CN114286331B - Identity authentication method and system suitable for electric power Internet of things 5G data terminal - Google Patents

Identity authentication method and system suitable for electric power Internet of things 5G data terminal Download PDF

Info

Publication number
CN114286331B
CN114286331B CN202111468094.1A CN202111468094A CN114286331B CN 114286331 B CN114286331 B CN 114286331B CN 202111468094 A CN202111468094 A CN 202111468094A CN 114286331 B CN114286331 B CN 114286331B
Authority
CN
China
Prior art keywords
attribute
information
module
data terminal
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111468094.1A
Other languages
Chinese (zh)
Other versions
CN114286331A (en
Inventor
潘媚媚
王栋
朱拓夫
方念
韩寅峰
朱健
徐腾飞
孙来文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202111468094.1A priority Critical patent/CN114286331B/en
Publication of CN114286331A publication Critical patent/CN114286331A/en
Application granted granted Critical
Publication of CN114286331B publication Critical patent/CN114286331B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了适用于电力物联网5G数据终端的身份认证方法和系统,包括如下步骤:S1、管理终端与若干5G数据终端通过身份互认原则依次建立网络连接;S2、5G数据终端向管理终端发送请求信息;S3、管理终端验证5G数据终端的身份可信度后,下达应答信息发送至5G数据终端;5G数据终端身份认证系统包括有管理终端以及与管理终端通信连接的若干5G数据终端;管理终端包括有属性管理模块、随机数分发模块、第一加密模块、第一解密模块、属性拓展模块以及指令应答模块;5G数据终端包括有第二加密模块和第二解密模块。通过对5G数据终端的身份认证建立与管理终端的网络安全连接,通过加解密算法保证数据交互的安全保密性。

The present invention discloses an identity authentication method and system suitable for 5G data terminals in the power Internet of Things, which includes the following steps: S1. The management terminal and several 5G data terminals establish network connections in sequence through the principle of mutual identity recognition; S2. The 5G data terminal communicates with the management terminal Send the request information; S3, after the management terminal verifies the identity credibility of the 5G data terminal, it sends the response information to the 5G data terminal; the 5G data terminal identity authentication system includes a management terminal and several 5G data terminals connected to the management terminal; The management terminal includes an attribute management module, a random number distribution module, a first encryption module, a first decryption module, an attribute expansion module and an instruction response module; the 5G data terminal includes a second encryption module and a second decryption module. Establish a secure network connection with the management terminal through identity authentication of the 5G data terminal, and ensure the security and confidentiality of data interaction through encryption and decryption algorithms.

Description

适用于电力物联网5G数据终端的身份认证方法及系统Identity authentication method and system suitable for 5G data terminals in the power Internet of Things

技术领域Technical field

本发明涉及信息安全传输技术领域,具体的,涉及适用于电力物联网5G数据终端的身份认证方法及系统。The present invention relates to the technical field of information secure transmission, and specifically, to an identity authentication method and system suitable for 5G data terminals in the power Internet of Things.

背景技术Background technique

目前国家电网公司安全生产、营销、应急指挥、物资管理、移动办公等各类业务系统广泛采用的智能移动终端以笔记本和PDA为主。其自身主要面临物理安全、操作系统安全、存储安全、应用安全等多方面安全威胁。一旦正在接入信息内网的智能移动终端被侵入,遗失或被非法使用,不但会泄露终端上存储的大量敏感数据,还将对信息网安全造成巨大的威胁。传统的接入认证系统一般采用用户名/密码方式进行认证,这种方式安全强度低,一旦账户被窃取,则大量敏感信息就完全暴露在非法访问下,因此需要设计一套完善的认证体系以保证终端身份的合法性安全性。同时,由于终端及终端使用环境的复杂性,必须对终端状态进行实时监控、实时审计,以保证终端的合法使用。智能终端在接入内网访问业务系统时,与内网机进行大量的业务数据信息交互,若在交互过程中出现恶意入侵和破坏事件,可能导致关键信息的泄漏,甚至收发到错误的业务信息,因此需要对接入后的智能终端安全性进行实时监控,以保证连接内网的终端时刻是安全合法的。电力系统移动终端的信息网络安全接入采用的是公用移动通信网络,按运营商划分可分为GSM/GPRS/EDGE/TD.SCDMA、GSM/GPRS/EDGE/WCDMA、CDMAlx/CDMA2000等。这些公用移动通信网络在外部和Internet物理连通,同时缺乏高强度的数据加密保护,通过公关网络进行数据传输面临着被监听窃取的严重风险。移动终端接入到国家电网公司信息网络后,需要与信息网络中各种信息系统交互信息,这些信息大多属于敏感信息,需要进行高强度的加密保护。在信息系统受到破坏后,会对社会秩序和公共利益造成严重损害,或者对国家安全造成损害,应严格依据国家有关管理规范和技术标准进行保护。因此亟需设计一种5G数据终端身份验证方法和系统保证5G数据终端和管理终端信息交互的安全性。At present, the smart mobile terminals widely used in various business systems such as safety production, marketing, emergency command, material management, and mobile office of State Grid Corporation of China are mainly notebooks and PDAs. It itself mainly faces multiple security threats such as physical security, operating system security, storage security, and application security. Once the smart mobile terminal that is accessing the information intranet is invaded, lost or used illegally, it will not only leak a large amount of sensitive data stored on the terminal, but also pose a huge threat to the security of the information network. Traditional access authentication systems generally use the username/password method for authentication. This method has low security strength. Once an account is stolen, a large amount of sensitive information will be completely exposed to illegal access. Therefore, a complete authentication system needs to be designed to Ensure the legitimacy and security of terminal identity. At the same time, due to the complexity of the terminal and the terminal usage environment, real-time monitoring and real-time auditing of the terminal status must be carried out to ensure the legal use of the terminal. When smart terminals access the intranet to access business systems, they interact with the intranet machine for a large amount of business data information. If malicious intrusions and sabotage events occur during the interaction process, key information may be leaked, or even wrong business information may be sent and received. , so it is necessary to monitor the security of smart terminals after access in real time to ensure that terminals connected to the intranet are safe and legal at all times. The information network security access of mobile terminals in the power system uses public mobile communication networks, which can be divided into GSM/GPRS/EDGE/TD.SCDMA, GSM/GPRS/EDGE/WCDMA, CDMAlx/CDMA2000, etc. according to operators. These public mobile communication networks are physically connected to the Internet externally and lack high-strength data encryption protection. Data transmission through public relations networks faces serious risks of being eavesdropped and stolen. After the mobile terminal is connected to the State Grid Corporation's information network, it needs to interact with various information systems in the information network. Most of this information is sensitive information and requires high-strength encryption protection. After the information system is damaged, it will cause serious damage to social order and public interests, or damage to national security, and should be protected in strict accordance with relevant national management regulations and technical standards. Therefore, it is urgent to design a 5G data terminal identity verification method and system to ensure the security of information interaction between 5G data terminals and management terminals.

发明内容Contents of the invention

本发明的目的是设计一种适用于电力物联网5G数据终端的身份认证方法和系统,通过对5G数据终端的身份认证建立与管理终端的网络安全连接,采用专有密钥对请求信息进行加密后方通过网络安全通道发送至管理终端,管理终端生成相应的应答信息加密后发送至5G数据终端进行解密,可以保证管理域内5G数据终端与管理终端之间数据交互的安全保密性。The purpose of the present invention is to design an identity authentication method and system suitable for 5G data terminals in the power Internet of Things. Through the identity authentication of the 5G data terminal, a secure network connection with the management terminal is established, and a proprietary key is used to encrypt the request information. The latter is sent to the management terminal through a network security channel. The management terminal generates corresponding response information, which is encrypted and sent to the 5G data terminal for decryption. This ensures the security and confidentiality of data interaction between the 5G data terminal and the management terminal in the management domain.

为实现上述技术目的,本发明提供的一种技术方案是,适用于电力物联网5G数据终端的身份认证方法,包括如下步骤:In order to achieve the above technical objectives, the present invention provides a technical solution that is an identity authentication method suitable for power Internet of Things 5G data terminals, including the following steps:

S1、管理终端与若干5G数据终端通过身份互认原则依次建立网络连接;S1. The management terminal and several 5G data terminals establish network connections in sequence through the principle of mutual identity recognition;

S2、5G数据终端向管理终端发送请求信息;S2, 5G data terminal sends request information to the management terminal;

S3、管理终端验证5G数据终端的身份可信度后,下达应答信息发送至5G数据终端。S3. After the management terminal verifies the identity credibility of the 5G data terminal, it sends the response information to the 5G data terminal.

作为优选,S1包括如下步骤:Preferably, S1 includes the following steps:

S11、管理终端包括有属性管理模块,所述属性管理模块中建立有属性检索表,所述属性检索表中包含有管理域内的所有5G数据终端属性信息,所述属性信息包括有的公钥信息、ID信息以及网络连接协议;随机数分发模块给属性检索表的对应属性位分配二进制随机码;S11. The management terminal includes an attribute management module. An attribute retrieval table is established in the attribute management module. The attribute retrieval table contains attribute information of all 5G data terminals in the management domain. The attribute information includes some public key information. , ID information and network connection protocol; the random number distribution module allocates binary random codes to the corresponding attribute bits in the attribute retrieval table;

S12、5G数据终端通过公用信道管理终端发送网络连接请求信息,管理终端获取对应5G数据终端的ID信息;S12. The 5G data terminal sends network connection request information through the public channel management terminal, and the management terminal obtains the ID information of the corresponding 5G data terminal;

S13、根据查询属性检索表中对应ID信息是否存在,若存在,调取对应的网络连接协议进行网络连接;若不存在,通过属性拓展模块获取对应5G数据终端的属性信息,对属性检索表进行更新;S13. Query whether the corresponding ID information in the attribute retrieval table exists. If it exists, call the corresponding network connection protocol for network connection; if it does not exist, obtain the attribute information of the corresponding 5G data terminal through the attribute expansion module, and perform the attribute retrieval table. renew;

S14、根据S11-S13,实现全管理域内管理终端与所有5G数据终端之间的网络连接。S14. According to S11-S13, realize the network connection between the management terminal and all 5G data terminals in the entire management domain.

作为优选,S13中,通过属性拓展模块获取对应5G数据终端的属性信息,对属性检索表进行更新包括如下步骤:As an option, in S13, the attribute information corresponding to the 5G data terminal is obtained through the attribute expansion module, and updating the attribute retrieval table includes the following steps:

S131、当属性检索表中未检索到对应5G数据终端的ID信息时,随机数分发模块生成二进制随机码作为第一密钥通过公用信道发送至对应5G数据终端,同步的,第一密钥存储至第一解密模块中;S131. When the ID information of the corresponding 5G data terminal is not retrieved in the attribute retrieval table, the random number distribution module generates a binary random code as the first key and sends it to the corresponding 5G data terminal through the public channel. Synchronously, the first key is stored to the first decryption module;

S132、对应5G数据终端获取第一密钥,5G数据终端内的第二加密模块采用第一密钥对其属性信息进行加密后,通过公用信道发送至管理终端;S132. The corresponding 5G data terminal obtains the first key, and the second encryption module in the 5G data terminal uses the first key to encrypt its attribute information and then sends it to the management terminal through the public channel;

S133、管理终端中的第一解密模块对属性信息进行解密后,存储至属性拓展模块;S133. After the first decryption module in the management terminal decrypts the attribute information, it stores it in the attribute expansion module;

S133、属性拓展模块向属性管理模块申请属性拓展位,将新获取的属性信息和对应的二进制随机码添加在属性拓展位上,同步的,对属性检索表进行更新。S133. The attribute expansion module applies to the attribute management module for attribute expansion bits, adds the newly acquired attribute information and the corresponding binary random code to the attribute expansion bits, and updates the attribute retrieval table synchronously.

作为优选,S2包括如下步骤:Preferably, S2 includes the following steps:

S21、5G数据终端与管理终端建立网络安全通信后,5G数据终端生成伪请求信息块,通过自身的私钥对伪请求信息进行签名后发送至管理终端;S21. After the 5G data terminal establishes network security communication with the management terminal, the 5G data terminal generates a pseudo request information block, signs the pseudo request information with its own private key and sends it to the management terminal;

S22、管理终端获取伪请求信息后对其进行验证,验证成功后,获取对应5G数据终端的属性存储位,将属性存储位上的二进制随机码发送至对应5G数据终端;S22. The management terminal obtains the pseudo request information and verifies it. After successful verification, obtains the attribute storage bit of the corresponding 5G data terminal, and sends the binary random code on the attribute storage bit to the corresponding 5G data terminal;

S23、5G数据终端生成请求信息块,将请求信息块通过获取到的二进制随机码进行加密,通过自身私钥进行签名后发送至管理终端。S23. The 5G data terminal generates a request information block, encrypts the request information block with the obtained binary random code, signs it with its own private key, and sends it to the management terminal.

作为优选,S3包括如下步骤:Preferably, S3 includes the following steps:

S31、管理终端对获取到的请求信息块进行签名认证,找到对应属性存储位,解密模块调取对应属性存储位上的二进制码对请求信息块进行解密,得到请求信息;S31. The management terminal performs signature authentication on the obtained request information block, finds the corresponding attribute storage bit, and the decryption module retrieves the binary code on the corresponding attribute storage bit to decrypt the request information block to obtain the request information;

S32、管理终端根据请求信息生成应答信息,通过对应5G数据终端的公钥对应答信息进行加密后,发送至对应5G数据终端;S32. The management terminal generates response information according to the request information, encrypts the response information using the public key of the corresponding 5G data terminal, and sends it to the corresponding 5G data terminal;

S33、对应5G数据终端根据自身的私钥对获取的应答信息进行解密,执行相关指令。S33. The corresponding 5G data terminal decrypts the obtained response information according to its own private key and executes relevant instructions.

一种5G数据终端身份认证系统,包括有管理终端以及与管理终端通信连接的若干5G数据终端;所述管理终端包括有属性管理模块、随机数分发模块、第一加密模块、第一解密模块、属性拓展模块以及指令应答模块;所述属性管理模块中建立有属性检索表,所述属性检索表中包含有管理域内的所有5G数据终端属性信息,随机数分发模块给属性检索表的对应属性位分配二进制随机码;所述二进制随机码作为第一密钥分发至5G数据终端用于对其属性信息进行加密;所述第一加密模块用于采用对应5G数据终端的公钥对第一密钥进行加密后发送至对应5G数据终端;所述第一解密模块用于解密第一密钥加密后的属性信息;所述属性拓展模块用于对属性检索表进行更新;所述指令应答模块用于根据请求信息生成相应应答信息;所述5G数据终端包括有第二加密模块和第二解密模块;所述第二加密模块采用第一密钥对其属性信息进行加密后发送至管理终端,所述第二解密模块采用自身的私钥对获取的应答信息进行解密。A 5G data terminal identity authentication system, including a management terminal and several 5G data terminals communicating with the management terminal; the management terminal includes an attribute management module, a random number distribution module, a first encryption module, a first decryption module, Attribute expansion module and instruction response module; an attribute retrieval table is established in the attribute management module. The attribute retrieval table contains attribute information of all 5G data terminals in the management domain. The random number distribution module assigns the corresponding attribute bits of the attribute retrieval table to Distribute a binary random code; the binary random code is distributed as a first key to the 5G data terminal for encrypting its attribute information; the first encryption module is used to use the public key of the corresponding 5G data terminal to encrypt the first key After being encrypted, it is sent to the corresponding 5G data terminal; the first decryption module is used to decrypt the attribute information encrypted by the first key; the attribute expansion module is used to update the attribute retrieval table; the instruction response module is used to Generate corresponding response information according to the request information; the 5G data terminal includes a second encryption module and a second decryption module; the second encryption module uses the first key to encrypt its attribute information and then sends it to the management terminal. The second decryption module uses its own private key to decrypt the obtained response information.

作为优选,所述属性信息包括有的公钥信息、ID信息以及网络连接协议。Preferably, the attribute information includes certain public key information, ID information and network connection protocol.

本发明的有益效果:本发明设计一种适用于电力物联网5G数据终端的身份认证方法和系统,首先,对5G数据终端的身份进行认证,认证完成后建立起与管理终端的网络安全连接,从管理终端处获取密钥对请求信息进行加密,通过网络安全通道发送至管理终端进行解密,管理终端生成相应的应答信息加密后发送至5G数据终端进行解密,可以保证管理域内5G数据终端与管理终端之间数据交互的安全保密性。Beneficial effects of the present invention: The present invention designs an identity authentication method and system suitable for 5G data terminals in the power Internet of Things. First, the identity of the 5G data terminal is authenticated. After the authentication is completed, a network security connection with the management terminal is established. Obtain the key from the management terminal to encrypt the request information, and send it to the management terminal through the network security channel for decryption. The management terminal generates the corresponding response information after encryption and sends it to the 5G data terminal for decryption, which can ensure that the 5G data terminal in the management domain is connected to the management Security and confidentiality of data exchange between terminals.

附图说明Description of drawings

图1为本发明适用于电力物联网5G数据终端的身份认证方法流程图。Figure 1 is a flow chart of the identity authentication method of the present invention applicable to 5G data terminals of the power Internet of Things.

图2为本发明一种5G数据终端身份认证系统结构示意图。Figure 2 is a schematic structural diagram of a 5G data terminal identity authentication system of the present invention.

图中标记说明:1-5G数据终端、2-管理终端、11-第二加密模块、12-第二解密模块、21-属性管理模块、22-随机数分发模块、23-第一加密模块、24-第一解密模块、25-属性拓展模块、26-指令应答模块。Marking instructions in the figure: 1-5G data terminal, 2-management terminal, 11-second encryption module, 12-second decryption module, 21-attribute management module, 22-random number distribution module, 23-first encryption module, 24-First decryption module, 25-Attribute expansion module, 26-Instruction response module.

具体实施方式Detailed ways

为使本发明的目的、技术方案以及优点更加清楚明白,下面结合附图和实施例对本发明作进一步详细说明,应当理解的是,此处所描述的具体实施方式仅是本发明的一种最佳实施例,仅用以解释本发明,并不限定本发明的保护范围,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and examples. It should be understood that the specific implementation described here is only one of the best embodiments of the present invention. The embodiments are only used to explain the present invention and do not limit the scope of protection of the present invention. All other embodiments obtained by those of ordinary skill in the art without making creative efforts fall within the scope of protection of the present invention.

实施例:Example:

如图2所示,一种5G数据终端身份认证系统由管理终端2以及与管理终端通信连接的若干5G数据终端1组成;管理终端包括有属性管理模块21、随机数分发模块22、第一加密模块23、第一解密模块24、属性拓展模块25以及指令应答模块26;所述属性管理模块中建立有属性检索表,属性检索表中包含有管理域内的所有5G数据终端属性信息,随机数分发模块给属性检索表的对应属性位分配二进制随机码;二进制随机码作为第一密钥分发至5G数据终端用于对其属性信息进行加密;第一加密模块用于采用对应5G数据终端的公钥对第一密钥进行加密后发送至对应5G数据终端;第一解密模块用于解密第一密钥加密后的属性信息;属性拓展模块用于对属性检索表进行更新;属性信息包括有的公钥信息、ID信息以及网络连接协议;指令应答模块用于根据请求信息生成相应应答信息;5G数据终端包括有第二加密模块11和第二解密模块12;第二加密模块采用第一密钥对其属性信息进行加密后发送至管理终端,第二解密模块采用自身的私钥对获取的应答信息进行解密。As shown in Figure 2, a 5G data terminal identity authentication system consists of a management terminal 2 and several 5G data terminals 1 connected to the management terminal; the management terminal includes an attribute management module 21, a random number distribution module 22, and a first encryption module. Module 23, first decryption module 24, attribute expansion module 25 and instruction response module 26; an attribute retrieval table is established in the attribute management module, and the attribute retrieval table contains attribute information of all 5G data terminals in the management domain, and random numbers are distributed The module assigns a binary random code to the corresponding attribute bit in the attribute retrieval table; the binary random code is distributed to the 5G data terminal as the first key to encrypt its attribute information; the first encryption module is used to use the public key of the corresponding 5G data terminal The first key is encrypted and sent to the corresponding 5G data terminal; the first decryption module is used to decrypt the attribute information encrypted by the first key; the attribute expansion module is used to update the attribute retrieval table; the attribute information includes some public Key information, ID information and network connection protocol; the instruction response module is used to generate corresponding response information according to the request information; the 5G data terminal includes a second encryption module 11 and a second decryption module 12; the second encryption module uses the first key pair The attribute information is encrypted and sent to the management terminal, and the second decryption module uses its own private key to decrypt the obtained response information.

如图1所示,适用于电力物联网5G数据终端的身份认证方法,包括如下步骤:As shown in Figure 1, the identity authentication method suitable for 5G data terminals in the power Internet of Things includes the following steps:

S1、管理终端与若干5G数据终端通过身份互认原则依次建立网络连接。S1. The management terminal and several 5G data terminals establish network connections in sequence through the principle of mutual identity recognition.

S1包括如下子步骤:S1 includes the following sub-steps:

S11、管理终端包括有属性管理模块,所述属性管理模块中建立有属性检索表,所述属性检索表中包含有管理域内的所有5G数据终端属性信息,所述属性信息包括有的公钥信息、ID信息以及网络连接协议;随机数分发模块给属性检索表的对应属性位分配二进制随机码;S11. The management terminal includes an attribute management module. An attribute retrieval table is established in the attribute management module. The attribute retrieval table contains attribute information of all 5G data terminals in the management domain. The attribute information includes some public key information. , ID information and network connection protocol; the random number distribution module allocates binary random codes to the corresponding attribute bits in the attribute retrieval table;

S12、5G数据终端通过公用信道管理终端发送网络连接请求信息,管理终端获取对应5G数据终端的ID信息;S12. The 5G data terminal sends network connection request information through the public channel management terminal, and the management terminal obtains the ID information of the corresponding 5G data terminal;

S13、根据查询属性检索表中对应ID信息是否存在,若存在,调取对应的网络连接协议进行网络连接;若不存在,通过属性拓展模块获取对应5G数据终端的属性信息,对属性检索表进行更新;S13. Query whether the corresponding ID information in the attribute retrieval table exists. If it exists, call the corresponding network connection protocol for network connection; if it does not exist, obtain the attribute information of the corresponding 5G data terminal through the attribute expansion module, and perform the attribute retrieval table. renew;

其中,通过属性拓展模块获取对应5G数据终端的属性信息,对属性检索表进行更新包括如下子步骤:Among them, obtaining the attribute information corresponding to the 5G data terminal through the attribute expansion module, and updating the attribute retrieval table includes the following sub-steps:

S131、当属性检索表中未检索到对应5G数据终端的ID信息时,随机数分发模块生成二进制随机码作为第一密钥通过公用信道发送至对应5G数据终端,同步的,第一密钥存储至第一解密模块中;S131. When the ID information of the corresponding 5G data terminal is not retrieved in the attribute retrieval table, the random number distribution module generates a binary random code as the first key and sends it to the corresponding 5G data terminal through the public channel. Synchronously, the first key is stored to the first decryption module;

S132、对应5G数据终端获取第一密钥,5G数据终端内的第二加密模块采用第一密钥对其属性信息进行加密后,通过公用信道发送至管理终端;S132. The corresponding 5G data terminal obtains the first key, and the second encryption module in the 5G data terminal uses the first key to encrypt its attribute information and then sends it to the management terminal through the public channel;

S133、管理终端中的第一解密模块对属性信息进行解密后,存储至属性拓展模块;S133. After the first decryption module in the management terminal decrypts the attribute information, it stores it in the attribute expansion module;

S133、属性拓展模块向属性管理模块申请属性拓展位,将新获取的属性信息和对应的二进制随机码添加在属性拓展位上,同步的,对属性检索表进行更新;S133. The attribute expansion module applies to the attribute management module for attribute expansion bits, adds the newly obtained attribute information and the corresponding binary random code to the attribute expansion bits, and updates the attribute retrieval table synchronously;

S14、根据S11-S13,实现全管理域内管理终端与所有5G数据终端之间的网络连接。S14. According to S11-S13, realize the network connection between the management terminal and all 5G data terminals in the entire management domain.

S2、5G数据终端向管理终端发送请求信息。S2 and 5G data terminal send request information to the management terminal.

S2包括如下子步骤:S2 includes the following sub-steps:

S21、5G数据终端与管理终端建立网络安全通信后,5G数据终端生成伪请求信息块,通过自身的私钥对伪请求信息进行签名后发送至管理终端;S21. After the 5G data terminal establishes network security communication with the management terminal, the 5G data terminal generates a pseudo request information block, signs the pseudo request information with its own private key and sends it to the management terminal;

S22、管理终端获取伪请求信息后对其进行验证,验证成功后,获取对应5G数据终端的属性存储位,将属性存储位上的二进制随机码发送至对应5G数据终端;S22. The management terminal obtains the pseudo request information and verifies it. After successful verification, obtains the attribute storage bit of the corresponding 5G data terminal, and sends the binary random code on the attribute storage bit to the corresponding 5G data terminal;

S23、5G数据终端生成请求信息块,将请求信息块通过获取到的二进制随机码进行加密,通过自身私钥进行签名后发送至管理终端。S23. The 5G data terminal generates a request information block, encrypts the request information block with the obtained binary random code, signs it with its own private key, and sends it to the management terminal.

S3、管理终端验证5G数据终端的身份可信度后,下达应答信息发送至5G数据终端。S3. After the management terminal verifies the identity credibility of the 5G data terminal, it sends the response information to the 5G data terminal.

S3包括如下子步骤:S3 includes the following sub-steps:

S31、管理终端对获取到的请求信息块进行签名认证,找到对应属性存储位,解密模块调取对应属性存储位上的二进制码对请求信息块进行解密,得到请求信息;S31. The management terminal performs signature authentication on the obtained request information block, finds the corresponding attribute storage bit, and the decryption module retrieves the binary code on the corresponding attribute storage bit to decrypt the request information block to obtain the request information;

S32、管理终端根据请求信息生成应答信息,通过对应5G数据终端的公钥对应答信息进行加密后,发送至对应5G数据终端;S32. The management terminal generates response information according to the request information, encrypts the response information using the public key of the corresponding 5G data terminal, and sends it to the corresponding 5G data terminal;

S33、对应5G数据终端根据自身的私钥对获取的应答信息进行解密,执行相关指令。S33. The corresponding 5G data terminal decrypts the obtained response information according to its own private key and executes relevant instructions.

以上所述之具体实施方式为本发明适用于电力物联网5G数据终端的身份认证方法及系统的较佳实施方式,并非以此限定本发明的具体实施范围,本发明的范围包括并不限于本具体实施方式,凡依照本发明之形状、结构所作的等效变化均在本发明的保护范围内。The specific implementations described above are preferred implementations of the identity authentication method and system of the power Internet of Things 5G data terminals of the present invention, and are not intended to limit the specific implementation scope of the present invention. The scope of the present invention includes, but is not limited to, the present invention. Specific embodiments, all equivalent changes made in accordance with the shape and structure of the present invention are within the protection scope of the present invention.

Claims (4)

1. The identity authentication method suitable for the 5G data terminal of the electric power Internet of things is characterized by comprising the following steps of:
s1, sequentially establishing network connection between a management terminal and a plurality of 5G data terminals through an identity mutual recognition principle;
s2, the 5G data terminal sends request information to the management terminal;
s3, after the management terminal verifies the identity credibility of the 5G data terminal, sending response information to the 5G data terminal;
s1 comprises the following steps:
s11, the management terminal comprises an attribute management module, wherein an attribute retrieval table is established in the attribute management module, the attribute retrieval table comprises attribute information of all 5G data terminals in a management domain, and the attribute information comprises public key information, ID information and a network connection protocol; the random number distribution module distributes binary random codes to the corresponding attribute storage bits of the attribute retrieval table;
s12, the 5G data terminal sends network connection request information to the management terminal through a public channel, and the management terminal acquires ID information of the corresponding 5G data terminal;
s13, according to whether corresponding ID information exists in the query attribute retrieval table, if so, a corresponding network connection protocol is called to carry out network connection; if the attribute information does not exist, acquiring the attribute information corresponding to the 5G data terminal through an attribute expansion module, and updating an attribute retrieval table;
s14, according to S11-S13, network connection between the management terminal and all the 5G data terminals in the whole management domain is realized;
in S13, attribute information corresponding to the 5G data terminal is obtained through the attribute expansion module, and updating the attribute retrieval table includes the following steps:
s131, when ID information of a corresponding 5G data terminal is not searched in the attribute search table, the random number distribution module generates a binary random code as a first key, the binary random code is sent to the corresponding 5G data terminal through a common channel, and the first key is synchronously stored in the first decryption module;
s132, a corresponding 5G data terminal acquires a first key, and a second encryption module in the 5G data terminal encrypts attribute information of the first key and sends the encrypted attribute information to a management terminal through a common channel;
s133, a first decryption module in the management terminal decrypts the attribute information and stores the attribute information into an attribute expansion module;
s133, applying an attribute expansion bit from an attribute management module by an attribute expansion module, adding newly acquired attribute information and a corresponding binary random code on the attribute expansion bit, and synchronously updating an attribute retrieval table;
s2 comprises the following steps:
s21, after establishing network security communication between the 5G data terminal and the management terminal, the 5G data terminal generates a pseudo request information block, signs the pseudo request information through a private key of the 5G data terminal and sends the pseudo request information to the management terminal;
s22, the management terminal verifies the pseudo request information after obtaining the pseudo request information, and after verification is successful, an attribute storage bit corresponding to the 5G data terminal is obtained, and a binary random code on the attribute storage bit is sent to the corresponding 5G data terminal;
s23, the 5G data terminal generates a request information block, encrypts the request information block through the acquired binary random code, signs the request information block through a private key of the request information block, and sends the request information block to the management terminal.
2. The identity authentication method suitable for the 5G data terminal of the electric power internet of things according to claim 1, wherein S3 comprises the following steps:
s31, the management terminal performs signature authentication on the acquired request information block, finds out a corresponding attribute storage bit, and the decryption module invokes a binary code on the corresponding attribute storage bit to decrypt the request information block to obtain request information;
s32, the management terminal generates response information according to the request information, encrypts the response information through the public key of the corresponding 5G data terminal and sends the response information to the corresponding 5G data terminal;
s33, the corresponding 5G data terminal decrypts the acquired response information according to the private key of the corresponding 5G data terminal, and executes the related instruction.
3. The identity authentication system of the 5G data terminal, which is applicable to the identity authentication method of the 5G data terminal of the electric power internet of things according to any one of claims 1-2, and is characterized by comprising a management terminal and a plurality of 5G data terminals in communication connection with the management terminal; the management terminal comprises an attribute management module, a random number distribution module, a first encryption module, a first decryption module, an attribute expansion module and an instruction response module; the attribute management module is internally provided with an attribute retrieval table, and the attribute retrieval table contains attribute information of all 5G data terminals in a management domain; the random number distribution module distributes binary random codes to the corresponding attribute storage bits of the attribute retrieval table; the binary random code is used as a first key to be distributed to the 5G data terminal for encrypting attribute information of the binary random code; the first encryption module is used for encrypting the first key by adopting the public key of the corresponding 5G data terminal and then sending the first key to the corresponding 5G data terminal; the first decryption module is used for decrypting the attribute information encrypted by the first key; the attribute expansion module is used for updating the attribute retrieval table; the instruction response module is used for generating corresponding response information according to the request information; the 5G data terminal comprises a second encryption module and a second decryption module; the second encryption module encrypts the attribute information by adopting the first key and then sends the encrypted attribute information to the management terminal, and the second decryption module decrypts the acquired response information by adopting the private key of the second decryption module.
4. A 5G data terminal identity authentication system according to claim 3, wherein the attribute information includes public key information, ID information, and a network connection protocol.
CN202111468094.1A 2021-12-03 2021-12-03 Identity authentication method and system suitable for electric power Internet of things 5G data terminal Active CN114286331B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111468094.1A CN114286331B (en) 2021-12-03 2021-12-03 Identity authentication method and system suitable for electric power Internet of things 5G data terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111468094.1A CN114286331B (en) 2021-12-03 2021-12-03 Identity authentication method and system suitable for electric power Internet of things 5G data terminal

Publications (2)

Publication Number Publication Date
CN114286331A CN114286331A (en) 2022-04-05
CN114286331B true CN114286331B (en) 2023-09-12

Family

ID=80870762

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111468094.1A Active CN114286331B (en) 2021-12-03 2021-12-03 Identity authentication method and system suitable for electric power Internet of things 5G data terminal

Country Status (1)

Country Link
CN (1) CN114286331B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117294539B (en) * 2023-11-27 2024-03-19 广东电网有限责任公司东莞供电局 User terminal credible authentication method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013134927A1 (en) * 2012-03-13 2013-09-19 华为终端有限公司 Transport layer security-based key delivery method, smart meter reading terminal and server
CN111372247A (en) * 2019-12-23 2020-07-03 国网天津市电力公司 Terminal secure access method and terminal secure access system based on narrowband Internet of things
CN112272095A (en) * 2020-12-24 2021-01-26 飞天诚信科技股份有限公司 Distributed key distribution method and system for real-time communication
CN112565265A (en) * 2020-12-04 2021-03-26 国网辽宁省电力有限公司沈阳供电公司 Authentication method, authentication system and communication method between terminal devices of Internet of things
CN113079506A (en) * 2020-01-03 2021-07-06 中国移动通信集团广东有限公司 Network security authentication method, device and equipment
CN113114460A (en) * 2021-06-15 2021-07-13 国网浙江省电力有限公司杭州供电公司 Quantum encryption-based power distribution network information secure transmission method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106487743B (en) * 2015-08-25 2020-02-21 阿里巴巴集团控股有限公司 Method and apparatus for supporting multi-user cluster identity verification

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013134927A1 (en) * 2012-03-13 2013-09-19 华为终端有限公司 Transport layer security-based key delivery method, smart meter reading terminal and server
CN111372247A (en) * 2019-12-23 2020-07-03 国网天津市电力公司 Terminal secure access method and terminal secure access system based on narrowband Internet of things
CN113079506A (en) * 2020-01-03 2021-07-06 中国移动通信集团广东有限公司 Network security authentication method, device and equipment
CN112565265A (en) * 2020-12-04 2021-03-26 国网辽宁省电力有限公司沈阳供电公司 Authentication method, authentication system and communication method between terminal devices of Internet of things
CN112272095A (en) * 2020-12-24 2021-01-26 飞天诚信科技股份有限公司 Distributed key distribution method and system for real-time communication
CN113114460A (en) * 2021-06-15 2021-07-13 国网浙江省电力有限公司杭州供电公司 Quantum encryption-based power distribution network information secure transmission method

Also Published As

Publication number Publication date
CN114286331A (en) 2022-04-05

Similar Documents

Publication Publication Date Title
CN109858262B (en) Process approval method, device and system based on block chain system and storage medium
US11831753B2 (en) Secure distributed key management system
CN105553951A (en) Data transmission method and data transmission device
CN107294963A (en) A kind of safe encryption method and device of the data based on alliance's block chain
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
CN104125239B (en) A kind of method for network authorization transmitted based on data link encryption and system
CN114385987A (en) Dynamic multi-factor identity authentication and certification method and storage medium
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
CN117081815A (en) Method, device, computer equipment and storage medium for data security transmission
CN102752112A (en) Authority control method and device based on signed message 1 (SM1)/SM2 algorithm
KR102539418B1 (en) Apparatus and method for mutual authentication based on physical unclonable function
CN112507296A (en) User login verification method and system based on block chain
CN114286331B (en) Identity authentication method and system suitable for electric power Internet of things 5G data terminal
CN112769560B (en) Key management method and related device
CN118395508A (en) Log file tamper-proof detection method, device, system and medium
CN111698203A (en) Cloud data encryption method
US11804969B2 (en) Establishing trust between two devices for secure peer-to-peer communication
CN116015646A (en) A hardware cryptographic module based on a domestic commercial cryptographic algorithm and its implementation method
Kim et al. Secure IoT Device Authentication Scheme using Key Hiding Technology
CN114448600A (en) Key management method and system suitable for zero trust network
CN114117471A (en) Confidential data management method, electronic device, storage medium, and program product
CN112135278A (en) D2D communication privacy protection method facing 5G
CN118233218B (en) Remote authentication system and method based on distributed trusted execution environment application
CN115883211B (en) File transfer system oriented to enterprise data security
CN113556365B (en) Authentication result data transmission system, method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant