CN115913771A - Internet of things equipment cross-domain authentication method based on distributed digital identity - Google Patents
Internet of things equipment cross-domain authentication method based on distributed digital identity Download PDFInfo
- Publication number
- CN115913771A CN115913771A CN202211639836.7A CN202211639836A CN115913771A CN 115913771 A CN115913771 A CN 115913771A CN 202211639836 A CN202211639836 A CN 202211639836A CN 115913771 A CN115913771 A CN 115913771A
- Authority
- CN
- China
- Prior art keywords
- equipment
- internet
- manufacturer
- things
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000005516 engineering process Methods 0.000 abstract description 6
- 238000012795 verification Methods 0.000 abstract description 2
- 230000007246 mechanism Effects 0.000 description 5
- 238000003032 molecular docking Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 235000019640 taste Nutrition 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention relates to an Internet of things equipment authentication technology, discloses a distributed digital identity-based Internet of things equipment cross-domain authentication method, and solves the problems that an existing cross-manufacturer Internet of things equipment linkage scheme is high in risk and cost and depends on CA and certificates. The method comprises the following steps: when the Internet of things equipment produced by each manufacturer leaves a factory, applying for DID creation to the manufacturer, and issuing a certificate to the corresponding Internet of things equipment by the manufacturer; after the user purchases the internet of things equipment, the user acquires the certificate of the equipment from the manufacturer of the corresponding equipment, and then can obtain the authority for operating the corresponding equipment according to the certificate of the corresponding equipment, so that the equipment can be controlled independently. When the device of the same manufacturer is required to be controlled in a linkage mode, the verifiable certificate of the device b is sent to the device b through the device a, and the device b establishes a link after confirming that the device a and the device b are products of the same manufacturer. When the device a wants to carry out linkage control on devices of different manufacturers, the device a sends the verifiable credentials of the device c to the device c; and the device c verifies the verifiable credentials with the manufacturer thereof, and establishes a link after the verification is passed.
Description
Technical Field
The invention relates to an Internet of things equipment authentication technology, in particular to a cross-domain authentication method of Internet of things equipment based on distributed digital identity.
Background
With the application scenarios of the internet of things getting deeper and richer, the typical scenario of the internet of things develops from a stand-alone function to a direction of networking interaction, and particularly in the field of smart homes, the linkage between the scenarios has become one of the core applications in the field of IoT. In the family, under the scene that has the thing networking device of a plurality of different producers, other equipment of certain equipment control links, interconnect and the mutual cooperation between the equipment can bring the facility and the comfortable experience of life for intelligent house user.
However, due to different tastes of the users, the users often purchase equipment products belonging to different manufacturers due to the consideration of appearance, price or function. When the devices are linked, because the identity information of the devices of manufacturers is not intercommunicated, on one hand, the manufacturers bind to restrict the user selection space, so that the shopping experience is poor; on the other hand, equipment control is often difficult to carry out by crossing manufacturers among the equipment, existing cross-domain modes are complicated, and potential safety hazards exist, so that the use experience of the Internet of things intelligent equipment of a user is greatly reduced.
Aiming at the problem that equipment is difficult to realize cross-domain cooperation due to the fact that equipment identity information of different manufacturers is not intercommunicated, various solutions are provided by technical ideas such as cloud and cloud docking, identity authentication based on a digital certificate, identity authentication based on an edge computing node and the like in the current industry:
(1) The patent application with the application number of 202110963724.6 and the name of intelligent equipment distribution method and device mentions that the distribution network among equipment of cross manufacturers is realized through a distribution network interface of cloud docking service; however, in actual operation, in the cloud docking process, the cloud servers of both parties are often unstable, for example, the local signal propagation capability is weak, so that the information transmission is incomplete, and the server cannot make correct feedback, thereby causing an operation problem, bandwidth limitation, hardware failure, and the like.
(2) The patent application with the application number of 202210517048.4, named as cross-domain authentication method and device and user registration method and device, proposes that a cross-domain access edge computing node is realized by authenticating a corresponding unique identity ID generated by a local node and a first authentication token. The scheme effectively solves the problem of cross-domain uniform identity authentication by using a certificate mechanism, but does not provide a solution for bidirectional authentication of equipment and a user, and has security risks such as man-in-the-middle attack and the like.
(3) An entity identity authentication and key agreement protocol of the internet of things based on an elliptic curve is designed for identity authentication in a home domain and between domains in a patent application with the application number of 202210314352.9 and the name of a cross-domain authentication and key agreement method based on a block chain in the environment of the internet of things. The scheme effectively solves the problem of cross-domain equipment identity authentication by using a certificate mechanism, avoids the problem of single point failure under the traditional single CA condition, and influences the authentication management of equipment on the safety and the continuity of a plurality of CA node organizations.
In view of the existing technical solutions, the solutions for cross-domain device access have already implemented support of cross-device identity authentication from the technical level, and also ensure security based on a certificate mechanism. However, the existing solutions still have several major problems:
first, none of the above patents relate to the field of smart homes, and in a home scenario, cross-vendor device linkage needs to be more stable and pervasive. Secondly, when a cloud and cloud docking technology is used, the cloud servers of the two parties are unstable, so that the servers cannot make correct feedback, and operation problems, bandwidth limitation, hardware faults and the like are caused. Moreover, different manufacturers have different operation command formats for the control device, and issuing operation commands across domains may result in change of operation meanings and even reversal of operation meanings, such as operation commands for turning on/off the light. Finally, with the above method, the control device of the cross-manufacturer is realized, at least one more gateway from one manufacturer needs to be purchased for transmitting the instruction, and the use cost is increased for the user.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the cross-domain authentication method for the Internet of things equipment based on the distributed digital identity is provided, and the problems that the existing cross-manufacturer Internet of things equipment linkage scheme is high in risk and cost and depends on CA and certificates are solved.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a cross-domain authentication method for Internet of things equipment based on distributed digital identity comprises the following steps:
when the internet of things equipment produced by each manufacturer leaves a factory, applying for creating a DID (distributed digital identity) to the manufacturer, and the manufacturer issues a certificate to the corresponding internet of things equipment;
after a user purchases the Internet of things equipment, obtaining a certificate of the equipment from a manufacturer of the corresponding equipment;
and the user obtains the authority for operating the corresponding equipment according to the certificate of the corresponding equipment.
Further, the method further comprises:
when a user wants to control another Internet of things device b produced by the same manufacturer to be linked through a certain Internet of things device a, the following steps are executed:
s1, a user sends a verifiable credential obtained by simplifying a credential of a device b to a device a;
s2, the device a sends the verifiable credential of the device b to the device b;
s3, the equipment b confirms that the equipment a and the equipment b are products of the same manufacturer through the verifiable credentials;
s4, establishing a link between the equipment b and the equipment a;
and S5, the user can control the equipment b through the equipment a and send a linkage instruction to the equipment b.
Further, the method further comprises:
when a user wants to control another internet of things device c produced by different manufacturers through a certain internet of things device a to carry out linkage, the following steps are executed:
s1, a user sends a verifiable credential obtained by simplifying the credential of c to a device a;
s2, the device a sends the verifiable credential of the device c to the device c;
s3, the equipment c verifies the verifiable credential to the manufacturer of the equipment c;
s4, the manufacturer of the device c verifies the verifiable credential;
s5, establishing a link between the equipment c and the equipment a;
and S6, the user can control the equipment c through the equipment a and send a linkage instruction to the equipment c.
Further, the voucher includes factory information and device owner information of the corresponding internet of things device.
The invention has the beneficial effects that:
the invention designs a cross-domain authentication scheme of Internet of things equipment based on distributed digital identity in the scene of a smart home, and through the distributed Digital Identity (DID), no matter which manufacturer the equipment belongs to has uniform identity, the equipment is controlled by a user.
Drawings
FIG. 1 is a diagram of an application scenario in an embodiment;
FIG. 2 is a flow chart for operating a device A using a distributed digital identity;
FIG. 3 is a flow chart for operating device B using a distributed digital identity;
FIG. 4 is a flow chart for operating a device using a distributed digital identity;
FIG. 5 is a flow chart of the implementation of a distributed digital identity for controlling the device A to control the device C linkage;
fig. 6 is a flow chart for implementing device a to control device b linkage using distributed digital identities.
Detailed Description
The block chain technology is a distributed storage scheme, relates to knowledge in the multidisciplinary fields of mathematics, cryptography, computers and the like, and has the characteristics of decentralization, traceability, no tampering, collective maintenance, openness and transparency and the like. The block chain technology can meet the requirements of data acquisition of the Internet of things on data safety, traceability and the like.
The distributed digital identity is based on a block chain technology, the problem of control over a user account by a single service provider can be effectively solved by utilizing the characteristic of decentralized block chain, meanwhile, the identity trust can be effectively solved by utilizing the characteristic of non-falsification, a trust construction mechanism based on the credential provides a safety mechanism for trust transmission of identity and authorization, and a safe and reliable solution is provided for the problem of cross-manufacturer authentication and cooperation of the equipment of the Internet of things.
The invention aims to provide a method for enabling Internet of things equipment to have distributed digital identities, realizing identity authentication of cross-domain equipment by transmitting verifiable credentials among the equipment, further completing cooperation among the equipment and realizing cross-domain equipment control.
Example (b):
an application scenario in this embodiment is shown in fig. 1, and the scenario includes a user, a manufacturer a, a manufacturer B, an internet of things device a, an internet of things device B, and an internet of things device c.
The manufacturer A and the manufacturer B are Internet of things equipment manufacturers, the manufacturer A produces an Internet of things equipment A and an Internet of things equipment C, and the manufacturer B produces an Internet of things equipment B. Assuming that a user has purchased device a, device B, and device c, both vendor a and vendor B support distributed digital identities, and device a has a gateway function. The device registers the distributed digital identity at the vendor and obtains a service credential issued by the vendor, including information about the manufacturer, owner, etc. of the device.
1. The flow of user control of individual devices, see fig. 2:
1. the user operates the equipment A through the distributed digital identity by the following processes:
s1, applying for creating a DID (digital identification device) to a manufacturer A when an Internet of things device A leaves a factory, and issuing a certificate to the device A by the manufacturer A, wherein the certificate comprises factory information of the device A and a device owner;
s2, after the user buys the equipment A, the manufacturer A uploads a certificate VCa of the equipment A to the user;
s3, the user obtains the operation authority of the equipment A;
and S4, the user issues an operation instruction to the equipment A to control the equipment A.
2. The user operates the device b through the distributed digital identity by the following process, see fig. 3:
s1, the Internet of things equipment B applies for creating DID to a manufacturer B when leaving a factory, the manufacturer B issues a certificate to the equipment B, and the certificate contains equipment B factory information and an equipment owner
S2, after the user purchases the equipment B, the manufacturer B uploads a certificate VCb of the equipment B to the user;
s3, the user obtains the operation authority of the equipment B;
and S4, the user issues an operation instruction to the equipment B to control the equipment B.
3. The user operates the device through the distributed digital identity by the following process, see fig. 4:
s1, applying for creating a DID (digital identification device) to a manufacturer A when equipment C of the Internet of things leaves a factory, and issuing a certificate to the equipment C by the manufacturer A, wherein the certificate comprises equipment C factory information and an equipment owner;
s2, after the user purchases the equipment C, the manufacturer A uploads a certificate VCc of the equipment C to the user;
s3, the user obtains the operation authority of the equipment C;
and S4, the user issues an operation instruction to the equipment C to control the equipment C.
2. Linkage between equipment of the same manufacturer:
the user purchases the first equipment to obtain the service certificate VCa of the first equipment, purchases the third equipment to obtain the service certificate VCc of the third equipment, and at the moment, the user can directly control the first equipment and the third equipment through the certificates of the first equipment and the third equipment, and when the user wants to enable the first equipment to control the third equipment produced by the same manufacturer A to be linked, the implementation is carried out according to the following steps, and the method is shown in figure 5:
s1, a user sends a verifiable credential VPc obtained by simplifying a service credential VCc of a device C to a device A;
s2, the first equipment sends the verifiable credential VPc of the third equipment to the third equipment;
s3, the equipment C confirms that the products are the same manufacturer products through VPc;
s4, establishing a link between the equipment A and the equipment C;
and S5, the equipment A can control the equipment C and send a linkage instruction to the equipment C.
3. Linkage between equipment of different manufacturers:
the user purchases the first device to obtain the VCa of the first device, and purchases the second device to obtain the VCb of the second device, at this time, the user can directly control the first device and the second device through the credentials of the first device and the second device, and when the user wants to make the first device control the second device to perform linkage, the following steps are required, see fig. 6:
s1, a user sends a verifiable credential VPb which is subjected to simplification processing on a business credential VCb of a device B to a device A;
s2, the first equipment sends the verifiable credential VPb of the second equipment to the second equipment;
s3, verifying VPb by equipment B;
s4, the manufacturer B passes the verification;
s5, establishing a link between the equipment B and the equipment A;
and S6, the equipment A can control the equipment B and send a linkage instruction to the equipment B.
Finally, it should be noted that the above-mentioned embodiments are only preferred embodiments and are not intended to limit the present invention. It should be noted that those skilled in the art can make various changes, substitutions and alterations herein without departing from the spirit of the invention and the scope of the appended claims.
Claims (4)
1. A cross-domain authentication method of Internet of things equipment based on distributed digital identities is characterized by comprising the following steps:
when the internet of things equipment produced by each manufacturer leaves a factory, applying for creating a DID (distributed digital identity) to the manufacturer, and the manufacturer issues a certificate to the corresponding internet of things equipment;
after a user purchases the Internet of things equipment, obtaining a certificate of the equipment from a manufacturer of the corresponding equipment;
and the user acquires the authority for operating the corresponding equipment according to the certificate of the corresponding equipment.
2. The method for cross-domain authentication of internet of things devices based on distributed digital identities of claim 1, wherein the method further comprises:
when a user wants to control another Internet of things device b produced by the same manufacturer to be linked through a certain Internet of things device a, the following steps are executed:
s1, a user sends a verifiable credential obtained by simplifying the credential of the device b to the device a;
s2, the device a sends the verifiable credential of the device b to the device b;
s3, the equipment b confirms that the equipment a and the equipment b are the same manufacturer product through the verifiable certificate;
s4, establishing a link between the equipment b and the equipment a;
and S5, the user can control the equipment b through the equipment a and send a linkage instruction to the equipment b.
3. The method for cross-domain authentication of internet of things devices based on distributed digital identities of claim 1, wherein the method further comprises:
when a user wants to control another internet of things device c produced by different manufacturers through a certain internet of things device a to carry out linkage, the following steps are executed:
s1, a user sends a verifiable credential obtained by simplifying the credential of c to a device a;
s2, the device a sends the verifiable credential of the device c to the device c;
s3, the equipment c verifies the verifiable credential to the manufacturer of the equipment c;
s4, the manufacturer of the device c verifies the verifiable credential;
s5, establishing a link between the equipment c and the equipment a;
and S6, the user can control the equipment c through the equipment a and send a linkage instruction to the equipment c.
4. The method for cross-domain authentication of internet of things equipment based on distributed digital identities according to any one of claims 1 to 3, wherein the credentials include factory information and equipment owner information of the corresponding internet of things equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211639836.7A CN115913771B (en) | 2022-12-20 | 2022-12-20 | Internet of things equipment cross-domain authentication method based on distributed digital identity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211639836.7A CN115913771B (en) | 2022-12-20 | 2022-12-20 | Internet of things equipment cross-domain authentication method based on distributed digital identity |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115913771A true CN115913771A (en) | 2023-04-04 |
| CN115913771B CN115913771B (en) | 2024-04-26 |
Family
ID=86492438
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211639836.7A Active CN115913771B (en) | 2022-12-20 | 2022-12-20 | Internet of things equipment cross-domain authentication method based on distributed digital identity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913771B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7676829B1 (en) * | 2001-10-30 | 2010-03-09 | Microsoft Corporation | Multiple credentials in a distributed system |
| CN111447187A (en) * | 2020-03-19 | 2020-07-24 | 重庆邮电大学 | Cross-domain authentication method for heterogeneous Internet of things |
| CN111865917A (en) * | 2020-06-16 | 2020-10-30 | 郑州信大捷安信息技术股份有限公司 | Block chain-based safe delivery method, system and medium for Internet of things equipment |
| US20210075869A1 (en) * | 2018-01-03 | 2021-03-11 | Convida Wireless, Llc | Cross-domain discovery between service layer systems and web of things systems |
| US20210374730A1 (en) * | 2020-05-29 | 2021-12-02 | EMC IP Holding Company LLC | Dcf decentralized ids and verifiable credentials for product delivery into data confidence fabrics |
| CN114091009A (en) * | 2021-11-19 | 2022-02-25 | 四川启睿克科技有限公司 | Method for establishing secure link by using distributed identity |
-
2022
- 2022-12-20 CN CN202211639836.7A patent/CN115913771B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7676829B1 (en) * | 2001-10-30 | 2010-03-09 | Microsoft Corporation | Multiple credentials in a distributed system |
| US20210075869A1 (en) * | 2018-01-03 | 2021-03-11 | Convida Wireless, Llc | Cross-domain discovery between service layer systems and web of things systems |
| CN111447187A (en) * | 2020-03-19 | 2020-07-24 | 重庆邮电大学 | Cross-domain authentication method for heterogeneous Internet of things |
| US20210374730A1 (en) * | 2020-05-29 | 2021-12-02 | EMC IP Holding Company LLC | Dcf decentralized ids and verifiable credentials for product delivery into data confidence fabrics |
| CN111865917A (en) * | 2020-06-16 | 2020-10-30 | 郑州信大捷安信息技术股份有限公司 | Block chain-based safe delivery method, system and medium for Internet of things equipment |
| CN114091009A (en) * | 2021-11-19 | 2022-02-25 | 四川启睿克科技有限公司 | Method for establishing secure link by using distributed identity |
Non-Patent Citations (1)
| Title |
|---|
| 季一木;陆毅成;刘尚东;王舒;唐玟;肖小英;何亦拓;王凯瑞;吴海丰;: "HIBE-MPJ:一种基于HIBE的物联网环境下跨域通信机制研究", 南京邮电大学学报(自然科学版), no. 04, pages 5 - 14 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115913771B (en) | 2024-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11855980B2 (en) | Trusted communication session and content delivery | |
| US10277409B2 (en) | Authenticating mobile applications using policy files | |
| US10225256B2 (en) | Authorization of device access to network services | |
| CN105472192B (en) | The smart machine, terminal device and method realizing control security certificate and sharing | |
| US10749692B2 (en) | Automated certificate enrollment for devices in industrial control systems or other systems | |
| CN110288480B (en) | Private transaction method and device for blockchain | |
| DE60312911T2 (en) | Mobile authentication system with reduced authentication delay | |
| CN105471974B (en) | Realize smart machine, terminal device and the method remotely controlled | |
| CN109768965B (en) | Login method, equipment and storage medium of server | |
| CN105245552B (en) | Realize smart machine, terminal device and the method for security control authorization | |
| US20070050625A1 (en) | Method and apparatus for establishing a secure connection | |
| CN107431708A (en) | Session Hand-off between resource | |
| CN114978635B (en) | Cross-domain authentication method and device, user registration method and device | |
| EP1560394B1 (en) | Techniques for dynamically establishing and managing authentication and trust relationships | |
| CN112182522A (en) | Access control method and device | |
| CN114760071A (en) | Zero-knowledge proof based cross-domain digital certificate management method, system and medium | |
| Zhao et al. | A novel decentralized cross‐domain identity authentication protocol based on blockchain | |
| CN113206746B (en) | Digital certificate management method and device | |
| CN117057921B (en) | Method, device and system for transaction of calculation force, electronic equipment and storage medium | |
| Ghatikar et al. | Smart grid and customer transactions: The unrealized benefits of conformance | |
| CN108228280A (en) | The configuration method and device of browser parameters, storage medium, electronic equipment | |
| CN112671844A (en) | Registration method and system of equipment | |
| CN115913771A (en) | Internet of things equipment cross-domain authentication method based on distributed digital identity | |
| Meier et al. | Portable trust anchor for OPC UA using auto-configuration | |
| CN113179169B (en) | Digital certificate management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |