CN114785615A - Lightweight authentication method for Internet of things system in cloud computing environment - Google Patents

Lightweight authentication method for Internet of things system in cloud computing environment Download PDF

Info

Publication number
CN114785615A
CN114785615A CN202210563565.5A CN202210563565A CN114785615A CN 114785615 A CN114785615 A CN 114785615A CN 202210563565 A CN202210563565 A CN 202210563565A CN 114785615 A CN114785615 A CN 114785615A
Authority
CN
China
Prior art keywords
cloud server
identity
authentication
user
registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210563565.5A
Other languages
Chinese (zh)
Other versions
CN114785615B (en
Inventor
万亚东
张波
张超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology Beijing USTB
Innotitan Intelligent Equipment Technology Tianjin Co Ltd
Original Assignee
University of Science and Technology Beijing USTB
Innotitan Intelligent Equipment Technology Tianjin Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology Beijing USTB, Innotitan Intelligent Equipment Technology Tianjin Co Ltd filed Critical University of Science and Technology Beijing USTB
Priority to CN202210563565.5A priority Critical patent/CN114785615B/en
Publication of CN114785615A publication Critical patent/CN114785615A/en
Application granted granted Critical
Publication of CN114785615B publication Critical patent/CN114785615B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals

Abstract

The invention relates to a lightweight authentication method for an internet of things system in a cloud computing environment, which belongs to the field of communication safety, and is characterized in that registration of user equipment and a cloud server is realized based on a barrel shift physical unclonable function and a chaotic mapping algorithm, registration information of the user equipment and the cloud server is stored in an identity trust registration center, bidirectional authentication between the user equipment and the cloud server is realized, communication is performed through a session key after authentication is successful, and the communication safety of the user equipment and the cloud server is improved.

Description

Lightweight authentication method for Internet of things system in cloud computing environment
Technical Field
The invention relates to the technical field of communication safety, in particular to a lightweight authentication method for an internet of things system in a cloud computing environment.
Background
The Internet of things (IoT) utilizes technologies such as mass sensors, intelligent terminals and global positioning systems to establish connection between people and objects anytime and anywhere, so as to realize intelligent control and management. However, due to the limitations of low power consumption and computing power of the embedded device, the application of the internet of things in practical applications is still a key issue. To address this issue, researchers have applied cloud computing to the internet of things. Cloud computing enables all servers and users to access rich computing and storage resources through the internet. Cloud servers have more resources and more powerful computing power. In a cloud computing environment scenario of the internet of things, internet of things devices and sensors submit collected data related to the internet of things to a cloud server through a wired/wireless network. The user can access the cloud server anytime and anywhere to obtain the related data of the Internet of things. In addition, the user can also send a command to the Internet of things equipment through the cloud server, and remote production control is achieved. The cloud server provides internet of things services for the user through an insecure public channel, and communication between the user and the cloud server must be kept secret. In an internet of things based cloud computing environment, one must authenticate another. Only authorized users can access the cloud server to obtain the service of the Internet of things equipment.
Disclosure of Invention
The invention aims to provide a lightweight authentication method for an Internet of things system in a cloud computing environment, which improves the communication security of user equipment and a cloud server.
In order to achieve the purpose, the invention provides the following scheme:
a lightweight authentication method for an Internet of things system in a cloud computing environment comprises the following steps:
initializing system parameters through an identity trust registration center, wherein the initialized system parameters comprise values obtained by calculation through a chaotic mapping algorithm;
based on a barrel shift physical unclonable function, carrying out identity registration on user equipment through an identity trust registration center to obtain user registration information, and storing the identity information of the user equipment in the identity trust registration center;
based on a barrel shift physical unclonable function, identity registration is carried out on a cloud server through an identity trust registration center to obtain cloud server registration information, and the identity information of the cloud server is stored in the identity trust registration center;
performing authentication between the user equipment and the identity trust registry and authentication between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registry and the identity information of the cloud server stored in the identity trust registry;
and after the authentication between the user equipment and the identity trust registration center and the authentication between the user equipment and the cloud server are completed, the user equipment and the cloud server communicate through a session key.
Optionally, the initialization system parameter is { x, T }s1(x),p,H1(·),H2(. cndot.) wherein x is a random number, p is a large prime number, Ts1(x) Representing the value calculated by chaotic mapping algorithm based on a random number s1, s2 being a random number, s1 and s2 being private keys, Ts1(x) As system public key, H1(. and H)2(. cndot.) is a one-way hash function.
Optionally, the identity registration of the user equipment through the identity trust registration center based on the bucket shifting physical unclonable function to obtain user registration information, and storing the identity information of the user equipment in the identity trust registration center specifically includes:
generating user registration request information based on a random number and a chaotic mapping algorithm, wherein the user registration request information comprises an identity of an internet of things user and a first encrypted user password PW encrypted by the internet of things user passwordiAnd a second encrypted user password PK generated using a barrel-shifting physical unclonable functioniThe user equipment sends the user registration request information to the identity trust registration center;
after receiving the user registration request information, the identity trust registration center detects whether an identity mark of the user of the Internet of things exists, if not, the identity trust registration center generates first user registration information based on the user registration request information, and the first user registration information is sent to the user equipment;
and after receiving the first user registration information, the user equipment generates second user registration information based on the first user registration information, and writes the second user registration information into the smart card corresponding to the user equipment.
Optionally, the identity registration of the cloud server through the identity trust registry based on the barrel shift physical unclonable function to obtain cloud server registration information, and storing the identity information of the cloud server in the identity trust registry specifically includes:
generating cloud server registration request information based on a random number and a chaotic mapping algorithm, wherein the cloud server registration request information comprises a cloud server identity and a cloud server password generated by adopting a barrel shift physical unclonable function; the cloud server sends the cloud server registration request information to the identity trust registry;
after receiving cloud server registration request information, the identity trust registration center detects whether a cloud server identity mark exists in a data block, if not, the identity trust registration center generates cloud server registration information based on the cloud server registration request information and sends the cloud server registration information to a cloud server;
and after receiving the cloud server registration information, the cloud server publishes the cloud server pseudonym and the public key of the cloud server, wherein the cloud server pseudonym is generated according to the cloud server identity.
Optionally, the authenticating between the user equipment and the identity trust registration center and the authenticating between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registration center and the identity information of the cloud server stored in the identity trust registration center specifically include:
the user equipment is inserted with the intelligent card to carry out user identity login of the Internet of things;
after the user identity of the Internet of things is successfully logged in, the user equipment sends the generated first authentication request message to the identity trust registration center; the first authentication request message comprises a pseudonym RID of the user of the Internet of thingsiA first intermediate quantity CIDiAnd a first judgment mark CMiTime stamp T1The first judgment mark CMiGenerating according to the identity of the user of the Internet of things and a chaotic mapping algorithm;
when the identity trust registration center receives the first authentication request message, verifying the timestamp T1If it is legal, if the timestamp T is valid1Stopping authentication if the password is not matched, and stopping authentication if the password is not matched1If the identity trust registration center is legal, the identity trust registration center passes the pseudonym RID of the user of the Internet of thingsiThe ID of the corresponding user of the Internet of things is found in the databasei(ii) a According to the identity ID of the currently searched user of the Internet of thingsiGenerating a second judgment mark CM by a chaotic mapping algorithmi', by judging the first judgment mark CMiAnd the second judgment mark CMiWhether the first authentication is finished is judged;
if the first authentication is finished, the identity trust registration center sends a generated second authentication request message to the user equipment, wherein the second authentication request message comprises a third judgment identification IMiAnd a time stamp T2And the third judgment mark IMiGenerating according to the identity of the user of the Internet of things, the pseudonym of the cloud server, a chaotic mapping algorithm and a barrel shift physical unclonable function;
after the user equipment receives the second authentication request message, verifying the timestamp T2If it is legal, if the timestamp T is2Stopping authentication if the password is not matched, and stopping authentication if the password is not matched2If the method is legal, the method is carried out according to the identity of the user of the Internet of things, the pseudonym of the cloud server, the chaotic mapping algorithm and the barrel shift physicsGenerating a fourth judgment mark IM by the unclonable functioni' by judging the third judgment mark IMiAnd the fourth judgment mark IMiWhether the authentication is equal or not is judged;
if the second authentication is completed, the user equipment sends the generated third authentication request message to the cloud server; the third authentication request message comprises a pseudonym of the user of the internet of things, a pseudonym of the cloud server and a fifth judgment mark JMiAnd a time stamp T3(ii) a The fifth judgment identification is generated according to the pseudonym of the user of the Internet of things, the pseudonym of the cloud server, a chaotic mapping algorithm and a barrel shift physical unclonable function;
after the cloud server receives the third authentication request message, verifying a timestamp T3If it is legal, if the timestamp T is3Stopping authentication if the password is not matched, and stopping authentication if the password is not matched3If the judgment result is legal, the cloud server generates a sixth judgment mark JM according to the pseudonym of the user of the Internet of things, the pseudonym of the cloud server, the chaotic mapping algorithm and the barrel shift physical unclonable functioniJudging whether the third authentication is finished or not by judging whether the fifth judgment mark is equal to the sixth judgment mark or not;
if the third authentication is finished, generating a first session key based on a barrel shift physical unclonable function and a random value, and sending a generated fourth authentication request message to the user equipment by the cloud server for fourth authentication; the fourth authentication request message includes a seventh judgment flag MKjAnd the seventh judgment flag MKjThe encrypted first session key;
after receiving the fourth authentication request message, the user equipment generates a second session key according to the fourth authentication request message by using a barrel shift physical unclonable function, encrypts the second session key to generate an eighth judgment mark MKj' judging whether the fourth authentication is finished or not by judging whether the seventh judgment mark is equal to the eighth judgment mark or not;
and if the fourth authentication is finished, finishing the authentication.
Optionally, the chaos mapping algorithm is chebyshev chaos mapping.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention discloses a lightweight authentication method for an internet of things system in a cloud computing environment, which is based on a barrel shift physical unclonable function and a chaotic mapping algorithm, realizes registration and bidirectional authentication of user equipment and a cloud server, and improves the communication safety of the user equipment and the cloud server.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a first flowchart illustrating a lightweight authentication method for an Internet of things system in a cloud computing environment according to the present invention;
FIG. 2 is a schematic flow diagram of a second lightweight authentication method for an Internet of things system in a cloud computing environment according to the present invention;
fig. 3 is a data transmission schematic diagram of a lightweight authentication method for an internet of things system in a cloud computing environment according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
The invention aims to provide a lightweight authentication method for an internet of things system in a cloud computing environment, and the security of communication between user equipment and a cloud server is improved.
In order to make the aforementioned objects, features and advantages of the present invention more comprehensible, the present invention is described in detail with reference to the accompanying drawings and the detailed description thereof.
Fig. 1 is a schematic flow diagram of a lightweight authentication method for an internet of things system in a cloud computing environment of the present invention, fig. 2 is a schematic flow diagram of a lightweight authentication method for an internet of things system in a cloud computing environment of the present invention, fig. 3 is a schematic data transmission diagram of a lightweight authentication method for an internet of things system in a cloud computing environment of the present invention, as shown in fig. 1 to fig. 3, a lightweight authentication method for an internet of things system in a cloud computing environment, comprising the following steps:
a system initialization stage:
step 101: initializing system parameters through an identity trust registration center, wherein the initialized system parameters comprise values obtained by calculation through a chaotic mapping algorithm.
System parameters x, T are initialized via Identity Trust Registry (ITR)s1(x),p,H1(·),H2(. cndot.) wherein x is a random number, p is a large prime number, Ts1(x) Representing a value calculated by a chaotic mapping algorithm based on a random number s1, s2 being a random number, s1 and s2 being private keys, Ts1(x) As the public key, H1(. cndot.) and H2(. cndot.) is a one-way hash function.
The communication entities (user equipment and cloud server) are connected to the PUF (physical unclonable Function) via a microcontroller component. Furthermore, the communication between the microcontroller and the PUF cannot be tampered with. The present invention employs a Barrel shift Physical Unclonable Function (BS-PUF). For a BS-PUF, the swappable BS-PUF requires both logical and physical swappability, and the entanglement function must be physically swappable. The commutative behavior of the BS-PUF depends on the logical commutative behavior and the physical commutative behavior, whereas the physical commutative behavior depends on the commutative behavior of the entanglement function. Physical measurement of BS-PUF function at BS-PUF2(BS-PUF1(x) ) and BS-PUF1(BS-PUF2(x) Is identical in the BS-PUF function, so the BS-PUF function is independent of the bit state. I.e. a combination of two exchangeable BS-PUFs-BS-PUF1And BS-PUF2。BS-PUF2(BS-PUF1(x))=BS-PUF1(BS-PUF2(x))。
The invention adopts a chaos mapping algorithm as Chebyshev chaos mapping.
A registration stage:
step 102: and based on the barrel shift physical unclonable function, carrying out identity registration on the user equipment through the identity trust registration center to obtain user registration information, and storing the identity information of the user equipment in the identity trust registration center.
Wherein, step 102 specifically comprises:
generating user registration request information based on a random number and a chaotic mapping algorithm, wherein the user registration request information comprises an identity of an internet of things user and a first encrypted user password PW encrypted by the internet of things user passwordiAnd a second encrypted user password PK generated using a barrel-shifting physical unclonable functioniAnd the user equipment sends the user registration request information to the identity trust registration center.
And the identity trust registration center detects whether the identity identification of the user of the Internet of things exists after receiving the user registration request information, if not, the identity trust registration center generates first user registration information based on the user registration request information, and the first user registration information is sent to the user equipment.
And after receiving the first user registration information, the user equipment generates second user registration information based on the first user registration information, and writes the second user registration information into the smart card corresponding to the user equipment.
Step 103: and based on the barrel shift physical unclonable function, carrying out identity registration on the cloud server through the identity trust registration center to obtain cloud server registration information, and storing the identity information of the cloud server in the identity trust registration center.
Wherein, step 103 specifically comprises:
generating cloud server registration request information based on a random number and a chaotic mapping algorithm, wherein the cloud server registration request information comprises a cloud server identity and a cloud server password generated by adopting a barrel shift physical unclonable function; and the cloud server sends the cloud server registration request information to the identity trust registration center.
After receiving the cloud server registration request information, the identity trust registration center detects whether a cloud server identity exists in the data block, if not, the identity trust registration center generates cloud server registration information based on the cloud server registration request information, and sends the cloud server registration information to the cloud server.
And after receiving the cloud server registration information, the cloud server publishes the cloud server pseudonym and the public key of the cloud server, wherein the cloud server pseudonym is generated according to the cloud server identity.
Login and authentication phase:
step 104: and performing authentication between the user equipment and the identity trust registration center and authentication between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registration center and the identity information of the cloud server stored in the identity trust registration center.
Wherein, step 104 specifically includes:
and the user equipment is inserted with the intelligent card to log in the user identity of the Internet of things.
After the user identity of the Internet of things is successfully logged in, the user equipment sends the generated first authentication request message to the identity trust registration center; the first authentication request message comprises a pseudonym RID of the user of the Internet of thingsiA first intermediate quantity CIDiThe first judgment mark CMiTime stamp T1The first judgment mark CMiAccording to the user of the Internet of thingsAnd generating the identity identification and chaotic mapping algorithm.
When the identity trust registration center receives the first authentication request message, the time stamp T is verified1If it is legal, if the timestamp T is1Stopping authentication if the comparison result is not correct, and stopping authentication if the comparison result is not correct1If the identity trust registration center is legal, the identity trust registration center passes the pseudonym RID of the user of the Internet of thingsiThe ID of the corresponding Internet of things user is found in the databasei(ii) a According to the identity ID of the currently searched user of the Internet of thingsiGenerating a second judgment mark CM by using a chaotic mapping algorithmi' by judging the first judgment mark CMiAnd the second judgment mark CMi' whether or not equal determines whether or not the first authentication is completed.
If the first authentication is finished, the identity trust registration center sends a generated second authentication request message to the user equipment, wherein the second authentication request message comprises a third judgment identification IMiAnd a time stamp T2And the third judgment mark IMiAnd generating according to the identity of the user of the Internet of things, the pseudonym of the cloud server, the chaotic mapping algorithm and the barrel shift physical unclonable function.
After the user equipment receives the second authentication request message, the timestamp T is verified2If it is legal, if the timestamp T is2Stopping authentication if the password is not matched, and stopping authentication if the password is not matched2If the identity identification is legal, a fourth judgment identification IM is generated according to the identity identification of the user of the Internet of things, the pseudonym of the cloud server, the chaotic mapping algorithm and the barrel shift physical unclonable functioni', by judging the third judgment mark IMiAnd the fourth judgment mark IMi' whether or not equal to each other determines whether or not the second authentication is completed.
If the second authentication is completed, the user equipment sends the generated third authentication request message to the cloud server; the third authentication request message comprises a pseudonym of the user of the internet of things, a pseudonym of the cloud server and a fifth judgment mark JMiAnd a time stamp T3(ii) a The fifth judgment identification is according to the pseudonym of the user of the Internet of things, the pseudonym of the cloud server, the chaotic mapping algorithm and the barrel shiftA physical unclonable function is generated.
After receiving the third authentication request message, the cloud server verifies a timestamp T3If it is legal, if the timestamp T is3Stopping authentication if the password is not matched, and stopping authentication if the password is not matched3If the internet of things user is legal, the cloud server generates a sixth judgment mark JM according to the pseudonym of the internet of things user, the pseudonym of the cloud server, the chaotic mapping algorithm and the barrel shift physical unclonable functioniAnd if yes, judging whether the third authentication is finished or not by judging whether the fifth judgment mark is equal to the sixth judgment mark.
If the third authentication is finished, generating a first session key based on a barrel shift physical unclonable function and a random value, and sending a generated fourth authentication request message to the user equipment by the cloud server for fourth authentication; the fourth authentication request message includes a seventh judgment flag MKjThe seventh judgment flag MKjThe encrypted first session key;
after receiving the fourth authentication request message, the user equipment generates a second session key according to the fourth authentication request message by using a barrel shift physical unclonable function, encrypts the second session key and generates an eighth judgment mark MKj' judging whether the fourth authentication is finished or not by judging whether the seventh judgment mark is equal to the eighth judgment mark or not;
and if the fourth authentication is finished, finishing the authentication.
Step 105: and after the authentication between the user equipment and the identity trust registration center and the authentication between the user equipment and the cloud server are completed, the user equipment and the cloud server communicate through a session key.
The following describes in detail specific processes of the registration, login and authentication stages in the lightweight authentication method for the internet of things system in the cloud computing environment.
Generating user registration request information based on random number and chaotic mapping algorithm, wherein the user registration request information comprises an identity identifier and an object of a user of the Internet of thingsFirst encrypted user password PW after encryption of networking user passwordiAnd a second encrypted user password PK generated using a barrel-shifting physical unclonable functioniThe sending, by the user equipment, the user registration request information to the identity trust registration center specifically includes:
user equipment IoTUi(Internet of things User, IoTU) selection of User true identity IDiUser password PwdiAnd a random number aiAnd a random number biComputing public keys
Figure BDA0003656491390000091
PWi=H1(IDi||Pwdi||bi)mod n,24≤n≤26IoTU of user equipmentiSending user registration request information to an identity trust registration center through a secure channel, wherein the user registration request information is { ID }i,PWi,PKiIn which PW isiFor the encrypted value of the user password, parameter PKi=BS-PUFi(ai) Wherein the BS-PUFi() Shifting the physical unclonable function for the bucket,
Figure BDA0003656491390000092
the representation being based on a random number biAnd calculating the obtained value by adopting a chaotic mapping algorithm.
The identity trust registration center receives the user registration request Information (ID)i,PWi,PKiAfter that, the user's identity ID is detectediIf the user pseudonym exists in the data block, if the user pseudonym exists, the user pseudonym RID is calculatediAnd an intermediate parameter Ai、Bi、CiAnd Di,RIDi=H1(IDi||s1),Ai=H1(IDi||ti),Bi=Ai⊕PWi,Ci=H1(PWi||PKi||Bi),Di=H1(H1(IDi)||H1(s2)), identityTrust registry for generating first user registration information { RID }i,Bi,Ci,DiAnd register the first user with information { RID }i,Bi,Ci,DiIs sent to the user equipment IoTUiThe identity trust registry stores user information (RID)i,IDi,PKiIn which tiRepresenting a random number, | | represents a connector.
User equipment IoTUiReceiving first user registration information { RIDi,Bi,Ci,DiAfter that, the intermediate parameter F is calculatedi=Bi⊕H1(IDi||Pwdi||PKi) Intermediate parameter Ei=Di⊕PWiRegistering the second user with information { Fi,Ci,Ei,biWriting user identity as IDiSmart Card (SC) corresponding to the internet of things user.
Based on the barrel shift physical unclonable function, identity registration is carried out on the cloud server through the identity trust registration center to obtain cloud server registration information, and the identity information of the cloud server is stored in the identity trust registration center, which specifically comprises the following steps:
cloud server CSj(CS) selecting a real cloud server identity IDjAnd a random number cjAnd a random number djComputing public key DKj
Figure BDA0003656491390000101
Intermediate parameter PKj=BS-PUFj(cj) Cloud server CSjSending cloud server registration request information to an identity trust registration center through a secure channel; the cloud server registration request information is { ID }j,PKj},BS-PUFj() Shifting the physical unclonable function for the bucket,
Figure BDA0003656491390000102
the representation being based on a random number djAnd calculating the obtained value by adopting a chaotic mapping algorithm.
Identity trust registry receives cloud server registration request Information (ID)j,PKjFourthly, detecting the identity ID of the cloud serverjWhether the data block exists or not is judged, if not, the cloud server pseudonym RID is calculatedj=H1(IDjS2) and an intermediate parameter SDj=H1(s2) the identity trust registry generates first cloud server registration information { RIDj,SDj} and register the first cloud server with information { RIDj,SDjSending the data to a cloud server CS through a secure channeljThe identity trust registry stores cloud server Information (ID)j,PKj,cj,RIDj}。
Cloud server CSjReceiving first cloud server registration information { RIDj,SDjAfter this, the message { SD } is savedj,PKj,cj,dj} and publish the message { RIDj,DKj}。
Performing authentication between the user equipment and the identity trust registration center and authentication between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registration center and the identity information of the cloud server stored in the identity trust registration center, specifically including:
user equipment IoTUiInserting a smart card, and providing IoTU to the user equipment through the smart cardiInput user identity IDiUser password PwdiAnd PKiThe smart card calculates an intermediate parameter Bi=Fi⊕H1(IDi||Pwdi||PKi) Intermediate parameter PWi=H1(IDi||Pwdi||bi) And an intermediate parameter Ci’=H1(PWi||PKi||bi) IoTU of user equipmentiVerification Ci' with stored CiIf not, the login fails, if so, the user identity IDiThe login is successful.
User identity IDiAfter login is successful, the user equipment IoTUiSending a first authentication request message { RIDi,CIDi,CMi,T1} to an identity trust registry; wherein, the parameter CIDi=RIDj⊕IKi,CMi=H1(IKi||IDi||T1) Parameter of
Figure BDA0003656491390000111
T1A time stamp is represented.
When the identity trust registry receives the first authentication request message { RIDi,CIDi,CMi,T1After that, the timestamp T is verified1If it is legal, if the timestamp T is1Stopping authentication if the comparison result is not correct, and stopping authentication if the comparison result is not correct1If the identity trust registry bank is legal, the identity trust registry bank passes the RID in the first authentication request messageiFind out the corresponding ID in the databaseiCalculating the parameters
Figure BDA0003656491390000112
And parameter CMi’=H1(IKi’||IDi||T1) Judging CMi' and CMiIf not, stopping authentication, and if so, calculating RIDj=CIDi⊕IKi', by RIDjFinding a corresponding PK in a databasejParameter CPKi=(PKj||cj)⊕IKi', parameter CSMi=H1(IDj||SDj) Parameter IMi=H1(IDi||RIDj||IKi’||PKi||T2),T2For time stamping, the identity trust registry provides the user equipment IoTU withiSending a second authentication request message { CPKi,CSMi,IMi,T2}。
Figure BDA0003656491390000113
When user equipment IoTUiReceiving a second authentication request message { CPKi,CSMi,IMi,T2After that, the timestamp T is verified2If it is legal, if the timestamp T is2Stopping authentication if the comparison result is not correct, and stopping authentication if the comparison result is not correct2If it is legal, the parameter PK is calculated by the received second authentication request messagej||cj=CPKi⊕IKiAnd parameter IMi’=H1(IDi||RIDj||IKi||PKi||T2) Based on PKj||cjBy PKjAnd cjDetermining PKjAnd cjDetermining IMi' and IMiWhether the difference is equal, if not, the authentication is stopped, and if so, the user equipment IoTUiCalculating parameter HKi=BS-PUFi(BS-PUFj(cj) HRK), parametersi=BS-PUFi(cj) Parameter(s)
Figure BDA0003656491390000114
Parameter EKi=BS-PUFi(cj)⊕TKiParameter UKi=ai⊕HKiParameter LKi=PKi⊕CSMiParameter Di=Ei⊕PWiAnd parameter JMi=H1(RIDi||RIDj||TKi||Di||T3) And transmits a third authentication request message { RIDi,RIDj,CKi,EKi,UKi,LKi,JMi,T3To cloud server CSj(ii) a Wherein, T3Is a time stamp.
When cloud server CSjReceiving a third authentication request message { RIDi,RIDj,CKi,EKi,UKi,LKi,JMi,T3After that, the timestamp T is verified3If it is legal, if the timestamp T is3Stopping authentication if the password is not matched, and stopping authentication if the password is not matched3If legal, the cloud serverCSjAccording to the stored { SDj,PKj,cj,dj}, calculating parameters
Figure BDA0003656491390000121
BS-PUFi(cj)=EKi⊕TKi', parameter HKi’=BS-PUFj(BS-PUFi(cj))、ai=UKi⊕HKi', parameter CSMi’=H1(IDj||SDj) Parameter PKi=LKi⊕CSMi', parameter Di’=H1(H1(IDi)||H2(s2)) and a parameter JMi’=H1(RIDi||RIDj||TKi’||Di’||T3) Verification JMi' with JMiWhether the data are equal or not, if not, the authentication is stopped, and if so, the cloud server CS is finishedjFor user equipment IoTUiThe authentication of (1).
When cloud server CSjCompleting IoTU for user equipmentiAfter authentication, the cloud server CSjCalculating the parameter URj=BS-PUFj(ai) Parameter CSKj=BS-PUFj(PKi)=BS-PUFj(BS-PUFi(ai))、Kj=H2(RIDi||RIDj||CSKj||HKi’||ai||cj) Parameter MKj=H1(Kj||T4) And parameter GKj=URj⊕TKi’,KjRepresents the first session key, and sends a fourth authentication request message { GKj,MKj,T4}; wherein T is4Is a time stamp.
When user equipment IoTUiReceiving a fourth authentication request message { GKj,MKj,T4After that, the timestamp T is verified4If it is legal, if the timestamp T is4Stopping authentication if the comparison result is not correct, and stopping authentication if the comparison result is not correct4If it is legal, the parameter UR is calculatedj’=GKj⊕TKiParameter CSKj’=BS-PUFi(URj’)=BS-PUFi(BS-PUFj(ai))、Ki=H2(RIDi||RIDj||CSKj’||HKi||ai||cj) And parameter MKj’=H1(Ki||T4),KiRepresents the second session key, and determines MKj' and MKjWhether the difference is equal or not, if not, the authentication is stopped, and if so, the user equipment IoTU is completediTo cloud server CSjThe authentication of (2).
When the IoTU of the user equipment is finishediTo cloud server CSjAfter authentication, the user equipment IoTUiAnd cloud server CSjBy means of a session password KjAnd a session key KiCommunication is performed.
The chaotic mapping algorithm is Chebyshev chaotic mapping.
BS-PUFi() And BS-PUFj() BS-PUF with physical exchangeabilityj(BS-PUFi(x))=BS-PUFi(BS-PUFj(x))。
Verifying timestamp T1Whether it is legitimate, in particular the verification timestamp T1Whether the time stamp T is within a preset range or not is verified2、T3And T4And a verification timestamp T1The same is true.
Each message of the present invention contains either a timestamp or a random secret, or both, which the recipient verifies before any processing of the received message. Therefore, the present invention can prevent replay attacks.
The session key generated in the authentication process is the user equipment IoTUiAnd cloud server CSjGenerated by a secret value calculated by a respectively generated secret value and a bucket-shifted physically unclonable function. Any two different session keys are otherwise independent of each other so that the adversary cannot destroy the other session keys later. Thus, the security of the session key is guaranteed.
In the authentication process, the communication entities all have own physical unclonable functions, so that an attacker cannot generate corresponding physical unclonable function values even if obtaining secret values, and therefore, the method can effectively resist node capture attack.
The message generated in the authentication process comprises a chaos mapping cryptographic algorithm and a secret value calculated by a bucket-shifting physical unclonable function, so that the corresponding message cannot be calculated without the secret value generated by the corresponding algorithm. Thus, if any information is tampered with, it will result in a failure of the verification. Thus, no messages can be tampered with dynamically. The invention realizes the anonymous communication of the user equipment and ensures the privacy security of the user.
In a cloud computing environment scene of the Internet of things, a user can access a cloud server at any time and any place to obtain relevant data of the Internet of things, and can send a command to equipment of the Internet of things through the cloud server to realize remote production control. However, the cloud server provides internet of things services for the users through an insecure public channel, and therefore, the users must be authenticated with each other. Only authorized users can access the cloud server to obtain the service of the Internet of things equipment. Therefore, the present invention proposes a lightweight authentication method for an internet of things system in a cloud computing environment, which uses a Barrel shift physical Unclonable Function (BS-PUF) and a chaotic mapping algorithm, and uses multi-factors (user password and smart card) to ensure security of authentication. In a cloud computing environment, the method of the invention enables an external user and the cloud server to mutually authenticate, directly and safely access data on the cloud server through the negotiated session key, resist common attacks and ensure the safety of communication.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the foregoing, the description is not to be taken in a limiting sense.

Claims (6)

1. A lightweight authentication method for an Internet of things system in a cloud computing environment is characterized by comprising the following steps:
initializing system parameters through an identity trust registration center, wherein the initialized system parameters comprise values obtained by calculation by adopting a chaotic mapping algorithm;
based on a barrel shift physical unclonable function, carrying out identity registration on user equipment through an identity trust registration center to obtain user registration information, and storing the identity information of the user equipment in the identity trust registration center;
based on a barrel shift physical unclonable function, identity registration is carried out on a cloud server through an identity trust registration center to obtain cloud server registration information, and the identity information of the cloud server is stored in the identity trust registration center;
performing authentication between the user equipment and the identity trust registry and authentication between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registry and the identity information of the cloud server stored in the identity trust registry;
and after the authentication between the user equipment and the identity trust registry and the authentication between the user equipment and the cloud server are completed, the user equipment and the cloud server communicate through a session key.
2. The lightweight authentication method for internet of things system in cloud computing environment according to claim 1, wherein the initialization system parameter is { x, T }s1(x),p,H1(·),H2(. cndot.) wherein x is a random number and p is a macroelementNumber, Ts1(x) Representing a value calculated by a chaotic mapping algorithm based on a random number s1, s2 being a random number, s1 and s2 being private keys, Ts1(x) As system public key, H1(. and H)2(. cndot.) is a one-way hash function.
3. The lightweight authentication method for an internet of things system in a cloud computing environment according to claim 1, wherein the identity registration of the user equipment is performed through an identity trust registration center based on the bucket-shifting physical unclonable function to obtain user registration information, and the identity information of the user equipment is stored in the identity trust registration center, and specifically includes:
generating user registration request information based on a random number and a chaotic mapping algorithm, wherein the user registration request information comprises an identity of an internet of things user and a first encrypted user password PW encrypted by the internet of things user passwordiAnd a second encrypted user password PK generated using a barrel-shifting physical unclonable functioniThe user equipment sends the user registration request information to the identity trust registration center;
after receiving the user registration request information, the identity trust registration center detects whether an identity mark of the user of the Internet of things exists, if not, the identity trust registration center generates first user registration information based on the user registration request information, and the first user registration information is sent to the user equipment;
and after receiving the first user registration information, the user equipment generates second user registration information based on the first user registration information, and writes the second user registration information into the smart card corresponding to the user equipment.
4. The lightweight authentication method for an internet of things system in a cloud computing environment according to claim 3, wherein the identity registration of the cloud server is performed through the identity trust registry to obtain cloud server registration information based on the bucket-shifting physical unclonable function, and the identity information of the cloud server is stored in the identity trust registry, and specifically comprises:
generating cloud server registration request information based on a random number and a chaotic mapping algorithm, wherein the cloud server registration request information comprises a cloud server identity and a cloud server password generated by adopting a barrel shift physical unclonable function; the cloud server sends the cloud server registration request information to the identity trust registry;
after receiving cloud server registration request information, the identity trust registration center detects whether a cloud server identity mark exists in a data block, if not, the identity trust registration center generates cloud server registration information based on the cloud server registration request information and sends the cloud server registration information to a cloud server;
and after receiving the cloud server registration information, the cloud server publishes the cloud server pseudonym and the public key of the cloud server, wherein the cloud server pseudonym is generated according to the cloud server identity.
5. The lightweight authentication method for the internet of things system in the cloud computing environment according to claim 4, wherein the authentication between the user equipment and the identity trust registry and the authentication between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registry and the identity information of the cloud server stored in the identity trust registry specifically comprise:
the user equipment is inserted with the intelligent card to carry out user identity login of the Internet of things;
after the user identity of the Internet of things is successfully logged in, the user equipment sends the generated first authentication request message to the identity trust registration center; the first authentication request message comprises a pseudonym RID of the user of the Internet of thingsiA first intermediate quantity CIDiThe first judgment mark CMiTime stamp T1The first judgment mark CMiGenerating according to the identity of the user of the Internet of things and a chaotic mapping algorithm;
when the identity trust registration center receives the first authentication request message, verifying the timestamp T1If it is legal, if the timestamp T is valid1Stopping authentication if the comparison result is not correct, and stopping authentication if the comparison result is not correct1If the identity trust registration center is legal, the identity trust registration center passes the pseudonym RID of the user of the Internet of thingsiThe ID of the corresponding Internet of things user is found in the databasei(ii) a According to the identity ID of the currently searched user of the Internet of thingsiGenerating a second judgment mark CM by using a chaotic mapping algorithmi' by judging the first judgment mark CMiAnd the second judgment mark CMiJudging whether the first authentication is finished or not;
if the first authentication is finished, the identity trust registration center sends a generated second authentication request message to the user equipment, wherein the second authentication request message comprises a third judgment identification IMiAnd a time stamp T2The third judgment mark IMiGenerating according to the identity of the user of the Internet of things, the pseudonym of the cloud server, a chaotic mapping algorithm and a barrel shift physical unclonable function;
after the user equipment receives the second authentication request message, verifying the timestamp T2If it is legal, if the timestamp T is valid2Stopping authentication if the comparison result is not correct, and stopping authentication if the comparison result is not correct2If the identity identification is legal, a fourth judgment identification IM is generated according to the identity identification of the user of the Internet of things, the pseudonym of the cloud server, the chaotic mapping algorithm and the barrel shift physical unclonable functioni', by judging the third judgment mark IMiAnd the fourth judgment mark IMiWhether the authentication is equal or not is judged;
if the second authentication is completed, the user equipment sends the generated third authentication request message to the cloud server; the third authentication request message comprises a pseudonym of the user of the internet of things, a pseudonym of the cloud server and a fifth judgment mark JMiAnd a time stamp T3(ii) a The fifth judgment mark is according toGenerating pseudonyms of users of the Internet of things, pseudonyms of the cloud server, chaotic mapping algorithm and barrel shift physical unclonable function;
after receiving the third authentication request message, the cloud server verifies a timestamp T3If it is legal, if the timestamp T is3Stopping authentication if the password is not matched, and stopping authentication if the password is not matched3If the judgment result is legal, the cloud server generates a sixth judgment mark JM according to the pseudonym of the user of the Internet of things, the pseudonym of the cloud server, the chaotic mapping algorithm and the barrel shift physical unclonable functioniJudging whether the third authentication is finished or not by judging whether the fifth judgment mark is equal to the sixth judgment mark or not;
if the third authentication is finished, generating a first session key based on a barrel shift physical unclonable function and a random value, and sending a generated fourth authentication request message to the user equipment by the cloud server for fourth authentication; the fourth authentication request message includes a seventh judgment flag MKjAnd the seventh judgment flag MKjThe encrypted first session key;
after receiving the fourth authentication request message, the user equipment generates a second session key according to the fourth authentication request message by using a barrel shift physical unclonable function, encrypts the second session key and generates an eighth judgment mark MKj' judging whether the fourth authentication is finished or not by judging whether the seventh judgment mark is equal to the eighth judgment mark or not;
and if the fourth authentication is finished, finishing the authentication.
6. The lightweight authentication method for the internet of things system in the cloud computing environment according to claim 1, wherein the chaotic mapping algorithm is Chebyshev chaotic mapping.
CN202210563565.5A 2022-05-23 2022-05-23 Lightweight authentication method for Internet of things system in cloud computing environment Active CN114785615B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210563565.5A CN114785615B (en) 2022-05-23 2022-05-23 Lightweight authentication method for Internet of things system in cloud computing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210563565.5A CN114785615B (en) 2022-05-23 2022-05-23 Lightweight authentication method for Internet of things system in cloud computing environment

Publications (2)

Publication Number Publication Date
CN114785615A true CN114785615A (en) 2022-07-22
CN114785615B CN114785615B (en) 2023-07-25

Family

ID=82409234

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210563565.5A Active CN114785615B (en) 2022-05-23 2022-05-23 Lightweight authentication method for Internet of things system in cloud computing environment

Country Status (1)

Country Link
CN (1) CN114785615B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115085945A (en) * 2022-08-22 2022-09-20 北京科技大学 Authentication method and device for intelligent lamp pole equipment
CN115955320A (en) * 2023-03-15 2023-04-11 北京电信易通信息技术股份有限公司 Video conference identity authentication method
CN116614809A (en) * 2023-05-08 2023-08-18 肇庆学院 Wireless sensor network authentication protocol method based on physical unclonable function

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338201A (en) * 2013-07-02 2013-10-02 山东科技大学 Remote identity authentication method participated in by registration center under multi-sever environment
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
AU2020102146A4 (en) * 2020-09-05 2020-11-05 Alam, Mohammad Shabbir MR Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol
KR20210123575A (en) * 2020-04-03 2021-10-14 한국전자통신연구원 Termimal, server, lightweight authentication method using the same
US20210367753A1 (en) * 2018-11-02 2021-11-25 Shenyang Institute Of Automation, Chinese Academy Of Sciences Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption
CN114205091A (en) * 2021-11-30 2022-03-18 安徽大学 Chaos mapping-based network authentication and key agreement method for automatic driving vehicle
CN114339675A (en) * 2021-12-09 2022-04-12 湖北工业大学 Internet of vehicles lightweight authentication and key sharing system and method
US20220116234A1 (en) * 2021-12-20 2022-04-14 Intel Corporation Methods and apparatus to derive and verify virtual physical unclonable keys
CN114422152A (en) * 2022-03-30 2022-04-29 科大天工智能装备技术(天津)有限公司 Industrial environment authentication method based on PUF and block chain

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338201A (en) * 2013-07-02 2013-10-02 山东科技大学 Remote identity authentication method participated in by registration center under multi-sever environment
US20210367753A1 (en) * 2018-11-02 2021-11-25 Shenyang Institute Of Automation, Chinese Academy Of Sciences Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
KR20210123575A (en) * 2020-04-03 2021-10-14 한국전자통신연구원 Termimal, server, lightweight authentication method using the same
AU2020102146A4 (en) * 2020-09-05 2020-11-05 Alam, Mohammad Shabbir MR Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol
CN114205091A (en) * 2021-11-30 2022-03-18 安徽大学 Chaos mapping-based network authentication and key agreement method for automatic driving vehicle
CN114339675A (en) * 2021-12-09 2022-04-12 湖北工业大学 Internet of vehicles lightweight authentication and key sharing system and method
US20220116234A1 (en) * 2021-12-20 2022-04-14 Intel Corporation Methods and apparatus to derive and verify virtual physical unclonable keys
CN114422152A (en) * 2022-03-30 2022-04-29 科大天工智能装备技术(天津)有限公司 Industrial environment authentication method based on PUF and block chain

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115085945A (en) * 2022-08-22 2022-09-20 北京科技大学 Authentication method and device for intelligent lamp pole equipment
CN115085945B (en) * 2022-08-22 2022-11-29 北京科技大学 Authentication method and device for intelligent lamp pole equipment
CN115955320A (en) * 2023-03-15 2023-04-11 北京电信易通信息技术股份有限公司 Video conference identity authentication method
CN116614809A (en) * 2023-05-08 2023-08-18 肇庆学院 Wireless sensor network authentication protocol method based on physical unclonable function
CN116614809B (en) * 2023-05-08 2024-01-12 肇庆学院 Wireless sensor network authentication method based on physical unclonable function

Also Published As

Publication number Publication date
CN114785615B (en) 2023-07-25

Similar Documents

Publication Publication Date Title
Mandal et al. Certificateless-signcryption-based three-factor user access control scheme for IoT environment
CN109714167B (en) Identity authentication and key agreement method and equipment suitable for mobile application signature
Zhang et al. A privacy-aware PUFs-based multiserver authentication protocol in cloud-edge IoT systems using blockchain
CN1777096B (en) Password protection method and device
US7562221B2 (en) Authentication method and apparatus utilizing proof-of-authentication module
CN101421968B (en) Authentication system for networked computer applications
Tsai et al. New dynamic ID authentication scheme using smart cards
JP4885853B2 (en) Renewable and private biometrics
CN114785615B (en) Lightweight authentication method for Internet of things system in cloud computing environment
CN107360571B (en) Method for anonymous mutual authentication and key agreement protocol in mobile network
US8285989B2 (en) Establishing a secured communication session
Lai et al. Applying semigroup property of enhanced Chebyshev polynomials to anonymous authentication protocol
US9531540B2 (en) Secure token-based signature schemes using look-up tables
EP0661845B1 (en) System and method for message authentication in a non-malleable public-key cryptosystem
KR101686167B1 (en) Apparatus and Method for Certificate Distribution of the Internet of Things Equipment
CN109639426B (en) Bidirectional self-authentication method based on identification password
WO2009105996A1 (en) Method, device and system for realizing service access
Xiong et al. An efficient privacy-aware authentication scheme with hierarchical access control for mobile cloud computing services
Chen et al. Security analysis and improvement of user authentication framework for cloud computing
CN114422152A (en) Industrial environment authentication method based on PUF and block chain
JP2016514913A (en) Method and apparatus for establishing a session key
Farash et al. Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps
CN113572765B (en) Lightweight identity authentication key negotiation method for resource-limited terminal
Bouchaala et al. Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card
Singh et al. Cryptanalysis and improvement in user authentication and key agreement scheme for wireless sensor network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100083 No. 30, Haidian District, Beijing, Xueyuan Road

Applicant after: University OF SCIENCE AND TECHNOLOGY BEIJING

Applicant after: USTC TIANGONG INTELLIGENT EQUIPMENT TECHNOLOGY (TIANJIN) CO.,LTD.

Address before: 300308 Building 1, block g, No. 6, Huafeng Road, Huaming high tech Industrial Zone, Dongli District, Tianjin

Applicant before: USTC TIANGONG INTELLIGENT EQUIPMENT TECHNOLOGY (TIANJIN) CO.,LTD.

Applicant before: University OF SCIENCE AND TECHNOLOGY BEIJING

CB02 Change of applicant information
CB03 Change of inventor or designer information

Inventor after: Zhang Bo

Inventor after: Wan Yadong

Inventor after: Zhang Chao

Inventor before: Wan Yadong

Inventor before: Zhang Bo

Inventor before: Zhang Chao

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant