CN114531234B - Distributed system and equipment registration and verification method thereof - Google Patents

Distributed system and equipment registration and verification method thereof Download PDF

Info

Publication number
CN114531234B
CN114531234B CN202210107155.XA CN202210107155A CN114531234B CN 114531234 B CN114531234 B CN 114531234B CN 202210107155 A CN202210107155 A CN 202210107155A CN 114531234 B CN114531234 B CN 114531234B
Authority
CN
China
Prior art keywords
equipment
information
registration
token
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210107155.XA
Other languages
Chinese (zh)
Other versions
CN114531234A (en
Inventor
陈云峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Seconds Technology Co ltd
Original Assignee
Beijing Seconds Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Seconds Technology Co ltd filed Critical Beijing Seconds Technology Co ltd
Priority to CN202210107155.XA priority Critical patent/CN114531234B/en
Publication of CN114531234A publication Critical patent/CN114531234A/en
Application granted granted Critical
Publication of CN114531234B publication Critical patent/CN114531234B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention provides a distributed system and a device registration and verification method thereof, wherein a device private key is generated by a device per se and does not participate in network transmission in the whole process, the device registration carries a device id and a token, the device id is derived from the device private key, the derivation process is irreversible, and the token is generated by a randomly selected encryption algorithm and a random key. On the other hand, the invention also effectively reduces the pressure of the central node through the automatic redundant information cleaning mechanism of the distributed network nodes, and avoids the single node fault of the central node.

Description

Distributed system and equipment registration and verification method thereof
Technical Field
The invention relates to the field of edge computing, in particular to a distributed system and a device registration and verification method thereof.
Background
In the field of edge computing or the field of internet of things, devices are naturally distributed in different places, are in a relatively unreliable environment, and need to be effectively managed and safely communicated with each other.
The currently common schemes are:
(1) Keys (symmetric encryption or asymmetric encryption) are generated by a unified management platform, and corresponding keys are configured on the device. And when the equipment is authenticated, the equipment is authenticated through the signature or token encrypted by the key.
(2) And the user generates a key pair by himself and carries out respective configuration on a unified management platform and the terminal. And when the equipment is authenticated, the equipment is authenticated through the signature or token encrypted by the key.
(3) The user registers the password information of the equipment on the platform, and the equipment is authenticated through the password.
(4) In the block chain system, a key is generated by a node, and the node number is deduced by a private key. When a message is sent, the key information in the message is signed by the private key, and the information receiver deduces the node number according to the signature, so that whether the node number of the information sender belongs to forgery or not is obtained, but the node number cannot prove that the opposite terminal equipment is a normal node and only can know where the information comes, and the accurate identity of the opposite terminal equipment cannot be known.
In summary, the following technical problems mainly exist in the prior art:
1. whether the key is generated by the user or the platform, the key needs to be transmitted through the network, which increases the risk of stealing the key.
2. In an edge system, there is a need for mutual access of edge terminals, where if the identities of opposite terminals are identified, in the existing common scheme, identity confirmation needs to be performed to a central node in the access process, and in such a case, efficiency is generally low. If the central node synchronizes the identity data, a large amount of data synchronization is caused, and the risk of data leakage is increased.
Disclosure of Invention
The purpose of the invention is as follows: the invention aims to provide a safe and efficient equipment verification technical scheme aiming at the technical problems, in particular to a distributed system and equipment registration and verification methods thereof.
The technical scheme is as follows: in order to realize the purpose, the invention adopts the technical scheme that:
a device registration method for a distributed system, the registration method comprising:
(1) The device management platform is pre-configured with a plurality of encryption algorithms and keys randomly generated according to the requirements of the encryption algorithms, and periodically updates the encryption algorithms and the corresponding keys;
(2) A user requests a token from an equipment management platform;
(3) The device management platform receives a user request, encrypts the current time ts by using a current encryption algorithm to obtain a token, returns the token to the user, and informs the effective time of the token;
(4) Configuring the obtained token on the equipment by the user;
(5) Before the device accesses the network, a private key is locally generated, a public key is generated by the private key, and then the public key is mapped into a node number by adopting a Hash function;
(6) The device sends registration information to the device management platform, wherein the registration information comprises: token, message signature, timestamp and node number; the message signature is a signature of partial content of the sent message by a private key of the equipment;
(7) The equipment management platform judges whether the token is used or not; if yes, equipment registration is not accepted; if not, decrypting the token by using the current encryption algorithm and key to obtain ts, and simultaneously adding the token into the filter by the equipment management platform; if a subsequent message uses the token, the equipment management platform adds the node which sends the message into an illegal node filter;
(8) The equipment management platform judges whether the difference between ts and the current time is smaller than a preset threshold value; if yes, the equipment registration is accepted, the equipment information is stored locally, a registration response is returned to the equipment along an equipment registration path, and if gateway nodes exist in the registration path, the corresponding gateway nodes store the equipment information; otherwise, the device management platform does not accept device registration.
Several alternatives are provided below for the device registration method, but not as an additional limitation to the above general scheme, but merely as a further addition or preference, each alternative may be combined separately for the above general scheme or may be combined among several alternatives without technical or logical contradictions.
Optionally, the calculation formula of the valid time of token is as follows: t4= min (Td 1, td2, T3); wherein Td1 represents the remaining time of the current encryption algorithm from the next encryption algorithm update, td2 represents the remaining time of the key selected by the current encryption algorithm from the next key update, and T3 is the default valid time of token itself.
Optionally, when the valid time of the token is calculated, if T4 is less than T3m, the valid time of the token is considered to be too short, and the terminal cannot complete registration, and at this time, the device management platform is triggered to reselect the encryption algorithm and the corresponding key; and T3m is the shortest effective time of token, and satisfies T1> T2> T3>2T3m, wherein T1 is the updating period of the encryption algorithm, and T2 is the updating period of the secret key.
The invention also provides a distributed system which comprises an equipment management platform and the distributed equipment, wherein the equipment management platform is directly communicated with the equipment or is communicated with the equipment through a gateway, and the equipment adopts the method to register on the equipment management platform.
The invention also provides an equipment verification method, which comprises the following steps:
s1, the equipment adopts the equipment registration method to complete registration;
s2, the equipment sends service message information, wherein the service message information comprises node information, service information, signature information and routing information;
s3, when each receiver on the service message information transmission path receives the service message information, firstly checking whether the node information in the service message information is in an illegal node filter, if so, rejecting the message sent by the equipment, and if not, executing the step S4;
s4, the receiver verifies whether the signature information is correct, if not, the message sent by the equipment is rejected, and if so, the step S5 is executed;
s5, the receiver inquires whether the local equipment information is stored, and if yes, the receiver directly forwards the service message information according to the routing information in the service message information; if not, executing step S6;
s6, the receiver requests the upper node step by step to inquire whether the equipment is registered, if so, the receiver forwards the service message information according to the routing information in the service message information; if not, the receiver discards the service message information.
For the device verification method, several alternatives are provided below, but not as an additional limitation to the above-described overall scheme, but merely as a further addition or preference, and each alternative may be combined separately for the above-described overall scheme or may be combined among multiple alternatives without technical or logical contradictions.
Optionally, in the device authentication method, when the receiver queries that the device is registered, the receiver saves the device information, and sets an effective time T5 for the device at the node; if the node receives the message information sent by the same device again in the effective time, the effective time is updated as follows: t5= T5-TL1+ TL2, wherein TL1 represents the time difference between the time point when the node receives the equipment message information this time and the time point when the node receives the equipment message information last time, and TL2 represents the delay time; if the message information sent by the same device is not received again within the effective time T5, the node deletes the device information of the corresponding device.
Compared with the prior art, the invention has the following beneficial effects:
1. in the invention, the private key is generated by the equipment, and the private key does not pass through network transmission in the whole registration process, thereby ensuring the security of the private key.
2. The invention completes the registration of the equipment by carrying the token generated by the equipment management control platform, and the token is generated by the randomly selected encryption algorithm and the random key, if an enemy breaks through the current token generation algorithm by a certain means, but in the next random period, the token generation rule is changed, and the key broken violently is meaningless. The invention avoids the token from being cracked violently to the maximum extent by the technical means, thereby improving the security of the registration authentication of the equipment.
3. The invention also effectively reduces the pressure of the central node through an automatic redundant information cleaning mechanism of the node, and avoids the single-node fault of the central node.
Drawings
FIG. 1 is a diagram of a distributed system according to an embodiment;
FIG. 2 is a block diagram of another distributed system according to an exemplary embodiment;
fig. 3 is a schematic diagram illustrating an apparatus registration process according to an embodiment;
fig. 4 is a schematic diagram of a device authentication flow according to an embodiment.
Detailed Description
The present invention is further illustrated by the following description in conjunction with the accompanying drawings and the specific embodiments, it is to be understood that these examples are given solely for the purpose of illustration and are not intended as a definition of the limits of the invention, since various equivalent modifications will occur to those skilled in the art upon reading the present invention and fall within the limits of the appended claims.
Example 1:
in view of the above, the present embodiment provides a device registration method for a distributed system, which aims to solve the technical problem in the prior art that a security is insufficient due to a fact that a private key needs to be transmitted through a network in an authentication process.
In this embodiment, the distributed system may be a simple networking shown in fig. 1 or a complex networking shown in fig. 2.
Simple networking: the device is directly connected with the device management control platform, and messages can be sent between the devices (under the condition that the network environment allows, if the devices can directly discover each other, the messages are directly sent, otherwise, the messages are forwarded through the management control platform). The equipment management control platform is responsible for functions of equipment registration, equipment verification, message service processing, equipment data storage and the like.
Complex networking: the device is connected with the device management control platform through the gateway, and messages can be sent between the devices (under the condition that the network environment allows, if the devices can directly find each other, the messages are directly sent, otherwise, the messages are forwarded through the gateway). The equipment management control platform is responsible for functions such as equipment registration function, equipment verification function, message service processing, equipment data storage and the like. The gateway is responsible for functions of equipment registration forwarding, equipment verification, service message forwarding, equipment data storage and the like.
It should be noted that the networking modes shown in fig. 1 and fig. 2 are only examples for illustrating the technical principle of the present invention, and the method of the present invention may be applied to other networking modes.
The embodiment takes fig. 2 as an example to explain the device registration method, which specifically includes the following steps:
step 1, generating a token on an equipment management control platform.
Specifically, the equipment management control platform dynamically configures a plurality of encryption algorithm plug-ins, and the encryption algorithm SM1 is replaced every T1 time; the key SK1 required by the encryption algorithm is updated every time T2. When a user requests a token, the device management control platform encrypts time ts (as a preferred technical scheme, some additional information may be superimposed here, for example, information such as the user's home, organization, running service, label, and the like) by using a current encryption algorithm to obtain the token, and informs the user of the valid time T4 of the token.
The calculation method of T4 is as follows:
recording the remaining time of the current encryption algorithm SM1 in a preset updating period T1 as Td1;
recording the remaining time of the selected key SK1 of the current encryption algorithm in a preset updating period T2 as Td2;
recording default effective time T3 of Token, and setting the shortest effective time as T3m;
then: t4= min (Td 1, td2, T3). In general, the relationship of T1, T2, T3 should be: t1> T2> T3>2T3m.
If T4 is calculated, and T4< T3m is found, the token effective time is considered to be too short, and the terminal cannot complete registration. At this time, the device management control platform triggers the reselection of SM1 and SK1, and calculates the key again for the current time.
And 2, the user acquires the disposable token from the management control platform, and the user configures the token generated by the equipment management control platform on the equipment to be accessed to the network. the token is used once, after the token is used, the token is added into a filter (for example, a bloom filter), and if a message is used subsequently, a node sending the message is added into an illegal node filter (for example, the bloom filter).
And 3, before equipment registration, locally generating a private key, generating a public key by the private key, and mapping the public key into a node number nodeId by using a hash function. As a preferred embodiment, when calculating the nodeId, some node key attribute information (for example, sn, uuid, mac address, etc. can uniquely identify the device, or the information of the attributive organization structure, the supported service, etc. can be adopted, the key attribute information is added, the mapped nodeId can be combined with the specific service, so that the function of the device terminal can be directly judged through the nodeId), and the combined character string is mapped into the nodeId through a hash function.
And 4, starting a registration process by the equipment, wherein the registration message carries the token generated by the equipment management control platform, the message signature (signature is carried out on the key field in the message by a private key), the timestamp and the nodeId (node Id). Preferably, the registration message may also carry information of unique identification devices such as sn, uuid, mac address, and the like, and may further include information of an attributive organization architecture, a supported service, and the like, so that the correlation between the relevant nodeId and a service or an organization to be supported can be effectively identified and judged.
And 5, the gateway firstly checks the registration authentication message of the equipment, judges whether the registration message of the equipment meets the signature requirement, and directly rejects the registration authentication message if the registration message of the equipment does not meet the signature requirement. The specific judgment process is as follows:
extracting the signature of the message, the key field of the signature and the nodeId of the node from the message;
the public key can be deduced through the signature and the key field of the signature, and then the nodeId is deduced through the key attribute information of the public key superposition node * Comparing nodeId with nodeId * If the identity is consistent with the identity of the other node, the identity is correct, and if the identity is inconsistent with the identity of the other node, the other node is a malicious node.
Step 6, the gateway forwards the registration message
And 7, after receiving the registration information, the device management control platform checks whether the token is in the filter (e.g., bloom), and if the registration message is indicated in the filter to belong to malicious registration, it may be that the registered token is used by a malicious device. The equipment management control platform decrypts the token according to the encryption algorithm and the key of the current equipment management control platform to obtain time ts (if the auxiliary information exists, the auxiliary information is obtained together), and compares the ts (if the auxiliary information exists, the auxiliary information and the time ts) with the current time ts of the equipment management control platform * And comparing, and if the time difference tx does not exceed the set time length TL, determining that the registration is legal.
And 8, the equipment management control platform records the nodeId of the registered equipment and the registration details of the equipment, and identifies the equipment to be in an activated state.
Step 9, the equipment management control platform returns a registration response
And step 10, if the registration is successful, the gateway records the nodeId information of the equipment so as to verify the signature information when the subsequent equipment sends other service messages.
And step 11, the gateway returns a registration response to the equipment.
After the registration is finished, entering an equipment verification link, and specifically comprising the following steps:
s1, equipment sends service message information, and the service message information comprises the following components: node information, service information, signature information, routing information.
S2, for the networking with the gateway, whether the node information in the message is in an illegal node filter (such as bloom) is checked, and if the node information is in the illegal node filter, the message sent by the node is rejected. If not, step S3 is executed.
And S3, checking the signature information, if the signature is correct, continuously checking whether the node in the message is registered, and if the node in the message is registered, sending the node to the next network element according to the routing information in the message. If the node is not in the gateway (in the actual implementation process, there is a situation that the gateway device may not be consistent with the device management control platform data, for example, the gateway device fails and loses data), the gateway requests the device management control platform of the upper level to determine whether the device is registered.
And S4, if the upper-level equipment management control platform returns that the equipment is registered, the gateway records the registered information of the equipment, otherwise, the equipment is added into the filter of the illegal node.
And S5, after the authentication is passed, the gateway sends the information to the next network element according to the routing information.
The above process is applicable to the case that the device communicates with the device management control platform through the gateway, if the device management control platform directly receives the message sent by the device, after receiving the message, it first checks whether the node information in the message is in an illegal node filter (for example, bloom), if so, it rejects the message sent by the node. And then checking the signature information, if the signature is correct and the node is stored locally, processing the message, otherwise, requesting the upper-level network element to judge that the equipment is registered, and the processing process is similar to that of S4 to S5.
Preferably, in order to effectively reduce the pressure of the central node and avoid a single-node fault of the central node, the present embodiment further sets an automatic redundant information cleaning mechanism of the node, specifically:
when the receiver inquires that the equipment is registered, the equipment information is stored, and an effective time T5 is set for the equipment at the node; if the node receives the message information sent by the same device again in the effective time, the effective time is updated as follows:
t5= T5-TL1+ TL2, wherein TL1 represents the time difference between the time point when the node receives the equipment message information this time and the time point when the node receives the equipment message information last time, TL2 represents the delay time, and then the time difference is repeatedly judged whether the S1 sends the effective information; if the message information sent by the same equipment is not received again within the effective time T5, the node deletes the equipment information of the corresponding equipment, and prevents the information from being excessively accumulated locally.
Example 2:
the embodiment provides a distributed system, which comprises an equipment management platform and distributed equipment, wherein the equipment management platform is directly communicated with the equipment or is communicated with the equipment through a gateway, and the equipment adopts the method to register on the equipment management platform.
The above description is only of the preferred embodiments of the present invention, and it should be noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention and these are intended to be within the scope of the invention.

Claims (5)

1. The equipment registration method of the distributed system is characterized in that the distributed system comprises an equipment management platform and distributed equipment, and the equipment is connected with the equipment management platform through a gateway; if the equipment and the equipment can directly find each other, the information is directly sent, otherwise, the information is forwarded through the gateway; the registration method comprises the following steps:
(1) The device management platform is pre-configured with a plurality of encryption algorithms and keys randomly generated according to the requirements of the encryption algorithms, and periodically updates the encryption algorithms and the corresponding keys;
(2) A user requests a token from an equipment management platform;
(3) The device management platform receives a user request, encrypts the current time ts by using a current encryption algorithm to obtain a token, returns the token to the user, and informs the effective time of the token;
(4) Configuring the obtained token on the equipment by the user;
(5) Before the device accesses the network, a private key is locally generated, a public key is generated by the private key, and then the public key is mapped into a node number by adopting a hash function;
(6) The device sends registration information to the device management platform through the gateway, wherein the registration information comprises: token, message signature, timestamp and node number; the message signature is a signature of partial content of the sent message by a private key of the equipment;
the gateway firstly checks the registration information of the equipment, judges whether the registration information of the equipment meets the signature requirement, and directly rejects the equipment if the registration information does not meet the signature requirement; the judgment process is as follows:
extracting token, message signature and node number nodeId of the message from the registration information;
deducing a public key through token and message signature, and then deducing nodeId through key attribute information of a public key superposition node * Comparing nodeId with nodeId * If the identity is consistent with the identity, the identity is correct, and if the identity is inconsistent with the identity, the opposite side is a malicious node;
then the gateway forwards the registration message;
(7) The equipment management platform judges whether the token is used or not; if yes, equipment registration is not accepted; if not, decrypting the token by using the current encryption algorithm and the key to obtain ts, and simultaneously adding the token into the filter by the equipment management platform; if a subsequent message uses the token, the equipment management platform adds the node which sends the message into an illegal node filter;
(8) The equipment management platform judges whether the difference between ts and the current time is smaller than a preset threshold value; if yes, the equipment registration is accepted, the equipment information is stored locally, a registration response is returned to the equipment along an equipment registration path, and if gateway nodes exist in the registration path, the corresponding gateway nodes store the equipment information; otherwise, the device management platform does not accept device registration.
2. The device registration method in a distributed system according to claim 1, wherein the calculation formula of the valid time of the token is: t4= min (Td 1, td2, T3); wherein Td1 represents the remaining time of the current encryption algorithm from the next encryption algorithm update, td2 represents the remaining time of the key selected by the current encryption algorithm from the next key update, and T3 is the default valid time of token itself.
3. The device registration method of the distributed system according to claim 2, wherein when calculating the valid time of the token, if T4< T3m, it is considered that the valid time of the token is too short, and the terminal cannot complete registration, and at this time, the device management platform is triggered to reselect the encryption algorithm and the corresponding key; and T3m is the shortest effective time of token, and satisfies T1> T2> T3>2T3m, wherein T1 is the updating period of the encryption algorithm, and T2 is the updating period of the secret key.
4. A device authentication method, comprising the steps of:
s1, the equipment completes registration by adopting the method of any one of claims 1 to 3;
s2, the equipment sends service message information, wherein the service message information comprises node information, service information, signature information and routing information;
s3, when each receiver on the service message information transmission path receives the service message information, checking whether the node information in the service message information is in an illegal node filter, if so, rejecting the message sent by the equipment, and if not, executing the step S4;
s4, the receiver verifies whether the signature information is correct, if not, the message sent by the equipment is rejected, and if so, the step S5 is executed;
s5, the receiver inquires whether the local equipment information is stored, and if yes, the receiver directly forwards the service message information according to the routing information in the service message information; if not, executing step S6;
s6, the receiver requests the upper node step by step to inquire whether the equipment is registered, if so, the receiver forwards the service message information according to the routing information in the service message information; if not, the receiver discards the service message information.
5. The device authentication method as claimed in claim 4, wherein when the receiver inquires that the device is registered, the device information is saved and a valid time T5 is set for the device at the node; if the node receives the message information sent by the same device again in the effective time, the effective time is updated as follows: t5= T5-TL1+ TL2, where TL1 represents a time difference between a time point when the node receives the device message information this time and a time point when the node receives the device message information last time, and TL2 represents a delay time; if the message information sent by the same device is not received again within the effective time T5, the node deletes the device information of the corresponding device.
CN202210107155.XA 2022-01-28 2022-01-28 Distributed system and equipment registration and verification method thereof Active CN114531234B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210107155.XA CN114531234B (en) 2022-01-28 2022-01-28 Distributed system and equipment registration and verification method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210107155.XA CN114531234B (en) 2022-01-28 2022-01-28 Distributed system and equipment registration and verification method thereof

Publications (2)

Publication Number Publication Date
CN114531234A CN114531234A (en) 2022-05-24
CN114531234B true CN114531234B (en) 2022-12-16

Family

ID=81623059

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210107155.XA Active CN114531234B (en) 2022-01-28 2022-01-28 Distributed system and equipment registration and verification method thereof

Country Status (1)

Country Link
CN (1) CN114531234B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10630682B1 (en) * 2016-11-23 2020-04-21 Amazon Technologies, Inc. Lightweight authentication protocol using device tokens
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
CN111935714A (en) * 2020-07-13 2020-11-13 兰州理工大学 Identity authentication method in mobile edge computing network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3913515B8 (en) * 2020-05-19 2024-03-13 SuperAwesome Trading Limited A system and method for registering a user

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10630682B1 (en) * 2016-11-23 2020-04-21 Amazon Technologies, Inc. Lightweight authentication protocol using device tokens
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
CN111935714A (en) * 2020-07-13 2020-11-13 兰州理工大学 Identity authentication method in mobile edge computing network

Also Published As

Publication number Publication date
CN114531234A (en) 2022-05-24

Similar Documents

Publication Publication Date Title
US8762722B2 (en) Secure information distribution between nodes (network devices)
US9137226B2 (en) Authentication method and authentication device for performing group authentication using a group key
US8139521B2 (en) Wireless nodes with active authentication and associated methods
KR100675836B1 (en) Authentication method for a link protection in EPON
US6931016B1 (en) Virtual private network management system
US10187299B2 (en) Method for using authenticated requests to select network routes
US20060130135A1 (en) Virtual private network connection methods and systems
CN112311530A (en) Block chain-based alliance trust distributed identity certificate management authentication method
US9118644B2 (en) Method for directing requests to trusted resources
CN105530253B (en) Wireless sensor network access authentication method under Restful framework based on CA certificate
US9602499B2 (en) Authenticating a node in a communication network
US8966263B2 (en) System and method of network equipment remote access authentication in a communications network
JP2016139883A (en) Relay device, terminal device, and communication method
CN103701700A (en) Node discovering method and system in communication network
KR20060008976A (en) Transmission/reception system
EP1694027A1 (en) Peer-to-peer network information
CN111490968A (en) Block chain technology-based alliance multi-node network identity authentication method
CN112436940A (en) Internet of things equipment trusted boot management method based on zero-knowledge proof
CN109698791A (en) A kind of anonymous cut-in method based on dynamic route
JP2006236349A5 (en)
KR20120134942A (en) Authentification agent and method for authentificating online service and system thereof
CN107888615B (en) Safety authentication method for node registration
CN114531234B (en) Distributed system and equipment registration and verification method thereof
CN116260645A (en) Node admittance method, consensus method, device, electronic equipment and storage medium
KR20210126319A (en) Apparatus and method for managing key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant