CN116471081A - Indoor security anonymous authentication method based on Internet of things technology - Google Patents

Indoor security anonymous authentication method based on Internet of things technology Download PDF

Info

Publication number
CN116471081A
CN116471081A CN202310411126.7A CN202310411126A CN116471081A CN 116471081 A CN116471081 A CN 116471081A CN 202310411126 A CN202310411126 A CN 202310411126A CN 116471081 A CN116471081 A CN 116471081A
Authority
CN
China
Prior art keywords
security
personnel
anonymous
data receiver
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310411126.7A
Other languages
Chinese (zh)
Other versions
CN116471081B (en
Inventor
王峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China National Petroleum Corp Liaoning Sales Branch
Original Assignee
China National Petroleum Corp Liaoning Sales Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China National Petroleum Corp Liaoning Sales Branch filed Critical China National Petroleum Corp Liaoning Sales Branch
Priority to CN202310411126.7A priority Critical patent/CN116471081B/en
Publication of CN116471081A publication Critical patent/CN116471081A/en
Application granted granted Critical
Publication of CN116471081B publication Critical patent/CN116471081B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses an indoor security anonymous authentication method based on the technology of the Internet of things, which comprises the following steps: s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver; s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver; s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted. The method uses lower calculation cost on the basis of information security.

Description

Indoor security anonymous authentication method based on Internet of things technology
Technical Field
The invention relates to the technical field of encryption of the Internet of things, in particular to an indoor security anonymous authentication method based on the Internet of things technology.
Background
With the rapid development of the internet of things technology, more and more devices are connected to the internet, and the devices can acquire environmental information through sensors and communicate with other devices, so that intelligent control and management are realized. In the indoor security field, the sensor can be used for detecting abnormal conditions such as invasion, fire disaster, smoke and the like, and timely sending alarm information to security departments. Currently, many indoor security systems use authentication methods based on authentication, i.e., a user must provide identity information to access a sensor or other device. However, this method has some drawbacks, for example, the identity information is easily compromised or falsified, resulting in a threat to the privacy and security of the user. In addition, the operation and maintenance personnel of the sensor and the staff of the security department also need to protect the privacy and safety of the sensor. Therefore, the data storage device should store and transmit sensor data in secret to prevent information from being leaked to an illegal user.
In order to protect the privacy of an indoor sensor and operation and maintenance personnel thereof and the privacy of security personnel, it is necessary to develop an indoor security anonymous authentication method which is safer and protects privacy. However, many schemes are not computationally efficient in anonymous authentication processes.
Therefore, to overcome these limitations, it is necessary to provide a method that overcomes the security weakness of existing schemes and provides lower computational costs in the anonymous authentication process.
Disclosure of Invention
The application aims to provide an indoor security anonymous authentication method based on the internet of things technology, which uses lower calculation cost on the basis of information security.
In order to achieve the above purpose, the present application provides the following technical solutions: an indoor security anonymous authentication method based on the internet of things technology comprises the following steps:
s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver;
s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver;
s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted.
Further, the initializing and activating the trusted authority in the server is specifically as follows: the trusted authority generates parameters, keys, and a secure encryption function.
Further, the trusted authority selects a random numberAs its master key, < >>As its private key, < >>As its public key, choose +.>As an authentication parameter, a hash function is selected:for its secure encryption function, and select { q, e, g } 1 ,g 2 ,G 1 ,G 2 ,G T ,X 1 ,A 1 H (·) } is used as a system public parameter, where q represents the large prime number domain, G 1 ,G 2 ,G T Represents the multiplication cycle order of three q orders g 1 ,g 2 G is respectively 1 ,G 2 Of (2), i.e. g 1 ∈G 1 ,g 2 ∈G 2 E represents a natural constant.
Further, the personal information includes a name, a mobile phone number, an address, and an email id; the identity information includes an anonymous identity, a tracking parameter, and an identity key.
Further, the trusted authority generating the identity information for the operation and maintenance personnel specifically includes: selecting a random numberThe private key of the operation and maintenance personnel is expressed as: />The corresponding public key is denoted +.>For each operation and maintenance person A i Generating an anonymous identity->For each operation and maintenance person A i Generating tracking parameters: />And will (Pky) i ,Pry i ,Fy i ,Ty i ) Is kept in a tracking list of the trusted authority.
Further, the trusted authority generating the identity information for the security personnel specifically includes: selecting a random numberAnd the private key of the security personnel is expressed as +.>The corresponding public key is denoted +.>For each security personnel B i Generating an anonymous identity->For each security personnel B i Is to generate an anonymous identity +.>For each security personnel B i Generating tracking parameters: />And (Fb) i ,Fm i ,Tb i ) Is kept in a tracking list of the trusted authority.
Further, the security personnel anonymously verifies the operation and maintenance personnel, wherein the operation and maintenance personnel identity verification comprises the following steps of: the data receiver of the operation and maintenance personnel selects 4 random numbersAs a short-lived session key, and calculate gamma 12312 Wherein: δ 2 =Ty i ×Fy i the method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates SLC: slc=h (γ) 1 ||γ 2 ||γ 3 ||δ 1 ) And 4 short-lived virtual parameters: />The data receiver sets the anonymous authentication certificate AAC to: aac= { omicron 1 ||ο 2 ||ο 3 ||δ 1 ||SLC||Fy i Then calculate b=h (AAC), and set an anonymous message m: m= { TS i AAC b, wherein TS i Representing the current timestamp.
Further, the operation and maintenance personnel anonymously verifying the security personnel comprises verifying the identity and the validity of the security personnel, wherein the verifying the identity of the security personnel specifically comprises: the security personnel check the timestamp TS i And let |TS j -TS i |<Δt, wherein Δt is a time delay that the operation and maintenance personnel and the security personnel agree with each other; said An (a Chinese character)
“‘
And (5) calculating by a security personnel: gamma ray 1 =δ 1 ×ο 1 ×ο 2 ,γ 2 =ο 2 ×ο 3 ×ο 4 ,γ 3 =δ 1 ×ο 1 ×ο 2 ×ο 3
“‘
The data receiver calculates its OSLC: oslc=h (γ 1 ||γ 2 ||γ 3 ||δ 1 ) Comparing whether oslc=slc exists or not, if so, accepting SLC by the security personnel, and if not, rejecting SLC; wherein, the correctness proves as follows:
if any one of the verification processes fails, the operation and maintenance personnel can be considered as illegal users;
verifying the validity of the security personnel specifically comprises the following steps: the security personnel B i Calculating any parameter: θ 1 =Fm i ×Fb i Then, calculating: bcv=h (e (g) 1 ,g 2 )||Fb i ||Pkb i ) Calculating its anonymous credential: bav= { θ 1 ,Fb i ,Pkb i And associate it with a timestamp TS i+1 To the operation and maintenance personnel A i Is a data receiver of (a); the operation and maintenance personnel A i After receiving this information, the data receiver of (1) first verifies the current timestamp and then verifies if e (θ 1 ,A 1 )=e(g 1 ,g 2 ) To check the security personnel B i The validity of which proves as:
the operation and maintenance personnel A i Is calculated by the data receiver of (1): BCV (binary coded decimal) =H(g 1 ||Fb i ||Pkb i ) And compares whether there is BCV =bcv, if present, consider the security personnel B i Is an authenticated user, if not, directly terminating the security personnel B i Is to be used for subsequent communication.
Further, the encrypting the identity information by the data receiver specifically includes: the data receiver of the operation and maintenance personnel sends sensor data BI to the security personnel, and the sensor data BI is encrypted and decrypted by the data receiver by using any one of encryption algorithms based on ECC.
Further, the ECC-based encryption algorithm is an ECC elliptic curve encryption algorithm, which is ECDH or ECDSA.
Further, the method further comprises the following steps: the trusted authority may revoke the security personnel of the improper behavior.
In summary, the invention has the technical effects and advantages that:
the invention provides an indoor security anonymous authentication method based on the internet of things, which ensures the security of information and protects the personal privacy and identity information of a user by mutually anonymously verifying operation and maintenance personnel and security personnel, thereby avoiding the situation that the user refuses to use an indoor security system because of the security problem; meanwhile, the authentication method provided by the invention improves the calculation efficiency through the technology of the Internet of things, and has low calculation cost.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of steps of an indoor security anonymous authentication method based on the internet of things technology according to an embodiment;
fig. 2 is a schematic diagram of an indoor security anonymous authentication method module based on the internet of things technology according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples: referring to fig. 1-2, an indoor security anonymous authentication method based on the internet of things technology comprises the following steps:
s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver;
s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver;
s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted.
In this embodiment, for step S1, the initializing and activating the trusted authority by the server specifically includes: the trusted authority generates parameters, keys, and a secure encryption function. The method specifically comprises the following steps: the trusted authority selects a random numberAs its master key, < >>As its private key, < >>As its public key, selectAs an authentication parameter, a hash function is selected: />For its secure encryption function, and select { q, e, g } 1 ,g 2 ,G 1 ,G 2 ,G T ,X 1 ,A 1 H (·) } is used as a system public parameter, where q represents the large prime number domain, G 1 ,G 2 ,G T Represents the multiplication cycle order of three q orders g 1 ,g 2 G is respectively 1 ,G 2 Of (2), i.e. g 1 ∈G 1 ,g 2 ∈G 2 Wherein e represents a natural constant.
In this embodiment, personal information of the user including a name, a mobile phone number, an address, and an email id needs to be provided for registration of the user; the identity information produced accordingly by the trusted authority includes an anonymous identity, tracking parameters, and an identity key.
Specifically, if the user is an operation and maintenance person A i The trusted authority obtains A i And store it in a secure manner in a database. The trusted authority selects a random numberAnd represents the private key as: />The corresponding public key is +>The trusted authority is for each operation and maintenance person A i Generating an anonymous identity->So that the true identity of the operation and maintenance personnel is protected from unauthorized users during the communication. In the indoor security anonymous authentication method, the operation and maintenance personnel uses anonymous identity Fy i To communicate, fy i Mapping with the user's real credentials only in the trusted authority. Thus, anonymous identities will not provide an attacker with the operation and maintenance person a i Is a real information of the (b). The trusted authority is for each operation and maintenance person A i Generating tracking parameters: />And will (Pky) i ,Pry i ,Fy i ,Ty i ) Is kept in a tracking list of the trusted authority. The trusted authority then passes Pry through SSL i Send to A i ,A i Pry is to i Stored in the own data receiver, the trusted authority will +.>Send to A i ,A i After receiving this information, execute->And obtain (Fy) i ,Pky i ,Ty i )。
If the user is security personnel B i The trusted authority obtains B i And store it in a secure manner in a database. The trusted authority selects a random numberAnd represents the private key as +.>The corresponding public key is +>The trusted authority is for each security personnel B i Generating an anonymous identity->Furthermore, the security personnel need to be those who have been registered in the book at their work, the trusted authority being B i Is to generate an anonymous identity +.>Only when the corresponding work organization registers in the trusted authority, the trusted authority can generate this identity, and the security personnel of the non-registered work organization cannot use the indoor security system. The trusted authority is for each security personnel B i Generating tracking parameters: />And (Fb) i ,Fm i ,Tb i ) Is kept in a tracking list of the trusted authority. Furthermore, the trusted authority is for each security personnel B i Two keys are selected: />And K is i1 ,K i2 >18 000. The trusted authority will Prb through SSL i Send to B i ,B i Prb will be stored in a secure manner i The trusted authority will: />Send to B i ,B i After receiving this information, execute->And obtain: (Fb) i ,Pkb i ,Fm i ,K i1 ,K i2 ). After the registration process is completed, the operation and maintenance personnel and the security personnel can carry out anonymous authentication.
In this embodiment, referring to fig. 2, the anonymously verifying the operation and maintenance personnel by the security personnel includes verifying the identity of the operation and maintenance personnel, specifically: the data receiver of the operation and maintenance personnel selects 4 random numbersAs a short-lived session key, and calculate gamma 12312 Wherein: /> δ 2 =Ty i ×Fy i The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates SLC: slc=h (γ) 1 ||γ 2 ||γ 3 ||δ 1 ) And 4 short-lived virtual parameters: />The data receiver sets the anonymous authentication certificate AAC to: aac= { omicron 1 ||ο 2 ||ο 3 ||δ 1 ||SLC||Fy i Then calculate b=h (AAC), and set an anonymous message m: m= { TS i AAC b, wherein TS i Representing the current timestamp.
In this embodiment, the operation and maintenance personnel anonymously verifies the security personnel including verifying the identity and validity of the security personnel, where verifying the identity of the security personnel specifically includes: the security personnel check the timestamp TS i And let |TS j -TS i |<Δt, wherein Δt is a time delay that the operation and maintenance personnel and the security personnel agree with each other; said An (a Chinese character)
“‘
And (5) calculating by a security personnel: gamma ray 1 =δ 1 ×ο 1 ×ο 2 ,γ 2 =ο 2 ×ο 3 ×ο 4 ,γ 3 =δ 1 ×ο 1 ×ο 2 ×ο 3
“‘
The data receiver calculates its OSLC: oslc=h (γ 1 ||γ 2 ||γ 3 ||δ 1 ) Comparing whether oslc=slc exists or not, if so, accepting SLC by the security personnel, and if not, rejecting SLC; wherein, the correctness proves as follows:
if any one of the verification processes fails, the operation and maintenance personnel can be considered as illegal users;
verifying the validity of the security personnel specifically comprises the following steps: the security personnel B i Calculating any parameter: θ 1 =Fm i ×Fb i Then, calculating: bcv=h (e (g) 1 ,g 2 )||Fb i ||Pkb i ) Calculating its anonymous credential: bav= { θ 1 ,Fb i ,Pkb i And associate it with a timestamp TS i+1 To the operation and maintenance personnel A i Is a data receiver of (a); the operation and maintenance personnel A i After receiving this information, the data receiver of (1) first verifies the current timestamp and then verifies if e (θ 1 ,A 1 )=e(g 1 ,g 2 ) To check the security personnel B i The validity of which proves as:
the operation and maintenance personnel A i Is calculated by the data receiver of (1): BCV (binary coded decimal) =H(h 1 ||Fb i ||Pkb i ) And compares whether there is BCV =bcv, if present, consider the security personnel B i Is an authenticated user, if not, directly terminating the security personnel B i Is to be used for subsequent communication.
In this embodiment, the encrypting, by the data receiver, the identity information specifically includes: the data receiver of the operation and maintenance personnel sends sensor data BI to the security personnel, and the sensor data BI is encrypted and decrypted by the data receiver by using any one of encryption algorithms based on ECC. Wherein the ECC-based encryption algorithm is an ECC elliptic curve encryption algorithm, such as ECDH or ECDSA.
Specifically, the data receiver uses any one of the ECC-based encryption algorithms to encrypt and decrypt: the data receiver of the operation and maintenance personnel firstly obtains a random number in the encryption processAnd calculates ciphertext: c= (C 1 ,C 2 ) Wherein->When the security personnel needs to know the position information of the operation and maintenance personnel, a Y value is used, wherein Y=delta 2 ×Prb i . In the decryption process, security personnel receive C and pass through: />Decryption is performed. The correctness of the test paper is proved as follows:
wherein,,
likewise, the security personnel send their advice MA to the operation and maintenance personnel in the following encrypted manner: selecting a random numberAnd calculates ciphertext C =(C 1 ,C 2 ) Wherein:
security personnel receive C And then decrypted by the decryption process of claim 12 to obtain MA.
In this embodiment, the trusted authority may revoke security personnel with improper behavior. The method comprises the following steps: even authenticated security personnel may send incorrect advice information to the operation and maintenance personnel, thereby causing the operation and maintenance personnel to perform incorrect operations. If such improper behavior occurs, the trusted authority may revoke the misbehaving security personnel from the anonymous authentication system. The method comprises the following steps: the trusted authority decrypts the ciphertext C of the corresponding security personnel by using the private key of the operation and maintenance personnel receiving the error proposal information of the security personnel . The trusted authority then calculates Tb i And the parameter and the security personnel B are tracked by the tracking list i The trusted authority recognizes B i Then, the operation and maintenance personnel can not be matched with B after the operation and maintenance personnel are withdrawn from the anonymous authentication system i Further communication is performed.
The invention has the advantages that the invention provides the indoor security anonymous authentication method based on the internet of things technology, through mutual anonymous authentication of operation and maintenance personnel and security personnel, the security of information is ensured, the personal privacy and identity information of a user are protected, and the situation that the user refuses to use an indoor security system because of security problems is avoided; meanwhile, the authentication method provided by the invention improves the calculation efficiency through the technology of the Internet of things, and has low calculation cost.
Finally, it should be noted that: the foregoing description is only illustrative of the preferred embodiments of the present invention, and although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described, or equivalents may be substituted for elements thereof, and any modifications, equivalents, improvements or changes may be made without departing from the spirit and principles of the present invention.

Claims (10)

1. An indoor security anonymous authentication method based on the internet of things technology comprises the following steps:
s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver;
s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver;
s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted.
2. The internet of things technology-based indoor security anonymous authentication method as claimed in claim 1, wherein the initializing and activating trusted authorities in the server is specifically as follows: the trusted authority generates parameters, keys, and a secure encryption function.
3. The internet of things-based indoor security anonymous authentication method as defined in claim 2, wherein the trusted authority selects a random numberAs its master key, < >>As its private key, < >>As its public key, choose +.>As an authentication parameter, a hash function is selected: h>For its secure encryption function, and select { q, e, g } 1 ,g 2 ,G 1 ,G 2 ,G T ,X 1 ,A 1 H (·) } is used as a system public parameter, where q represents the large prime number domain, G 1 ,G 2 ,G T Represents the multiplication cycle order of three q orders g 1 ,g 2 G is respectively 1 ,G 2 Of (2), i.e. g 1 ∈G 1 ,g 2 ∈G 2 E represents a natural constant.
4. The internet of things-based indoor security anonymous authentication method of claim 3, wherein the personal information includes name, phone number, address and email id; the identity information includes an anonymous identity, a tracking parameter, and an identity key.
5. The internet of things-based indoor security anonymous confirmation according to claim 4The authentication method is characterized in that the trusted authority generates the identity information for the operation and maintenance personnel specifically comprises the following steps: selecting a random numberThe private key of the operation and maintenance personnel is expressed as: />The corresponding public key is denoted +.>For each operation and maintenance person A i Generating an anonymous identity->For each operation and maintenance person A i Generating tracking parameters: />And will (Pky) i ,Pry i ,Fy i ,Ty i ) Is kept in a tracking list of the trusted authority.
6. The internet of things-based indoor security anonymous authentication method of claim 5, wherein the trusted authority generating the identity information for the security personnel specifically comprises: selecting a random numberAnd the private key of the security personnel is expressed as +.>The corresponding public key is denoted +.>For each security personnelB i Generating an anonymous identity->For each security personnel B i Is to generate an anonymous identity +.>For each security personnel B i Generating tracking parameters: />And (Fb) i ,Fm i ,Tb i ) Is kept in a tracking list of the trusted authority.
7. The method for anonymously authenticating indoor security based on the internet of things technology according to claim 6, wherein the anonymously authenticating the operation and maintenance person comprises authenticating the identity of the operation and maintenance person, and the step of authenticating the identity of the operation and maintenance person comprises: the data receiver of the operation and maintenance personnel selects 4 random numbers k, l, alpha,as a short-lived session key, and calculate gamma 12312 Wherein: /> δ 2 =Ty i ×Fy i The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates SLC: slc=h (γ) 1 ||γ 2 ||γ 3 ||δ 1 ) And 4 short-lived virtual parameters:the data receiver will be anonymousThe authentication certificate AAC is set to: aac= { omicron 1 ||ο 2 ||ο 3 ||δ 1 ||SLC||Fy i Then calculate b=h (AAC), and set an anonymous message m: m= { TS i AAC b, wherein TS i Representing the current timestamp.
8. The internet of things-based indoor security anonymous authentication method of claim 7, wherein the operation and maintenance personnel anonymously verifying the security personnel comprises verifying the identity and validity of the security personnel, wherein verifying the identity of the security personnel specifically comprises: the security personnel check the timestamp TS i And let |TS j -TS i |<Δt, wherein Δt is a time delay that the operation and maintenance personnel and the security personnel agree with each other; the security personnel calculate: gamma ray 1 ‘=δ 1 ×ο 1 ×ο 2 ,γ 2 ‘=ο 2 ×ο 3 ×ο 4 ,γ 3 ‘=δ 1 ×ο 1 ×ο 2 ×ο 3 The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates its OSLC: oslc=h (γ 1 ‘||γ 2 ‘||γ 3 ‘||δ 1 ) Comparing whether oslc=slc exists or not, if so, accepting SLC by the security personnel, and if not, rejecting SLC; wherein, the correctness proves as follows:
if any one of the verification processes fails, the operation and maintenance personnel can be considered as illegal users;
verifying the validity of the security personnel specifically comprises the following steps: the security personnel B i Calculating any parameter: θ 1 =Fm i ×Fb i Then, calculating: bcv=h (e (g) 1 ,g 2 )||Fb i ||Pkb i ) Calculating its anonymous credential: bav= { θ 1 ,Fb i ,Pkb i And associate it with a timestamp TS i+1 To the operation and maintenance personnel A i Is a data receiver of (a); the operation and maintenance personnel A i After receiving this information, the data receiver of (1) first verifies the current timestamp and then verifies if e (θ 1 ,A 1 )=e(g 1 ,g 2 ) To check the security personnel B i The validity of which proves as:
the operation and maintenance personnel A i Is calculated by the data receiver of (1): BCV (binary coded decimal) =H(g 1 ||Fb i ||Pkb i ) And compares whether there is BCV =bcv, if present, consider the security personnel B i Is an authenticated user, if not, directly terminating the security personnel B i Is to be used for subsequent communication.
9. The internet of things technology-based indoor security anonymous authentication method of claim 8, wherein the encrypting the identity information by the data receiver specifically comprises: the data receiver of the operation and maintenance personnel sends sensor data BI to the security personnel, and the sensor data BI is encrypted and decrypted by the data receiver by using any one of encryption algorithms based on ECC.
10. The internet of things technology-based indoor security anonymous authentication method of claim 9, wherein the ECC-based encryption algorithm is an ECC elliptic curve encryption algorithm, and the ECC elliptic curve encryption algorithm is ECDH or ECDSA;
further comprises: the trusted authority may revoke the security personnel of the improper behavior.
CN202310411126.7A 2023-04-18 2023-04-18 Indoor security anonymous authentication method based on Internet of things technology Active CN116471081B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310411126.7A CN116471081B (en) 2023-04-18 2023-04-18 Indoor security anonymous authentication method based on Internet of things technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310411126.7A CN116471081B (en) 2023-04-18 2023-04-18 Indoor security anonymous authentication method based on Internet of things technology

Publications (2)

Publication Number Publication Date
CN116471081A true CN116471081A (en) 2023-07-21
CN116471081B CN116471081B (en) 2023-12-12

Family

ID=87174765

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310411126.7A Active CN116471081B (en) 2023-04-18 2023-04-18 Indoor security anonymous authentication method based on Internet of things technology

Country Status (1)

Country Link
CN (1) CN116471081B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080295151A1 (en) * 2007-03-18 2008-11-27 Tiejun Jay Xia Method and system for anonymous information verification
US20120023334A1 (en) * 2010-07-26 2012-01-26 Brickell Ernest F Methods for anonymous authentication and key agreement
US20130067552A1 (en) * 2010-11-06 2013-03-14 Qualcomm Incorporated Authentication in secure user plane location (supl) systems
WO2013177304A2 (en) * 2012-05-22 2013-11-28 Partnet, Inc. Systems and methods for verifying uniqueness in anonymous authentication
CN107360571A (en) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 Anonymity in a mobile network is mutually authenticated and key agreement protocol
US20180123802A1 (en) * 2016-11-03 2018-05-03 International Business Machines Corporation Anonymous secure socket layer certificate verification in a trusted group
CN108964919A (en) * 2018-05-02 2018-12-07 西南石油大学 The lightweight anonymous authentication method with secret protection based on car networking
CN109768861A (en) * 2019-01-24 2019-05-17 西安电子科技大学 Massive D2D anonymous discovery authentication and key agreement method
CN110071797A (en) * 2019-02-01 2019-07-30 湖州师范学院 The method of assumed name change car networking privacy-protection certification based on mixing context
KR20200016506A (en) * 2018-08-07 2020-02-17 한국스마트인증 주식회사 Method for Establishing Anonymous Digital Identity
EP3661165A1 (en) * 2015-06-09 2020-06-03 Intel Corporation System, apparatus and method for privacy preserving distributed attestation for devices
CN111369251A (en) * 2020-03-07 2020-07-03 中国人民解放军国防科技大学 Block chain transaction supervision method based on user secondary identity structure
CN112468445A (en) * 2020-10-29 2021-03-09 广西电网有限责任公司 AMI lightweight data privacy protection method for power Internet of things
CN114978622A (en) * 2022-05-08 2022-08-30 郑云山 Anonymous credential verification method and system based on block chain and zero-knowledge proof
CN115842657A (en) * 2022-11-15 2023-03-24 国网辽宁省电力有限公司本溪供电公司 Internet of things anonymous identity authentication method and device based on block chain

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080295151A1 (en) * 2007-03-18 2008-11-27 Tiejun Jay Xia Method and system for anonymous information verification
US20120023334A1 (en) * 2010-07-26 2012-01-26 Brickell Ernest F Methods for anonymous authentication and key agreement
US20130067552A1 (en) * 2010-11-06 2013-03-14 Qualcomm Incorporated Authentication in secure user plane location (supl) systems
WO2013177304A2 (en) * 2012-05-22 2013-11-28 Partnet, Inc. Systems and methods for verifying uniqueness in anonymous authentication
EP3661165A1 (en) * 2015-06-09 2020-06-03 Intel Corporation System, apparatus and method for privacy preserving distributed attestation for devices
US20180123802A1 (en) * 2016-11-03 2018-05-03 International Business Machines Corporation Anonymous secure socket layer certificate verification in a trusted group
CN107360571A (en) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 Anonymity in a mobile network is mutually authenticated and key agreement protocol
CN108964919A (en) * 2018-05-02 2018-12-07 西南石油大学 The lightweight anonymous authentication method with secret protection based on car networking
KR20200016506A (en) * 2018-08-07 2020-02-17 한국스마트인증 주식회사 Method for Establishing Anonymous Digital Identity
CN109768861A (en) * 2019-01-24 2019-05-17 西安电子科技大学 Massive D2D anonymous discovery authentication and key agreement method
CN110071797A (en) * 2019-02-01 2019-07-30 湖州师范学院 The method of assumed name change car networking privacy-protection certification based on mixing context
CN111369251A (en) * 2020-03-07 2020-07-03 中国人民解放军国防科技大学 Block chain transaction supervision method based on user secondary identity structure
CN112468445A (en) * 2020-10-29 2021-03-09 广西电网有限责任公司 AMI lightweight data privacy protection method for power Internet of things
CN114978622A (en) * 2022-05-08 2022-08-30 郑云山 Anonymous credential verification method and system based on block chain and zero-knowledge proof
CN115842657A (en) * 2022-11-15 2023-03-24 国网辽宁省电力有限公司本溪供电公司 Internet of things anonymous identity authentication method and device based on block chain

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MANISHA D KARAD 等: "《Anonymous user authentication with secured storage and sharing of data on cloud》", 《IEEE》 *
刘晴: "《车联网中隐私保护和安全认证技术的研究》", 《中国优秀硕士学位论文全文数据库》 *
王海宇 等: "《资源池化管理模型的资源匿名验证方案》", 《移动通信》 *

Also Published As

Publication number Publication date
CN116471081B (en) 2023-12-12

Similar Documents

Publication Publication Date Title
CN109067524B (en) Public and private key pair generation method and system
US7958362B2 (en) User authentication based on asymmetric cryptography utilizing RSA with personalized secret
US8122245B2 (en) Anonymity revocation
CN109687965B (en) Real-name authentication method for protecting user identity information in network
US8683209B2 (en) Method and apparatus for pseudonym generation and authentication
CN105553666B (en) Intelligent power terminal safety authentication system and method
CN111769938B (en) Key management system and data verification system of block chain sensor
GB2371957A (en) Method of authenticating a network access server
EP2595340A2 (en) Cryptographic document processing in a network
JPH10511471A (en) Fail-safe key marking system
CN110597836B (en) Information inquiry request response method and device based on block chain network
WO2020121461A1 (en) Collation system, client and server
WO2008020991A2 (en) Notarized federated identity management
US11729159B2 (en) System security infrastructure facilitating protecting against fraudulent use of individual identity credentials
CN113079177B (en) Remote sensing data sharing method based on time and decryption frequency limitation
Hamian et al. Blockchain-based User Re-enrollment for Biometric Authentication Systems
CN116471081B (en) Indoor security anonymous authentication method based on Internet of things technology
KR20030097550A (en) Authorization Key Escrow Service System and Method
CN104518880A (en) Big data reliability validation method and system based on random sampling detection
GB2570292A (en) Data protection
CN116318637A (en) Method and system for secure network access communication of equipment
US11336461B2 (en) Method for controlling by a server the use of at least one data element of a data owner
Ren et al. BIA: A blockchain-based identity authorization mechanism
Wang et al. SE-CAS: Secure and Efficient Cross-Domain Authentication Scheme Based on Blockchain for Space TT&C Networks
Goodrich et al. Notarized federated ID management and authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant