CN116996321A - Digital substation edge computing access authentication method and system - Google Patents

Digital substation edge computing access authentication method and system Download PDF

Info

Publication number
CN116996321A
CN116996321A CN202311105208.5A CN202311105208A CN116996321A CN 116996321 A CN116996321 A CN 116996321A CN 202311105208 A CN202311105208 A CN 202311105208A CN 116996321 A CN116996321 A CN 116996321A
Authority
CN
China
Prior art keywords
key
information
edge node
vid
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311105208.5A
Other languages
Chinese (zh)
Inventor
梁剑
刘立洪
杨力帆
贺丽
李琴
罗正经
朱磊
肖辉
刘义
黄冬冬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Hunan Electric Power Co Ltd
Economic and Technological Research Institute of State Grid Hunan Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Hunan Electric Power Co Ltd
Economic and Technological Research Institute of State Grid Hunan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Hunan Electric Power Co Ltd, Economic and Technological Research Institute of State Grid Hunan Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202311105208.5A priority Critical patent/CN116996321A/en
Publication of CN116996321A publication Critical patent/CN116996321A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a digital substation edge computing access authentication method, which comprises the steps of obtaining data information of a target power system; initializing a key generation system; the edge node equipment and the terminal equipment generate respective pseudo identities and send the pseudo identities to a key generation system; the key generation system generates a corresponding key according to the received data; finishing authentication of the edge node equipment; and finishing authentication among a plurality of edge node devices of the substation, and finally finishing access authentication of digital substation edge calculation. The invention also discloses a system for realizing the digital substation edge computing access authentication method. According to the invention, through an innovative equipment access authentication mode, equipment access authentication under the current power system edge computing environment is realized, and the reliability and the safety are high.

Description

Digital substation edge computing access authentication method and system
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a digital substation edge computing access authentication method and system.
Background
Along with the development of economic technology and the improvement of living standard of people, electric energy becomes an indispensable secondary energy source in the production and living of people, and brings endless convenience to the production and living of people. Therefore, ensuring stable and reliable supply of electric energy becomes one of the most important tasks of the electric power system.
At present, with the rapid development of physical networks and informatization technologies, various types of mobile intelligent terminals, such as unmanned aerial vehicles, inspection robots, intelligent electric meters, intelligent sensor monitoring and other devices, are gradually connected into a power system, and are communicated with the power system through the network to interact with data. However, with the access of a large number of mobile intelligent terminals, the data processing process of the power system is under great pressure. The edge calculation is taken as a new calculation mode, and can meet the requirement of network access terminal equipment which continuously grows in order of magnitude; therefore, the problems of overweight network bandwidth load, high application cost, limited terminal equipment resources and the like caused when the mobile intelligent terminal is accessed into the power system are solved by the current power system through a cloud edge cooperative mode.
Although the introduction of the edge computing scheme solves the data processing problem of the power system, the edge computing scheme also brings the problems of huge number of terminal devices, different physical structures, strong mobility, multiple edge node server levels and mixed security domains. These problems greatly affect the safe and stable operation of the power system. However, the access authentication scheme under the conventional cloud computing environment is not suitable for the edge computing environment of the present-day power system. The access authentication process under the edge computing environment of the current power system is poor in reliability and safety, so that the safe and stable operation of the power system is seriously affected.
Disclosure of Invention
The invention aims to provide a digital substation edge computing access authentication method which is applicable to the edge computing environment of the current power system and has high reliability and good safety.
The second purpose of the invention is to provide a system for realizing the digital substation edge computing access authentication method.
The invention provides a digital substation edge computing access authentication method, which comprises the following steps:
s1, acquiring data information of a target power system;
s2, initializing a key generation system;
s3, the edge node equipment and the terminal equipment generate respective pseudo identities and send the pseudo identities to a key generation system; the key generation system generates a corresponding key according to the received data;
s4, finishing authentication of the edge node equipment according to the secret key obtained in the step S3;
s5, according to the key obtained in the step S3, authentication among a plurality of edge node devices of the substation is completed, and finally access authentication of digital substation edge calculation is completed.
The initializing the key generation system in step S2 specifically includes the following steps:
setting algorithm parameters of an elliptic curve cryptographic algorithm;
randomly selecting a system signature master key s and an information encryption master key sk; wherein s epsilon [1, q-1], sk epsilon [1, q-1], q is the order of elliptic curve in elliptic curve cryptography algorithm;
calculating to obtain system public key P of edge node equipment pub Is P pub =s·p, p is G 2 Generating element and P is prime number, P pub ∈G 1 ,G 1 Is a q-order cyclic addition group; computing to obtain encryption public key PK of edge node equipment pub Is PK pub =sk·p,PK pub ∈G 2 ,G 2 Is a q-order cyclic addition group; g 1 and G2 As a system public key and an encryption public key, respectively.
Obtaining a system signature master key pair (s, P pub ) And an information encryption master key pair (sk, PK) pub ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein, (s, P pub ) For verifying identity legitimacy, (sk, PK) pub ) Negotiation and encapsulation for session keys;
the key generation system stores the system signature master key s and the information encryption master key sk and discloses the parameter G of the system signature master key s and the information encryption master key sk 1 、G 2 、p、q、P pub 、PK pub 、H 1 、H 2 and H3; wherein ,H1 Is a first hash function and satisfiesH 1 Employing G in signing 1 ,H 1 Employing G in encryption 2 ;H 2 Is a second hash function and->H 3 Is a third hash function and H 3 :G 2 →{0,1} * ;/>A set of random numbers generated for a pseudo-random number generator.
Step S3, the edge node equipment and the terminal equipment generate respective pseudo identities and send the pseudo identities to a key generation system; the key generation system generates a corresponding key according to the received data, and specifically comprises the following steps:
generating a pseudo-identity VID for a terminal device U And send to the key generation system;
the key generation system generates a pseudo random number r U and rkU And calculating to obtain a terminal equipment signature private key s U And an encryption private key sk U; wherein ,
will key pair(s) U ,r U) and (skU ,rk U ) Transmitting the information to terminal equipment through a secure channel;
the terminal device checks whether the following two formulas are established:
formula one: s is(s) U P 1 =R U +H 1 (VID U ,R U )P pub
Formula II: sk (sk) U P 2 =Rk U +H 1 (VID U ,Rk U )PK pub
If the first and second formulas are established at the same time, verifying the correctness of the private key; otherwise, the private key is not correct; wherein P is 1 For q-order cyclic addition group G 1 Is the generator, P 2 For q-order cyclic addition group G 2 Is a generator of (1); h 1 () Is a one-way hash function; r is R U and RkU Is a test parameter, and R U =r U P 1 ;RK U =rk U P 2
The pseudo-identity VID U The method specifically comprises the following steps:
the pseudo identity VID is calculated by the following formula U
VID U =H 1 (r ID ||ID U )
in the formula rID Random number generated for terminal equipment and method thereofID U Is an edge node device; r is (r) ID ||ID U A parameter representing an identity generated; in this step H 1 () Is a process of building identity, and H in formulas one and two 1 () The main purpose is to identify the identity by the private key, so a verification parameter is added.
The terminal equipment signature private key s is obtained through calculation U And an encryption private key sk U The method specifically comprises the following steps:
calculating to obtain a terminal equipment signature private key s U Is s U =r U +sH 1 (VID U ,R U )P pub The method comprises the steps of carrying out a first treatment on the surface of the Simultaneously, an encryption private key sk is obtained through calculation U Is sk U =rk U +skH 1 (VID U ,RK U )PK pub
The step S4 of finishing the authentication of the edge node equipment according to the key obtained in the step S3 specifically comprises the following steps:
A. any edge node device sends an authentication request to the cloud center: the edge node equipment acquires the current time stamp information t EN Cascading with the identity information of the user to serve as the original information; signing the original information to obtain signature information; encrypting the original information by adopting a system public key and sending the encrypted original information to a cloud center;
B. the cloud center verifies the received information and signature information: in the cloudThe heart decrypts the received information and verifies the time stamp information t based on the signature information EN Freshness of (3); if the verification is not passed, the received information is not sent to the edge node equipment; if the verification is passed, selecting random numbers m and n, acquiring current time stamp information t c Constructing a session key parameter; identity information of the cloud center and current time stamp information t c The session key parameter is used as the original information, and the signature message is obtained after the original information is encrypted by the system public key; the cloud center sends the original information and the signature information to the edge node equipment;
M=mP 2
N=nP 2
N'=N+mPK pub-EN
wherein M is a first key; n is a second key; p (P) 2 Generating elements of a q-order cyclic addition group on the elliptic curve; n' is identity verification parameter; PK (PK) pub-EN Authenticating a public key of the server for the center;
information data sent by edge node equipment to cloud center is expressed as { Sign } EN ||PK C (VID EN ||VID C ||t EN )},Sign EN PK for signature information of edge node devices C () Locally authenticating a server public key for an edge node, VID EN VID for edge node devices C Cloud center equipment identity information, ||is OR operation;
the information data sent by the cloud center to the edge node equipment is expressed as Sign C ||PK pub-EN (VID EN ||VID C ||t EN ||t c I M I N'), wherein Sign is C PK for cloud-centric signature information pub-EN () A public key of the cloud center server;
C. the edge node equipment verifies the received information and signature information: edge nodeThe device decrypts the received information and verifies the time stamp information t c Freshness of (3); if the verification fails, the edge node authentication is determined to be not passed; if the verification passes, a second key parameter N '=N' -s is calculated EN M, and calculates the first session key k as k=h 3 (N”),H 3 () Is G 2 A specified hash function; the edge node device uses the first session key k to time stamp information t EN and tc Encrypting and sending back to the cloud center for confirmation; the transmitted information is represented as { E } k (t c ||t EN)}, wherein Ek () Encrypting the received timestamp for use with the session key;
D. the cloud center decrypts the received information and verifies the freshness of the time stamp; if the authentication fails, the two-way identity authentication fails; if the authentication is passed, the first session key is used as a key for subsequent communication; finishing bidirectional identity authentication and key negotiation between current edge node equipment and cloud center
E. Repeating the steps A-D until all the edge node devices and the cloud center complete the bidirectional identity authentication and key negotiation.
And step S5, finishing authentication among a plurality of edge node devices of the transformer substation according to the key obtained in the step S3, and specifically comprising the following steps:
a. for a plurality of edge node devices of a transformer substation, two edge node devices VIDs are selected at will EN1 and VIDEN2
b. When the edge node device VID EN1 Receiving an edge node device VID EN2 After broadcasting information of (a), the edge node device VID EN1 To an edge node device VID EN2 Sending an authentication request: the random numbers x and y are chosen to be chosen, acquiring current timestamp information t EN1 Constructing related parameters of the session key kk; the identity information and the current time stamp of the selfSolid t EN1 Cascading the related parameters of the session key kk, encrypting by adopting a system public key, and taking the encrypted information as original information; signing the original information to obtain signature information, and transmitting the original information and the signature information together to an edge node device VID EN2
X=xP 2
Y=yP 2
Y'=Y+xPK pub-EN2
Wherein X is a first key; y is a second key; y' is identity verification parameter; PK (PK) pub-EN2 Authenticating a public key of a server for the edge node;
send to the edge node device VID EN2 Is expressed as { resq||sign } EN1 ||PK pub-EN2 (VID EN1 ||VID EN2 ||t EN1 I X I Y') }, wherein Resq is a request message received by the edge node device, sign EN1 PK for signature information of edge node devices pub-EN2 () Authenticating a public key of a server for the edge node;
c. edge node device VID EN2 After receiving the message, judging the type of the message according to the Resq, decrypting the received information, and checking the freshness of the timestamp information: if the authentication is not passed, rejecting the VID EN1 The identity mark is added into a trust list of the user; if the authentication is passed, the edge node device VID EN2 VID of edge node equipment EN1 Adding the related information of the (B) to a trust list of the (B) and carrying out the subsequent steps;
d. edge node device VID EN2 Calculate a second key Y "and a session key kk, where Y" =y' -s EN2 X,kk=H 3 (Y”),s EN2 Signing information for the node device, thereby obtaining a session key; encrypting the time stamp information t using the obtained session key EN1 And current timestamp information t EN2 And together with its own signature and request response Resqr to the edge node device VID EN1 The method comprises the steps of carrying out a first treatment on the surface of the The transmitted message is expressed as { Resqr||sign EN2 ||E kk (t EN1 ||t EN2 )},E kk () Indicating receipt using session key encryptionIs a time stamp of (2);
e. edge node device VID EN1 Verifying the VID of the edge node device according to the received information EN2 Identity legitimacy of (a): calculating the session key kk to kk=h 3 (Y ") decrypting the received message by means of the calculated session key and verifying the edge node device VID by verifying the freshness of the timestamp information EN2 Identity legitimacy of (a): if the authentication is not passed, the authentication is not added to the self-trust list; if the authentication is passed, the edge node device VID EN1 VID of edge node equipment EN2 Adding the related information of the (a) to a trust list of the (b) and simultaneously saving a session key kk for subsequent communication; completion of edge node device VID EN1 And an edge node device VID EN2 Two-way identity authentication and key negotiation between the two;
f. and c, repeating the steps a-e until the authentication among all edge node devices of the transformer substation is completed.
The invention also provides a system for realizing the digital substation edge computing access authentication method, which comprises a data acquisition module, an initialization module, a key generation module, an equipment authentication module and a system authentication module; the data acquisition module, the initialization module, the secret key generation module, the equipment authentication module and the system authentication module are sequentially connected in series; the data acquisition module is used for acquiring data information of the target power system and uploading the data to the initialization module; the initialization module is used for initializing the key generation system according to the received data and uploading the data to the key generation module; the key generation module is used for generating respective pseudo identities according to the received data, and sending the pseudo identities to the key generation system; the key generation system generates a corresponding key according to the received data and uploads the data to the equipment authentication module; the device authentication module is used for completing the authentication of the edge node device according to the received data and uploading the data to the system authentication module; and the system authentication module is used for completing authentication among a plurality of edge node devices of the substation according to the received data, and finally completing access authentication of digital substation edge calculation.
According to the digital substation edge computing access authentication method and system, the device access authentication under the current power system edge computing environment is realized through the innovative device access authentication mode, and the reliability and the safety are high; the invention solves the problems of network security and low efficiency caused by the difficult management and distribution of the key and limited authentication resources of edge calculation in the prior art, and solves the technical problems of exposed user identity privacy, easy session tracking and difficult protection of the user privacy by anonymizing, rapidly and simply authenticating the user identity.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
FIG. 2 is a schematic diagram of functional modules of the system of the present invention.
Detailed Description
A schematic process flow diagram of the method of the present invention is shown in fig. 1: the invention discloses a digital substation edge computing access authentication method, which comprises the following steps:
s1, acquiring data information of a target power system;
s2, initializing a key generation system; the method specifically comprises the following steps:
the key generation system can be acted by a trusted third party and is used for generating private keys of end users and a plurality of edge node devices in the system;
setting algorithm parameters of an elliptic curve cryptographic algorithm, including parameters of an elliptic curve equation, equipment identity identification, a hash function and the like;
randomly selecting a system signature master key s and an information encryption master key sk; wherein s epsilon [1, q-1], sk epsilon [1, q-1], q is the order of elliptic curve in elliptic curve cryptography algorithm;
calculating to obtain system public key P of edge node equipment pub Is P pub =s·p, p is G 2 And P is prime, P pub ∈G 1 ,G 1 Is a q-order cyclic addition group; computing to obtain encryption public key PK of edge node equipment pub Is PK pub =sk·p,PK pub ∈G 2 ,G 2 Is a q-order cyclic addition group; g1 and G2 are respectively used as a system public key and an encryption private key; the system public key is used for verifying identity legitimacy, and the encryption public key is used for negotiation and encapsulation of the session key;
obtaining a system signature master key pair (s, P pub ) And an information encryption master key pair (sk, PK) pub ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein, (s, P pub ) For verifying identity legitimacy, (sk, PK) pub ) Negotiation and encapsulation for session keys;
the key generation system stores the system signature master key s and the information encryption master key sk and discloses the parameter G of the system signature master key s and the information encryption master key sk 1 、G 2 、p、q、P pub 、PK pub 、H 1 、H 2 and H3; wherein ,H1 Is a first hash function and satisfiesH 1 Employing G in signing 1 ,H 1 Employing G in encryption 2 ;H 2 Is a second hash function and->H 3 Is a third hash function and H 3 :G 2 →{0,1} * ;/>A set of random numbers generated for the pseudo-random number generator;
s3, the edge node equipment and the terminal equipment generate respective pseudo identities and send the pseudo identities to a key generation system; the key generation system generates a corresponding key according to the received data; the method specifically comprises the following steps:
when the edge node equipment and the terminal equipment access the network, firstly, a key pair is required to be obtained from a key generation system of a security domain where the edge node equipment and the terminal equipment are located according to a pseudo identity mark provided by the edge node equipment and the terminal equipment, and the key pair is used for identity verification, message encryption and key negotiation;
generating a pseudo-identity VID for a terminal device U And send to the key generation system; pseudo identity VID U The method comprises the following steps:
the pseudo identity VID is calculated by the following formula U
VID U =H 1 (r ID ||ID U )
in the formula rID Random number generated for terminal equipment and method thereofID U Is an edge node device; r is (r) ID ||ID U Parameters representing identity generation; in this step H 1 () Is a process of building identity, and H in formulas one and two 1 () The main purpose is to identify the identity by the private key, so that a checking parameter is added;
the key generation system generates a pseudo random number r U and rkU And calculating to obtain a terminal equipment signature private key s U And an encryption private key sk U; wherein ,the method specifically comprises the following steps:
calculating to obtain a terminal equipment signature private key s U Is s U =r U +sH 1 (VID U ,R U )P pub The method comprises the steps of carrying out a first treatment on the surface of the Simultaneously, an encryption private key sk is obtained through calculation U Is sk U =rk U +skH 1 (VID U ,RK U )PK pub
Will key pair(s) U ,r U) and (skU ,rk U ) Transmitting the information to terminal equipment through a secure channel;
the terminal device checks whether the following two formulas are established:
formula one: s is(s) U P 1 =R U +H 1 (VID U ,R U )P pub
Formula II: sk (sk) U P 2 =Rk U +H 1 (VID U ,Rk U )PK pub
If the first and second formulas are established at the same time, the correctness of the private key is verified; otherwise, the private key is not correct; wherein P is 1 For q-order cyclic addition group G 1 Is the generator, P 2 For q-order cyclic addition group G 2 Is a generator of (1); h 1 () Is a one-way hash function; r is R U and RkU Is the inspection parameter and R U =r U P 1 ;RK U =rk U P 2
S4, finishing authentication of the edge node equipment according to the secret key obtained in the step S3; the method specifically comprises the following steps:
in an edge computing environment, edge node equipment provides high-efficiency low-delay service for terminal equipment through application resources distributed by a cloud center; when the edge node equipment is accessed to the network for the first time, an authentication request needs to be sent to the cloud center, and the bidirectional identity authentication between the edge node equipment and the cloud center is completed; when the edge node equipment wants to access the network, firstly, sending an access request to a cloud center and negotiating a session key by both sides;
A. any edge node device sends an authentication request to the cloud center: the edge node equipment acquires the current time stamp information t EN Cascading with the identity information of the user to serve as the original information; signing the original information to obtain signature information; encrypting the original information by adopting a system public key and sending the encrypted original information to a cloud center;
B. the cloud center verifies the received information and signature information: the cloud center decrypts the received information and verifies the time stamp information t according to the signature information EN Freshness of (3); if the verification is not passed, the received information is not sent to the edge node equipment; if the verification is passed, selecting random numbers m and n, acquiring current time stamp information t c Constructing a session key parameter; identity information of the cloud center and current time stamp information t c And can (C)The key parameter is used as the original information, the original information is encrypted by the system public key and then signed to obtain the signature information; the cloud center sends the original information and the signature information to the edge node equipment;
M=mP 2
N=nP 2
N'=N+mPK pub-EN
wherein M is a first key; n is a second key; p (P) 2 Generating elements of a q-order cyclic addition group on the elliptic curve; n' is identity verification parameter; PK (PK) pub-EN Authenticating a public key of the server for the center;
information data sent by edge node equipment to cloud center is expressed as { Sign } EN ||PK C (VID EN ||VID C ||t EN )},Sign EN PK for signature information of edge node devices C () Locally authenticating a server public key for an edge node, VID EN VID for edge node devices C The method is characterized in that the method is central equipment identity information, and I is an OR operator;
the information data sent by the cloud center to the edge node equipment is expressed as Sign C ||PK pub-EN (VID EN ||VID C ||t EN ||t c I M I N'), wherein Sign is C PK for cloud-centric signature information pub-EN () A public key of the cloud center server;
C. the edge node equipment verifies the received information and signature information: the edge node device decrypts the received information and verifies the time stamp information t c Freshness of (3); if the verification fails, the edge node authentication is determined to be not passed; if the verification passes, a second key parameter N '=N' -s is calculated EN M, and calculates the first session key k as k=h 3 (N”),H 3 () Is G 2 A specified hash function; the edge node device uses the first session key k to time stamp information t EN and tc Encrypting and sending back to the cloud center for confirmation; the transmitted information is represented as { E } k (t c ||t EN)}, wherein Ek () Encrypting the received timestamp for use with the session key;
D. the cloud center decrypts the received information and verifies the freshness of the time stamp; if the authentication fails, the two-way identity authentication fails; if the authentication is passed, the first session key is used as a key for subsequent communication; finishing bidirectional identity authentication and key negotiation between current edge node equipment and cloud center
E. Repeating the steps A-D until all the edge node equipment and the cloud center complete the bidirectional identity authentication and key negotiation;
s5, according to the key obtained in the step S3, authentication among a plurality of edge node devices of the substation is completed, and finally access authentication of digital substation edge calculation is completed; the method specifically comprises the following steps:
edge node equipment in the edge computing environment has the characteristic of multi-form existence, and single edge node equipment can be used for providing service for the edge side with low resource requirements; for the edge side with high resource demand, a plurality of edge node devices can be deployed, and a distributed deployment mode is used for cooperatively providing computing and storage services for terminal devices; to ensure the credibility of a plurality of cooperative edge node devices, a trust list needs to be established between the edge devices in the same security domain; in the network initialization stage, each device applies for its own private key pair from the key generation system; the edge node equipment qualitatively initiates broadcasting containing identity information to the whole network, and other edge node equipment searches whether the local trust list has the equipment or not and whether the local trust list and the equipment are in the same trust domain or not when receiving the broadcasting; if the device is not in the trust list and the same trust domain is satisfied, sending an authentication request to a broadcast sender;
a. for a plurality of edge node devices of a transformer substation, two edge node devices VIDs are selected at will EN1 and VIDEN2
b. When the edge node device VID EN1 Receiving an edge node device VID EN2 After broadcasting information of (a), the edge node device VID EN1 To an edge node device VID EN2 Sending an authentication request: the random numbers x and y are chosen to be chosen, acquiring current timestamp information t EN1 Constructing related parameters of the session key kk; the identity information of the user and the current time stamp are filled with solid t EN1 Cascading the related parameters of the session key kk, encrypting by adopting a system public key, and taking the encrypted information as original information; signing the original information to obtain signature information, and transmitting the original information and the signature information together to an edge node device VID EN2
X=xP 2
Y=yP 2
Y'=Y+xPK pub-EN2
Wherein X is a first key; y is a second key; y' is identity verification parameter; PK (PK) pub-EN2 Authenticating a public key of a server for the edge node;
send to the edge node device VID EN2 Is expressed as { resq||sign } EN1 ||PK pub-EN2 (VID EN1 ||VID EN2 ||t EN1 I X I Y') }, wherein Resq is request information received by the edge node device, sign EN1 PK for signature information of edge node devices pub-EN2 () Authenticating a public key of a server for the edge node;
c. edge node device VID EN2 After receiving the message, judging the type of the message according to the Resq, decrypting the received information, and checking the freshness of the timestamp information: if the authentication is not passed, rejecting the VID EN1 The identity mark is added into a trust list of the user; if the authentication is passed, the edge node device VID EN2 VID of edge node equipment EN1 Adding the related information of the (B) to a trust list of the (B) and carrying out the subsequent steps;
d. edge node device VID EN2 Calculate a second key Y "and a session key kk, where Y" =y' -s EN2 X,kk=H 3 (Y”),s EN2 Signing information for the node device, thereby obtaining a session key; encrypting the time stamp information t using the obtained session key EN1 And the current timeStamp information t EN2 And together with its own signature and request response Resqr to the edge node device VID EN1 The method comprises the steps of carrying out a first treatment on the surface of the The transmitted message is expressed as { Resqr||sign EN2 ||E kk (t EN1 ||t EN2 )},E kk () Means encrypting the received timestamp using the session key;
e. edge node device VID EN1 Verifying the VID of the edge node device according to the received information EN2 Identity legitimacy of (a): calculating the session key kk to kk=h 3 (Y ") decrypting the received message by means of the calculated session key and verifying the edge node device VID by verifying the freshness of the timestamp information EN2 Identity legitimacy of (a): if the authentication is not passed, the authentication is not added to the self-trust list; if the authentication is passed, the edge node device VID EN1 VID of edge node equipment EN2 Adding the related information of the (a) to a trust list of the (b) and simultaneously saving a session key kk for subsequent communication; completion of edge node device VID EN1 And an edge node device VID EN2 Two-way identity authentication and key negotiation between the two;
f. repeating the steps a-e until authentication among all edge node devices of the transformer substation is completed;
through the steps, identity authentication and session key negotiation can be completed between edge node devices in the same trust domain, and the session key is saved for subsequent communication encryption; if new edge node equipment appears again in the same trust domain, the process is carried out to establish trusted authentication, and the new edge node equipment information is stored in a local trust list.
FIG. 2 is a schematic diagram of functional modules of the system of the present invention: the system for realizing the digital substation edge computing access authentication method comprises a data acquisition module, an initialization module, a key generation module, an equipment authentication module and a system authentication module; the data acquisition module, the initialization module, the secret key generation module, the equipment authentication module and the system authentication module are sequentially connected in series; the data acquisition module is used for acquiring data information of the target power system and uploading the data to the initialization module; the initialization module is used for initializing the key generation system according to the received data and uploading the data to the key generation module; the key generation module is used for generating respective pseudo identities according to the received data, and sending the pseudo identities to the key generation system; the key generation system generates a corresponding key according to the received data and uploads the data to the equipment authentication module; the device authentication module is used for completing the authentication of the edge node device according to the received data and uploading the data to the system authentication module; and the system authentication module is used for completing authentication among a plurality of edge node devices of the substation according to the received data, and finally completing access authentication of digital substation edge calculation.

Claims (8)

1. A digital substation edge computing access authentication method comprises the following steps:
s1, acquiring data information of a target power system;
s2, initializing a key generation system;
s3, the edge node equipment and the terminal equipment generate respective pseudo identities and send the pseudo identities to a key generation system; the key generation system generates a corresponding key according to the received data;
s4, finishing authentication of the edge node equipment according to the secret key obtained in the step S3;
s5, according to the key obtained in the step S3, authentication among a plurality of edge node devices of the substation is completed, and finally access authentication of digital substation edge calculation is completed.
2. The method for authenticating the edge computing access of the digital substation according to claim 1, wherein the initializing the key generating system in step S2 specifically comprises the following steps:
setting algorithm parameters of an elliptic curve cryptographic algorithm;
randomly selecting a system signature master key s and an information encryption master key sk; wherein s epsilon [1, q-1], sk epsilon [1, q-1], q is the order of elliptic curve in elliptic curve cryptography algorithm;
calculating to obtain system public key P of edge node equipment pub Is P pub S.p, P is generator and P is prime, P pub ∈G 1 ,G 1 Is a q-order cyclic addition group; computing to obtain encryption public key PK of edge node equipment pub Is PK pub =sk·p,PK pub ∈G 2 ,G 2 Is a q-order cyclic addition group; g 1 and G2 As a system public key and an encryption public key, respectively.
Obtaining a system signature master key pair (s, P pub ) And an information encryption master key pair (sk, PK) pub ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein, (s, P pub ) For verifying identity legitimacy, (sk, PK) pub ) Negotiation and encapsulation for session keys;
the key generation system stores the system signature master key s and the information encryption master key sk and discloses the parameter G of the system signature master key s and the information encryption master key sk 1 、G 2 、p、q、P pub 、PK pub 、H 1 、H 2 and H3; wherein ,H1 Is a first hash function and satisfies H 1 :H 1 Employing G in signing 1 ,H 1 Employing G in encryption 2 ;H 2 Is a second hash function and H 2 :/>H 3 Is a third hash function and H 3 :G 2 →{0,1} * ;/>A set of random numbers generated for a pseudo-random number generator.
3. The method for authenticating the edge computing access of the digital substation according to claim 2, wherein the edge node device and the terminal device in step S3 generate respective pseudo identities and send the pseudo identities to the key generation system; the key generation system generates a corresponding key according to the received data, and specifically comprises the following steps:
generating a pseudo-identity VID for a terminal device U And send to the key generation system;
the key generation system generates a pseudo random number r U and rkU And calculating to obtain a terminal equipment signature private key s U And an encryption private key sk U; wherein ,
will key pair(s) U ,r U) and (skU ,rk U ) Transmitting the information to terminal equipment through a secure channel;
the terminal device checks whether the following two formulas are established:
formula one: s is(s) U P 1 =R U +H 1 (VID U ,R U )P pub
Formula II: sk (sk) U P 2 =Rk U +H 1 (VID U ,Rk U )PK pub
If the first and second formulas are established at the same time, verifying the correctness of the private key; otherwise, the private key is not correct; wherein P is 1 For q-order cyclic addition group G 1 Is the generator, P 2 For q-order cyclic addition group G 2 Is a generator of (1); h 1 () Is a one-way hash function; r is R U and RkU Is a test parameter, and R U =r U P 1 ;RK U =rk U P 2
4. A digital substation edge computing access authentication method according to claim 3, characterized in that said pseudo-identity VID U The method specifically comprises the following steps:
the pseudo identity VID is calculated by the following formula U
VID U =H 1 (r ID ||ID U )
in the formula rID Random number generated for terminal equipment and method thereofID U Is an edge node device; r is (r) ID ||ID U Generating parameters for identity.
5. The method for digital substation edge computing access authentication according to claim 4, wherein said computing obtains a terminal device signature private key s U And an encryption private key sk U The method specifically comprises the following steps:
calculating to obtain a terminal equipment signature private key s U Is s U =r U +sH 1 (VID U ,R U )P pub The method comprises the steps of carrying out a first treatment on the surface of the Simultaneously, an encryption private key sk is obtained through calculation U Is sk U =rk U +skH 1 (VID U ,RK U )PK pub
6. The method for authenticating the edge computing access of the digital substation according to claim 5, wherein the key obtained in step S3 in step S4 completes the authentication of the edge node device, and specifically comprises the following steps:
A. any edge node device sends an authentication request to the cloud center: the edge node equipment acquires the current time stamp information t EN Cascading with the identity information of the user to serve as the original information; signing the original information to obtain signature information; encrypting the original information by adopting a system public key and sending the encrypted original information to a cloud center;
B. the cloud center verifies the received information and signature information: the cloud center decrypts the received information and verifies the time stamp information t according to the signature information EN Freshness of (3); if the verification is not passed, the received information is not sent to the edge node equipment; if the verification is passed, selecting random numbers m and n, acquiring current time stamp information t c Constructing a session key parameter; identity information of the cloud center and current time stamp information t c The session key parameter is used as the original information, and the signature message is obtained after the original information is encrypted by the system public key; the cloud center sends the original information and the signature information to the edge node equipment;
M=mP 2
N=nP 2
N'=N+mPK pub-EN
wherein M is a first key; n is a second key; p (P) 2 Generating elements of a q-order cyclic addition group on the elliptic curve; n' is identity verification parameter; PK (PK) pub-EN Authenticating a public key of the server for the center;
information data sent by edge node equipment to cloud center is expressed as { Sign } EN ||PK C (VID EN ||VID C ||t EN )},Sign EN PK for signature information of edge node devices C () VID for a public key of an edge node local authentication server EN VID for edge node devices C The cloud center equipment identity information is cloud center equipment identity information, and I is an OR operator;
the information data sent by the cloud center to the edge node equipment is expressed as Sign C ||PK pub-EN (VID EN ||VID C ||t EN ||t c I M I N'), wherein Sign is C PK for cloud-centric signature information pub-EN () A public key of the cloud center server;
C. the edge node equipment verifies the received information and signature information: the edge node device decrypts the received information and verifies the time stamp information t c Freshness of (3); if the verification fails, the edge node authentication is determined to be not passed; if the verification is passed, a second public key parameter N '=N' -s is calculated EN M, and calculates the first session key k as k=h 3 (N”),H 3 () Is G 2 A specified hash function; the edge node device uses the first session key k to time stamp information t EN and tc Encrypting and sending back to the cloud center for confirmation; the transmitted information is represented as { E } k (t c ||t EN)}, wherein Ek () Encrypting the received timestamp for use with the session key;
D. the cloud center decrypts the received information and verifies the freshness of the time stamp; if the authentication fails, the two-way identity authentication fails; if the authentication is passed, the first session key is used as a key for subsequent communication; finishing bidirectional identity authentication and key negotiation between current edge node equipment and cloud center
E. Repeating the steps A-D until all the edge node devices and the cloud center complete the bidirectional identity authentication and key negotiation.
7. The method for authenticating the edge computing access of the digital substation according to claim 6, wherein the key obtained in step S3 in step S5 completes authentication among a plurality of edge node devices of the substation, and specifically comprises the following steps:
a. for a plurality of edge node devices of a transformer substation, two edge node devices VIDs are selected at will EN1 and VIDEN2
b. When the edge node device VID EN1 Receiving an edge node device VID EN2 After broadcasting information of (a), the edge node device VID EN1 To an edge node device VID EN2 Sending an authentication request: the random numbers x and y are chosen to be chosen, acquiring current timestamp information t EN1 Constructing related parameters of the session key kk; the identity information of the user and the current time stamp are filled with solid t EN1 Cascading the related parameters of the session key kk, encrypting by adopting a system public key, and taking the encrypted information as original information; signing the original information to obtain signature information, and transmitting the original information and the signature information to the edge node togetherDevice VID EN2
X=xP 2
Y=yP 2
Y'=Y+xPK pub-EN2
Wherein X is a first key; y is a second key; y' is identity verification parameter; PK (PK) pub-EN2 Authenticating a public key of a server for the edge node;
send to the edge node device VID EN2 Is expressed as { resq||sign } EN1 ||PK pub-EN2 (VID EN1 ||VID EN2 ||t EN1 I X I Y') }, wherein Resq is request information received by the edge node device, sign EN1 PK for signature information of edge node devices pub-EN2 () Authenticating a public key of a server for the edge node;
c. edge node device VID EN2 After receiving the message, judging the type of the message according to the Resq, decrypting the received information, and checking the freshness of the timestamp information: if the authentication is not passed, rejecting the VID EN1 The identity identifier is added into a trust list of the identity identifier; if the authentication is passed, the edge node device VID EN2 VID of edge node equipment EN1 Adding the related information of the (B) to a trust list of the (B) and carrying out the subsequent steps;
d. edge node device VID EN2 Calculate a second key Y "and a session key kk, where Y" =y' -s EN2 X,kk=H 3 (Y”),s EN2 Signing information for the node device, thereby obtaining a session key; encrypting the time stamp information t using the obtained session key EN1 And current timestamp information t EN2 And together with its own signature and request response Resqr to the edge node device VID EN1 The method comprises the steps of carrying out a first treatment on the surface of the The transmitted message is expressed as { Resqr||sign EN2 ||E kk (t EN1 ||t EN2 )},E kk () Indicating the time stamp received by the session key encryption;
e. edge node device VID EN1 Verifying the VID of the edge node device according to the received information EN2 Identity legitimacy of (a): calculating the session key kk to kk=h 3 (Y') sessions obtained by calculationThe key decrypts the received message and verifies the edge node device VID by verifying the freshness of the timestamp information EN2 Identity legitimacy of (a): if the authentication is not passed, the authentication is not added to the trust list of the user; if the authentication is passed, the edge node device VID EN1 VID of edge node equipment EN2 Adding the related information of the (a) to a trust list of the (b) and simultaneously saving a session key kk for subsequent communication; completion of edge node device VID EN1 And an edge node device VID EN2 Two-way identity authentication and key negotiation between the two;
f. and c, repeating the steps a-e until the authentication among all edge node devices of the transformer substation is completed.
8. A system for implementing the digital substation edge computing access authentication method according to any one of claims 1 to 7, comprising a data acquisition module, an initialization module, a key generation module, a device authentication module and a system authentication module; the data acquisition module, the initialization module, the secret key generation module, the equipment authentication module and the system authentication module are sequentially connected in series; the data acquisition module is used for acquiring data information of the target power system and uploading the data to the initialization module; the initialization module is used for initializing the key generation system according to the received data and uploading the data to the key generation module; the key generation module is used for generating respective pseudo identities according to the received data, and sending the pseudo identities to the key generation system; the key generation system generates a corresponding key according to the received data and uploads the data to the equipment authentication module; the device authentication module is used for completing the authentication of the edge node device according to the received data and uploading the data to the system authentication module; and the system authentication module is used for completing authentication among a plurality of edge node devices of the substation according to the received data, and finally completing access authentication of digital substation edge calculation.
CN202311105208.5A 2023-08-30 2023-08-30 Digital substation edge computing access authentication method and system Pending CN116996321A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311105208.5A CN116996321A (en) 2023-08-30 2023-08-30 Digital substation edge computing access authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311105208.5A CN116996321A (en) 2023-08-30 2023-08-30 Digital substation edge computing access authentication method and system

Publications (1)

Publication Number Publication Date
CN116996321A true CN116996321A (en) 2023-11-03

Family

ID=88532120

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311105208.5A Pending CN116996321A (en) 2023-08-30 2023-08-30 Digital substation edge computing access authentication method and system

Country Status (1)

Country Link
CN (1) CN116996321A (en)

Similar Documents

Publication Publication Date Title
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
CN110971415B (en) Space-ground integrated space information network anonymous access authentication method and system
Cao et al. Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network
Zhang et al. Privacy-preserving communication and power injection over vehicle networks and 5G smart grid slice
Garg et al. An efficient blockchain-based hierarchical authentication mechanism for energy trading in V2G environment
Deng et al. Threshold and identity-based key management and authentication for wireless ad hoc networks
CN107707360B (en) Heterogeneous polymerization signcryption method in Internet of things environment
CN100558035C (en) A kind of mutual authentication method and system
CN104219056A (en) Privacy protection type real-time electric charge collecting method for intelligent power grid
CN107493165B (en) Internet of vehicles authentication and key agreement method with strong anonymity
CN109756877B (en) Quantum-resistant rapid authentication and data transmission method for massive NB-IoT (NB-IoT) equipment
CN108521401B (en) Method for enhancing safety of MANET network of unmanned aerial vehicle
CN105163309A (en) Method for secure communication of wireless sensor network based on combined password
CN114398602B (en) Internet of things terminal identity authentication method based on edge calculation
CN112804356B (en) Block chain-based networking equipment supervision authentication method and system
CN103929745A (en) Wireless MESH network access authentication system and method based on privacy protection
CN107294696A (en) For the full homomorphism method for distributing key of Leveled
CN105450623A (en) Access authentication method of electric automobile
Lin et al. Flexible group key management and secure data transmission in mobile device communications using elliptic curve Diffie-Hellman cryptographic system
CN114531680A (en) Lightweight IBC bidirectional identity authentication system and method based on quantum key
Lai et al. SPGS: a secure and privacy‐preserving group setup framework for platoon‐based vehicular cyber‐physical systems
Da et al. Cloud-assisted road condition monitoring with privacy protection in vanets
Yan et al. A certificateless efficient and secure group handover authentication protocol in 5G enabled vehicular networks
CN112822018B (en) Mobile equipment security authentication method and system based on bilinear pairings
CN116996321A (en) Digital substation edge computing access authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination