CN114785615B - Lightweight authentication method for Internet of things system in cloud computing environment - Google Patents

Lightweight authentication method for Internet of things system in cloud computing environment Download PDF

Info

Publication number
CN114785615B
CN114785615B CN202210563565.5A CN202210563565A CN114785615B CN 114785615 B CN114785615 B CN 114785615B CN 202210563565 A CN202210563565 A CN 202210563565A CN 114785615 B CN114785615 B CN 114785615B
Authority
CN
China
Prior art keywords
cloud server
identity
user
authentication
registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210563565.5A
Other languages
Chinese (zh)
Other versions
CN114785615A (en
Inventor
张波
万亚东
张超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology Beijing USTB
Innotitan Intelligent Equipment Technology Tianjin Co Ltd
Original Assignee
University of Science and Technology Beijing USTB
Innotitan Intelligent Equipment Technology Tianjin Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology Beijing USTB, Innotitan Intelligent Equipment Technology Tianjin Co Ltd filed Critical University of Science and Technology Beijing USTB
Priority to CN202210563565.5A priority Critical patent/CN114785615B/en
Publication of CN114785615A publication Critical patent/CN114785615A/en
Application granted granted Critical
Publication of CN114785615B publication Critical patent/CN114785615B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a lightweight authentication method for an Internet of things system in a cloud computing environment, which belongs to the field of communication safety, realizes the registration of user equipment and a cloud server based on a barrel shift physical unclonable function and a chaotic mapping algorithm, saves the registration information of the user equipment and the cloud server to an identity trust registration center, realizes the bidirectional authentication between the user equipment and the cloud server, communicates through a session key after the authentication is successful, and improves the communication safety of the user equipment and the cloud server.

Description

Lightweight authentication method for Internet of things system in cloud computing environment
Technical Field
The invention relates to the technical field of communication security, in particular to a lightweight authentication method for an internet of things system in a cloud computing environment.
Background
The internet of things (Internet ofThings, ioT) utilizes technologies such as mass sensors, intelligent terminals, global positioning systems and the like to establish connection between people and objects at any time and any place, so as to realize intelligent control and management. However, the application of the internet of things in practical applications is still a key problem due to the limitation of low power consumption and computing power of the embedded device. To address this problem, researchers have applied cloud computing to the internet of things. Cloud computing allows all servers and users to access rich computing and storage resources over the internet. Cloud servers possess more resources and more computing power. In a cloud computing environment scene of the Internet of things, the Internet of things equipment and the sensor submit data which are collected by the Internet of things equipment and the sensor and related to the Internet of things to a cloud server through a wired/wireless network. The user can access the cloud server anytime and anywhere to acquire the relevant data of the Internet of things. In addition, the user can send a command to the Internet of things equipment through the cloud server, so that remote production control is realized. The cloud server provides internet of things service for the user through an unsafe public channel, and communication between the user and the cloud server is kept secret. In a cloud computing environment based on the internet of things, it is necessary to authenticate each other. Only authorized users can access the cloud server to acquire services of the Internet of things equipment.
Disclosure of Invention
The invention aims to provide a lightweight authentication method for an internet of things system in a cloud computing environment, which improves the communication security of user equipment and a cloud server.
In order to achieve the above object, the present invention provides the following solutions:
a lightweight authentication method for an Internet of things system in a cloud computing environment comprises the following steps:
initializing system parameters through an identity trust registration center, wherein the initialized system parameters comprise values calculated by adopting a chaotic mapping algorithm;
based on a barrel shift physical unclonable function, carrying out identity registration on the user equipment through an identity trust registration center to obtain user registration information, and storing the identity information of the user equipment in the identity trust registration center;
based on a barrel shift physical unclonable function, carrying out identity registration on the cloud server through an identity trust registration center to obtain cloud server registration information, and storing the identity information of the cloud server in the identity trust registration center;
performing authentication between the user equipment and the identity trust registry and authentication between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registry and the identity information of the cloud server stored in the identity trust registry;
after authentication between the user equipment and the identity trust registry and authentication between the user equipment and the cloud server are completed, the user equipment and the cloud server communicate through a session key.
Optionally, the initialization system parameter is { x, T s1 (x),p,H 1 (·),H 2 (. Cndot.) }, where x is a random number, p is a large prime number, T s1 (x) Representing a value calculated by adopting a chaotic mapping algorithm based on a random number s1, wherein s2 is the random number, s1 and s2 are used as private keys, and T is calculated by adopting a random number s1 (x) As a system public key, H 1 (. Cndot.) and H 2 (. Cndot.) are all one-way hash functions.
Optionally, the barrel shift physical unclonable function is based, the user equipment is subjected to identity registration through the identity trust registration center to obtain user registration information, and the identity information of the user equipment is stored in the identity trust registration center, which specifically comprises:
generating user registration request information based on random numbers and a chaotic mapping algorithm, wherein the user registration request information comprises an identity of an Internet of things user and a first encrypted user password PW after encryption of the Internet of things user password i And a second encrypted user password PK generated using a bucket-shifting physical unclonable function i The user equipment sends the user registration request information to the identity trust registration center;
after receiving the user registration request information, the identity trust registration center detects whether an identity of an Internet of things user exists or not, and if not, the identity trust registration center generates first user registration information based on the user registration request information, and the first user registration information is sent to the user equipment;
and after receiving the first user registration information, the user equipment generates second user registration information based on the first user registration information, and writes the second user registration information into the smart card corresponding to the user equipment.
Optionally, the barrel shift physical unclonable function is based on the step of registering the identity of the cloud server through the identity trust registration center to obtain cloud server registration information, and the step of saving the identity information of the cloud server in the identity trust registration center specifically includes:
generating cloud server registration request information based on a random number and a chaotic mapping algorithm, wherein the cloud server registration request information comprises a cloud server identity and a cloud server password generated by adopting a barrel shift physical unclonable function; the cloud server sends the cloud server registration request information to the identity trust registration center;
after receiving cloud server registration request information, the identity trust registration center detects whether a cloud server identity mark exists in a data block, if not, the identity trust registration center generates cloud server registration information based on the cloud server registration request information and sends the cloud server registration information to a cloud server;
and after receiving the cloud server registration information, the cloud server publishes the cloud server pseudonym and the public key of the cloud server, wherein the cloud server pseudonym is generated according to the cloud server identity.
Optionally, the authenticating between the user equipment and the identity trust registry and the authenticating between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registry and the identity information of the cloud server stored in the identity trust registry specifically includes:
the intelligent card is inserted into the user equipment to log in the user identity of the Internet of things;
after the user identity of the Internet of things is successfully logged in, the user equipment sends the generated first authentication request message to the identity trust registration center; the first authentication request message comprises a pseudonymous RID of the Internet of things user i First intermediate quantity CID i First judgment mark CM i Time stamp T 1 The first judgment mark CM i Generating according to the identity of the user of the Internet of things and a chaotic mapping algorithm;
when the identity trust registration center receives the first authentication request message, verifying the timeStamp T 1 Whether or not it is legal, if the time stamp T 1 If not, stopping authentication, if the time stamp T 1 If the user is legal, the identity trust registration center passes the pseudonym RID of the user of the Internet of things i Searching an identity ID corresponding to the user of the Internet of things in a database i The method comprises the steps of carrying out a first treatment on the surface of the According to the currently searched identity ID of the user of the Internet of things i And the chaotic mapping algorithm generates a second judgment mark CM i ' by judging the first judgment mark CM i And the second judgment mark CM i ' whether the first authentication is completed is judged to be equal;
if the first authentication is completed, the identity trust registry sends a generated second authentication request message to the user equipment, wherein the second authentication request message comprises a third judgment mark IM i And a timestamp T 2 The third judgment mark IM i Generating according to the identity of the user of the Internet of things, a cloud server pseudonym, a chaotic mapping algorithm and a barrel shift physical unclonable function;
after the user equipment receives the second authentication request message, verifying the timestamp T 2 Whether or not it is legal, if the time stamp T 2 If not, stopping authentication, if the time stamp T 2 If the identification is legal, a fourth judgment identification IM is generated according to the identity identification of the user of the Internet of things, the cloud server pseudonym, the chaotic mapping algorithm and the barrel shift physical unclonable function i ' by judging the third judgment mark IM i And the fourth judgment mark IM i ' whether the second authentication is completed is judged to be equal;
if the second authentication is completed, the user equipment sends the generated third authentication request message to the cloud server; the third authentication request message includes a pseudonym of the internet of things user, a pseudonym of the cloud server, and a fifth judgment identification JM i And a timestamp T 3 The method comprises the steps of carrying out a first treatment on the surface of the The fifth judgment mark is generated according to the pseudonym of the Internet of things user, the cloud server pseudonym, a chaotic mapping algorithm and a barrel shift physical unclonable function;
after receiving the third authentication request message, the cloud server verifies the timestamp T 3 Whether or not it is legal, if the time stamp T 3 If not, stopping authentication, if the time stamp T 3 If the cloud server is legal, the cloud server generates a sixth judgment identification JM according to the pseudonym of the Internet of things user, the pseudonym of the cloud server, a chaotic mapping algorithm and a barrel shift physical unclonable function i ' judging whether the third authentication is finished or not by judging whether the fifth judgment mark is equal to the sixth judgment mark or not;
if the third authentication is completed, generating a first session key based on a barrel shift physical unclonable function and a random value, and sending a generated fourth authentication request message to the user equipment by the cloud server to perform fourth authentication; the fourth authentication request message includes a seventh judgment identification MK j The seventh judgment mark MK j Is the encrypted first session key;
after receiving the fourth authentication request message, the user equipment generates a second session key based on a barrel shift physical unclonable function according to the fourth authentication request message, encrypts the second session key to generate an eighth judgment identification MK j ' judging whether the fourth authentication is finished or not by judging whether the seventh judgment mark is equal to the eighth judgment mark or not;
and if the fourth authentication is completed, finishing the authentication.
Optionally, the chaotic mapping algorithm is chebyshev chaotic mapping.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention discloses a lightweight authentication method for an Internet of things system in a cloud computing environment, which is used for realizing registration and bidirectional authentication of user equipment and a cloud server based on a barrel shift physical unclonable function and a chaotic mapping algorithm, and improving the communication security of the user equipment and the cloud server.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a lightweight authentication method for an Internet of things system in a cloud computing environment;
FIG. 2 is a second flow chart of a lightweight authentication method for an Internet of things system in a cloud computing environment according to the present invention;
fig. 3 is a schematic diagram of data transmission of a lightweight authentication method for an internet of things system in a cloud computing environment.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention aims to provide a lightweight authentication method for an internet of things system in a cloud computing environment, which improves the communication security of user equipment and a cloud server.
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
Fig. 1 is a schematic flow diagram of a lightweight authentication method for an internet of things system in a cloud computing environment according to the present invention, fig. 2 is a schematic flow diagram of a lightweight authentication method for an internet of things system in a cloud computing environment according to the present invention, and fig. 3 is a schematic data transmission diagram of a lightweight authentication method for an internet of things system in a cloud computing environment according to the present invention, as shown in fig. 1 to 3, and a lightweight authentication method for an internet of things system in a cloud computing environment according to the present invention, including the following steps:
system initialization phase:
step 101: initializing system parameters through an identity trust registration center, wherein the initialized system parameters comprise values calculated by adopting a chaotic mapping algorithm.
Initializing system parameters { x, T over an identity trusted registry (Identity Trust Registry, ITR) s1 (x),p,H 1 (·),H 2 (. Cndot.) }, where x is a random number, p is a large prime number, T s1 (x) Representing a value calculated by adopting a chaotic mapping algorithm based on a random number s1, wherein s2 is the random number, s1 and s2 are used as private keys, and T is calculated by adopting a random number s1 (x) As public key, H 1 (. Cndot.) and H 2 (. Cndot.) are all one-way hash functions.
The communication entities (user equipment and cloud server) are connected to the PUF (PhysicalUnclonable Function, physically unclonable function) through one microcontroller component. Furthermore, the communication between the microcontroller and the PUF cannot be tampered with. The invention employs a bucket shifting physical unclonable function (Barrel Shifter Physical Unclonable Function, BS-PUF). For BS-PUFs, exchangeable BS-PUFs require logical and physical interchangeability, and entanglement functions must be physically interchangeability. The interchangeability of BS-PUFs depends on logical interchangeability and physical interchangeability, while physical interchangeability depends on interchangeability of entanglement functions. Physical measurement of BS-PUF function in BS-PUF 2 (BS-PUF 1 (x) And BS-PUF 1 (BS-PUF 2 (x) The BS-PUF function is independent of the bit state). I.e. a combination of two exchangeable BS-PUFs-BS-PUF 1 And BS-PUF 2 。BS-PUF 2 (BS-PUF 1 (x))=BS-PUF 1 (BS-PUF 2 (x))。
The invention adopts a chaos mapping algorithm to carry out Chebyshev chaos mapping.
Registration:
step 102: based on the barrel shift physical unclonable function, the user equipment is subjected to identity registration through the identity trust registration center to obtain user registration information, and the identity information of the user equipment is stored in the identity trust registration center.
The step 102 specifically includes:
based on random number and chaosThe mapping algorithm generates user registration request information, wherein the user registration request information comprises an identity of an Internet of things user and a first encrypted user password PW after encryption of the Internet of things user password i And a second encrypted user password PK generated using a bucket-shifting physical unclonable function i The user equipment sends the user registration request information to the identity trust registration center.
After receiving the user registration request information, the identity trust registration center detects whether the identity of the user of the Internet of things exists or not, and if not, the identity trust registration center generates first user registration information based on the user registration request information, and the first user registration information is sent to the user equipment.
And after receiving the first user registration information, the user equipment generates second user registration information based on the first user registration information, and writes the second user registration information into the smart card corresponding to the user equipment.
Step 103: based on the barrel shift physical unclonable function, the cloud server is subjected to identity registration through the identity trust registration center, cloud server registration information is obtained, and the identity information of the cloud server is stored in the identity trust registration center.
Step 103 specifically includes:
generating cloud server registration request information based on a random number and a chaotic mapping algorithm, wherein the cloud server registration request information comprises a cloud server identity and a cloud server password generated by adopting a barrel shift physical unclonable function; and the cloud server sends the cloud server registration request information to the identity trust registration center.
After receiving the cloud server registration request information, the identity trust registration center detects whether the cloud server identity mark exists in the data block, if not, the identity trust registration center generates cloud server registration information based on the cloud server registration request information, and sends the cloud server registration information to a cloud server.
And after receiving the cloud server registration information, the cloud server publishes the cloud server pseudonym and the public key of the cloud server, wherein the cloud server pseudonym is generated according to the cloud server identity.
Login and authentication phase:
step 104: and authenticating between the user equipment and the identity trust registry and authenticating between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registry and the identity information of the cloud server stored in the identity trust registry.
Step 104 specifically includes:
and the intelligent card is inserted into the user equipment to log in the user identity of the Internet of things.
After the user identity of the Internet of things is successfully logged in, the user equipment sends the generated first authentication request message to the identity trust registration center; the first authentication request message comprises a pseudonymous RID of the Internet of things user i First intermediate quantity CID i First judgment mark CM i Time stamp T 1 The first judgment mark CM i And generating according to the identity of the user of the Internet of things and a chaotic mapping algorithm.
After the identity trust registration center receives the first authentication request message, the authentication timestamp T is verified 1 Whether or not it is legal, if the time stamp T 1 If not, stopping authentication, if the time stamp T 1 If the user is legal, the identity trust registration center passes the pseudonym RID of the user of the Internet of things i Searching an identity ID corresponding to the user of the Internet of things in a database i The method comprises the steps of carrying out a first treatment on the surface of the According to the currently searched identity ID of the user of the Internet of things i And the chaotic mapping algorithm generates a second judgment mark CM i ' by judging the first judgment mark CM i And the second judgment mark CM i ' whether or not the first authentication is completed is judged.
If the first authentication is completed, the identity informationAny registry transmits a generated second authentication request message to the user equipment, wherein the second authentication request message comprises a third judgment identity IM i And a timestamp T 2 The third judgment mark IM i And generating according to the identity of the user of the Internet of things, the cloud server pseudonym, the chaotic mapping algorithm and the barrel shift physical unclonable function.
After the user equipment receives the second authentication request message, verifying the timestamp T 2 Whether or not it is legal, if the time stamp T 2 If not, stopping authentication, if the time stamp T 2 If the identification is legal, a fourth judgment identification IM is generated according to the identity identification of the user of the Internet of things, the cloud server pseudonym, the chaotic mapping algorithm and the barrel shift physical unclonable function i ' by judging the third judgment mark IM i And the fourth judgment mark IM i ' whether or not the second authentication is completed is judged.
If the second authentication is completed, the user equipment sends the generated third authentication request message to the cloud server; the third authentication request message includes a pseudonym of the internet of things user, a pseudonym of the cloud server, and a fifth judgment identification JM i And a timestamp T 3 The method comprises the steps of carrying out a first treatment on the surface of the And the fifth judgment mark is generated according to the pseudonym of the Internet of things user, the cloud server pseudonym, a chaotic mapping algorithm and a barrel shift physical unclonable function.
After receiving the third authentication request message, the cloud server verifies the timestamp T 3 Whether or not it is legal, if the time stamp T 3 If not, stopping authentication, if the time stamp T 3 If the cloud server is legal, the cloud server generates a sixth judgment identification JM according to the pseudonym of the Internet of things user, the pseudonym of the cloud server, a chaotic mapping algorithm and a barrel shift physical unclonable function i And', judging whether the third authentication is finished or not by judging whether the fifth judgment mark is equal to the sixth judgment mark.
If the third authentication is completed, generating a first session key based on a bucket-shifting physical unclonable function and a random value, the cloud server transmitting a generated fourth authentication request message to the user equipmentPerforming fourth authentication; the fourth authentication request message includes a seventh judgment identification MK j The seventh judgment mark MK j Is the encrypted first session key;
after receiving the fourth authentication request message, the user equipment generates a second session key based on a barrel shift physical unclonable function according to the fourth authentication request message, encrypts the second session key to generate an eighth judgment identification MK j ' judging whether the fourth authentication is finished or not by judging whether the seventh judgment mark is equal to the eighth judgment mark or not;
and if the fourth authentication is completed, finishing the authentication.
Step 105: after authentication between the user equipment and the identity trust registry and authentication between the user equipment and the cloud server are completed, the user equipment and the cloud server communicate through a session key.
The following describes in detail a specific process of registration, login and authentication stages in a lightweight authentication method for an internet of things system in a cloud computing environment.
Generating user registration request information based on random numbers and a chaotic mapping algorithm, wherein the user registration request information comprises an identity of an Internet of things user and a first encrypted user password PW after encryption of the Internet of things user password i And a second encrypted user password PK generated using a bucket-shifting physical unclonable function i The user equipment sends the user registration request information to the identity trust registration center, and the method specifically comprises the following steps:
user equipment IoTU i (Internet ofThings User, ioTU) select user real identity ID i User password Pwd i And a random number a i And a random number b i Calculating a public keyPW i =H 1 (ID i ||Pwd i ||b i )mod n,2 4 ≤n≤2 6 User equipment IoTU i Transmitting user registration request information to an identity trust registration center through a secure channel, wherein the user registration request information is { ID } i ,PW i ,PK i }, PW (pseudo wire) i For a value encrypted by a user password, parameter PK i =BS-PUF i (a i ) Wherein the BS-PUF i () Shifts the physical unclonable function for the bucket, +.>The representation is based on a random number b i And calculating the obtained value by adopting a chaotic mapping algorithm.
The identity trust registry receives the user registration request information { ID } i ,PW i ,PK i After } detect the user's ID i Whether or not the user exists in the data block, if the user exists, the user pseudonym RID is calculated if the user exists and the user pseudonym RID is not registered i Intermediate parameter A i 、B i 、C i And D i ,RID i =H 1 (ID i ||s1),A i =H 1 (ID i ||t i ),B i =A i ⊕PW i ,C i =H 1 (PW i ||PK i ||B i ),D i =H 1 (H 1 (ID i )||H 1 (s 2)) the identity trust registry generates first user registration information { RID i ,B i ,C i ,D i And registers the first user with the information { RID } i ,B i ,C i ,D i Transmit to user equipment IoTU i The identity trust registry stores user information { RID i ,ID i ,PK i And t is }, where i Represents a random number, || represents a connector.
User equipment IoTU i Receiving first user registration information { RID i ,B i ,C i ,D i After } calculate the intermediate parameter F i =B i ⊕H 1 (ID i ||Pwd i ||PK i ) Intermediate parameter E i =D i ⊕PW i Second user registration information { F i ,C i ,E i ,b i Writing user identity as ID i Smart Card (SC) corresponding to the internet of things user.
Based on a barrel shift physical unclonable function, carrying out identity registration on a cloud server through an identity trust registration center to obtain cloud server registration information, and storing the identity information of the cloud server in the identity trust registration center, wherein the method specifically comprises the following steps:
cloud server CS j (CS) select a real cloud server identity ID j Random number c j And a random number d j Calculate the public key DK jIntermediate parameters PK j =BS-PUF j (c j ) Cloud server CS j Sending cloud server registration request information to an identity trust registration center through a secure channel; the cloud server registration request information is { ID } j ,PK j },BS-PUF j () Shifts the physical unclonable function for the bucket, +.>The representation is based on a random number d j And calculating the obtained value by adopting a chaotic mapping algorithm.
The identity trust registry receives the cloud server registration request information { ID } j ,PK j After } detect cloud server identity ID j If the cloud server pseudonym RID exists in the data block, if the cloud server pseudonym RID does not exist, the cloud server pseudonym RID is calculated j =H 1 (ID j S 2) and intermediate parameter SD j =H 1 (s 2) the identity trust registry generates first cloud server registration information { RID j ,SD j And register the first cloud server with the information { RID } j ,SD j Send to cloud server CS over secure channel j The identity trust registry stores cloud server information { ID } j ,PK j ,c j ,RID j }。
Cloud server CS j Receiving a first cloudServer registration information { RID } j ,SD j After } save message { SD } j ,PK j ,c j ,d j -and publish message { RID } j ,DK j }。
Based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registration center and the identity information of the cloud server stored in the identity trust registration center, authentication between the user equipment and the identity trust registration center and authentication between the user equipment and the cloud server are performed, specifically including:
user equipment IoTU i Inserting a smart card, and transmitting the smart card to user equipment IoTU i Input user identity ID i User password Pwd i And PK i The smart card calculates the intermediate parameter B i =F i ⊕H 1 (ID i ||Pwd i ||PK i ) Intermediate parameter PW i =H 1 (ID i ||Pwd i ||b i ) And intermediate parameter C i ’=H 1 (PW i ||PK i ||b i ) User equipment IoTU i Verification C i ' and preserved C i If the values of (2) are equal, if not, the login fails, and if equal, the user ID i The login is successful.
User identity ID i After successful login, user equipment IoTU i Transmitting a first authentication request message { RID i ,CID i ,CM i ,T 1 -to an identity trust registry; wherein the parameter CID i =RID j ⊕IK i ,CM i =H 1 (IK i ||ID i ||T 1 ) Parameters (parameters)T 1 Representing a time stamp.
When the identity trust registry receives the first authentication request message { RID i ,CID i ,CM i ,T 1 After } verify the timestamp T 1 Whether or not it is legal, if it is time-stampedT 1 If not, stopping authentication, if the time stamp T 1 If the identity trust registration center library is legal, the identity trust registration center library passes through the RID in the first authentication request message i Finding the corresponding ID in the database i Calculating parametersSum parameter CM i ’=H 1 (IK i ’||ID i ||T 1 ) Judging CM i ' and CM i If the two are equal, stopping authentication if the two are not equal, and calculating RID if the two are equal j =CID i ⊕IK i ' by RID j Finding the corresponding PK in the database j Parameter CPK i =(PK j ||c j )⊕IK i ' parameter CSM i =H 1 (ID j ||SD j ) Parameter IM i =H 1 (ID i ||RID j ||IK i ’||PK i ||T 2 ),T 2 For time stamp, the identity trust registration center sends the user equipment IoTU i Sending a second authentication request message { CPK i ,CSM i ,IM i ,T 2 }。
When user equipment IoTU i Receiving the second authentication request message { CPK i ,CSM i ,IM i ,T 2 After } verify the timestamp T 2 Whether or not it is legal, if the time stamp T 2 If not, stopping authentication, if the time stamp T 2 If the authentication request message is legal, calculating the parameter PK through the received second authentication request message j ||c j =CPK i ⊕IK i Sum parameter IM i ’=H 1 (ID i ||RID j ||IK i ||PK i ||T 2 ) PK-based j ||c j By PK j And c j Determining PK of the number of bits of (a) j And c j Judge IM i ' AND IM i Whether or not the authentication is equal, if not, stopping the authenticationIf equal, user equipment IoTU i Calculate parameter HK i =BS-PUF i (BS-PUF j (c j ) Parameter HRK) i =BS-PUF i (c j ) Parameters and parametersParameter EK i =BS-PUF i (c j )⊕TK i Parameter UK i =a i ⊕HK i Parameter LK i =PK i ⊕CSM i Parameter D i =E i ⊕PW i Sum parameter JM i =H 1 (RID i ||RID j ||TK i ||D i ||T 3 ) And transmits a third authentication request message { RID } i ,RID j ,CK i ,EK i ,UK i ,LK i ,JM i ,T 3 ' to cloud Server CS j The method comprises the steps of carrying out a first treatment on the surface of the Wherein T is 3 Is a time stamp.
When cloud server CS j Receiving a third authentication request message { RID i ,RID j ,CK i ,EK i ,UK i ,LK i ,JM i ,T 3 After } verify the timestamp T 3 Whether or not it is legal, if the time stamp T 3 If not, stopping authentication, if the time stamp T 3 Legal, cloud server CS j According to the stored { SD } j ,PK j ,c j ,d j -calculating parametersBS-PUF i (c j )=EK i ⊕TK i ' parameter HK i ’=BS-PUF j (BS-PUF i (c j ))、a i =UK i ⊕HK i ' parameter CSM i ’=H 1 (ID j ||SD j ) Parameters PK i =LK i ⊕CSM i ' parameter D i ’=H 1 (H 1 (IDi)||H 2 (s 2)) and parameter JM i ’=H 1 (RID i ||RID j ||TK i ’||D i ’||T 3 ) Verify JM i ' and JM i If the cloud server CS and the cloud server CS are equal, stopping authentication if the cloud server CS and the cloud server CS are not equal j For user equipment IoTU i Is used for authentication of the mobile terminal.
When cloud server CS j Completion of user equipment IoTU i After authentication of cloud server CS j Calculate the parameters UR j =BS-PUF j (a i ) Parameter CSK j =BS-PUF j (PK i )=BS-PUF j (BS-PUF i (a i ))、K j =H 2 (RID i ||RID j ||CSK j ||HK i ’||a i ||c j ) Parameter MK j =H 1 (K j ||T 4 ) Sum parameter GK j =UR j ⊕TK i ’,K j Representing the first session key, sending a fourth authentication request message { GK }, and j ,MK j ,T 4 -a }; wherein T is 4 Is a time stamp.
When user equipment IoTU i Receiving the fourth authentication request message { GK j ,MK j ,T 4 After } verify the timestamp T 4 Whether or not it is legal, if the time stamp T 4 If not, stopping authentication, if the time stamp T 4 Legal, calculate the parameters UR j ’=GK j ⊕TK i Parameter CSK j ’=BS-PUF i (UR j ’)=BS-PUF i (BS-PUF j (a i ))、K i =H 2 (RID i ||RID j ||CSK j ’||HK i ||a i ||c j ) Sum parameter MK j ’=H 1 (K i ||T 4 ),K i Representing the second session key, determining MK j ' and MK j If the user equipment IoTU is equal, stopping authentication if the user equipment IoTU is not equal, and finishing the user equipment IoTU if the user equipment IoTU is equal i To cloud server CS j Is used for authentication of the mobile terminal.
When finishing user equipment IoTU i To cloud server CS j After authentication of the user equipment IoTU i Cloud server CS j By session password K j And session keyK i Communication is performed.
The chaotic mapping algorithm is chebyshev chaotic mapping.
BS-PUF i () And BS-PUF j () Having physical interchangeability, BS-PUF j (BS-PUF i (x))=BS-PUF i (BS-PUF j (x))。
Verification timestamp T 1 Whether or not it is legal, in particular the verification timestamp T 1 Verifying whether the time stamp T is within a preset range 2 、T 3 And T 4 With verification timestamp T 1 And the same is true.
The invention includes a time stamp or random secret for each message or both, which the recipient verifies before any processing of the received message. Thus, the present invention can prevent replay attacks.
The session key generated in the authentication process is generated by the user equipment IoTU i Cloud server CS j Generated by the secret value calculated by the respective generated secret value and the bucket-shifted physical unclonable function. In addition, any two different session keys are independent of each other, so that an adversary cannot destroy other session keys at a later time. Thus, the security of the session key is ensured.
In the authentication process, the communication entity has own physical unclonable function, so that even if an attacker obtains a secret value, the attacker cannot generate a corresponding physical unclonable function value, and therefore, the method can effectively resist node capture attack.
The message generated in the authentication process includes the secret value calculated by the chaotic mapping cryptographic algorithm and the bucket shifting physical unclonable function, so that the corresponding message cannot be calculated without the secret value generated by the corresponding algorithm. Thus resulting in authentication failure if any information is tampered with. Thus, any message cannot be tampered with dynamically. The invention realizes anonymous communication of the user equipment and ensures privacy security of the user.
In a cloud computing environment scene of the Internet of things, a user can access a cloud server at any time and any place to acquire related data of the Internet of things, and can also send a command to the Internet of things equipment through the cloud server to realize remote production control. But cloud servers provide internet of things services to users through unsecure public channels, so that they must authenticate each other. Only authorized users can access the cloud server to acquire services of the Internet of things equipment. Therefore, the invention provides a lightweight authentication method for an internet of things system in a cloud computing environment, which uses a barrel shift physical unclonable function (Barrel ShifterPhysical Unclonable Function, BS-PUF) and a chaotic mapping algorithm, and uses multiple factors (user password and smart card) to ensure the security of authentication. In the cloud computing environment, the external user and the cloud server perform mutual authentication, and the data on the cloud server is directly and safely accessed through the negotiated session key, so that common attacks can be resisted, and the safety of communication is ensured.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; also, it is within the scope of the present invention to be modified by those of ordinary skill in the art in light of the present teachings. In view of the foregoing, this description should not be construed as limiting the invention.

Claims (6)

1. A lightweight authentication method for an Internet of things system in a cloud computing environment is characterized by comprising the following steps:
initializing system parameters through an identity trust registration center, wherein the initialized system parameters comprise values calculated by adopting a chaotic mapping algorithm;
based on a barrel shift physical unclonable function, carrying out identity registration on the user equipment through the identity trust registration center to obtain user registration information, and storing the identity information of the user equipment in the identity trust registration center;
based on a barrel shift physical unclonable function, carrying out identity registration on a cloud server through the identity trust registration center to obtain cloud server registration information, and storing the identity information of the cloud server in the identity trust registration center;
performing authentication between the user equipment and the identity trust registry and authentication between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registry and the identity information of the cloud server stored in the identity trust registry;
after authentication between the user equipment and the identity trust registry and authentication between the user equipment and the cloud server are completed, the user equipment and the cloud server communicate through a session key.
2. The lightweight authentication method for the internet of things system in the cloud computing environment according to claim 1, wherein the initialization system parameters are { x, T } s1 (x),p,H 1 (·),H 2 (. Cndot.) }, where x is a random number, p is a large prime number, T s1 (x) Representing a value calculated by adopting a chaotic mapping algorithm based on a random number s1, wherein s1 is taken as a private key and T is taken as a private key s1 (x) As a system public key, H 1 (. Cndot.) and H 2 (. Cndot.) are all one-way hash functions.
3. The lightweight authentication method for an internet of things system in a cloud computing environment according to claim 1, wherein the barrel shift physical unclonable function is based on the identity trust registry to perform identity registration on a user device to obtain user registration information, and the identity information of the user device is stored in the identity trust registry, and specifically comprises:
generating user registration request information based on random number and chaotic mapping algorithm, wherein the user registration request information comprises a user registration request informationThe information comprises an identity of an Internet of things user and a first encrypted user password PW after the encryption of the Internet of things user password i And a second encrypted user password PK generated using a bucket-shifting physical unclonable function i The user equipment sends the user registration request information to the identity trust registration center;
after receiving the user registration request information, the identity trust registration center detects whether the identity of the user of the Internet of things exists or not, if not, the identity trust registration center generates first user registration information based on the user registration request information and sends the first user registration information to the user equipment;
and after receiving the first user registration information, the user equipment generates second user registration information based on the first user registration information, and writes the second user registration information into the smart card corresponding to the user equipment.
4. The lightweight authentication method for an internet of things system in a cloud computing environment according to claim 3, wherein the barrel shift physical unclonable function is based on the identity trust registry to perform identity registration on a cloud server to obtain cloud server registration information, and the identity trust registry stores the identity information of the cloud server, and the method specifically comprises:
generating cloud server registration request information based on a random number and a chaotic mapping algorithm, wherein the cloud server registration request information comprises a cloud server identity and a cloud server password generated by adopting a barrel shift physical unclonable function; the cloud server sends the cloud server registration request information to the identity trust registration center;
after receiving cloud server registration request information, the identity trust registration center detects whether a cloud server identity mark exists in a data block, if not, the identity trust registration center generates cloud server registration information based on the cloud server registration request information and sends the cloud server registration information to a cloud server;
and after receiving the cloud server registration information, the cloud server publishes the cloud server pseudonym and the public key of the cloud server, wherein the cloud server pseudonym is generated according to the cloud server identity.
5. The lightweight authentication method for an internet of things system in a cloud computing environment according to claim 4, wherein the authenticating between the user equipment and the identity trust registry and the authenticating between the user equipment and the cloud server based on the user registration information, the cloud server registration information, the identity information of the user equipment stored in the identity trust registry, and the identity information of the cloud server stored in the identity trust registry specifically includes:
the intelligent card is inserted into the user equipment to log in the user identity of the Internet of things;
after the user identity of the Internet of things is successfully logged in, the user equipment sends the generated first authentication request message to the identity trust registration center; the first authentication request message comprises a pseudonymous RID of the Internet of things user i First intermediate quantity CID i First judgment mark CM i Timestamp T 1 The first judgment mark CM i Generating according to the identity of the user of the Internet of things and a chaotic mapping algorithm;
after the identity trust registration center receives the first authentication request message, the authentication timestamp T is verified 1 Whether or not it is legal, if the time stamp T 1 If not, stopping authentication, if the time stamp T 1 If the user is legal, the identity trust registration center passes the pseudonym RID of the user of the Internet of things i Searching an identity ID corresponding to the user of the Internet of things in a database i The method comprises the steps of carrying out a first treatment on the surface of the According to the currently searched identity ID of the user of the Internet of things i And the chaotic mapping algorithm generates a second judgment mark CM i ' by judging the first judgment mark CM i And the second judgment mark CM i ' whether the first authentication is completed is judged to be equal;
if the first authentication is completed, thenThe identity trust registry sends the generated second authentication request message to the user equipment, wherein the second authentication request message comprises a third judgment mark IM i And a timestamp T 2 The third judgment mark IM i Generating according to the identity of the user of the Internet of things, a cloud server pseudonym, a chaotic mapping algorithm and a barrel shift physical unclonable function;
after the user equipment receives the second authentication request message, verifying the timestamp T 2 Whether or not it is legal, if the time stamp T 2 If not, stopping authentication, if the time stamp T 2 If the identification is legal, a fourth judgment identification IM is generated according to the identity identification of the user of the Internet of things, the cloud server pseudonym, the chaotic mapping algorithm and the barrel shift physical unclonable function i ' by judging the third judgment mark IM i And the fourth judgment mark IM i ' whether the second authentication is completed is judged to be equal;
if the second authentication is completed, the user equipment sends the generated third authentication request message to the cloud server; the third authentication request message includes a pseudonym of the internet of things user, a pseudonym of the cloud server, and a fifth judgment identification JM i And a timestamp T 3 The method comprises the steps of carrying out a first treatment on the surface of the The fifth judgment mark is generated according to the pseudonym of the Internet of things user, the cloud server pseudonym, a chaotic mapping algorithm and a barrel shift physical unclonable function;
after receiving the third authentication request message, the cloud server verifies the timestamp T 3 Whether or not it is legal, if the time stamp T 3 If not, stopping authentication, if the time stamp T 3 If the cloud server is legal, the cloud server generates a sixth judgment identification JM according to the pseudonym of the Internet of things user, the pseudonym of the cloud server, a chaotic mapping algorithm and a barrel shift physical unclonable function i ' judging whether the third authentication is finished or not by judging whether the fifth judgment mark is equal to the sixth judgment mark or not;
if the third authentication is completed, generating a first session key based on a bucket-shifting physical unclonable function and a random value, the cloud server sending the generated fourth authentication request message to the userThe user equipment performs fourth authentication; the fourth authentication request message includes a seventh judgment identification MK j The seventh judgment mark MK j Is the encrypted first session key;
after receiving the fourth authentication request message, the user equipment generates a second session key based on a barrel shift physical unclonable function according to the fourth authentication request message, encrypts the second session key to generate an eighth judgment identification MK j ' judging whether the fourth authentication is finished or not by judging whether the seventh judgment mark is equal to the eighth judgment mark or not;
and if the fourth authentication is completed, finishing the authentication.
6. The lightweight authentication method for the internet of things system in the cloud computing environment according to claim 1, wherein the chaotic mapping algorithm is chebyshev chaotic mapping.
CN202210563565.5A 2022-05-23 2022-05-23 Lightweight authentication method for Internet of things system in cloud computing environment Active CN114785615B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210563565.5A CN114785615B (en) 2022-05-23 2022-05-23 Lightweight authentication method for Internet of things system in cloud computing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210563565.5A CN114785615B (en) 2022-05-23 2022-05-23 Lightweight authentication method for Internet of things system in cloud computing environment

Publications (2)

Publication Number Publication Date
CN114785615A CN114785615A (en) 2022-07-22
CN114785615B true CN114785615B (en) 2023-07-25

Family

ID=82409234

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210563565.5A Active CN114785615B (en) 2022-05-23 2022-05-23 Lightweight authentication method for Internet of things system in cloud computing environment

Country Status (1)

Country Link
CN (1) CN114785615B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115085945B (en) * 2022-08-22 2022-11-29 北京科技大学 Authentication method and device for intelligent lamp pole equipment
CN115955320B (en) * 2023-03-15 2023-06-30 北京电信易通信息技术股份有限公司 Video conference identity authentication method
CN116614809B (en) * 2023-05-08 2024-01-12 肇庆学院 Wireless sensor network authentication method based on physical unclonable function
CN117955649B (en) * 2024-03-26 2024-06-18 杭州海康威视数字技术股份有限公司 Safe and efficient data transmission method and system for Internet of things and electronic equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338201A (en) * 2013-07-02 2013-10-02 山东科技大学 Remote identity authentication method participated in by registration center under multi-sever environment
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
AU2020102146A4 (en) * 2020-09-05 2020-11-05 Alam, Mohammad Shabbir MR Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol
KR20210123575A (en) * 2020-04-03 2021-10-14 한국전자통신연구원 Termimal, server, lightweight authentication method using the same
CN114205091A (en) * 2021-11-30 2022-03-18 安徽大学 Chaos mapping-based network authentication and key agreement method for automatic driving vehicle
CN114339675A (en) * 2021-12-09 2022-04-12 湖北工业大学 Internet of vehicles lightweight authentication and key sharing system and method
CN114422152A (en) * 2022-03-30 2022-04-29 科大天工智能装备技术(天津)有限公司 Industrial environment authentication method based on PUF and block chain

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147225A (en) * 2018-11-02 2020-05-12 中国科学院沈阳自动化研究所 Credible measurement and control network authentication method based on double secret values and chaotic encryption
US20220116234A1 (en) * 2021-12-20 2022-04-14 Intel Corporation Methods and apparatus to derive and verify virtual physical unclonable keys

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338201A (en) * 2013-07-02 2013-10-02 山东科技大学 Remote identity authentication method participated in by registration center under multi-sever environment
WO2020133655A1 (en) * 2018-12-26 2020-07-02 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario
KR20210123575A (en) * 2020-04-03 2021-10-14 한국전자통신연구원 Termimal, server, lightweight authentication method using the same
AU2020102146A4 (en) * 2020-09-05 2020-11-05 Alam, Mohammad Shabbir MR Defence method to avoid automated attacks in iot networks using physical unclonable function (puf) based mutual authentication protocol
CN114205091A (en) * 2021-11-30 2022-03-18 安徽大学 Chaos mapping-based network authentication and key agreement method for automatic driving vehicle
CN114339675A (en) * 2021-12-09 2022-04-12 湖北工业大学 Internet of vehicles lightweight authentication and key sharing system and method
CN114422152A (en) * 2022-03-30 2022-04-29 科大天工智能装备技术(天津)有限公司 Industrial environment authentication method based on PUF and block chain

Also Published As

Publication number Publication date
CN114785615A (en) 2022-07-22

Similar Documents

Publication Publication Date Title
CN114785615B (en) Lightweight authentication method for Internet of things system in cloud computing environment
CN112953727B (en) Internet of things-oriented equipment anonymous identity authentication method and system
CN109714167B (en) Identity authentication and key agreement method and equipment suitable for mobile application signature
Zhang et al. A privacy-aware PUFs-based multiserver authentication protocol in cloud-edge IoT systems using blockchain
Lai et al. Applying semigroup property of enhanced Chebyshev polynomials to anonymous authentication protocol
CN107360571B (en) Method for anonymous mutual authentication and key agreement protocol in mobile network
US8601267B2 (en) Establishing a secured communication session
US20040064706A1 (en) System and method for controlling access to multiple public networks and for controlling access to multiple private networks
CN113691502B (en) Communication method, device, gateway server, client and storage medium
EP0661845B1 (en) System and method for message authentication in a non-malleable public-key cryptosystem
WO2009105996A1 (en) Method, device and system for realizing service access
CN114422152B (en) Industrial environment authentication method based on PUF and block chain
Chen et al. Security analysis and improvement of user authentication framework for cloud computing
US20210167963A1 (en) Decentralised Authentication
JP2016514913A (en) Method and apparatus for establishing a session key
CN112769568B (en) Security authentication communication system and method in fog computing environment and Internet of things equipment
CN111654481B (en) Identity authentication method, identity authentication device and storage medium
CN114499876B (en) Internet of things data storage and verification method based on blockchain and NB-IoT chip
CN115955320B (en) Video conference identity authentication method
EP2359525B1 (en) Method for enabling limitation of service access
Li et al. A simple and robust anonymous two‐factor authenticated key exchange protocol
KR101165350B1 (en) An Authentication Method of Device Member In Ubiquitous Computing Network
CN116318637A (en) Method and system for secure network access communication of equipment
CN110572788B (en) Wireless sensor communication method and system based on asymmetric key pool and implicit certificate
Ling et al. An Improved Anonymous Password Authentication Scheme Using Nonce and Bilinear Pairings.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100083 No. 30, Haidian District, Beijing, Xueyuan Road

Applicant after: University OF SCIENCE AND TECHNOLOGY BEIJING

Applicant after: USTC TIANGONG INTELLIGENT EQUIPMENT TECHNOLOGY (TIANJIN) CO.,LTD.

Address before: 300308 Building 1, block g, No. 6, Huafeng Road, Huaming high tech Industrial Zone, Dongli District, Tianjin

Applicant before: USTC TIANGONG INTELLIGENT EQUIPMENT TECHNOLOGY (TIANJIN) CO.,LTD.

Applicant before: University OF SCIENCE AND TECHNOLOGY BEIJING

CB02 Change of applicant information
CB03 Change of inventor or designer information

Inventor after: Zhang Bo

Inventor after: Wan Yadong

Inventor after: Zhang Chao

Inventor before: Wan Yadong

Inventor before: Zhang Bo

Inventor before: Zhang Chao

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant