CN117915320A - TEE remote verification method, device, equipment and storage medium - Google Patents
TEE remote verification method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117915320A CN117915320A CN202410101014.6A CN202410101014A CN117915320A CN 117915320 A CN117915320 A CN 117915320A CN 202410101014 A CN202410101014 A CN 202410101014A CN 117915320 A CN117915320 A CN 117915320A
- Authority
- CN
- China
- Prior art keywords
- target
- authentication
- iot
- verification
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 286
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000012545 processing Methods 0.000 claims description 64
- 238000000586 desensitisation Methods 0.000 claims description 40
- 238000004422 calculation algorithm Methods 0.000 claims description 26
- 230000007246 mechanism Effects 0.000 description 16
- 230000006870 function Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 238000004364 calculation method Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 7
- 238000013461 design Methods 0.000 description 7
- 238000013175 transesophageal echocardiography Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000013507 mapping Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/04—Large scale networks; Deep hierarchical networks
- H04W84/08—Trunked mobile radio systems
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method, a device, equipment and a storage medium for remote verification of a TEE, which relate to the technical field of computers and are used for reducing the occupation amount of resources and improving the remote verification efficiency when the TEE of mass IoT equipment is remotely verified, and comprise the following steps: acquiring a first random number of a target IoT device, and determining a group credential of the target IoT device based on the first random number of the target IoT device and the target certificate; dividing the plurality of IoT devices into a plurality of device groups based on the group credentials of each IoT device; determining at least one verification device corresponding to each device group to obtain a verification device cluster; determining a target data set, and determining a first verification parameter and a second verification parameter corresponding to each equipment group based on the target data set; and when the first verification parameter and the second verification parameter corresponding to the target equipment group are consistent, determining that the TEE remote verification of each IoT equipment included in the target equipment group is passed.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a TEE remote verification method, apparatus, device, and storage medium.
Background
With the continuous development of fifth generation mobile communication technology (5th Generation Mobile Communication Technology,5G), edge computing, smart home and other technologies, the internet of things (Internet of Things, ioT) device becomes one of the infrastructures for realizing ubiquitous networks and ubiquitous computing, and for importance of data security, secret computing based on trusted execution environment (Trusted Execution Environment, TEE) is a mainstream solution at present. Since the TEE is integrated within a central processor (Central Processing Unit, CPU) employing an advanced reduced instruction set machine (ADVANCED RISC MACHINE, ARM) architecture within a large number of IoT devices, small-scale confidential computing capabilities may be provided. The different remote mechanisms typically employ a centralized authentication mechanism and a large number of network connections attached to individual devices and remote authentication servers require that all IoT devices complete authentication by connecting to an operator-provided TEE remote authentication server.
However, ioT devices have the characteristics of massive and centralized requests, and the centralized remote authentication module may be accessed by the massive devices at the same time, so that network resources thereof are occupied instantaneously and largely, thereby causing overload of the remote authentication service, which results in the problems that the service cannot be provided normally and confidential calculation cannot be executed. Meanwhile, the operator remote verification service of the IoT device and the acquired remote verification report cannot mutually recognize and communicate, so that the identity between the IoT devices cannot be cross-verified, and confidential calculation cannot be actually executed. Therefore, when the TEE of the mass IoT device is remotely verified in the connection scene of the mass IoT device, the resource occupation amount is large, and the remote verification efficiency is low.
Disclosure of Invention
The application provides a method, a device, equipment and a storage medium for remote authentication of a TEE (terminal equipment), which are used for reducing the occupation amount of resources and improving the remote authentication efficiency when the TEE of a mass IoT device is remotely authenticated in a connection scene of the mass IoT device.
In order to achieve the above purpose, the application adopts the following technical scheme:
In a first aspect, a TEE remote authentication method is provided, the TEE remote authentication method being applied to a blockchain, the method comprising: under the condition that a remote verification request sent by a target internet of things (IoT) device is received, acquiring a first random number of the target IoT device, and determining a group credential of the target IoT device based on the first random number of the target IoT device and a target certificate of the target IoT device, wherein the target IoT device is any one of a plurality of IoT devices, and the target certificate of the target IoT device is acquired from a TEE operator; dividing the plurality of IoT devices into a plurality of device groups based on the group credentials of each of the plurality of IoT devices, each device group of the plurality of device groups including at least one IoT device of the plurality of IoT devices; determining at least one verification device corresponding to each device group according to each device group in the plurality of device groups to obtain a verification device cluster, wherein the verification device cluster comprises a plurality of verification devices; determining a target data set, and determining a first verification parameter and a second verification parameter corresponding to each of a plurality of device groups based on the target data set, wherein the target data set comprises: a second random number corresponding to each of the plurality of authentication devices, a remote authentication credential corresponding to each of the plurality of device groups, a first desensitization authentication credential, a second desensitization authentication credential, and a grouping credential for each of the plurality of IoT devices; for a target device group of the multiple device groups, when the first verification parameter and the second verification parameter corresponding to the target device group are determined to be identical, determining that the TEE remote verification of each IoT device included in the target device group passes, wherein the target device group is any device group of the multiple device groups.
In one possible implementation, the method further includes: receiving a trusted execution environment TEE registration request sent by a target IoT device, and authenticating the target IoT device to a TEE operator based on the TEE registration request, the TEE registration request comprising: basic information and verification credentials of the target IoT device, the verification credentials obtained from the TEE operator for the target IoT device; receiving a target certificate of a target IoT device sent by a TEE operator, and determining a hash digest of the target certificate as a first identification credential of the target IoT device; the target certificate includes at least one of: the basic information, the digital signature and the third random number R C of the target IoT device, wherein the third random number R C is used for updating the target certificate of the target IoT device; the target certificate is sent to the target IoT device, and TEE registration of the target IoT device on the blockchain is completed.
In one possible implementation, determining the group credential of the target IoT device based on the first random number of the target IoT device and the target credential of the target IoT device comprises: adding the first random number of the target IoT device to the target certificate to obtain an updated target certificate, and generating a first desensitization verification credential of the target IoT device on the blockchain side based on the first identification credential and the first random number of the target IoT device; based on the updated target certificate, a hash digest of the updated target certificate is determined as a packet credential of the target IoT device.
In one possible implementation, dividing the plurality of IoT devices into a plurality of device groups based on the group credential of each of the plurality of IoT devices comprises: randomly determining a target position from the character string corresponding to the grouping certificate; for each of a plurality of IoT devices, obtaining a character of a target location from a character string corresponding to a group credential of each IoT device; the plurality of IoT devices are partitioned into a plurality of device groups based on the characters of the target location in the string corresponding to the grouping credentials of each IoT device.
In one possible implementation manner, for each device group in the plurality of device groups, determining at least one verification device corresponding to each device group, to obtain a verification device cluster, including: determining at least one accounting node from the blockchain based on a blockchain consensus algorithm, and determining at least one preselected device group corresponding to the at least one accounting node from a plurality of device groups; determining a plurality of IoT devices from all IoT devices included in at least one preselected device group as a plurality of authentication devices, and obtaining an authentication device cluster; a correspondence relationship between each of the plurality of authentication devices and each of the plurality of device groups is determined.
In one possible implementation, determining a target data set, and determining a first verification parameter and a second verification parameter corresponding to each of a plurality of device groups based on the target data set includes: determining a second random number corresponding to each verification device in the plurality of verification devices, wherein the second random number corresponding to each verification device is different; receiving a remote authentication credential corresponding to each device group sent by each of a plurality of authentication devices, wherein one device group corresponds to one remote authentication credential; determining, for each device group included in at least one device group corresponding to each authentication device, a first authentication parameter corresponding to each device group based on a first desensitization authentication credential and a grouping credential for each IoT device included in each device group, and a second random number corresponding to each authentication device; a second authentication parameter corresponding to each device group is determined based on the second desensitized authentication credentials for each IoT device included in each device group, the second random number R T corresponding to each authentication device, the remote authentication credentials corresponding to each device group.
In a second aspect, there is provided a TEE remote authentication apparatus, the TEE remote authentication apparatus comprising: an acquisition unit and a processing unit; an obtaining unit, configured to obtain a first random number of a target IoT device when a remote authentication request sent by the target IoT device is received; a processing unit configured to determine a group credential of a target IoT device, based on a first random number of the target IoT device and a target certificate of the target IoT device, the target IoT device being any one of a plurality of IoT devices, the target certificate of the target IoT device being obtained from a TEE operator; the apparatus further includes a processing unit to divide the plurality of IoT devices into a plurality of device groups based on the group credential of each of the plurality of IoT devices, each device group of the plurality of device groups including at least one IoT device of the plurality of IoT devices; the processing unit is further used for determining at least one verification device corresponding to each device group according to each device group in the plurality of device groups to obtain a verification device cluster, wherein the verification device cluster comprises a plurality of verification devices; the processing unit is further configured to determine a target data set, and determine a first verification parameter and a second verification parameter corresponding to each device group in the plurality of device groups based on the target data set, where the target data set includes: a second random number corresponding to each of the plurality of authentication devices, a remote authentication credential corresponding to each of the plurality of device groups, a first desensitization authentication credential, a second desensitization authentication credential, and a grouping credential for each of the plurality of IoT devices; the processing unit is further configured to determine, for a target device group of the multiple device groups, that TEE remote authentication of each IoT device included in the target device group passes when it is determined that the first authentication parameter and the second authentication parameter corresponding to the target device group are identical, where the target device group is any device group of the multiple device groups.
In one possible implementation, the TEE remote authentication apparatus further includes: a transmitting unit; the acquisition unit is also used for receiving a TEE registration request sent by the target IoT device; the processing unit is further configured to authenticate the target IoT device to the TEE operator based on a TEE registration request, the TEE registration request comprising: basic information and verification credentials of the target IoT device, the verification credentials obtained from the TEE operator for the target IoT device; an acquisition unit further configured to receive a target certificate of a target IoT device sent by a TEE operator; a processing unit further to determine a hash digest of the target certificate as a first identification credential of the target IoT device; the target certificate includes at least one of: basic information of the target IoT device, a digital signature, a third random number, the third random number used to update a target certificate of the target IoT device; and the sending unit is used for sending the target certificate to the target IoT device and finishing the TEE registration of the target IoT device on the blockchain.
In one possible implementation manner, the processing unit is specifically configured to add the first random number of the target IoT device to the target certificate to obtain an updated target certificate, and generate a first desensitization authentication credential of the target IoT device on the blockchain side based on the first identification credential and the first random number of the target IoT device; the processing unit is specifically further configured to determine, based on the updated target certificate, a hash digest of the updated target certificate as a packet credential of the target IoT device.
In one possible implementation manner, the processing unit is specifically configured to randomly determine a target position from a character string corresponding to the grouping credential; the acquiring unit is specifically configured to acquire, for each IoT device in the plurality of IoT devices, a character of the target position from a character string corresponding to the group credential of each IoT device; the processing unit is specifically further configured to divide the IoT devices into a plurality of device groups based on the characters of the target location in the character string corresponding to the grouping credentials of each IoT device.
In one possible implementation, the processing unit is specifically configured to determine at least one accounting node from the blockchain based on a blockchain consensus algorithm, and determine at least one preselected device group corresponding to the at least one accounting node from a plurality of device groups; the processing unit is specifically further configured to determine, from all IoT devices included in the at least one preselected device group, a plurality of IoT devices as a plurality of verification devices, and obtain a verification device cluster; the processing unit is specifically further configured to determine a correspondence between each of the plurality of verification devices and each of the plurality of device groups.
In one possible implementation manner, the processing unit is specifically configured to determine a second random number corresponding to each of the plurality of verification devices, where the second random number corresponding to each verification device is different; the acquisition unit is specifically further configured to receive a remote authentication credential corresponding to each device group sent by each of the plurality of authentication devices, where one device group corresponds to one remote authentication credential; the processing unit is specifically further configured to determine, for each device group included in at least one device group corresponding to each authentication device, a first authentication parameter corresponding to each device group based on the first desensitization authentication credential and the grouping credential of each IoT device included in each device group, and the second random number corresponding to each authentication device. The processing unit is specifically further configured to determine a second authentication parameter corresponding to each device group based on the second desensitization authentication credential of each IoT device included in each device group, the second random number corresponding to each authentication device, and the remote authentication credential corresponding to each device group.
In a third aspect, an electronic device, comprising: a processor and a memory; wherein the memory is configured to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the electronic device, cause the electronic device to perform a TEE remote authentication method as in the first aspect.
In a fourth aspect, there is provided a computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computer, cause the computer to perform a TEE remote authentication method as in the first aspect.
The application provides a method, a device, equipment and a storage medium for TEE remote verification, which are applied to a TEE remote verification scene of mass IoT equipment. When the blockchain receives a remote authentication request sent by a target IoT device, the blockchain may determine a group credential of the IoT device based on the first random number R G of the target IoT device and the target certificate, such that the plurality of IoT devices may be divided into a plurality of device groups based on the group credential of each IoT device. Further, at least one verification device corresponding to each device group is determined, and all verification devices form a verification device cluster. A second random number corresponding to each authentication device, a remote authentication credential corresponding to each device group, a first desensitization authentication credential, a second desensitization authentication credential, and a grouping credential for each IoT device are then determined to determine, based on the data information, a first authentication parameter and a second authentication parameter corresponding to each device group to determine whether TEE remote authentication of each IoT device included in the device group passes based on whether the first authentication parameter and the second authentication parameter are consistent. By the method, the plurality of IoT devices can be divided into different device groups, so that whether the TEE remote authentication of the IoT devices included in each device group passes or not can be determined through the authentication device corresponding to each device group, and therefore the TEE remote authentication of a large number of IoT devices can be determined based on a small number of authentication devices. By utilizing the ideas of clustering and decentralization, the TEE remote verification of mass IoT devices is determined, so that the resource occupation amount can be reduced, and the remote verification efficiency can be improved.
Drawings
Fig. 1 is a schematic structural diagram of a TEE remote authentication system according to an embodiment of the present application;
fig. 2 is a schematic flow chart of a TEE remote verification method according to an embodiment of the present application;
Fig. 3 is a schematic flow chart II of a TEE remote verification method according to an embodiment of the present application;
Fig. 4 is a schematic structural diagram of a target certificate according to an embodiment of the present application;
Fig. 5 is a schematic flow chart III of a TEE remote verification method according to an embodiment of the present application;
fig. 6 is a schematic flow chart diagram of a TEE remote verification method according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a multiple device group architecture according to an embodiment of the present application;
fig. 8 is a schematic flow chart fifth of a TEE remote verification method according to an embodiment of the present application;
FIG. 9 is a schematic diagram of a network architecture including a plurality of device groups and a verification device cluster according to an embodiment of the present application;
Fig. 10 is a schematic diagram of a correspondence relationship between a device cluster and a device group location under 16 system verification according to an embodiment of the present application;
Fig. 11 is a flowchart sixth of a TEE remote verification method according to an embodiment of the present application;
fig. 12 is a schematic flow chart seventh of a TEE remote verification method according to an embodiment of the present application;
Fig. 13 is a schematic structural diagram of a TEE remote authentication device according to an embodiment of the present application;
fig. 14 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application.
In the description of the present application, "/" means "or" unless otherwise indicated, for example, A/B may mean A or B. "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. Further, "at least one", "a plurality" means two or more. The terms "first," "second," and the like do not limit the number and order of execution, and the terms "first," "second," and the like do not necessarily differ.
With the deep exploration of edge computing and the gradual market application, offloading of computing tasks to the edge side near IoT devices has become the basis for achieving ubiquitous network development. The computing task at the edge side emphasizes data security, and the hardware-based TEE builds a safe isolation area which is independent of the outside of the operating system and is trusted inside the chip to realize isolated calling and running of private data and algorithms, so that confidentiality and integrity protection are provided for the computing task. Typically, before a computing task is executed in a TEE, the trust of the TEE identity needs to be verified by remote verification of an operator, the process of the process can be basically unified and grouped into a "challenge-response challenge" mode, that is, a challenger initiates a remote authentication request (initiates a challenge) to a TEE environment, then the operator of the TEE environment differentiates the TEE authentication report, and returns the report to the challenger environment for report authentication (response challenge), and after verification, the TEE environment can be demonstrated to pass the remote verification. This approach uses a centralized mode, which requires keeping the network clear. Meanwhile, operators of TEE environments of IoT devices are different, CPU models are different, remote authentication mechanisms and remote authentication reports of the TEEs are also different, and therefore a large number of IoT devices need to remotely authenticate to different remote authentication service requests. However, the remote authentication services of each operator cannot be mutually communicated, and the obtained remote authentication reports cannot be mutually acknowledged, so that the mutual authentication and intercommunication of the remote authentication results are difficult to realize in a massive IoT scene, the identities among IoT devices cannot be cross-authenticated, and confidential calculation cannot be actually executed.
According to the TEE remote verification method provided by the embodiment of the application, a centralized and non-intercommunication remote verification mechanism provided by an original TEE manufacturer is replaced by using a remote verification scheme based on a blockchain, and meanwhile, a randomized and grouping clustered remote verification mode is provided for an Internet of things (IoT) device mass connection scene, so that the resource consumption rate is reduced, the safety is ensured, and the remote verification efficiency is improved.
The embodiment of the application relates to the following functional entities:
blockchain: the remote verification blockchain is used for accessing functions such as a remote verification mechanism of a TEE operator, equipment registration, certificate and verification certificate generation, equipment grouping, winning node selection, remote verification execution and the like, and managing the whole remote verification flow.
The equipment group: the method comprises the steps that massive IoT devices needing remote verification are randomly grouped according to a preset standard. The device group is a clustered grouping entity for IoT devices for performing remote authentication in the present application, the IoT devices forming the device group from self-grouping credentials.
Verifying a device cluster: a cluster of devices for generating a device group remote authentication credential. The verification device cluster is generated by a device group, and is formed by randomly extracting devices in the device group corresponding to the winning node according to a set rule after the winning node is elected by the blockchain.
Embodiments of the present application relate to the following parameters, variables and definitions: first random number R G: generating a random number of the device group credential, a second random number R T: credential processing random number, third random number Rc: randomization identification of the certificate, first identification credential Token1: the TEE registered by the device identifies the credential, the packet credential Token 2: identification credentials dividing the device group, a first desensitization authentication credentials Token D: the desensitization validation credential on the blockchain side, the second desensitization validation credential Token 3-TEE: verifying the desensitization verification credentials and target positions at the device side, wherein the target positions and the Token 4-IoT are randomly determined from the group credentials Token 2: remote authentication credentials for one IoT device, token RT: remote authentication credentials, first authentication parameters X for a group of devices: remote verification block chain verification module calculates ideal value of remote verification credentials, second verification parameter Y: the remote verification blockchain verification module parses an actual value of the remote verification credential.
The TEE remote verification method provided by the embodiment of the application can be applied to a TEE remote verification system. Fig. 1 shows a schematic structural diagram of the TEE remote authentication system. As shown in fig. 1, the TEE remote authentication system 20 includes: remote authentication blockchain 21, TEE operator 22, and IoT device 23.
The remote authentication blockchain 21 is configured to obtain a first random number R G of the IoT device 23, determine a group credential Token 2 of the target IoT device 23, and divide the IoT devices 23 into multiple device groups based on the group credential Token 2 of each IoT device 23. At least one authentication device and a target data set corresponding to each device group are further determined to determine a first authentication parameter X and a second authentication parameter Y corresponding to each device group based on the target data set, so as to determine whether TEE remote authentication of each IoT device 23 included in the device group is passed through the first authentication parameter X and the second authentication parameter Y.
The TEE operator 22 is used to provide target credentials and authentication credentials for the IoT device 23 and authenticate the target IoT device 23.
A TEE remote authentication method according to an embodiment of the present application is described below with reference to the accompanying drawings. As shown in fig. 2, the TEE remote verification method provided by the embodiment of the application is applied to a blockchain, and includes S201-S206:
s201, when a remote authentication request sent by a target IoT device is received, a first random number of the target IoT device is obtained.
Optionally, the remote authentication blockchain may collect information of all IoT devices participating in the round of authentication after receiving remote authentication requests sent by multiple IoT devices.
Optionally, the remote authentication blockchain requests, for each IoT device that sends a remote authentication request, to obtain a corresponding first random number R G for generation of the packet credential Token 2.
Optionally, the first random number R G may also be used to detect connectivity of the device network.
Optionally, the IoT device generates and transmits the first random number R G to the remote authentication blockchain and adds the first random number R G plain text to the packet identification field reserved for the corresponding target certificate.
It should be noted that, before the target IoT device sends the remote authentication request, the registration procedure of the target IoT device in the remote authentication blockchain needs to be completed.
In one design, as shown in fig. 3, the TEE remote verification method provided by the embodiment of the present application may specifically further include S301-S303:
S301, receiving a trusted execution environment TEE registration request sent by the target IoT device, and verifying the target IoT device to a TEE operator based on the TEE registration request.
Wherein the TEE registration request includes: the basic information and the proof of verification of the target IoT device, the proof of verification being obtained by the target IoT device from the TEE operator.
It should be noted that, before sending the remote authentication request, the IoT device needs to first register its TEE identifier as a device identifier with the remote authentication blockchain.
It is to be appreciated that the TEE identification is a subset of the device identifications, which may be other unique identifications that may represent the IoT device.
Optionally, before the IoT device is registered, a TEE environment verification request is first sent to a TEE operator remote verification mechanism, and a remote verification proof of the TEE operator is obtained to prove the credibility of the current TEE environment.
It should be noted that the device identification of the IoT device should include information such as TEE operator, TEE technical specification parameters, TEE capacity, TEE ID identification, etc.
Optionally, the IoT device takes the remote authentication credentials obtained from the TEE operator as endorsement credentials and packages the remote authentication credentials with the device identification as registration data for transmission to the remote authentication blockchain.
Optionally, the remote authentication block verifies the trustworthiness of the remote authentication proof with a remote authentication mechanism of the TEE operator after receiving the registration data sent by the IoT device.
Specifically, if the remote verification certificate and the device identifier in the certificate registration data are correct, receiving a registration request of the IoT device, creating a storage space required for work for the IoT device, and then encrypting and storing the device identifier of the IoT device in a remote verification blockchain; if the remote authentication credentials and the device identification in the credential registration data are incorrect, the request for registration of the IoT device is denied and the IoT device is identified as a malicious device.
It should be noted that, the remote verification blockchain matches a node for different TEE operators, and generates a corresponding working space, so that the TEE operators can access the remote verification blockchain for interaction through the node.
S302, receiving a target certificate of a target IoT device sent by a TEE operator, and determining a hash digest of the target certificate as a first identification credential of the target IoT device.
Wherein the target certificate comprises at least one of: the base information of the target IoT device, the digital signature, the third random number R C, and the third random number R C are used to update the target certificate of the target IoT device.
Optionally, the TEE operator remote authentication service, after authenticating through the plurality of IoT devices, the TEE operator passes through the corresponding remote authentication blockchain node and generates a plurality of IoT device corresponding target certificates in the corresponding workspace.
As shown in fig. 4, the target certificate includes necessary IoT device information and a blockchain signature, and further includes a third random number Rc generated by remotely verifying the blockchain as a randomized identifier of the target certificate; the equipment information and the third random number R C information are encrypted through a private key of the blockchain, so that the equipment information and the third random number R C information are invisible to the equipment; the end of the target certificate retains a packet identification field where the IoT device is clear-text visible and authorized to modify for subsequent flows of IoT packets.
Optionally, the remote verification blockchain calculates a hash digest of the target certificate as a TEE first identification credential Token 1 of the IoT device corresponding to the target certificate.
S303, sending the target certificate to the target IoT device, and completing TEE registration of the target IoT device on the blockchain.
Optionally, the remote authentication blockchain sends the target certificate into the TEE environment of the corresponding IoT device.
Optionally, after receiving the target certificate, the IoT device calculates a hash digest of the corresponding target certificate, and uses the hash digest as the first identification credential Token 1 of the IoT device.
It is appreciated that the device TEE environment is now complete at the registration step of the remote authentication blockchain.
It should be noted that, before performing remote verification, all IoT devices in the current network domain need to complete the step of registering with the remote verification blockchain, obtain the corresponding target certificate and calculate the corresponding first identification credential Token 1.
It should be noted that, the remote verification mechanism of the TEE operator may update the target certificate of the IoT device according to the requirement through the remote verification blockchain, and update the third random number Rc in the signature together during updating, so as to ensure the security of the certificate.
S202, determining a group credential of the target IoT device based on the first random number of the target IoT device and the target credential of the target IoT device.
Wherein the target IoT device is any one of a plurality of IoT devices, and the target certificate of the target IoT device is obtained from the TEE operator.
In one design, as shown in fig. 5, the method in step S202 may specifically include S401-S402:
S401, adding the first random number of the target IoT device to the target certificate to obtain an updated target certificate, and generating a first desensitization verification credential of the target IoT device on the blockchain side based on the first identification credential and the first random number of the target IoT device.
Optionally, the remote authentication blockchain receives the first random number R G, invokes the corresponding target certificate of the corresponding IoT device, and adds the first random number R G to the packet identification field reserved for the corresponding target certificate.
Optionally, the remote verification blockchain computes a first desensitized verification credential Token D on the blockchain side of each device.
It should be noted that, the first desensitization verification credential Token D on the blockchain side is obtained by multiplying the first identification credential Token 1 by the first random number R G; the first desensitization authentication credential Token D on the blockchain side is visible to the corresponding node of the TEE operator's remote authentication mechanism.
S402, based on the updated target certificate, determining a hash digest of the updated target certificate as a group credential of the target IoT device.
Optionally, the remote verification blockchain and the corresponding IoT device respectively calculate hash digests of the updated target certificates as the packet credentials Token 2 of the corresponding IoT device.
It should be noted that, the updated target certificate, that is, the target certificate, is obtained after the first random number R G is added in the reserved packet identification field plaintext.
Optionally, the packet credential Token 2 is the same for both the non-malicious IoT device and the remote authentication blockchain.
Optionally, the IoT device feeds back the flow of the first random number R G, which is first applied to detect connectivity of the device network to prevent subsequent computing tasks from being unable to complete due to device network failure, and is also used to guarantee randomness of subsequent packets to prevent potential manipulation of the packet result by the remote authentication blockchain.
Optionally, the algorithm used by the first identification credential Token 1 of the IoT device and the packet credential Token 2 in computing the hash digest may be different, and the resulting string length may also be different, with the same system adopted.
S203, dividing the plurality of IoT devices into a plurality of device groups based on the group credential of each of the plurality of IoT devices.
Wherein each device group of the plurality of device groups includes at least one IoT device of the plurality of IoT devices.
Optionally, the IoT device group is implemented with a randomized algorithm by means of the group credential Token 2 and the remote authentication blockchain corresponding to the IoT device.
It can be appreciated that dividing the devices into multiple device groups is a clustered management concept that can reduce the complexity of IoT device remote authentication.
In one design, as shown in fig. 6, a TEE remote verification method provided by an embodiment of the present application, a method in step S203 may specifically include S501-S503:
S501, randomly determining a target position from the character string corresponding to the grouping certificate.
Optionally, the remote authentication blockchain first randomly determines a target location within the length of the string corresponding to the group credential Token 2 and broadcasts the selected target location to all IoT devices that participate in the current round of remote authentication.
S502, for each IoT device in the plurality of IoT devices, acquiring a character of the target location from a character string corresponding to the group credential of each IoT device.
S503, dividing the IoT devices into multiple device groups based on the characters of the target positions in the character string corresponding to the grouping credentials of each IoT device.
Optionally, the IoT device invokes the stored group credential Token 2 based on the received target location of the remote authentication blockchain broadcast;
Optionally, as shown in fig. 7, the remote authentication blockchain invokes the character of the target location in the group credential Token 2 for each IoT device to partition at least one IoT device that has the same character of the target location into a device group that includes multiple IoT devices.
In fig. 7, different shapes represent IoT devices of different kinds and different purposes.
Optionally, the remote authentication blockchain broadcasts to each IoT device the device group identification to which it belongs;
optionally, performing mutual authentication on the basis of the characters of the target positions in the group credentials Token 2 corresponding to all IoT devices belonging to one device group, so as to prove consistency between the characters of the target positions in the character strings corresponding to the group credentials of all IoT devices in the same device group;
It can be appreciated that the number of device groups is determined by the algorithm system used in computing the hash digest;
For example, if the hash algorithm selects binary, the target position character has 2 possibilities of 0 and 1, and finally forms 2 device groups; if the hash algorithm selects hexadecimal, the target position character can have 16 possibilities from 0 to E, and finally, 16 device groups at most can be formed;
It should be noted that, the selection of the hash algorithm is performed according to the related past experience, and the application is not limited.
S204, determining at least one verification device corresponding to each device group according to each device group in the device groups to obtain a verification device cluster.
Wherein the authentication device cluster comprises a plurality of authentication devices.
It should be noted that, for IoT devices that have been registered in the remote authentication blockchain, remote authentication may be directly performed, while for IoT devices that have not been registered in the remote authentication blockchain, registration needs to be completed and a corresponding first identification credential Token 1 and target certificate need to be obtained;
Optionally, each device group is mapped with a node of a remote verification blockchain, and the remote verification blockchain can execute related flow operations on the device groups based on the corresponding node;
optionally, remotely verifying that the blockchain screens the winning node, determining a device group that performs the operation;
In one design, as shown in fig. 8, in the TEE remote verification method provided by the embodiment of the present application, the method in step S204 may specifically include S601-S603:
s601, determining at least one accounting node from a blockchain based on a blockchain consensus algorithm, and determining at least one preselected device group corresponding to the at least one accounting node from a plurality of device groups.
Optionally, the remote verification blockchain arbitrarily selects one of the consensus algorithms for selecting the winning node according to a consensus algorithm mechanism deployed inside;
Illustratively, the consensus algorithm may be a workload certification (Proof of Workm, poW), a Proof of interest (PoS), a practical bayer fault tolerance (PRACTICAL BYZANTINE FAULT TOLERANCE, PBFT), etc.;
since the device group confirmed in the application has a certain computing power, a consensus algorithm featuring workload demonstration such as PoW can be selected;
as can be appreciated, the consensus algorithm featuring workload proofing, such as PoW, also screens out IoT devices with stronger computing power in case of screening out winning nodes;
optionally, the remote verification blockchain executes a consensus algorithm, confirms the accounting node (winning node) of the blockchain of the round, and the equipment group corresponding to the accounting node confirmed based on the consensus algorithm is a preselected equipment group of the verification equipment cluster;
It should be noted that the accounting node may be used to screen the cluster of verification devices and is also responsible for writing new blocks to the remote verification blockchain, including information and results from the current round of remote verification process.
S602, determining a plurality of IoT devices from all IoT devices included in at least one preselected device group to serve as a plurality of verification devices, and obtaining a verification device cluster.
Optionally, the remote verification blockchain randomly determines a plurality of IoT devices from all IoT devices included in the preselected device group as verification devices according to actual verification requirements based on the preselected device group mapped by the winning node, and forms a verification device cluster.
S603, determining a correspondence relationship between each of the plurality of authentication apparatuses and each of the plurality of apparatus groups.
It should be noted that, the number of the verification device clusters determines the overall computing efficiency and computing intensity;
For example, for a 16-system scenario, the blockchain may randomly select 16 IoT devices from the preselected device group, and make each device perform remote authentication operations for 1 device group, or randomly select 8 IoT devices, and make each device perform remote authentication operations for 2 device groups, if the number of the whole IoT devices is large and the calculation scale is large, or randomly select 32 IoT devices to perform remote authentication operations for the device groups, the number of the specific randomly confirmed authentication devices is determined by professional experience, which is not restricted in this patent;
optionally, after the remote verification blockchain validates the verification device cluster, ioT devices determined to be verification devices may be excluded from the preselected device group; that is, after the IoT devices in the preselected device group that are determined to be verification devices are removed, the remaining IoT devices may form a new device group;
An exemplary network architecture containing multiple device groups and clusters of authentication devices is shown in fig. 9.
Optionally, the remote verification blockchain issues a mapping relationship to the verification device cluster to correspond each verification device in the verification device cluster to a packet bit corresponding to the IoT device cluster of each device group;
It should be noted that one authentication device may correspond to a plurality of device groups, and one device group may also correspond to a plurality of authentication devices, and such correspondence is random.
Illustratively, as shown in fig. 10, a possible correspondence relationship between the verification device cluster and the device group location is shown in the 16-ary condition.
Optionally, the remote verification blockchain broadcasts verification devices responsible for IoT device identity credential generation and calculation to each device group, so that each device group sends credential information processed by itself to a corresponding target verification device when data transmission is performed subsequently.
S205, determining a target data set, and determining a first verification parameter and a second verification parameter corresponding to each device group in the plurality of device groups based on the target data set.
Wherein the target data set comprises: a second random number R T corresponding to each of the plurality of authentication devices, a remote authentication credential Token RT corresponding to each of the plurality of device groups, a first desensitized authentication credential Token D, a second desensitized authentication credential Token 3-TEE, and a group credential Token 2 for each of the plurality of IoT devices.
Optionally, for a plurality of IoT devices in each device group, the product processing of the first identification credential and the first random number of the IoT device is invoked, and the second desensitization verification credential Token 3 on the IoT device side is determined according to the formula one, namely:
Token 3=Token1×RG equation one
Optionally, the IoT device packages and sends the packet credential Token 2 and the desensitized credential Token3 on the IoT device side to the corresponding target authentication device, so that the target authentication device generates the remote authentication credential Token RT;
Optionally, the target verification device verifies whether the characters of the target position of the group certificate Token 2 of one IoT device corresponding to the corresponding device group are consistent, if the verification is successful, the processing and the splicing of the certificates are started, otherwise, the corresponding IoT device is excluded;
Optionally, the target verification device invokes the second random number R T to perform product processing with the desensitization certificate Token3 on the IoT device side, invokes the packet certificate to sum with the product result, and finally obtains Token 4-IoT through calculation according to formula two based on the second desensitization identifier Token 3-TEE calculated by the target verification device:
Token 4-IoT=(RT×Token3-IoT+Token2-IoT)×Token3-TEE equation two
Optionally, the target verification device sums the remote verification credentials of all IoT devices (m IoT devices in total, and the remote verification credential of a certain IoT device is marked as Token 4-IoTi) in the same device group through formula three to obtain a remote verification credential Token RT of the device group, namely, calculates:
In one design, as shown in fig. 11, in a TEE remote verification method provided in an embodiment of the present application, the method in step S205 may specifically include S701-S704:
S701, determining a second random number corresponding to each verification device in the plurality of verification devices, wherein the second random number corresponding to each verification device is different.
Optionally, the remote verification blockchain issues a second random number R T to the verification devices in the verification device cluster while broadcasting the mapping relationship, for use in the generation of a remote verification credential Token RT;
It should be noted that the second random numbers R T of two different verification devices are different;
s702, receiving remote verification credentials corresponding to each device group sent by each verification device in a plurality of verification devices.
Wherein a device group corresponds to a remote authentication credential Token RT.
Optionally, the verification device cluster sends a remote verification certificate Token RT corresponding to a device group corresponding to each verification device in the plurality of verification devices to the remote verification blockchain;
S703, determining, for each device group included in at least one device group corresponding to each authentication device, a first authentication parameter corresponding to each device group based on a first desensitization authentication credential and a grouping credential of an IoT device side of each IoT device included in each device group and a second random number corresponding to each authentication device.
Optionally, the remote verification blockchain invokes the remote verification module to perform clustered verification on the remote verification certificates Token RT of each device group;
Optionally, for each verification device, the remote verification module reads its information within the remote verification blockchain and calculates its second desensitization credential 3-TEE;
Optionally, the remote verification blockchain invokes the second random number R T corresponding to each verification device, and the remote verification module invokes the first desensitized verification credentials Token D of each IoT device (m devices in total) included in all each device group, and sums the first desensitized verification credentials Token D through formula four, that is, calculates Token D-RT:
Optionally, the remote authentication module invokes the group credential Token 2 of all IoT devices on the blockchain side in each device group (with m total devices), calculates the sum of the group credentials Token 2 by formula five, i.e., calculates:
optionally, the first verification parameter X is determined by the formula six, i.e. calculated:
/>
s704, determining a second authentication parameter corresponding to each device group based on the second desensitization authentication credential of each IoT device included in each device group, the second random number corresponding to each authentication device, and the remote authentication credential corresponding to each device group.
The remote verification module determines a second verification parameter Y corresponding to each device group through a formula seven, namely, calculation:
based on the above formula seven, the following formula eight can be developed:
s206, aiming at a target device group in the device groups, when the first verification parameter and the second verification parameter corresponding to the target device group are consistent, determining that the TEE remote verification of each IoT device included in the target device group is passed.
The target device group is any device group of a plurality of device groups.
Optionally, the first verification parameter X determined by the verification remote verification module is consistent with the second verification parameter Y obtained after being sent based on the verification device and analyzed by the verification module;
It should be noted that, if the first verification parameter X and the second verification parameter Y are consistent, it may indicate that TEE identities of all IoT devices in the corresponding device group are consistent with corresponding information stored in the remote verification blockchain, and verification may be passed; otherwise, indicating that malicious IoT devices exist in the device group, and that verification fails.
In the embodiment of the present application, as shown in fig. 12, an IoT device sends a verification request to a TEE operator, and after verification is passed, receives a verification result and sends a registration request to a remote verification blockchain; the remote verification blockchain and the TEE operator verify the credibility of the TEE environment of the corresponding IoT device, and the TEE operator generates and issues a certificate for the device through the remote verification area; after the IoT device receives the certificate, initiating a remote authentication request to a remote authentication blockchain, the remote authentication blockchain responding to the request and soliciting a first random number from the device for updating the certificate, generating a first desensitized authentication credential and a group credential; the device sends a first random number to the remote verification blockchain and updates the certificate at the same time, so as to generate a grouping certificate; the remote verification block chain and the equipment divide a plurality of equipment groups according to a character of a target position in the grouping certificate; the remote verification block chain executes a consensus algorithm, selects a winning node, feeds back the winning node to a corresponding preselected device group, and randomly extracts the IoT devices from the preselected device group to generate a verification device cluster; the remote verification block chain transmits a mapping relation to the verification device cluster; the IoT device calculates and feeds back the group credential and the second desensitized authentication credential and sends them to the authentication device, which processes the remote authentication credential and sends them to the remote authentication blockchain; and the remote verification block chain performs clustered verification and feeds back verification results. Therefore, the method and the device can reduce the resource occupation amount and improve the remote verification efficiency when the TEE of the mass IoT device is remotely verified in the connection scene of the mass IoT device.
The application provides a clustered remote verification scheme aiming at a mass internet traffic (IoT) device connection scene. By means of the scheme, scattered mass IoT devices can be randomly clustered according to standards preset according to TEE features to form a plurality of authentication device clusters, resource pressure caused by device connection to remote authentication service is greatly reduced, an efficient remote authentication mode is achieved, meanwhile, the distributed authentication device is used for replacing an original fragmented and centralized remote authentication mechanism in a unified and distributed mode through introducing a blockchain technology, distributed unified management of remote authentication capability and remote authentication results among IoT devices is achieved, and identity intercommunication among IoT devices is achieved. The block chain effectively realizes the trusted mapping management of the verification cluster through a distributed architecture, and provides unconditional trusted among the IoT devices; meanwhile, a block chain self consensus algorithm mechanism is utilized, so that the method can be used for randomly selecting remote verification equipment, and the possibility of malicious equipment is greatly reduced; the remote verification capability is provided by utilizing the consensus algorithm mechanism, so that the automation and the de-manpower of the remote verification can be realized, and the risk of privacy disclosure caused by the disclosure of the remote verification certificate is prevented.
The patent provides a TEE environment remote verification scheme and system suitable for a mass IoT device connection scene, and the defects of the scheme are effectively overcome. Firstly, the patent provides a clustered remote verification scheme aiming at a mass IoT device connection scene. By means of the scheme, scattered mass IoT devices can be randomly clustered according to the standard preset according to TEE features to form a plurality of verification device clusters, resource pressure caused by device connection to remote verification service is greatly reduced, and an efficient remote verification mode is achieved.
Meanwhile, the patent replaces the original fragmented and centralized remote verification mechanism in a unified and distributed mode by introducing the blockchain technology, so that the distributed unified management of the remote verification capability and the remote verification result among the IoT devices is realized, and the identity intercommunication among the IoT devices is realized. The block chain effectively realizes the trusted mapping management of the verification cluster through a distributed architecture, and provides unconditional trusted among the IoT devices; meanwhile, a block chain self consensus algorithm mechanism is utilized, so that the method can be used for randomly selecting remote verification equipment, and the possibility of malicious equipment is greatly reduced; the remote verification capability is provided by utilizing the consensus algorithm mechanism, so that the automation and the de-manpower of the remote verification can be realized, and the risk of privacy disclosure caused by the disclosure of the remote verification certificate is prevented.
The remote verification method and the remote verification device reduce the complexity of remote verification while guaranteeing the safety of the authentication result on the premise of reducing the consumption of remote authentication resources, namely, the remote verification report is not required to be repeatedly generated and reported and verified for each device, and the third party remote verification result with reliable and traceable result is provided by utilizing the untampereable capability and characteristics of the blockchain. The generation and authentication of the remote result are completed by the joint participation of multiple parties such as an operator TEE module, a remote authentication blockchain, a blockchain remote authentication module, an authentication equipment cluster and the like, and the remote authentication failure can be caused by the deviation of any party result, so that the remote authentication scheme provided by the method can greatly reduce the resource utilization rate and improve the remote authentication efficiency on the premise of not reducing the security.
The application provides a method, a device, equipment and a storage medium for TEE remote verification, which are applied to a TEE remote verification scene of mass IoT equipment. When the blockchain receives a remote authentication request sent by a target IoT device, the blockchain may determine group credentials of the IoT device based on the first random number of the target IoT device and the target certificate, such that the plurality of IoT devices may be divided into a plurality of device groups based on the group credentials of each IoT device. Further, at least one verification device corresponding to each device group is determined, and all verification devices form a verification device cluster. Then determining a second random number R T corresponding to each authentication device, a remote authentication credential Token RT corresponding to each device group, a first desensitization authentication credential for each IoT device, a second desensitization authentication credential Token 3-TEE, and a group credential to determine a first authentication parameter X and a second authentication parameter Y corresponding to each device group based on the data information, thereby determining whether TEE remote authentication of each IoT device included in the device group passes based on whether the first authentication parameter and the second authentication parameter are consistent. By the method, the plurality of IoT devices can be divided into different device groups, so that whether the TEE remote authentication of the IoT devices included in each device group passes or not can be determined through the authentication device corresponding to each device group, and therefore the TEE remote authentication of a large number of IoT devices can be determined based on a small number of authentication devices. By utilizing the ideas of clustering and decentralization, the TEE remote verification of mass IoT devices is determined, so that the resource occupation amount can be reduced, and the remote verification efficiency can be improved.
The foregoing description of the solution provided by the embodiments of the present application has been mainly presented in terms of a method. To achieve the above functions, it includes corresponding hardware structures and/or software modules that perform the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
According to the embodiment of the application, the function modules of the TEE remote verification device can be divided according to the method example, for example, each function module can be divided corresponding to each function, and two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. Optionally, the division of the modules in the embodiment of the present application is schematic, which is merely a logic function division, and other division manners may be implemented in practice.
Fig. 13 is a schematic structural diagram of a TEE remote authentication device according to an embodiment of the present application, as shown in fig. 13, a TEE remote authentication device 100 is configured to reduce a resource occupation amount and improve remote authentication efficiency when performing TEE remote authentication on a massive IoT device in a connection scenario of the massive IoT device, for example, the TEE remote authentication method shown in fig. 2 is performed. The TEE remote authentication apparatus 100 includes: an acquisition unit 1001 and a processing unit 1002;
An obtaining unit 1001, configured to obtain, when receiving a remote authentication request sent by a target IoT device, a first random number of the target IoT device;
A processing unit 1002 configured to determine, based on the first random number of the target IoT device and the target certificate of the target IoT device, a group credential of the target IoT device, the target IoT device being any one of a plurality of IoT devices, the target certificate of the target IoT device being obtained from a TEE operator;
The processing unit 1002 is further configured to divide the plurality of IoT devices into a plurality of device groups based on the group credential of each of the plurality of IoT devices, each device group of the plurality of device groups including at least one IoT device of the plurality of IoT devices;
The processing unit 1002 is further configured to determine, for each device group of the plurality of device groups, at least one verification device corresponding to each device group, to obtain a verification device cluster, where the verification device cluster includes a plurality of verification devices;
The processing unit 1002 is further configured to determine a target data set, and determine, based on the target data set, a first verification parameter and a second verification parameter corresponding to each device group in the plurality of device groups, where the target data set includes: a second random number corresponding to each of the plurality of authentication devices, a remote authentication credential corresponding to each of the plurality of device groups, a first desensitization authentication credential, a second desensitization authentication credential, and a grouping credential for each of the plurality of IoT devices;
the processing unit 1002 is further configured to determine, for a target device group of the multiple device groups, that TEE remote authentication of each IoT device included in the target device group passes when determining that the first authentication parameter and the second authentication parameter corresponding to the target device group are identical, where the target device group is any device group of the multiple device groups.
In one possible implementation, the TEE remote authentication apparatus further includes: a transmission unit 1003;
in a possible implementation manner, the obtaining unit 1001 is further configured to receive a TEE registration request sent by the target IoT device;
The processing unit 1002 is further configured to authenticate the target IoT device to the TEE operator based on a TEE registration request, the TEE registration request including: basic information and verification credentials of the target IoT device, the verification credentials obtained from the TEE operator for the target IoT device;
the obtaining unit 1001 is further configured to receive a target certificate of a target IoT device sent by the TEE operator;
The processing unit 1002 is further configured to determine a hash digest of the target certificate as a first identification credential of the target IoT device; the target certificate includes at least one of: basic information of the target IoT device, a digital signature, a third random number, the third random number used to update a target certificate of the target IoT device;
the sending unit 1003 is configured to send the target certificate to the target IoT device, and complete TEE registration of the target IoT device on the blockchain.
In a possible implementation manner, in a TEE remote authentication apparatus 100 provided by an embodiment of the present application, a processing unit 1002 adds a first random number of a target IoT device to a target certificate to obtain an updated target certificate, and generates a first desensitization authentication credential of the target IoT device on a blockchain side based on a first identification credential and the first random number of the target IoT device;
The processing unit 1002 is specifically further configured to determine, based on the updated target certificate, a hash digest of the updated target certificate as a packet credential of the target IoT device.
In a possible implementation manner, in the TEE remote authentication device 100 provided by the embodiment of the present application, the processing unit 1002 is specifically configured to randomly determine a target position from a string corresponding to a group credential;
the obtaining unit 1001 is specifically further configured to obtain, for each IoT device in the plurality of IoT devices, a character of the target location from a character string corresponding to the group credential of each IoT device;
The processing unit 1002 is specifically further configured to divide the IoT devices into a plurality of device groups based on the characters of the target location in the character string corresponding to the group credential of each IoT device.
In a possible implementation manner, in a TEE remote verification apparatus 100 provided by an embodiment of the present application, a processing unit 1002 is specifically configured to determine, based on a blockchain consensus algorithm, at least one accounting node from a blockchain, and determine, from a plurality of device groups, at least one preselected device group corresponding to the at least one accounting node;
the processing unit 1002 is specifically further configured to determine, from all IoT devices included in the at least one pre-selected device group, a plurality of IoT devices as a plurality of authentication devices, and obtain an authentication device cluster;
The processing unit 1002 is specifically further configured to determine a correspondence between each of the plurality of verification devices and each of the plurality of device groups.
In a possible implementation manner, in the TEE remote authentication apparatus 100 provided by the embodiment of the present application, the processing unit 1002 is specifically configured to determine a second random number corresponding to each authentication device in the plurality of authentication devices, where the second random number corresponding to each authentication device is different;
The obtaining unit 1001 is specifically further configured to receive a remote authentication credential corresponding to each device group sent by each of the plurality of authentication devices, where one device group corresponds to one remote authentication credential;
The processing unit 1002 is specifically further configured to determine, for each device group included in at least one device group corresponding to each authentication device, a first authentication parameter corresponding to each device group based on the first desensitization authentication credential and the grouping credential of each IoT device included in each device group, and the second random number corresponding to each authentication device.
The processing unit 1002 is specifically further configured to determine a second authentication parameter corresponding to each device group based on the second desensitized authentication credential of each IoT device included in each device group, the second random number corresponding to each authentication device, and the remote authentication credential corresponding to each device group.
In the case of implementing the functions of the integrated modules in the form of hardware, another possible structural schematic diagram of the electronic device involved in the above embodiment is provided in the embodiment of the present application. As shown in fig. 14, an electronic device 90 is configured to reduce a resource occupation amount and improve remote verification efficiency when performing TEE remote verification on a mass IoT device in a connection scenario of the mass IoT device, for example, to perform a TEE remote verification method shown in fig. 2. The electronic device 90 comprises a processor 901, a memory 902 and a bus 903. The processor 901 and the memory 902 may be connected by a bus 903.
The processor 901 is a control center of the communication device, and may be one processor or a collective term of a plurality of processing elements. For example, the processor 901 may be a general-purpose central processing unit (central processing unit, CPU), or may be another general-purpose processor. Wherein the general purpose processor may be a microprocessor or any conventional processor or the like.
As one example, processor 901 may include one or more CPUs, such as CPU 0 and CPU 1 shown in fig. 14.
The memory 902 may be, but is not limited to, read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, or electrically erasable programmable read-only memory (EEPROM), magnetic disk storage or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
As a possible implementation, the memory 902 may exist separately from the processor 901, and the memory 902 may be connected to the processor 901 by a bus 903 for storing instructions or program code. When the processor 901 calls and executes instructions or program codes stored in the memory 902, the TEE remote verification method provided by the embodiment of the application can be implemented.
In another possible implementation, the memory 902 may also be integrated with the processor 901.
Bus 903 may be an industry standard architecture (Industry Standard Architecture, ISA) bus, a peripheral component interconnect (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 14, but not only one bus or one type of bus.
It should be noted that the structure shown in fig. 14 does not constitute a limitation of the electronic apparatus 90. The electronic device 90 may include more or fewer components than shown in fig. 14, or may combine certain components or a different arrangement of components.
As an example, in connection with fig. 13, the acquisition unit 1001, the processing unit 1002, and the transmission unit 1003 in the electronic apparatus realize the same functions as those of the processor 901 in fig. 14.
Optionally, as shown in fig. 14, the electronic device 90 provided in the embodiment of the present application may further include a communication interface 904.
A communication interface 904 for connecting with other devices via a communication network. The communication network may be an ethernet, a radio access network, a wireless local area network (wireless local area networks, WLAN), etc. The communication interface 904 may include a receiving unit for receiving data and a transmitting unit for transmitting data.
In one design, the electronic device provided in the embodiment of the present application may further include a communication interface integrated in the processor.
From the above description of embodiments, it will be apparent to those skilled in the art that the foregoing functional unit divisions are merely illustrative for convenience and brevity of description. In practical applications, the above-mentioned function allocation may be performed by different functional units, i.e. the internal structure of the device is divided into different functional units, as needed, to perform all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores instructions, when the computer executes the instructions, the computer executes each step in the method flow shown in the method embodiment.
Embodiments of the present application provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform a TEE remote authentication method as in the method embodiments described above.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: electrical connections having one or more wires, portable computer diskette, hard disk. Random access memory (Random Access Memory, RAM), read-only memory (ROM), erasable programmable read-only memory (Erasable Programmable Read Only Memory, EPROM), registers, hard disk, optical fiber, portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any other form of computer-readable storage medium suitable for use by a person or persons of skill in the art.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an Application SPECIFIC INTEGRATED Circuit (ASIC).
In embodiments of the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Since the electronic device, the computer readable storage medium, and the computer program product in the embodiments of the present application can be applied to the above-mentioned method, the technical effects that can be obtained by the method can also refer to the above-mentioned method embodiments, and the embodiments of the present application are not described herein again.
The present application is not limited to the above embodiments, and any changes or substitutions within the technical scope of the present application should be covered by the scope of the present application.
Claims (14)
1. A TEE remote authentication method, wherein the TEE remote authentication method is applied to a blockchain, the method comprising:
Under the condition that a remote verification request sent by a target IoT device is received, acquiring a first random number of the target IoT device, and determining a group credential of the target IoT device based on the first random number of the target IoT device and a target certificate of the target IoT device, wherein the target IoT device is any one of a plurality of IoT devices, and the target certificate of the target IoT device is acquired from a TEE operator;
dividing the plurality of IoT devices into a plurality of device groups based on the group credentials of each of the plurality of IoT devices, each device group of the plurality of device groups comprising at least one IoT device of the plurality of IoT devices;
Determining at least one verification device corresponding to each device group aiming at each device group in the plurality of device groups to obtain a verification device cluster, wherein the verification device cluster comprises a plurality of verification devices;
determining a target data set, and determining a first verification parameter and a second verification parameter corresponding to each device group in the plurality of device groups based on the target data set, wherein the target data set comprises: a second random number corresponding to each of the plurality of authentication devices, a remote authentication credential corresponding to each of the plurality of device groups, a first desensitization authentication credential, a second desensitization authentication credential, and a grouping credential for each of the plurality of IoT devices;
for a target device group of the multiple device groups, when the first verification parameter and the second verification parameter corresponding to the target device group are determined to be consistent, determining that TEE remote verification of each IoT device included in the target device group is passed, wherein the target device group is any device group of the multiple device groups.
2. The method according to claim 1, wherein the method further comprises:
Receiving a trusted execution environment TEE registration request sent by the target IoT device, and verifying the target IoT device to the TEE operator based on the TEE registration request, the TEE registration request comprising: basic information of the target IoT device and a proof of authentication, the proof of authentication being obtained by the target IoT device from the TEE operator;
Receiving a target certificate of the target IoT device sent by the TEE operator, and determining a hash digest of the target certificate as a first identification credential of the target IoT device; the target certificate includes at least one of: basic information of the target IoT device, a digital signature, a third random number, the third random number to update the target certificate of the target IoT device;
And sending the target certificate to the target IoT device to complete TEE registration of the target IoT device on the blockchain.
3. The method of claim 1 or 2, wherein the determining the group credential of the target IoT device based on the first random number of the target IoT device and the target credential of the target IoT device comprises:
Adding the first random number of the target IoT device to the target certificate to obtain an updated target certificate, and generating a first desensitization verification credential of the target IoT device on a blockchain side based on the first identification credential and the first random number of the target IoT device;
Based on the updated target certificate, determining a hash digest of the updated target certificate as a packet credential of the target IoT device.
4. The method of claim 1 or 2, wherein the dividing the plurality of IoT devices into a plurality of device groups based on the group credential of each of the plurality of IoT devices comprises:
Randomly determining a target position from the character string corresponding to the grouping certificate;
for each IoT device in the plurality of IoT devices, obtaining a character of the target location from a character string corresponding to the group credential of each IoT device;
the plurality of IoT devices are partitioned into a plurality of device groups based on characters of the target location in a string corresponding to the group credential of each IoT device.
5. The method according to claim 1 or 2, wherein for each device group of the plurality of device groups, determining at least one authentication device corresponding to each device group, resulting in an authentication device cluster, comprises:
Determining at least one accounting node from a blockchain based on a blockchain consensus algorithm, and determining at least one preselected device group corresponding to the at least one accounting node from the plurality of device groups;
Determining a plurality of IoT devices from all IoT devices included in the at least one preselected device group as the plurality of authentication devices, and obtaining the authentication device cluster;
a correspondence between each of the plurality of authentication devices and each of the plurality of device groups is determined.
6. The method of claim 1 or 2, wherein the determining a target data set and determining the first authentication parameter and the second authentication parameter corresponding to each of the plurality of device groups based on the target data set comprises:
determining a second random number corresponding to each verification device in the plurality of verification devices, wherein the second random number corresponding to each verification device is different;
receiving remote verification credentials corresponding to each device group sent by each verification device in the plurality of verification devices, wherein one device group corresponds to one remote verification credential;
Determining, for each device group included in at least one device group corresponding to each authentication device, the first authentication parameter corresponding to each device group based on a first desensitization authentication credential and a grouping credential for each IoT device included in each device group, and a second random number corresponding to each authentication device;
the second authentication parameters corresponding to each device group are determined based on the second desensitization authentication credentials of each IoT device included in each device group, the second random number corresponding to each authentication device, the remote authentication credentials corresponding to each device group.
7. A TEE remote authentication apparatus, the TEE remote authentication apparatus comprising: an acquisition unit and a processing unit;
The obtaining unit is configured to obtain a first random number of a target IoT device when a remote authentication request sent by the target IoT device is received;
The processing unit is configured to determine, based on the first random number of the target IoT device and a target certificate of the target IoT device, a group credential of the target IoT device, the target IoT device being any one of a plurality of IoT devices, the target certificate of the target IoT device being obtained from a TEE operator;
The processing unit is further configured to divide the plurality of IoT devices into a plurality of device groups based on the group credential of each of the plurality of IoT devices, each device group of the plurality of device groups including at least one IoT device of the plurality of IoT devices;
The processing unit is further configured to determine, for each device group of the plurality of device groups, at least one verification device corresponding to each device group, to obtain a verification device cluster, where the verification device cluster includes a plurality of verification devices;
The processing unit is further configured to determine a target data set, and determine a first verification parameter and a second verification parameter corresponding to each device group of the plurality of device groups based on the target data set, where the target data set includes: a second random number corresponding to each of the plurality of authentication devices, a remote authentication credential corresponding to each of the plurality of device groups, a first desensitization authentication credential, a second desensitization authentication credential, and a grouping credential for each of the plurality of IoT devices;
The processing unit is further configured to determine, for a target device group of the multiple device groups, that TEE remote authentication of each IoT device included in the target device group passes when it is determined that the first authentication parameter and the second authentication parameter corresponding to the target device group are identical, where the target device group is any device group of the multiple device groups.
8. The TEE remote authentication device of claim 7, further comprising: a transmitting unit;
the obtaining unit is further configured to receive a TEE registration request sent by the target IoT device;
the processing unit is further configured to authenticate the target IoT device to the TEE operator based on the TEE registration request, the TEE registration request comprising: basic information of the target IoT device and a proof of authentication, the proof of authentication being obtained by the target IoT device from the TEE operator;
The obtaining unit is further configured to receive a target certificate of the target IoT device sent by the TEE operator;
The processing unit is further to determine a hash digest of the target certificate as a first identification credential of the target IoT device; the target certificate includes at least one of: basic information of the target IoT device, a digital signature, a third random number, the third random number to update the target certificate of the target IoT device;
The sending unit is configured to send the target certificate to the target IoT device, and complete TEE registration of the target IoT device on a blockchain.
9. The TEE remote authentication apparatus according to claim 7 or 8, wherein the processing unit is specifically configured to add a first random number of the target IoT device to the target certificate to obtain an updated target certificate, and generate a first desensitization authentication credential of the target IoT device on a blockchain side based on the first identification credential and the first random number of the target IoT device;
The processing unit is specifically further configured to determine, based on the updated target certificate, a hash digest of the updated target certificate as a packet credential of the target IoT device.
10. The TEE remote authentication device according to claim 7 or 8, wherein the processing unit is specifically configured to randomly determine a target location from a string corresponding to the grouping credential;
The obtaining unit is specifically further configured to obtain, for each IoT device in the plurality of IoT devices, a character of the target location from a character string corresponding to the group credential of each IoT device;
the processing unit is specifically further configured to divide the plurality of IoT devices into a plurality of device groups based on the characters of the target location in the character string corresponding to the group credential of each IoT device.
11. The TEE remote verification apparatus according to claim 7 or 8, wherein the processing unit is specifically configured to determine at least one billing node from a blockchain based on a blockchain consensus algorithm, and determine at least one preselected device group corresponding to the at least one billing node from the plurality of device groups;
The processing unit is specifically further configured to determine, from all IoT devices included in the at least one preselected device group, a plurality of IoT devices as the plurality of authentication devices, and obtain the authentication device cluster;
the processing unit is specifically further configured to determine a correspondence between each of the plurality of verification devices and each of the plurality of device groups.
12. The TEE remote authentication apparatus according to claim 7 or 8, wherein the processing unit is specifically configured to determine a second random number corresponding to each authentication device of the plurality of authentication devices, the second random number corresponding to each authentication device being different;
the acquisition unit is specifically further configured to receive a remote authentication credential corresponding to each device group sent by each authentication device in the plurality of authentication devices, where one device group corresponds to one remote authentication credential;
the processing unit is specifically further configured to determine, for each device group included in at least one device group corresponding to each authentication device, the first authentication parameter corresponding to each device group based on a first desensitization authentication credential and a grouping credential of each IoT device included in each device group, and a second random number corresponding to each authentication device;
the processing unit is specifically further configured to determine the second authentication parameter corresponding to each device group based on a second desensitization authentication credential of each IoT device included in each device group, a second random number corresponding to each authentication device, and a remote authentication credential corresponding to each device group.
13. An electronic device, comprising: a processor and a memory; wherein the memory is configured to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the electronic device, cause the electronic device to perform a TEE remote authentication method as claimed in any one of claims 1 to 6.
14. A computer readable storage medium storing one or more programs, wherein the one or more programs comprise instructions, which when executed by a computer, cause the computer to perform a TEE remote authentication method as claimed in any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410101014.6A CN117915320A (en) | 2024-01-24 | 2024-01-24 | TEE remote verification method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410101014.6A CN117915320A (en) | 2024-01-24 | 2024-01-24 | TEE remote verification method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117915320A true CN117915320A (en) | 2024-04-19 |
Family
ID=90681746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410101014.6A Pending CN117915320A (en) | 2024-01-24 | 2024-01-24 | TEE remote verification method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117915320A (en) |
-
2024
- 2024-01-24 CN CN202410101014.6A patent/CN117915320A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111212095B (en) | Authentication method, server, client and system for identity information | |
| Javaid et al. | A scalable protocol for driving trust management in internet of vehicles with blockchain | |
| Javaid et al. | Blockpro: Blockchain based data provenance and integrity for secure iot environments | |
| CN110336774B (en) | Mixed encryption and decryption method, equipment and system | |
| CN108429740B (en) | Method and device for obtaining equipment identifier | |
| CN110690959B (en) | Unmanned aerial vehicle safety certifiable information communication processing method based on cloud platform | |
| CN108390885B (en) | Method for obtaining equipment identification, communication entity, communication system and storage medium | |
| Sani et al. | Xyreum: A high-performance and scalable blockchain for iiot security and privacy | |
| CN113301022A (en) | Internet of things equipment identity security authentication method based on block chain and fog calculation | |
| Zhang et al. | BTNC: A blockchain based trusted network connection protocol in IoT | |
| CN112152778A (en) | Node management method and device and electronic equipment | |
| CN110198538B (en) | Method and device for obtaining equipment identifier | |
| Hosen et al. | SPTM-EC: A security and privacy-preserving task management in edge computing for IIoT | |
| CN110990790B (en) | Data processing method and equipment | |
| US11297049B2 (en) | Linking a terminal into an interconnectable computer infrastructure | |
| CN107220545A (en) | A kind of hardware encryption system, method and server | |
| CN112437158B (en) | Network security identity authentication method based on power Internet of things | |
| CN1808457B (en) | Portable trusted device for remote dynamic management | |
| Sumra et al. | Forming vehicular web of trust in VANET | |
| CN117915320A (en) | TEE remote verification method, device, equipment and storage medium | |
| CN115765983A (en) | Group signature method and signature center group administrator node | |
| US20220360454A1 (en) | Methods and devices for securing a multiple-access peripheral network | |
| Kumar et al. | Secure and efficient cache-based authentication scheme for vehicular ad-hoc networks | |
| CN114172742A (en) | Layered authentication method for power internet of things terminal equipment based on node map and edge authentication | |
| CN114257406A (en) | Equipment communication method and device based on identification algorithm and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |