),Ksd j =h(RID j I S), H (·) is a one-way hash function, ID j For the identification of the device(s), the term "is used to denote a join operation, adding the equipment identifier, the equipment pseudonym and the equipment identifier into an equipment list SDList of the equipment working area, and simultaneously storing the equipment identifier, the equipment pseudonym and the equipment identifier by a Server;
(1.3) user registration: user U i Generating a random value r i Calculating the pseudonym RID of the user i =h(ID i ||r i ) Will be kana RID i Sending the data to a Server; server checking user U i Identity legitimacy, if the identity legitimacy is legal, calculating a user private key Ksu by using the private key S of the registration area i =h(RID i ||s); transmitting the private key and the device list information in the area to a user; user U i Generating a function Gen using fuzzy extraction probability(BIO i )=(σ ii ) Obtaining a biometric key sigma i Common restoration parameter τ i The method comprises the steps of carrying out a first treatment on the surface of the User U i Setting password PW i The method comprises the steps of carrying out a first treatment on the surface of the The intelligent card calculates and stores the digital signature TPW of the user i Encrypted user private key Ksu i * Encrypted user pseudonym RID i * Encrypted device information list SDList τ i ;σ i And τ i Respectively users U i A biometric key and a public recovery parameter;
step (2), authentication and key negotiation process:
(2.1) user login, namely, the user performs login and identity verification with the aid of the smart card; user U i Inputting identity ID i Sum password PW i And use τ i And a deterministic recovery function R for fuzzy extraction ep (. Cndot.) restoration of the biometric key sigma of the user within a threshold t i The method comprises the steps of carrying out a first treatment on the surface of the The intelligent card calculates the user digital signature TPW to be verified i ’=h(ID i ||PW i ||σ i ) TPW is processed by i TPW in AND storage i Comparing, and verifying the identity of the user;
(2.2) user initiated request: after the user passes the verification, the smart card firstly decrypts and calculates the information stored in an encrypted manner, and then the smart card generates the current time stamp T 1 And the smart card calculates each encrypted message: an encrypted message M1 of a random value of a user, an identity verification message M2 of the user, a pseudonym encrypted message M3 of the device and a verifiable digital signature M4 of the user;
the user sends a session request queue MQ1 to a Server, wherein MQ 1= { RID i ,M1,M2,M3,M4,T 1 };
(2.3) Server response request: after receiving the message queue MQ1, the Server first verifies the message time, and if the verification is passed, the Server calculates m2=h (Ksu i ||T 1 ) Verifying whether message queues M2 and M2 are equal and checking RID i Whether it is legal; if the Server verifies that the message is legal, related parameters to be verified are sequentially calculated from the message queue, and a user private key to be verified is obtainedKsu i ' user random value r to be verified u ' device pseudonym RID to be verified j ' and a message to be verified M4', if M4 is equal to M4', proving that the message has not been modified; the Server then transmits the new user pseudonym to the ServerUpdating the user information; server generates a random value r s Calculate temporary authentication voucher ++>New user private key +.>And saving the new private key of the user;
the Server calculates a new private key encryption message Mu5 of a user, a random value encryption message M6 of the user, a random value encryption message M7 of the Server, a digital signature message M8 of the Server and an encryption message Mu51 for verifying whether the private key of the user is tampered or not, which are needed to be re-encrypted by the message equipment; the Server transmits the message queue MQ2 to the device, MQ 2= { Mu5, M6, M7, M8, mu51, T 2 };T 2 Is the current timestamp;
(2.4) device authentication and computation of session key:
after the device receives the message queue MQ2, it passes the current timestamp T 3 After time verification is carried out, the equipment sequentially decrypts and calculates a user random value r to be verified by using the equipment private key u ' and the server random value r to be verified s 'A'; if the verification M8 is equal to the message M8' to be verified, judging that the message is not changed; device SD then j Generating a random value r d Calculating an encrypted message Mu9 of a new private key which can be decrypted by a user, a negotiation session key SK calculated by equipment, an encrypted message M10 of random values of a server and the equipment, a signature message M11 of the server about the new private key of the user, an encrypted message M12 of the random value of the server and a digital signature M13 of the equipment; the device delivers the message queue MQ3 to the user, MQ 3= { Mu51, M10, M11,M12,M13,T 3 };
(2.5) user authentication and calculation of the key:
after the user receives MQ3, the user passes through the current time stamp T 4 Time verification is carried out, after verification is passed, the user sequentially calculates a signature Mu9' decrypted by the user and a secret value r generated by a server to be verified s ' temporary authentication credentials to be verifiedNew private key of user to be authenticated>And the user-calculated signature Mu9' to be verified, and if Mu9' is equal to Mu9', calculating an encrypted value h (r d ||r s ) ' Session Key SK ' to be verified and signed message M13' to be verified, if M13 is equal to M13', then SK ' is approved as Session Key and private Key +.>
And (3) updating the industrial Internet of things system, which sequentially comprises updating the user password and the biological characteristics, updating the equipment and cancelling the user.
2. The multi-factor based industrial internet of things session key agreement method of claim 1, wherein: when the Server in the step (1) is initialized, a Server private key S with 160 bits is set for each work environment of the Internet of things through Gen (& gt) and Rep (& gt), and meanwhile, an equipment information table and a user information table are established for each work environment of the Internet of things;
the device registration and user registration processes calculate the following parameters: TPW (thermoplastic polyurethane) i =h(ID i ||PW i ||σ i ),
3. The multi-factor based industrial internet of things session key agreement method of claim 1, wherein: when the user logs in the step (2), the intelligent card calculates the digital signature TPW of the user to be verified i ’,TPW i ’=h(ID i ||PW i ||σ i ) TPW is processed by i TPW in AND storage i Comparing with TPW i ' and TPW i Verifying that the user identity passes;
when the user authentication in the step (2) passes and initiates a session request, the smart card calculates the information stored in an encrypted manner,
the smart card then generates a random value r i Generating a current timestamp T 1 The method comprises the steps of carrying out a first treatment on the surface of the The smart card calculates the following parameters:
M2=h(Ksu i ||T 1 );
M4=h(RID i ||r u ||Ksu i ||T 1 ||RID j ||M3);
the user sends a request queue MQ1 to a Server, MQ 1= { RID i ,M1,M2,M3,M4,T 1 }。
4. The multi-factor based industrial internet of things session key agreement method of claim 1, wherein: when the Server in the step (2) responds to the session request of the user, the specific flow is as follows:
after receiving the message MQ1, the Server firstly verifies the message time; the Server generates a current time stamp T 2 If |T 2 -T 1 |>Delta T, authentication operation is not continuously performed and the Server discards the message MQ1; if the time verification passes the maximum transmission delay, the Server first calculates the correct message m2=h (Ksu i ||T 1 ) Verifying whether message queues M2 and M2 are equal and checking RID i Whether the message source belongs to a legal user or not is judged;
if the Server verifies the validity of the message, ksu is calculated from the message queue in sequence by using the affiliated area private key S i ’=h(RID i ||S),M4’=h(RID i ||r u ’||Ksu i ’||T 1 ||RID j ’||M3);
The Server verifies the calculated M4', compares M4 with M4', and if the M4 and the M4' are equal, the proving message is not modified;
the Server then transmits the new user pseudonym to the ServerUpdating the user information; server generates a random value r s Calculate temporary authentication voucher ++>New user private keyAnd saving the new private key of the user;
server computing messages M8=h(Mu5||h(r u ||r s )),The Server transmits the message queue MQ2 to the device, MQ 2= { Mu5, M6, M7, M8, mu51, T 2 }。
5. The multi-factor based industrial internet of things session key agreement method of claim 1, wherein: the specific method for authenticating the equipment and calculating the session key in the step (2) comprises the following steps:
the device receives the message mq2= { Mu5, M6, M7, M8, mu51, T 2 After } the time of the message is first verified, SD j Generating a current timestamp T 3 If |T 3 -T 2 |>Δt, the authentication operation will not be continued, and the device discards the message MQ2;
if the time verification is passed, the device sequentially calculates a random value r generated by the user to be verified by using the device private key u ' and a random value r generated by the server to be authenticated s ’,
Then the message M8' =h to be authenticated (Mu 5||h (r u ’||r s ') and verifying that M8 is equal, thereby determining whether the message was altered;
if not altered, device SD j Generating a random value r d Calculated by using the private key of the equipment
The last device delivers the message queue MQ3 to the user, mq3= { Mu51, M10, M11, M12, M13, T 3 };
Where sk=h (Mu 9 r u ||h(r d ||r s )), M13=h(SK||h(r d ||r s )||T 3 )。
6. The multi-factor based industrial internet of things session key agreement method of claim 1, wherein: the specific process of user authentication and session key calculation in the step (2) is as follows:
after receiving MQ3, the user firstly verifies the message time; u (U) i Generating a current timestamp T 4 If |T 4 -T 3 |>Δt, the authentication operation will not continue and the user discards the message MQ3;
the user calculates in sequence
The user checks that if Mu9' is not equal to Mu9", the message is modified and the message is discarded;
if the authentication message is normal, calculateSK’=h(SK’||h(r d ||r s )’),M13’=h(SK’||h(r d ||r s )’||T 3 );
Verifying M13 and M13 'to check whether the calculation result is correct, and if so, accepting SK' as session key and updating private key of user
7. The multi-factor based industrial internet of things session key agreement method of claim 1, wherein: the specific process of updating the user password and the biological characteristics in the step (3) is as follows:
(3.1.1) user U i Reading a smart card SC by a card reader i And provide own ID i Old passwordAnd old biometric information->
(3.1.2)SC i Calculation ofFurther calculate->
(3.1.3) authentication of TPW on Smart card i old Whether or not to equal TPW i Judging whether the following operations need to be executed or not;
(3.1.4) when authentication is completed, SC i Calculation of
(3.1.5) user U i Obtaining SC i After the next instruction of U i Inputting new passwordsAnd new biometric information is entered +.>Calculate->
(3.1.6)SC i Using a new passwordAnd a new biometric key->Separately calculate->
(3.1.7) Smart card SC i Ksu in memory i ;RID i ;SDList;TPW i ;τ i Changed to At this point, password and biometric updates have been completed;
user U i The password and biometric are updated periodically.
8. The multi-factor based industrial internet of things session key agreement method of claim 1, wherein: the specific process of equipment updating in the step (3) is as follows:
(3.2.1) registering the Internet of things equipment of different manufacturers on a Server; server using self-generated random secret valuesUnalterable identity of package SD +.>Obtain a pseudonym identifier different from the existing node +.>
(3.2.2) the Server calculates the private key of the Internet of things device using the private key S of the work area where the Internet of things device is to be deployedThe Server stores the registration information in the memory of the new Internet of things equipment, and updates the equipment information into an equipment list of the area;
and (3.2.3) deploying the Internet of things equipment in the working area, informing legal users in the area of deploying new equipment, updating the equipment list security by the users, and enabling the legal users to communicate with the new equipment to obtain access control and service.
9. The multi-factor based industrial internet of things session key agreement method of claim 1, wherein: the specific method for user revocation in the step (3) is as follows:
(3.3.1) the industrial Server registers and records legal users who participate in session communication and are authorized; for all registered executable users, the Server can modify the legitimacy and cancel the executable authorization; the Server may re-encrypt and encapsulate the name EID of the revoked user using a direct long-term key i =DID i S, the packaged user ID is still stored in an authorization list of the Internet of things area as a record and a certificate;
(3.3.2) in the session Key protocol phase, when the user sends a request message MQ1= { RID to the Server i ,M1,M2,M3,M4,T 1 When the user is authorized, the Server verifies whether the user still has legal authorization and searches the authorized user list; such asIf the user has been revoked, the Server will not retrieve the pseudonym information of the user in the list and the request information sent by the revoked user will not receive a response.
CN202111621015.6A 2021-12-28 2021-12-28 Industrial Internet of things session key negotiation method based on multiple factors Active CN114070559B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111621015.6A CN114070559B (en) 2021-12-28 2021-12-28 Industrial Internet of things session key negotiation method based on multiple factors

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111621015.6A CN114070559B (en) 2021-12-28 2021-12-28 Industrial Internet of things session key negotiation method based on multiple factors

Publications (2)

Publication Number Publication Date
CN114070559A CN114070559A (en) 2022-02-18
CN114070559B true CN114070559B (en) 2024-03-08

Family

ID=80230525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111621015.6A Active CN114070559B (en) 2021-12-28 2021-12-28 Industrial Internet of things session key negotiation method based on multiple factors

Country Status (1)

Country Link
CN (1) CN114070559B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114401153B (en) * 2022-03-24 2022-06-24 科大天工智能装备技术(天津)有限公司 Authentication method and system of intelligent well lid equipment
CN114422106B (en) * 2022-03-28 2022-06-24 科大天工智能装备技术(天津)有限公司 Security authentication method and system for Internet of things system under multi-server environment
CN115085945B (en) * 2022-08-22 2022-11-29 北京科技大学 Authentication method and device for intelligent lamp pole equipment
CN117082514B (en) * 2023-10-17 2024-01-23 奥鼎智通(北京)科技有限公司 Device-to-device authentication method of 6G network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090074576A (en) * 2008-01-02 2009-07-07 고려대학교 산학협력단 Method and system for smart card based three party key exchange, and smart card and microprocessor used thereto
CN103916267A (en) * 2014-03-14 2014-07-09 兴唐通信科技有限公司 Network space identity management system of three-layer structure
CN106657124A (en) * 2017-01-03 2017-05-10 宜春学院 Pseudonym-based anonymous authentication and key negotiation optimization method and optimized authentication analysis method for Internet of Things
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090074576A (en) * 2008-01-02 2009-07-07 고려대학교 산학협력단 Method and system for smart card based three party key exchange, and smart card and microprocessor used thereto
CN103916267A (en) * 2014-03-14 2014-07-09 兴唐通信科技有限公司 Network space identity management system of three-layer structure
CN106657124A (en) * 2017-01-03 2017-05-10 宜春学院 Pseudonym-based anonymous authentication and key negotiation optimization method and optimized authentication analysis method for Internet of Things
CN111818039A (en) * 2020-07-03 2020-10-23 西安电子科技大学 Three-factor anonymous user authentication protocol method based on PUF in Internet of things

Also Published As

Publication number Publication date
CN114070559A (en) 2022-02-18

Similar Documents

Publication Publication Date Title
Wazid et al. Secure remote user authenticated key establishment protocol for smart home environment
Chatterjee et al. Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment
CN114070559B (en) Industrial Internet of things session key negotiation method based on multiple factors
Chuang et al. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics
CN111512608B (en) Trusted execution environment based authentication protocol
US10158636B2 (en) Method for setting up a secure end-to-end communication between a user terminal and a connected object
Guo et al. SecFHome: Secure remote authentication in fog-enabled smart home environment
Othman et al. Physically secure lightweight and privacy-preserving message authentication protocol for VANET in smart city
US20210167963A1 (en) Decentralised Authentication
CN111817850B (en) Anonymous group authentication method based on industrial Internet of things
KR101704540B1 (en) A method of managing group keys for sharing data between multiple devices in M2M environment
Sarvabhatla et al. A secure biometric-based user authentication scheme for heterogeneous WSN
Hossain et al. ICAS: Two-factor identity-concealed authentication scheme for remote-servers
CN116204914A (en) Trusted privacy computing method, device, equipment and storage medium
Khan et al. Resource efficient authentication and session key establishment procedure for low-resource IoT devices
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
CN116388995A (en) Lightweight smart grid authentication method based on PUF
JP7064653B2 (en) Communications system
CN111654481A (en) Identity authentication method, identity authentication device and storage medium
Ma et al. A robust authentication scheme for remote diagnosis and maintenance in 5G V2N
Cui et al. Multi-factor based session secret key agreement for the Industrial Internet of Things
EP3614293A1 (en) Securing data stored in a memory of an iot device during a low power mode
Xiong et al. Privacy-preserving authentication scheme with revocability for multi-WSN in industrial IoT
Liou et al. T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs
KR20210126319A (en) Apparatus and method for managing key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant