CN114422588B - Security autonomous realization system and method for authenticating terminal access by edge internet of things agent - Google Patents

Security autonomous realization system and method for authenticating terminal access by edge internet of things agent Download PDF

Info

Publication number
CN114422588B
CN114422588B CN202210060167.1A CN202210060167A CN114422588B CN 114422588 B CN114422588 B CN 114422588B CN 202210060167 A CN202210060167 A CN 202210060167A CN 114422588 B CN114422588 B CN 114422588B
Authority
CN
China
Prior art keywords
key
encryption
edge internet
terminal
things
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210060167.1A
Other languages
Chinese (zh)
Other versions
CN114422588A (en
Inventor
何迎利
梁伟
缪巍巍
王佳
赵华
马涛
曾锃
葛红舞
王元强
张翔
陈民
张明轩
曹光耀
卢岸
龚雯雯
翁春华
左浩然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nari Information and Communication Technology Co
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
Nari Information and Communication Technology Co
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nari Information and Communication Technology Co, Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd filed Critical Nari Information and Communication Technology Co
Priority to CN202210060167.1A priority Critical patent/CN114422588B/en
Publication of CN114422588A publication Critical patent/CN114422588A/en
Application granted granted Critical
Publication of CN114422588B publication Critical patent/CN114422588B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a secure autonomous realization system and a method for authenticating access of an edge internet of things proxy to a terminal.

Description

Security autonomous realization system and method for authenticating terminal access by edge internet of things agent
Technical Field
The invention relates to a safe autonomous realization system and a method for authenticating terminal access by an edge internet of things agent, belonging to the technical field of safe encryption authentication.
Background
The electric power internet of things is an important component of the industrial internet, and the construction of an efficient, safe and reliable sensing layer becomes an important construction work of the electric power industry. At present, edge computing provides an important technical means for data sharing and area autonomy, and the main force is to preprocess service data, and a traditional identity authentication mechanism is still used in the aspect of safety protection. However, along with the access of multiple data such as voice, video and image, along with the acquisition of high-frequency data and the storage of heterogeneous data, the edge internet of things proxy device still needs to solve key problems such as safety and reliability.
In the traditional identity authentication mechanism, the cloud security protection measures are high, and the computing resources are more, so that the key management center is arranged at the cloud because the key management mechanism has advantages in the aspects of key management performance and security. However, in the mechanism, as the terminal (i.e. the service terminal) directly interacts with the cloud key management center, the illegal terminal can directly attack the cloud end maliciously, so that the risk of the cloud system being attacked is higher, and the cloud key management center needs to provide key management service for massive terminals, so that the load is higher.
Disclosure of Invention
The invention provides a safe autonomous realization system and a method for authenticating terminal access by an edge internet of things agent, which solve the problems disclosed in the background technology.
In order to solve the technical problems, the invention adopts the following technical scheme:
the safe autonomous realization system comprises an edge internet of things agent, a cloud end connected with the edge internet of things agent and a terminal connected with the edge internet of things agent, wherein a key generation function, a signature verification function, an encryption and decryption function and a key encapsulation/decapsulation function of a cloud end key management center sink into the edge internet of things agent, and the edge internet of things agent is used for carrying out access authentication and secret communication on the accessed terminal.
The key generation function, the signature verification function, the encryption and decryption function and the key encapsulation/decapsulation function are realized by adopting an encryption chip, and the encryption chip is connected with the terminal and the cloud through a hardware API interface.
The key generation function, the signature verification function, the encryption and decryption function and the key encapsulation/decapsulation function are realized by adopting software, and the terminal and the cloud are connected through a software API interface.
The method for authenticating the access of the edge internet of things proxy to the terminal comprises the following steps:
receiving an ID sent by a terminal;
invoking a key generation function to generate a main public key pair and a private key pair corresponding to the ID; the main public key pair comprises an encryption main public key and a signature main public key, and the private key pair comprises an encryption private key and a signature private key;
receiving an encryption temporary key sent by a terminal;
invoking an encryption and decryption function, decrypting the encrypted temporary key by adopting an encryption private key to obtain the temporary key;
invoking an encryption and decryption function, encrypting the private key pair by adopting a temporary key, and transmitting the encrypted private key pair to a terminal;
receiving an encrypted signed message sent by a terminal;
invoking an encryption and decryption function to decrypt the encrypted and signed message to obtain the signed message;
invoking a signature verification function to verify the signed message;
in response to the pass of the verification, a key encapsulation/decapsulation function is called, and an encapsulated session key is generated;
and calling an encryption and decryption function, encrypting the encapsulated session key, and sending the encrypted encapsulated session key to the terminal.
The ID is validated prior to generating the master public key pair and the private key pair.
The method for authenticating access of the edge internet of things proxy to the terminal, wherein the terminal is the edge internet of things proxy in the safe autonomous implementation system, and the access authentication method comprises the following steps:
sending the self ID to an edge Internet of things agent;
receiving a main public key sent by an edge internet of things proxy; the main public key pair comprises an encryption main public key and a signature main public key;
generating a temporary key;
invoking an encryption and decryption function, encrypting a temporary key by adopting an encryption main public key, and sending the encrypted temporary key to an edge internet of things agent;
receiving an encrypted private key pair sent by an edge internet of things proxy;
invoking an encryption and decryption function, decrypting the encrypted private key pair to obtain the private key pair; the private key pair comprises an encryption private key and a signature private key;
invoking a signature verification function to sign the message;
invoking an encryption and decryption function, encrypting the signed message, and sending the encrypted signed message to an edge internet of things agent;
receiving an encrypted encapsulated session key sent by an edge internet of things proxy;
invoking an encryption and decryption function, and decrypting the encrypted encapsulated session key to obtain an encapsulated session key;
and calling a key encapsulation/decapsulation function, and decapsulating the encapsulated session key to obtain the session key.
The invention has the beneficial effects that: according to the cloud terminal security management system, the key generation function, the signature verification function, the encryption and decryption function and the key encapsulation/decapsulation function of the cloud terminal key management center are sunk into the edge internet of things proxy, the data communication behavior of the terminal is stopped at the edge internet of things proxy, the possibility of security attack on the cloud terminal is reduced, and the load of the cloud terminal is reduced.
Drawings
FIG. 1 is a block diagram of a system of the present invention;
FIG. 2 is a functional diagram based on a hardware encryption chip design;
FIG. 3 is a function based on a software design;
FIG. 4 is a functional integrated schematic;
fig. 5 is a flow chart of an access authentication method.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present invention, and are not intended to limit the scope of the present invention.
As shown in FIG. 1, the security autonomous implementation system comprises an edge Internet of things agent, a cloud end and a terminal, wherein the cloud end sequentially connects the edge Internet of things agent through a security access device and 4G/5G/wire, and the terminal accesses the edge Internet of things agent.
A key management center is still deployed at the cloud end and is responsible for distributing and authenticating parameters and the like required by secure authentication such as a root certificate of an edge internet of things proxy, secret communication, but identity authentication service is not directly provided for the terminal; the method mainly comprises the steps of deploying partial functions of an original key management center on an edge internet of things proxy, and mainly comprising a key generation function, a signature verification function, an encryption and decryption function and a key encapsulation function, namely, the key generation function, the signature verification function, the encryption and decryption function and the key encapsulation/decapsulation function of a cloud key management center sink into the edge internet of things proxy, wherein the edge internet of things proxy is a small area central node, has the functions of generating a root certificate, verifying authentication access of the edge internet of things proxy and the like, and is responsible for carrying out access authentication and secret communication on an accessed terminal.
The authentication access and secret communication between the edge internet of things proxy and the terminal equipment are mainly based on lightweight encryption algorithms SM7 and SM9, and the SM7 algorithm can be replaced by the SM4 algorithm in consideration of the fact that the SM7 algorithm needs hardware to be realized and hardware resources of part of the terminal equipment and the edge internet of things proxy are difficult to meet the requirements.
That is, the above functions can be realized according to different situations, one is realized by adopting an encryption chip, and the encryption chip is connected with the terminal and the cloud through a hardware API interface; one is implemented by software, and the terminal and the cloud are connected through a software API interface.
As shown in FIG. 2, the method is realized by adopting a hardware encryption chip and mainly comprises a hardware API interface, an instruction function and a cos program, wherein the cos program is loaded and operated in the encryption chip.
The hardware API interface comprises an API interface such as SM4, SM7 encryption and decryption, SM9 signature verification, SM9 encryption and decryption, SM9 encapsulation and decapsulation and the like, and is provided for the terminal to use in a dynamic library or static library mode; in the instruction function, commands of various functions such as encryption and decryption of SM4, SM7 and SM9 lightweight encryption algorithms are defined, and the commands correspond to the instructions of the cos program one by one; the cos program aims at the encapsulation and integration of the instruction sets of the lightweight encryption algorithms on the chip sides SM4, SM7 and SM9, namely the specific implementation process of the lightweight encryption algorithm. And the terminal calls an API interface, sends an instruction to the encryption chip through the function, searches a corresponding instruction set encapsulation function after receiving the corresponding instruction by the cos program, executes the corresponding function and returns a result.
The terminal can realize the functions of lightweight encryption algorithms SM4 and SM7 encryption and decryption, SM9 signature verification, SM9 encryption and decryption, SM9 encapsulation and decapsulation and the like by calling a hardware API interface, so that the dependence of a user on an encryption chip is reduced, the maintainability and the expandability of the lightweight encryption algorithm are improved, and the working efficiency of the user is improved.
As shown in fig. 3, the implementation of the software mainly comprises two parts: software API interface, function. The software API interface comprises SM4, SM7 encryption and decryption, SM9 signature verification, SM9 encryption and decryption, SM9 encapsulation and decapsulation and other API interfaces, and is provided for a user in a dynamic library or static library mode; in the function, different from the instruction function of hardware encryption, the soft encryption function directly realizes the functions of encryption, decryption and the like of SM4, SM7 and SM9 lightweight encryption algorithms. And the user calls an API interface, executes corresponding functions through the function functions and returns a result.
As shown in fig. 4, the edge internet of things proxy can support multiple lightweight encryption authentication algorithm integration (currently supporting SM4, SM7 and SM 9) in an open manner. The differential shielding of algorithms realized by different software and hardware is realized by a group of unified API interfaces, and the software definition of different encryption algorithms is realized by adopting a dynamic library or static library mode; the system also provides a relatively fixed API interface to provide services such as security authentication, secret communication, key distribution and the like for other applications. And for procedural differences brought by different authentication processes and different encryption algorithms, the procedural differences are provided for other APP calls through functional encapsulation into a unified API interface.
Typically, hybrid encryption schemes use an asymmetric cryptographic algorithm to transmit a certain key, and then use a symmetric cryptographic algorithm to securely transmit a message with this key. This hybrid usage pattern is applicable in cases where the message is significantly longer than the key. The system adopts the SM4, SM7 and SM9 mixed encryption scheme, so that the security is improved.
In the system, as shown in fig. 5, the method for authenticating the access of the edge internet of things proxy to the terminal specifically includes an edge internet of things proxy side method and a terminal side method.
The edge internet of things proxy side method comprises the following steps:
1) Receiving an ID sent by a terminal;
2) Performing validity verification on the ID (searching in the existing equipment list, if yes, legal, otherwise not legal), if the verification passes, turning to 3), otherwise refusing to access;
3) Invoking a key generation function to generate a main public key pair and a private key pair corresponding to the ID; the public key pair comprises an SM9 encryption master public key and a signature master public key, and is transparent to the public key without encryption, and the private key pair comprises an SM9 encryption private key and a signature private key;
4) Receiving an encrypted SM4/SM7 temporary key sent by a terminal;
5) Invoking an encryption and decryption function, decrypting the encrypted temporary key by adopting an SM9 encryption private key to obtain an SM4/SM7 temporary key;
6) Invoking an encryption and decryption function, carrying out SM9 encryption on a private key pair by adopting an SM4/SM7 temporary key, and sending the encrypted private key pair to a terminal;
7) Receiving an encrypted signed message sent by a terminal;
8) Invoking an encryption and decryption function, and performing SM9 decryption on the encrypted and signed message to obtain the signed message;
9) Invoking a signature verification function to verify the signed message;
10 In response to the pass of the verification, invoking a key encapsulation/decapsulation function to generate an encapsulated session key;
11 An encryption and decryption function is called, SM9 encryption is carried out on the encapsulated session key, and the encrypted encapsulated session key is sent to the terminal.
The terminal side method comprises the following steps:
21 Transmitting the self ID to the edge Internet of things agent;
22 Receiving a master public key pair sent by an edge internet of things proxy; the main public key pair comprises an encryption main public key and a signature main public key;
after the terminal obtains the main public key pair, the main public key pair can be safely stored locally, and re-application is not needed after the terminal is powered on and powered off again in the effective period;
23 Generating SM4/SM7 temporary keys;
24 An encryption and decryption function is called, an SM9 encryption master public key is adopted to encrypt an SM4/SM7 temporary key, and the encrypted SM4/SM7 temporary key is sent to an edge internet of things proxy;
25 Receiving an encrypted private key pair sent by the edge internet of things proxy;
26 The encryption and decryption function is called, SM4/SM7 decryption is carried out on the encrypted private key pair, and the private key pair is obtained;
the terminal can be locally and safely stored after acquiring the private key pair, and re-application is not needed after the terminal is powered on and powered off again within the valid period of the private key; the terminal applies for the master public key pair and the private key pair to finish;
27 Invoking a signature verification function to sign the message;
28 The encryption and decryption functions are called, SM9 encryption is carried out on the signed message, and the encrypted signed message is sent to the edge internet of things agent;
29 Receiving an encrypted encapsulated session key sent by the edge internet of things proxy;
210 An encryption and decryption function is called, SM9 decryption is carried out on the encrypted encapsulated session key, and the encapsulated session key is obtained;
211 A key encapsulation function is called, and the encapsulated session key is decapsulated to obtain the session key; the session key is a symmetric key for subsequent service data encryption communication, and the secure communication between the terminal and the edge internet-of-things proxy is realized.
By combining the steps, the authentication flow between the edge internet of things proxy and the terminal equipment mainly adopts an SM9 lightweight encryption algorithm, so that the consumption of system resources is effectively reduced; only the terminal passing the authentication can be accessed, so that the possibility of illegal terminal intrusion is reduced, and the safety is improved; the method is compatible with two implementation modes of soft/hard, supports API interface call, is convenient to use, can be implemented by software for a weak intelligent terminal, and can be used by two methods for the intelligent terminal.
According to the cloud key management system, an edge internet of things agent is used as a core, a set of local authentication mechanism of an edge-end small area level is realized, a key generation function, a signature verification function, an encryption and decryption function and a key encapsulation/decapsulation function which are deployed in a cloud are sunk into the edge internet of things agent, the edge internet of things agent is used as a small area center node, authentication access of terminal equipment which is responsible for physical access of the edge internet of things agent is realized, secret communication with the terminal equipment is realized, data communication behavior of the terminal is stopped at the edge internet of things agent, the possibility of security attack on the cloud is reduced, the identity authentication service object of a cloud key management center is greatly reduced, the calculation load of the cloud is released, and the load of the cloud is reduced.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and variations could be made by those skilled in the art without departing from the technical principles of the present invention, and such modifications and variations should also be regarded as being within the scope of the invention.

Claims (3)

1. The method for authenticating terminal access by the edge internet of things proxy is characterized in that the edge internet of things proxy is an edge internet of things proxy in a safe autonomous implementation system;
the secure autonomous implementation system comprises an edge internet of things agent, a cloud end connected with the edge internet of things agent and a terminal connected with the edge internet of things agent, wherein a key generation function, a signature verification function, an encryption and decryption function and a key encapsulation/decapsulation function of a cloud end key management center sink into the edge internet of things agent, and the edge internet of things agent is used for carrying out access authentication and secret communication on the accessed terminal;
the access authentication method comprises the following steps:
receiving an ID sent by a terminal;
invoking a key generation function to generate a main public key pair and a private key pair corresponding to the ID; the main public key pair comprises an encryption main public key and a signature main public key, and the private key pair comprises an encryption private key and a signature private key;
receiving an encryption temporary key sent by a terminal;
invoking an encryption and decryption function, decrypting the encrypted temporary key by adopting an encryption private key to obtain the temporary key;
invoking an encryption and decryption function, encrypting the private key pair by adopting a temporary key, and transmitting the encrypted private key pair to a terminal;
receiving an encrypted signed message sent by a terminal;
invoking an encryption and decryption function to decrypt the encrypted and signed message to obtain the signed message;
invoking a signature verification function to verify the signed message;
in response to the pass of the verification, a key encapsulation/decapsulation function is called, and an encapsulated session key is generated;
and calling an encryption and decryption function, encrypting the encapsulated session key, and sending the encrypted encapsulated session key to the terminal.
2. The method for authenticating access to a terminal by an edge internet of things proxy of claim 1 wherein the ID is validated prior to generating the master public key pair and the private key pair.
3. The method for authenticating the access of the edge internet of things proxy to the terminal is characterized in that the terminal is the edge internet of things proxy in a safe autonomous implementation system;
the secure autonomous implementation system comprises an edge internet of things agent, a cloud end connected with the edge internet of things agent and a terminal connected with the edge internet of things agent, wherein a key generation function, a signature verification function, an encryption and decryption function and a key encapsulation/decapsulation function of a cloud end key management center sink into the edge internet of things agent, and the edge internet of things agent is used for carrying out access authentication and secret communication on the accessed terminal;
the access authentication method comprises the following steps:
sending the self ID to an edge Internet of things agent;
receiving a main public key sent by an edge internet of things proxy; the main public key pair comprises an encryption main public key and a signature main public key;
generating a temporary key;
invoking an encryption and decryption function, encrypting a temporary key by adopting an encryption main public key, and sending the encrypted temporary key to an edge internet of things agent;
receiving an encrypted private key pair sent by an edge internet of things proxy;
invoking an encryption and decryption function, decrypting the encrypted private key pair to obtain the private key pair; the private key pair comprises an encryption private key and a signature private key;
invoking a signature verification function to sign the message;
invoking an encryption and decryption function, encrypting the signed message, and sending the encrypted signed message to an edge internet of things agent;
receiving an encrypted encapsulated session key sent by an edge internet of things proxy;
invoking an encryption and decryption function, and decrypting the encrypted encapsulated session key to obtain an encapsulated session key;
and calling a key encapsulation/decapsulation function, and decapsulating the encapsulated session key to obtain the session key.
CN202210060167.1A 2022-01-19 2022-01-19 Security autonomous realization system and method for authenticating terminal access by edge internet of things agent Active CN114422588B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210060167.1A CN114422588B (en) 2022-01-19 2022-01-19 Security autonomous realization system and method for authenticating terminal access by edge internet of things agent

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210060167.1A CN114422588B (en) 2022-01-19 2022-01-19 Security autonomous realization system and method for authenticating terminal access by edge internet of things agent

Publications (2)

Publication Number Publication Date
CN114422588A CN114422588A (en) 2022-04-29
CN114422588B true CN114422588B (en) 2023-12-19

Family

ID=81275303

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210060167.1A Active CN114422588B (en) 2022-01-19 2022-01-19 Security autonomous realization system and method for authenticating terminal access by edge internet of things agent

Country Status (1)

Country Link
CN (1) CN114422588B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230336538A1 (en) * 2022-04-18 2023-10-19 Cisco Technology, Inc. Automated, multi-cloud lifecycle management of digital identities of iot data originators

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291230A (en) * 2020-10-26 2021-01-29 公安部第一研究所 Data security authentication transmission method and device for terminal of Internet of things
CN112887338A (en) * 2021-03-18 2021-06-01 南瑞集团有限公司 Identity authentication method and system based on IBC identification password
CN113556307A (en) * 2020-04-03 2021-10-26 国网上海能源互联网研究院有限公司 Edge Internet of things agent, access gateway, Internet of things management platform and safety protection method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556307A (en) * 2020-04-03 2021-10-26 国网上海能源互联网研究院有限公司 Edge Internet of things agent, access gateway, Internet of things management platform and safety protection method
CN112291230A (en) * 2020-10-26 2021-01-29 公安部第一研究所 Data security authentication transmission method and device for terminal of Internet of things
CN112887338A (en) * 2021-03-18 2021-06-01 南瑞集团有限公司 Identity authentication method and system based on IBC identification password

Also Published As

Publication number Publication date
CN114422588A (en) 2022-04-29

Similar Documents

Publication Publication Date Title
US10601801B2 (en) Identity authentication method and apparatus
CN110336774B (en) Mixed encryption and decryption method, equipment and system
CN111464301B (en) Key management method and system
CN110519041B (en) Attribute-based encryption method based on SM9 identification encryption
CN106411926B (en) Data encryption communication method and system
US20060013402A1 (en) Method of delivering Direct Proof private keys to devices using an on-line service
CN107948156A (en) The closed key management method and system of a kind of identity-based
CN107634946A (en) A kind of micro services node legitimacy verification method and device
CN113726733B (en) Encryption intelligent contract privacy protection method based on trusted execution environment
CN114024757A (en) Electric power Internet of things edge terminal access method and system based on identification cryptographic algorithm
CN114422588B (en) Security autonomous realization system and method for authenticating terminal access by edge internet of things agent
CN110519238B (en) Internet of things security system and communication method based on cryptographic technology
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device
CN111901335B (en) Block chain data transmission management method and system based on middle station
CN111064752B (en) Preset secret key sharing system and method based on public network
CN107172078B (en) Security management and control method and system of core framework platform based on application service
CN112637169B (en) Passive NFC cloud lock encryption method
CN112235103A (en) Secure network communication method for dynamically generating secret key
CN113946845A (en) Internet of things equipment offline session method and device and storage medium
CN112149134A (en) Trusted application management method and device
CN104935430A (en) Processing method and device for client business
CN115835194B (en) NB-IOT terminal safety access system and access method
Sun et al. Towards efficient sharing of encrypted data in cloud-based mobile social network
CN113300845B (en) Intelligent heat supply network data transmission safety protection system and method
CN117278330B (en) Lightweight networking and secure communication method for electric power Internet of things equipment network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant