CN116471081B - Indoor security anonymous authentication method based on Internet of things technology - Google Patents
Indoor security anonymous authentication method based on Internet of things technology Download PDFInfo
- Publication number
- CN116471081B CN116471081B CN202310411126.7A CN202310411126A CN116471081B CN 116471081 B CN116471081 B CN 116471081B CN 202310411126 A CN202310411126 A CN 202310411126A CN 116471081 B CN116471081 B CN 116471081B
- Authority
- CN
- China
- Prior art keywords
- security
- personnel
- security personnel
- data receiver
- anonymous
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000005516 engineering process Methods 0.000 title claims abstract description 18
- 238000012423 maintenance Methods 0.000 claims abstract description 59
- 238000012795 verification Methods 0.000 claims abstract description 13
- 230000003213 activating effect Effects 0.000 claims abstract description 7
- 238000004891 communication Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000000779 smoke Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The application discloses an indoor security anonymous authentication method based on the technology of the Internet of things, which comprises the following steps: s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver; s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver; s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted. The method uses lower calculation cost on the basis of information security.
Description
Technical Field
The application relates to the technical field of encryption of the Internet of things, in particular to an indoor security anonymous authentication method based on the Internet of things technology.
Background
With the rapid development of the internet of things technology, more and more devices are connected to the internet, and the devices can acquire environmental information through sensors and communicate with other devices, so that intelligent control and management are realized. In the indoor security field, the sensor can be used for detecting abnormal conditions such as invasion, fire disaster, smoke and the like, and timely sending alarm information to security departments. Currently, many indoor security systems use authentication methods based on authentication, i.e., a user must provide identity information to access a sensor or other device. However, this method has some drawbacks, for example, the identity information is easily compromised or falsified, resulting in a threat to the privacy and security of the user. In addition, the operation and maintenance personnel of the sensor and the staff of the security department also need to protect the privacy and safety of the sensor. Therefore, the data storage device should store and transmit sensor data in secret to prevent information from being leaked to an illegal user.
In order to protect the privacy of an indoor sensor and operation and maintenance personnel thereof and the privacy of security personnel, it is necessary to develop an indoor security anonymous authentication method which is safer and protects privacy. However, many schemes are not computationally efficient in anonymous authentication processes.
Therefore, to overcome these limitations, it is necessary to provide a method that overcomes the security weakness of existing schemes and provides lower computational costs in the anonymous authentication process.
Disclosure of Invention
The application aims to provide an indoor security anonymous authentication method based on the internet of things technology, which uses lower calculation cost on the basis of information security.
In order to achieve the above purpose, the present application provides the following technical solutions: an indoor security anonymous authentication method based on the internet of things technology comprises the following steps:
s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver;
s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver;
s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted.
Further, the initializing and activating the trusted authority in the server is specifically as follows: the trusted authority generates parameters, keys, and a secure encryption function.
Further, the trusted authority selects a random numberAs its master key, < >>As its private key, < >>As its public key, choose +.>As an authentication parameter, a hash function is selected:for its secure encryption function, and choose +.>As a system public parameter, wherein q represents a large prime number domain,/->Multiplication loop order representing three q-orders, +.>Are respectively->Subset of (a), i.e.)>E represents a natural constant.
Further, the personal information includes a name, a mobile phone number, an address, and an email id; the identity information includes an anonymous identity, a tracking parameter, and an identity key.
Further, the trusted authority generating the identity information for the operation and maintenance personnel specifically includes: selecting a random numberWill be gotThe private key of the operation and maintenance personnel is expressed as: />The corresponding public key is denoted +.>The method comprises the steps of carrying out a first treatment on the surface of the For every operation and maintenance person->Generating an anonymous identity->The method comprises the steps of carrying out a first treatment on the surface of the For every operation and maintenance person->Generating tracking parameters: />And will->,/>Is kept in a tracking list of the trusted authority.
Further, the trusted authority generating the identity information for the security personnel specifically includes: selecting a random numberAnd the private key of the security personnel is expressed as +.>The corresponding public key is denoted +.>The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Generating an anonymous identity->The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Is to generate an anonymous identity +.>The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Generating tracking parameters:and will->,/>Is kept in a tracking list of the trusted authority.
Further, the security personnel anonymously verifies the operation and maintenance personnel, wherein the operation and maintenance personnel identity verification comprises the following steps of: the data receiver of the operation and maintenance personnel selects 4 random numbersAs a short-lived session key and calculate +.>Wherein: />,,/>,/>,/>The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates SLC:and 4 short-lived virtual parameters: />,/>,,/>The method comprises the steps of carrying out a first treatment on the surface of the The data receiver sets the anonymous authentication certificate AAC to:then calculate +.>And sets an anonymous message +.>:Wherein->Representing the current timestamp.
Further, the operation and maintenance personnel anonymously verifying the security personnel comprises verifying the identity and the validity of the security personnel, wherein the verifying the identity of the security personnel specifically comprises: the security personnel check the timestampAnd makeWherein->Is the operation and maintenance personnelAnd the time delay mutually agreed by the security personnel; the security personnel calculate: />,/>,/>The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates its OSLC: />And compares whether or not there isIf the security personnel exist, the security personnel accept the SLC, and if the security personnel do not exist, the security personnel reject the SLC; wherein, the correctness proves as follows:
,
,
;
if any one of the verification processes fails, the operation and maintenance personnel can be considered as illegal users;
verifying the validity of the security personnel specifically comprises the following steps: the security personnelCalculating arbitrary parametersThen, calculating: />Calculating its anonymous credential:and associate it with a timestamp->Send to the operation and maintenance personnel +.>Is a data receiver of (a); the operation and maintenance personnel are->After receiving the information, the data receiver of (1) first verifies the current timestamp and then verifies if it is presentTo check the security personnel +.>The validity of which proves as:
;
the operation and maintenance personnelIs calculated by the data receiver of (1): />And compares whether there is +>If so, consider the security personnel +.>Is an authenticated user, if not present, directly terminating the security personnel +.>Is to be used for subsequent communication.
Further, the encrypting the identity information by the data receiver specifically includes: the data receiver of the operation and maintenance personnel sends sensor data BI to the security personnel, and the sensor data BI is encrypted and decrypted by the data receiver by using any one of encryption algorithms based on ECC.
Further, the ECC-based encryption algorithm is an ECC elliptic curve encryption algorithm, which is ECDH or ECDSA.
Further, the method further comprises the following steps: the trusted authority may revoke the security personnel of the improper behavior.
In summary, the application has the technical effects and advantages that:
the application provides an indoor security anonymous authentication method based on the internet of things, which ensures the security of information and protects the personal privacy and identity information of a user by mutually anonymously verifying operation and maintenance personnel and security personnel, thereby avoiding the situation that the user refuses to use an indoor security system because of the security problem; meanwhile, the authentication method provided by the application improves the calculation efficiency through the technology of the Internet of things, and has low calculation cost.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of steps of an indoor security anonymous authentication method based on the internet of things technology according to an embodiment;
fig. 2 is a schematic diagram of an indoor security anonymous authentication method module based on the internet of things technology according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Examples: referring to fig. 1-2, an indoor security anonymous authentication method based on the internet of things technology comprises the following steps:
s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver;
s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver;
s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted.
In this embodiment, for step S1, the initializing and activating the trusted authority by the server specifically includes: the trusted authority generates parameters, keys, and a secure encryption function. The method specifically comprises the following steps: the trusted authority selects a random numberAs its master key, < >>As its private key, < >>As its public key, selectAs identity verification parameter, hash function is selected:/>For its secure encryption function, and selectAs a system public parameter, wherein q represents a large prime number domain,/->Multiplication loop order representing three q-orders, +.>Are respectively->Subset of (a), i.e.)>Wherein e represents a natural constant.
In this embodiment, personal information of the user including a name, a mobile phone number, an address, and an email id needs to be provided for registration of the user; the identity information produced accordingly by the trusted authority includes an anonymous identity, tracking parameters, and an identity key.
In particular, if the user is an operation and maintenance personThe trusted authority obtains +.>And store it in a secure manner in a database. Said trusted authority selecting a random number +.>And represents the private key as: />The corresponding public key is +>. The trusted authority is +.>Generating an anonymous identity->So that the true identity of the operation and maintenance personnel is protected from unauthorized users during the communication. In the indoor security anonymous authentication method, the operation and maintenance personnel uses anonymous identity +.>To communicate, is->Mapping with the user's real credentials only in the trusted authority. Thus, anonymous identities will not provide an attacker with an operation and maintenance person +.>Is a real information of the (b). The trusted authority is for each operation and maintenance personGenerating tracking parameters: />And will->,/>Is kept in a tracking list of the trusted authority. Then, the trusted authority will +.>Send to->,/>Will->Stored in the own data receiver, the trusted authority will +.>) Send to->,/>After receiving this information, execute->And get->。
If the user is a security personnelThe trusted authority obtains +.>And store it in a secure manner in a database. Said trusted authority selecting a random number +.>And the private key is expressed as +.>The corresponding public key is +>. The trusted authority is +.>Generating an anonymous identity->. Furthermore, the security personnel need to be those who have been registered in the book at their work, the trusted authority being +.>Is to generate an anonymous identity +.>The trusted authority can only generate this identity if the corresponding work entity is registered in the trusted authority, and the security personnel of the non-registered work entity cannot use the indoor security system. The trusted authority is +.>Generating tracking parameters: />And will->And storing the information in a tracking list of the trusted authority. Furthermore, the trusted authority is +/for each security person>Two keys are selected: />And (2) and. The trusted authority will +.>Send to->,/>Will store +.>The trusted authority will: />Send to->,/>After receiving this information, execute->And obtain: />. After the registration process is completed, the operation and maintenance personnel and the security personnel can carry out anonymous authentication.
In this embodiment, referring to fig. 2, the anonymously verifying the operation and maintenance personnel by the security personnel includes verifying the identity of the operation and maintenance personnel, specifically: the data receiver of the operation and maintenance personnel selects 4 random numbersAs a short-lived session key and calculate +.>Wherein: />,/>,/>,,/>The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates SLC: />And 4 short-lived virtual parameters: />,/>,/>,/>The method comprises the steps of carrying out a first treatment on the surface of the The data receiver sets the anonymous authentication certificate AAC to: />Then calculate +.>And sets an anonymous message +.>:/>Wherein->Representing the current timestamp.
In this embodiment, the operation and maintenance personnel anonymously verifies the security personnel including verifying the identity and validity of the security personnel, where verifying the identity of the security personnel specifically includes: the security personnel check the timestampAnd makeWherein->The time delay is mutually agreed by the operation and maintenance personnel and the security personnel; the security personnel calculate: />,/>,/>The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates its OSLC: />And compares whether or not there isIf the security personnel exist, the security personnel accept the SLC, and if the security personnel do not exist, the security personnel reject the SLC; wherein, the correctness proves as follows:
,
,
。
if any one of the verification processes fails, the operation and maintenance personnel can be considered as illegal users;
verifying the validity of the security personnel specifically comprises the following steps: the security personnelCalculating arbitrary parametersThen, calculating: />Calculating its anonymous credential:and associate it with a timestamp->Send to the operation and maintenance personnel +.>Is a data receiver of (a); the operation and maintenance personnel are->After receiving the information, the data receiver of (1) first verifies the current timestamp and then verifies if it is presentTo check the security personnel +.>The validity of which proves as:
;
the operation and maintenance personnelIs calculated by the data receiver of (1): />And compares whether there is +>If so, consider the security personnel +.>Is an authenticated user if not presentIn the mean, the security personnel are directly terminated +.>Is to be used for subsequent communication.
In this embodiment, the encrypting, by the data receiver, the identity information specifically includes: the data receiver of the operation and maintenance personnel sends sensor data BI to the security personnel, and the sensor data BI is encrypted and decrypted by the data receiver by using any one of encryption algorithms based on ECC. Wherein the ECC-based encryption algorithm is an ECC elliptic curve encryption algorithm, such as ECDH or ECDSA.
Specifically, the data receiver uses any one of the ECC-based encryption algorithms to encrypt and decrypt: the data receiver of the operation and maintenance personnel firstly obtains a random number in the encryption processAnd calculates ciphertext:wherein->When the security personnel needs to know the position information of the operation and maintenance personnel, use +.>Value of>. In the decryption process, security personnel receive C and pass through: />Decryption is performed. The correctness of the test paper is proved as follows:
,
wherein,
;
。
likewise, the security personnel send their advice MA to the operation and maintenance personnel in the following encrypted manner: selecting a random numberAnd calculates ciphertext ++>Wherein:
;
security personnel receiveAnd then decrypted by the decryption process of claim 12 to obtain MA.
In this embodiment, the trusted authority may revoke security personnel with improper behavior. The method comprises the following steps: even authenticated security personnel may send incorrect advice information to the operation and maintenance personnel, thereby causing the operation and maintenance personnel to perform incorrect operations. If such improper behavior occurs, the trusted authority may revoke the misbehaving security personnel from the anonymous authentication system. The method comprises the following steps: the trusted authority decrypts the ciphertext of the corresponding security personnel by using the private key of the operation and maintenance personnel receiving the error proposal information of the security personnel. Then, the trusted authority calculates +.>And by means of its tracking list the parameter is +.>Is identified by the trusted authority as +.>After that, it is withdrawn from the anonymous authentication system, and the operation and maintenance personnel cannot associate with +.>Further communication is performed.
The application has the advantages that the application provides the indoor security anonymous authentication method based on the internet of things technology, through mutual anonymous authentication of operation and maintenance personnel and security personnel, the security of information is ensured, the personal privacy and identity information of a user are protected, and the situation that the user refuses to use an indoor security system because of security problems is avoided; meanwhile, the authentication method provided by the application improves the calculation efficiency through the technology of the Internet of things, and has low calculation cost.
Finally, it should be noted that: the foregoing description is only illustrative of the preferred embodiments of the present application, and although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described, or equivalents may be substituted for elements thereof, and any modifications, equivalents, improvements or changes may be made without departing from the spirit and principles of the present application.
Claims (8)
1. An indoor security anonymous authentication method based on the internet of things technology comprises the following steps:
s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver;
s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver;
s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted;
the trusted authority generating the identity information for the operation and maintenance personnel specifically includes: selecting a random numberThe private key of the operation and maintenance personnel is expressed as: />The corresponding public key is expressed asThe method comprises the steps of carrying out a first treatment on the surface of the For every operation and maintenance person->Generating an anonymous identity->The method comprises the steps of carrying out a first treatment on the surface of the For every operation and maintenance person->Generating tracking parameters: />And will->,/>Stored in a tracking list of the trusted authority that generates the identity information for the security personnelThe method specifically comprises the following steps: selecting a random number +.>And the private key of the security personnel is expressed as +.>The corresponding public key is expressed asThe method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Generating an anonymous identity->The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Is to generate an anonymous identity +.>The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Generating tracking parameters: />And will,/>Is kept in a tracking list of the trusted authority.
2. The internet of things technology-based indoor security anonymous authentication method as claimed in claim 1, wherein the initializing and activating trusted authorities in the server is specifically as follows: the trusted authority generates parameters, keys, and a secure encryption function.
3. The internet of things-based indoor security anonymous authentication method as defined in claim 2, wherein the trusted authority selects a random numberAs its master key, < >>As its private key, < >>As its public key, choose +.>As an authentication parameter, a hash function is selected: />For its secure encryption function, and choose +.>As a system public parameter, wherein q represents a large prime number domain,/->Multiplication loop order representing three q-orders, +.>Are respectively->Subset of (a), i.e.)>E represents a natural constant.
4. The internet of things-based indoor security anonymous authentication method of claim 3, wherein the personal information includes name, phone number, address and email id; the identity information includes an anonymous identity, a tracking parameter, and an identity key.
5. The method for anonymously authenticating indoor security based on the internet of things technology according to claim 1, wherein the anonymously authenticating the operation and maintenance personnel by the security personnel comprises the steps of authenticating the identity of the operation and maintenance personnel, specifically: the data receiver of the operation and maintenance personnel selects 4 random numbersAs a short-lived session key and calculate +.>Wherein: />,/>,/>,/>,The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates SLC: />And 4 short-lived virtual parameters: />,/>,/>,/>The method comprises the steps of carrying out a first treatment on the surface of the The data receiver sets the anonymous authentication certificate AAC to: />Then calculate +.>And sets an anonymous message +.>:/>Wherein->Representing the current timestamp.
6. The internet of things-based indoor security anonymous authentication method of claim 5, wherein the operation and maintenance personnel anonymously verifying the security personnel comprises verifying the identity and validity of the security personnel, wherein verifying the identity of the security personnel specifically comprises: the security personnel check the timestampAnd let->Wherein->The time delay is mutually agreed by the operation and maintenance personnel and the security personnel;the security personnel calculate:,/>,/>the method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates its OSLC: />And compares whether there is ++>If the security personnel exist, the security personnel accept the SLC, and if the security personnel do not exist, the security personnel reject the SLC; wherein, the correctness proves as follows:
,
,
;
if any one of the verification processes fails, the operation and maintenance personnel can be considered as illegal users;
verifying the validity of the security personnel specifically comprises the following steps: the security personnelCalculate arbitrary parameter +.>Then, calculating: />Calculating its anonymous credential: />And associate it with a timestamp->Send to the operation and maintenance personnel +.>Is a data receiver of (a); the operation and maintenance personnel are->After receiving this information, first verifies the current timestamp and then verifies if +.>To check the security personnel +.>The validity of which proves as:
;
the operation and maintenance personnelIs calculated by the data receiver of (1): />And compare whether or not there isIf so, consider the security personnel +.>Is an authenticated user, if not present, directly terminating the security personnel +.>Is to be used for subsequent communication.
7. The internet of things technology-based indoor security anonymous authentication method of claim 6, wherein the encrypting the identity information by the data receiver specifically comprises: the data receiver of the operation and maintenance personnel sends sensor data BI to the security personnel, and the sensor data BI is encrypted and decrypted by the data receiver by using any one of encryption algorithms based on ECC.
8. The internet of things technology-based indoor security anonymous authentication method of claim 7, wherein the ECC-based encryption algorithm is an ECC elliptic curve encryption algorithm, and the ECC elliptic curve encryption algorithm is ECDH or ECDSA;
further comprises: the trusted authority may revoke the security personnel of the improper behavior.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310411126.7A CN116471081B (en) | 2023-04-18 | 2023-04-18 | Indoor security anonymous authentication method based on Internet of things technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310411126.7A CN116471081B (en) | 2023-04-18 | 2023-04-18 | Indoor security anonymous authentication method based on Internet of things technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116471081A CN116471081A (en) | 2023-07-21 |
| CN116471081B true CN116471081B (en) | 2023-12-12 |
Family
ID=87174765
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310411126.7A Active CN116471081B (en) | 2023-04-18 | 2023-04-18 | Indoor security anonymous authentication method based on Internet of things technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116471081B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013177304A2 (en) * | 2012-05-22 | 2013-11-28 | Partnet, Inc. | Systems and methods for verifying uniqueness in anonymous authentication |
| CN107360571A (en) * | 2017-09-08 | 2017-11-17 | 哈尔滨工业大学深圳研究生院 | Anonymity in a mobile network is mutually authenticated and key agreement protocol |
| CN108964919A (en) * | 2018-05-02 | 2018-12-07 | 西南石油大学 | The lightweight anonymous authentication method with secret protection based on car networking |
| CN109768861A (en) * | 2019-01-24 | 2019-05-17 | 西安电子科技大学 | Massive D2D anonymous discovery authentication and key agreement method |
| CN110071797A (en) * | 2019-02-01 | 2019-07-30 | 湖州师范学院 | The method of assumed name change car networking privacy-protection certification based on mixing context |
| KR20200016506A (en) * | 2018-08-07 | 2020-02-17 | 한국스마트인증 주식회사 | Method for Establishing Anonymous Digital Identity |
| EP3661165A1 (en) * | 2015-06-09 | 2020-06-03 | Intel Corporation | System, apparatus and method for privacy preserving distributed attestation for devices |
| CN111369251A (en) * | 2020-03-07 | 2020-07-03 | 中国人民解放军国防科技大学 | Block chain transaction supervision method based on user secondary identity structure |
| CN112468445A (en) * | 2020-10-29 | 2021-03-09 | 广西电网有限责任公司 | AMI lightweight data privacy protection method for power Internet of things |
| CN114978622A (en) * | 2022-05-08 | 2022-08-30 | 郑云山 | Anonymous credential verification method and system based on block chain and zero-knowledge proof |
| CN115842657A (en) * | 2022-11-15 | 2023-03-24 | 国网辽宁省电力有限公司本溪供电公司 | Internet of things anonymous identity authentication method and device based on block chain |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080295151A1 (en) * | 2007-03-18 | 2008-11-27 | Tiejun Jay Xia | Method and system for anonymous information verification |
| US8799656B2 (en) * | 2010-07-26 | 2014-08-05 | Intel Corporation | Methods for anonymous authentication and key agreement |
| US8627422B2 (en) * | 2010-11-06 | 2014-01-07 | Qualcomm Incorporated | Authentication in secure user plane location (SUPL) systems |
| US10305693B2 (en) * | 2016-11-03 | 2019-05-28 | International Business Machines Corporation | Anonymous secure socket layer certificate verification in a trusted group |
-
2023
- 2023-04-18 CN CN202310411126.7A patent/CN116471081B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013177304A2 (en) * | 2012-05-22 | 2013-11-28 | Partnet, Inc. | Systems and methods for verifying uniqueness in anonymous authentication |
| EP3661165A1 (en) * | 2015-06-09 | 2020-06-03 | Intel Corporation | System, apparatus and method for privacy preserving distributed attestation for devices |
| CN107360571A (en) * | 2017-09-08 | 2017-11-17 | 哈尔滨工业大学深圳研究生院 | Anonymity in a mobile network is mutually authenticated and key agreement protocol |
| CN108964919A (en) * | 2018-05-02 | 2018-12-07 | 西南石油大学 | The lightweight anonymous authentication method with secret protection based on car networking |
| KR20200016506A (en) * | 2018-08-07 | 2020-02-17 | 한국스마트인증 주식회사 | Method for Establishing Anonymous Digital Identity |
| CN109768861A (en) * | 2019-01-24 | 2019-05-17 | 西安电子科技大学 | Massive D2D anonymous discovery authentication and key agreement method |
| CN110071797A (en) * | 2019-02-01 | 2019-07-30 | 湖州师范学院 | The method of assumed name change car networking privacy-protection certification based on mixing context |
| CN111369251A (en) * | 2020-03-07 | 2020-07-03 | 中国人民解放军国防科技大学 | Block chain transaction supervision method based on user secondary identity structure |
| CN112468445A (en) * | 2020-10-29 | 2021-03-09 | 广西电网有限责任公司 | AMI lightweight data privacy protection method for power Internet of things |
| CN114978622A (en) * | 2022-05-08 | 2022-08-30 | 郑云山 | Anonymous credential verification method and system based on block chain and zero-knowledge proof |
| CN115842657A (en) * | 2022-11-15 | 2023-03-24 | 国网辽宁省电力有限公司本溪供电公司 | Internet of things anonymous identity authentication method and device based on block chain |
Non-Patent Citations (3)
| Title |
|---|
| 《Anonymous user authentication with secured storage and sharing of data on cloud》;Manisha D Karad 等;《IEEE》;全文 * |
| 《资源池化管理模型的资源匿名验证方案》;王海宇 等;《移动通信》;全文 * |
| 《车联网中隐私保护和安全认证技术的研究》;刘晴;《中国优秀硕士学位论文全文数据库》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116471081A (en) | 2023-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7958362B2 (en) | User authentication based on asymmetric cryptography utilizing RSA with personalized secret | |
| EP1969762B1 (en) | Certify and split system and method for replacing cryptographic keys | |
| US8526606B2 (en) | On-demand secure key generation in a vehicle-to-vehicle communication network | |
| CN103414690B (en) | One can openly be verified the high in the clouds data property held method of calibration | |
| US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
| US8683209B2 (en) | Method and apparatus for pseudonym generation and authentication | |
| US20230033988A1 (en) | Consensus-based online authentication | |
| US10263782B2 (en) | Soft-token authentication system | |
| CN111769938B (en) | Key management system and data verification system of block chain sensor | |
| KR20200037847A (en) | NFC tag authentication to remote servers with applications to protect supply chain asset management | |
| US20180248873A1 (en) | Electronic device verification | |
| CA2795745A1 (en) | Cryptographic document processing in a network | |
| KR101004829B1 (en) | An apparatus and method for direct anonymous attestation from bilinear maps | |
| CN101296075A (en) | Identity authentication system based on elliptic curve | |
| US20100161992A1 (en) | Device and method for protecting data, computer program, computer program product | |
| TW201539239A (en) | Server, user device, and method of interaction between user device and server | |
| CN114448641A (en) | Privacy encryption method, electronic equipment, storage medium and chip | |
| CN114401153B (en) | Authentication method and system of intelligent well lid equipment | |
| CN106657002A (en) | Novel crash-proof base correlation time multi-password identity authentication method | |
| WO2008020991A2 (en) | Notarized federated identity management | |
| CN112948789B (en) | Identity authentication method and device, storage medium and electronic equipment | |
| Chernyi et al. | Security of electronic digital signature in maritime industry | |
| CN116471081B (en) | Indoor security anonymous authentication method based on Internet of things technology | |
| KR20030097550A (en) | Authorization Key Escrow Service System and Method | |
| CN116633530A (en) | Quantum key transmission method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |