TWI747659B - Iot system and privacy authorization method - Google Patents
Iot system and privacy authorization method Download PDFInfo
- Publication number
- TWI747659B TWI747659B TW109143839A TW109143839A TWI747659B TW I747659 B TWI747659 B TW I747659B TW 109143839 A TW109143839 A TW 109143839A TW 109143839 A TW109143839 A TW 109143839A TW I747659 B TWI747659 B TW I747659B
- Authority
- TW
- Taiwan
- Prior art keywords
- node
- server
- public key
- certificate
- private
- Prior art date
Links
Images
Abstract
Description
本發明是有關於一種資料授權機制,且特別是有關於一種是用於區塊鏈(blockchain)的物聯網系統及隱私授權方法。 The present invention relates to a data authorization mechanism, and particularly relates to an Internet of Things system and privacy authorization method used in a blockchain.
根據國際研究暨顧問機構預測,2020年全球企業用物聯網(IoT)市場的端點數量將成長至58億件,較2019年增加21%。如何強化物聯網之間龐大的敏感機密資料的儲存與安全交換傳輸,如何降低物聯網的資料被竊取的風險,且如何在一個零信任的網路上建構一個安全的物聯網隱私授權與區塊鏈正確資料驗證的系統,是相關業者及研究人員的當前急迫的目標之一。 According to forecasts by international research and consulting institutions, the number of endpoints in the global enterprise Internet of Things (IoT) market will grow to 5.8 billion in 2020, an increase of 21% from 2019. How to strengthen the storage and secure exchange and transmission of huge sensitive and confidential data between the Internet of Things, how to reduce the risk of data theft of the Internet of Things, and how to construct a secure Internet of Things privacy authorization and blockchain on a zero-trust network A system of correct data verification is one of the current urgent goals of relevant industry and researchers.
有鑑於此,本發明提供一種物聯網系統及隱私授權方法,結合密碼學及區塊鏈來強化資料認證及授權。 In view of this, the present invention provides an Internet of Things system and a privacy authorization method that combines cryptography and blockchain to strengthen data authentication and authorization.
本發明實施例的隱私授權方法適用於一區塊鏈的物聯網,並包括(但不僅限於)下列步驟:基於橢圓曲線密碼學(Elliptic-curve cryptography,ECC)隨機產生多個私鑰值(private key value)。橢圓曲線密碼學包括ECQV(Elliptic Curve Qu-Vanstone)演算法。基於橢圓曲線密碼學透過伺服器的私鑰值產生伺服器的伺服器公鑰(public key)。基於橢圓曲線密碼學透過伺服器公鑰及節點的私鑰值產生節點的節點公鑰。伺服器及節點屬於區塊鏈的物聯網。透過節點公鑰對伺服器的身分識別碼編碼以產生節點的節點憑證。將節點憑證公佈於區塊鏈的物聯網中。 The privacy authorization method of the embodiment of the present invention is applicable to a blockchain Internet of Things, and includes (but not limited to) the following steps: Based on Elliptic-curve cryptography (Elliptic-curve) cryptography (ECC) randomly generates multiple private key values (private key values). Elliptic curve cryptography includes ECQV (Elliptic Curve Qu-Vanstone) algorithm. Based on elliptic curve cryptography, the server public key is generated through the server's private key value. Based on elliptic curve cryptography, the node public key of the node is generated through the server public key and the node's private key value. Servers and nodes belong to the Internet of Things of the blockchain. Encode the server's identity code through the node's public key to generate the node's node certificate. Publish node credentials in the Internet of Things on the blockchain.
本發明實施例的物聯網系統適用於區塊鏈的物聯網,並包括(但不僅限於)節點、憑證管理中心及伺服器。節點用於收集感測資料。憑證管理中心用於核發原始憑證。伺服器用於基於橢圓曲線密碼學隨機產生多個私鑰值,基於橢圓曲線密碼學透過伺服器的私鑰值產生伺服器的伺服器公鑰,基於橢圓曲線密碼學透過伺服器公鑰及節點的私鑰值產生節點的節點公鑰,透過節點公鑰對伺服器的身分識別碼編碼以產生節點的節點憑證,並將節點憑證公佈於區塊鏈的物聯網中。橢圓曲線密碼學包括ECQV演算法。 The Internet of Things system of the embodiment of the present invention is applicable to the Internet of Things of the blockchain, and includes (but is not limited to) a node, a certificate management center, and a server. The node is used to collect sensing data. The certificate management center is used to issue original certificates. The server is used to randomly generate multiple private key values based on elliptic curve cryptography, generate the server public key of the server based on elliptic curve cryptography through the private key value of the server, and use the server public key and node based on elliptic curve cryptography The private key value of the node generates the node public key of the node, the identity code of the server is encoded by the node public key to generate the node certificate of the node, and the node certificate is published in the blockchain of the Internet of Things. Elliptic curve cryptography includes the ECQV algorithm.
基於上述,依據本發明實施例的物聯網系統及隱私授權方法,使用橢圓曲線密碼學分別產生伺服器公鑰及節點公鑰,使用節點公鑰以原始憑證進一步產生對應節點的節點憑證,並將結點憑證發布在區塊鏈中以供身分確認。藉此,可避免使用會話金鑰(Session Key)作為加密協商金鑰,從而避免頻繁使用金鑰交換而增加資料被破解的機會,進而防止隱私資料被竊取,並確保節點對節點資料傳遞的安全。 Based on the above, according to the IoT system and privacy authorization method of the embodiments of the present invention, elliptic curve cryptography is used to generate the server public key and the node public key respectively, and the node public key is used to further generate the node certificate of the corresponding node with the original certificate, and The node certificate is published in the blockchain for identity verification. In this way, it is possible to avoid using the Session Key as the encryption negotiation key, thereby avoiding frequent use of key exchange and increasing the chance of data being cracked, thereby preventing the theft of private data, and ensuring the security of node-to-node data transfer .
為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。 In order to make the above-mentioned features and advantages of the present invention more comprehensible, the following specific embodiments are described in detail in conjunction with the accompanying drawings.
1:系統 1: system
10:物聯網 10: Internet of Things
20、30:群組代理伺服器 20, 30: Group proxy server
25、35:群組隱私資料庫 25, 35: Group privacy database
40A1~40An、40B1~40Bm:節點 40A1~40An, 40B1~40Bm: node
41:感測器 41: Sensor
60:憑證管理中心 60: Certificate Management Center
70:區塊鏈 70: Blockchain
S101~S105、S200~S208、S301~S311:步驟 S101~S105, S200~S208, S301~S311: steps
圖1是依據本發明一實施例的物聯網的系統架構圖。 FIG. 1 is a system architecture diagram of the Internet of Things according to an embodiment of the present invention.
圖2是依據本發明一實施例的身分認證階段的流程圖。 Fig. 2 is a flowchart of an identity authentication phase according to an embodiment of the present invention.
圖3是依據本發明一實施例的金鑰產生階段的流程圖。 FIG. 3 is a flowchart of a key generation stage according to an embodiment of the invention.
圖4是依據本發明一實施例的資料授權階段的流程圖。 Fig. 4 is a flowchart of a data authorization stage according to an embodiment of the present invention.
圖1是依據本發明一實施例的物聯網的系統架構圖。請參照圖1,此系統1包括(但不僅限於)群組代理伺服器20,30、群組隱私資料庫25,35、節點40A1~40An,40B1~40Bm(m、n為正整數)、感測器41及憑證管理中心60。
FIG. 1 is a system architecture diagram of the Internet of Things according to an embodiment of the present invention. Please refer to Figure 1. This
群組代理伺服器20,30可以是各類型電腦系統(例如,桌上型或筆記型電腦、伺服器、智慧型手機或平板電腦)。物聯網群組代理伺服器20,30可連線到物聯網10。在一實施例中,物聯網群組代理伺服器20,30隸屬於兩個群組。例如,物聯網群組代理伺服器20屬於群組A,物聯網群組代理伺服器30屬於群組B。
The
群組隱私資料庫25,35分別連接物聯網群組代理伺服器20,30。群組隱私資料庫25,35可以是儲存伺服器或各類型儲存器
(例如,固態硬碟(SSD)、傳統硬碟(HDD)或快取記憶體)。
The
節點40A1~40An,40B1~40Bm可以是路由器、中繼站或交換器。節點40A1~40An,40B1~40Bm可連線到物聯網10。在一實施例中,各節點40A1~40An,40B1~40Bm分別收集對應感測器41的感測資料(例如,相關於天氣、力量、電性、聲音、其他物理、機械或軟體狀態)。在一些實施例中,節點40A1~40An屬於群組A,且節點40B1~40Bm屬於群組B。 Nodes 40A1~40An, 40B1~40Bm can be routers, relay stations or switches. Nodes 40A1~40An, 40B1~40Bm can be connected to the Internet of Things 10. In one embodiment, each node 40A1-40An, 40B1-40Bm collects the sensing data of the corresponding sensor 41 (for example, related to weather, power, electricity, sound, other physical, mechanical, or software states). In some embodiments, the nodes 40A1-40An belong to group A, and the nodes 40B1-40Bm belong to group B.
憑證管理中心(Certificate Authority,CA)60用於管理、認證並核發憑證,且其運作可由電腦系統實現。數位憑證的作用是證明憑證中列出的使用者合法擁有憑證中列出的公開金鑰。 The Certificate Authority (CA) 60 is used to manage, authenticate and issue certificates, and its operation can be realized by a computer system. The function of a digital certificate is to prove that the user listed in the certificate legally owns the public key listed in the certificate.
下文中,將搭配系統1中的各項裝置說明本發明實施例所述之方法。本方法的各個流程可依照實施情形而隨之調整,且並不僅限於此。
Hereinafter, various devices in the
圖2是依據本發明一實施例的身分認證階段的流程圖。請參照圖2,物聯網10中的節點40A1~40An,40B1~40Bm的身分認證階段是節點40A1~40An,40B1~40Bm對可信賴的憑證系統建立身分註冊機制產生身分憑證方法的流程階段,群組代理伺服器20,30取得憑證管理中心憑證後再以ECQV(Elliptic Curve Qu-Vanstone)或其他橢圓曲線密碼學(Elliptic-curve cryptography,ECC)相關演算法,自行產生多組公私鑰的代理憑證機制,進行再分配給物聯網10中的節點40A1~40An,40B1~40Bm使用。
Fig. 2 is a flowchart of an identity authentication phase according to an embodiment of the present invention. Please refer to Figure 2. The identity authentication stage of the nodes 40A1~40An, 40B1~40Bm in the Internet of
具體而言,群組代理伺服器20,30分別向憑證管理中心
60申請原始憑證請求(步驟S101)。憑證管理中心60可核發原始憑證給對應群組代理伺服器20,30(步驟S102)。節點40A1~40An,40B1~40Bm可向群組代理伺服器20,30提出註冊申請以請求加入群組(步驟S103)。群組代理伺服器20,30可依據註冊申請對節點40A1~40An,40B1~40Bm核發註冊序號及讀取隱私資料庫25,35的存取密碼(步驟S104)。
Specifically, the
接著,群組代理伺服器20,30可分別利用憑證管理中心60核發之原始憑證使用ECQV或其他ECC相關演算法再自行產生多組的節點憑證給各節點40A1~40An,40B1~40Bm(步驟S105)。具體而言,圖3是依據本發明一實施例的金鑰產生階段的流程圖。請參照圖3,下文以群組代理伺服器20為例,但群組代理伺服器30可實現相同或相似程序。針對憑證申請(步驟S200),群組代理伺服器20基於ECC隨機生成多個私鑰值(private key value)(步驟S201)。ECC是一種建立公開金鑰加密的演算法,也就是非對稱加密。公鑰加密,是現代網路安全或信任鏈的基礎。公鑰加密的一大特色是通訊終端的雙方各自具有一對公私鑰,這對公私鑰有特定數學關係。此外,通訊終端各自儲存自己的私鑰,並公開自己的公鑰。即便第三方惡意取得任一者的公鑰,也無法順利解密。而ECC是將橢圓曲線上的離散對數問題引入公私鑰之間的特定數學關係。此外,除了ECQV,諸如ECDH(Elliptic Curve Diffie-Hellman)、EdDSA(Edwards-curve Digital Signature Algorithm)等演算法都是屬於ECC。
Then, the
群組代理伺服器20可基於ECC而透過自己的私鑰值產生的伺服器公鑰(public key)(步驟S202)。例如,群組代理伺服器20對自己的私鑰值及橢圓曲線上的多個參數基點中的一者點乘運算以產生屬於伺服器的伺服器公鑰。群組代理伺服器20可傳送伺服器公鑰和自己的身分識別碼(例如,名稱、組織、國家、用途、期限等)給憑證管理中心60(步驟S203)。
The
憑證管理中心60可依據ECC驗證群組代理伺服器20所產生之伺服器公鑰(步驟S204),並依據驗證結果核發原始憑證給群組代理伺服器20(步驟S205)。群組代理伺服器20可選擇群組A當中的一個節點40A1,40A2,...或40An的私鑰值(步驟S206),並基於ECC透過伺服器公鑰及受選的節點(以節點40A1為例,但不以此為限)的私鑰值產生此節點40A1的節點公鑰(步驟S207)。例如,群組代理伺服器20對節點40A1的私鑰值及橢圓曲線上的多個參數基點中的一者點乘運算以產生屬於節點40A1的節點公鑰。
The
群組代理伺服器20可透過此節點公鑰對屬於伺服器的身分識別碼及其他憑證所需資料編碼以產生節點40A1的節點憑證(例如,編碼所產生的憑證值)(步驟S208)。即,透過私鑰值對節點公鑰施加數位簽章以產生節點憑證。物聯網10中的所有群組與所有節點40A1~40An的節點憑證將公佈於區塊鏈的物聯網10中,以供所有節點40A1~40An,40B1~40Bm查詢以確認身分。
The
圖4是依據本發明一實施例的資料授權階段的流程圖。請參照圖4,節點40A1~40An,40B1~40Bm收集所屬感測器41偵
測的感測資料可製作成隱私授權表單。隱私授權表單內容包含有授權項目、授權項目的資料內容、授權資料的感測時間、及授權項目的權限等。群組代理伺服器20,30利用申請授權的節點40A1~40An,40B1~40Bm的所屬群組代理伺服器20,30的非對稱公鑰對授權的隱私表單資料加密,將隱私授權表單寫入申請授權的節點40A1~40An,40B1~40Bm的群組代理伺服器20,30的隱私資料庫25,35中,申請授權的節點40A1~40An,40B1~40Bm可以自己的註冊序號與存取密碼來解密,以達到短時間內有效率得到授權隱私資料的目的。
Fig. 4 is a flowchart of a data authorization stage according to an embodiment of the present invention. Please refer to Figure 4, nodes 40A1~40An, 40B1~40Bm collect their
舉例而言,群組A的節點40A1的感測器41偵測以取得感測資料。節點40A1將使用自己的節點憑證所作成的簽章及註冊所得的存取密碼加密感測資料後傳送至群組A的隱私資料庫25中集中儲存保管(步驟S301)。
For example, the
假設群組B的節點40B1向群組A申請節點40A1的感測器資料的授權(即,發出存取要求)(步驟S302)。群組A的群組代理伺服器20可將節點40A1的感測器41的感測資料從群組A的隱私資料庫25中讀出,並以節點40A1的註冊所得的存取密碼解密加密的感測資料(步驟S303)。群組A的群組代理伺服器20以對應群組A的群組憑證(例如,原始憑證)與節點40A1的節點憑證對節點40A1的感測器41所取得的感測資料製作公開金鑰加密算法(例如,橢圓曲線數位簽章算法(Elliptic Curve Digital Signature Algorithm,ECDSA)、RSA加密演算法、或數位簽章算法(Digital
Signature Algorithm,DSA))的簽章,並將簽章與節點40A1的感測器41的感測資料以群組B的群組代理伺服器30的非對稱(Asymmetric)加密(例如,RSA、ElGamal、或Rabin)公鑰加密,並將加密所產生的隱私授權資料傳送給群組B(步驟S304)。
Assume that the node 40B1 of the group B applies to the group A for the authorization of the sensor data of the node 40A1 (that is, sends an access request) (step S302). The
群組B之群組代理伺服器30將群組A的節點40A1的隱私授權資料以非對稱加密私鑰(例如,RSA私鑰,並對應於步驟S304所用的RSA)解密,並從隱私區塊鏈70中讀取群組A的群組憑證與節點40A1的節點憑證,以對群組A與節點40A1的簽章進行驗證,進而確認其身分與隱私授權資料(步驟S305)。
The
最後,群組B的群組代理伺服器30可將群組A的節點40A1的隱私授權資料以節點40B1註冊的存取密碼加密後傳送給節點40B1(步驟S306)。
Finally, the
針對一對多授權,假設群組B的節點40B1向群組A申請節點40A1、節點40A2與節點40A3之所有感測器41的感測資料包裹的授權(步驟S307)。
For one-to-many authorization, suppose that the node 40B1 of the group B applies to the group A for the authorization of the sensing data package of all the
群組A的群組代理伺服器20將節點40A1、節點40A2與節點40A3之所有感測器41的感測資料從群組A的隱私資料庫25中讀出,並以40A1、節點40A2與節點40A3的註冊所得的存取密碼解密加密的感測資料(步驟S308)。群組A的群組代理伺服器20以對應群組A的群組憑證與節點40A1、節點40A2與節點A340各自的節點憑證分別對節點40A1、節點40A2與節點40A3的感測器41的感測資料製作公開金鑰加密算法的簽章,並分別將簽章
與節點40A1、節點40A2與節點40A3的感測器41的感測資料以群組B的群組代理伺服器30的非對稱加密公鑰(例如,RSA供要)加密,並將加密所產生的隱私授權資料傳送給群組B(步驟S309)。
The
群組B之群組代理伺服器30分別將群組A的節點40A1、節點40A2與節點40A3的隱私授權資料以群組B的非對稱加密私鑰(例如,RSA私鑰)解密,並從隱私區塊鏈70中讀取群組A的群組憑證與節點40A1、節點40A2與節點40A3各自的節點憑證,以對群組A與節點40A1、節點40A2與節點40A3的簽章進行驗證,進而確認身分與隱私授權資料(步驟S310)。
The
最後,群組B的群組代理伺服器30可將群組A的節點40A1、節點40A2與節點40A3的隱私授權資料以節點40B1註冊的存取密碼加密後傳送給節點40B1(步驟S311)。
Finally, the
綜上所述,在本發明實施例的物聯網系統及隱私授權方法中,由代理伺服器管理物聯網的節點群組,建立隱式憑證ECC相關演算法之身分驗證機制於物聯網之區塊鏈系統。物聯網節點的授權方法為使用ECC相關演算法的憑證的多重身分確認方式,並連結錨定的區塊鏈系統,使節點之間無須不斷產生會議金鑰(Session Key)來進行隱私資料的交換傳輸,從達成快速隱私資料互相存取授權與驗證的特點。 To sum up, in the Internet of Things system and privacy authorization method of the embodiments of the present invention, the proxy server manages the node group of the Internet of Things, and establishes the identity verification mechanism of the implicit certificate ECC-related algorithm in the block of the Internet of Things. Chain system. The authorization method for IoT nodes is a multi-identity verification method using certificates of ECC-related algorithms, and is connected to an anchored blockchain system, so that nodes do not need to continuously generate session keys to exchange private data Transmission, from achieving the characteristics of authorization and verification for fast mutual access of private data.
本發明實施例更包括以下特點及功效: The embodiments of the present invention further include the following features and effects:
本發明實施例由群組代理伺服器向憑證管理中心申請發行原始憑證,再自行產生多組ECC相關演算法的節點憑證分配給 節點使用的代理憑證機制。此外,所有節點的節點憑證將公布於物聯網之區塊鏈系統中。利用ECC相關演算法產生的多組節點憑證與原始憑證進行多重身分驗證,即可證實原節點授權的安全性,並具有快速授權隱私資料的優勢。 In the embodiment of the present invention, the group proxy server applies to the certificate management center for the issuance of original certificates, and then generates multiple sets of node certificates for ECC-related algorithms and distributes them to The proxy credential mechanism used by the node. In addition, the node credentials of all nodes will be published in the blockchain system of the Internet of Things. Using multiple sets of node certificates and original certificates generated by ECC related algorithms for multiple identity verification can verify the security of the original node authorization and has the advantage of quickly authorizing private data.
本發明實施例的群組代理伺服器使用憑證管理中心簽發的憑證,對節點產生的隱私授權資料進行包裹授權。而節點透過對應節點憑證與原始憑證進行多重身分確認。本發明實施例提供多節點授權隱私資料的包裹結構,進行節點之間的身分確認與隱私資料集體授權,以達到多節點對多節點直接隱私資料授權的目的。 The group proxy server of the embodiment of the present invention uses the certificate issued by the certificate management center to perform package authorization on the privacy authorization data generated by the node. The node performs multiple identity verification through the corresponding node certificate and the original certificate. The embodiment of the present invention provides a package structure for multi-node authorization of private data to perform identity verification between nodes and collective authorization of private data, so as to achieve the purpose of multi-nodes directly authorizing multi-node private data.
本發明實施例利用非對稱式密碼系統的安全特性,只要節點雙方建立身分驗證,即可以群組代理伺服器的非對稱加密公鑰,提供多次的隱私授權資料傳輸,進而減少一般使用會話金鑰來授權資料,更避免頻繁使用金鑰交換增加資料被破解的機會。藉此,可防止隱私資料被竊取,並確保節點對節點資料授權傳輸的安全。 The embodiment of the present invention utilizes the security features of the asymmetric cryptographic system. As long as both nodes establish identity verification, the asymmetric encryption public key of the group proxy server can be grouped to provide multiple transmissions of privacy authorization data, thereby reducing the general use of session funds. The key is used to authorize data, which avoids frequent use of key exchange and increases the chance of data being cracked. In this way, privacy data can be prevented from being stolen, and the security of the node's authorized transmission of node data can be ensured.
雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。 Although the present invention has been disclosed in the above embodiments, it is not intended to limit the present invention. Anyone with ordinary knowledge in the technical field can make some changes and modifications without departing from the spirit and scope of the present invention. The scope of protection of the present invention shall be subject to those defined by the attached patent scope.
20:群組代理伺服器 20: Group proxy server
S200~S208:步驟 S200~S208: steps
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109143839A TWI747659B (en) | 2020-12-11 | 2020-12-11 | Iot system and privacy authorization method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109143839A TWI747659B (en) | 2020-12-11 | 2020-12-11 | Iot system and privacy authorization method |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI747659B true TWI747659B (en) | 2021-11-21 |
TW202224378A TW202224378A (en) | 2022-06-16 |
Family
ID=79907751
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW109143839A TWI747659B (en) | 2020-12-11 | 2020-12-11 | Iot system and privacy authorization method |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI747659B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013053058A1 (en) * | 2011-10-10 | 2013-04-18 | Certicom Corp. | Generating implicit certificates |
US20170250822A1 (en) * | 2016-02-25 | 2017-08-31 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method of managing implicit certificates using a distributed public keys infrastructure |
CN108390851A (en) * | 2018-01-05 | 2018-08-10 | 郑州信大捷安信息技术股份有限公司 | A kind of secure remote control system and method for industrial equipment |
US20190036906A1 (en) * | 2017-07-28 | 2019-01-31 | SmartAxiom, Inc. | System and method for iot security |
US10380362B2 (en) * | 2015-05-22 | 2019-08-13 | Iot And M2M Technologies, Llc | Cryptographic unit for public key infrastructure (PKI) operations |
TWI732247B (en) * | 2019-07-16 | 2021-07-01 | 中華電信股份有限公司 | Method to display the validation of certificate at signing time |
-
2020
- 2020-12-11 TW TW109143839A patent/TWI747659B/en active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013053058A1 (en) * | 2011-10-10 | 2013-04-18 | Certicom Corp. | Generating implicit certificates |
US10380362B2 (en) * | 2015-05-22 | 2019-08-13 | Iot And M2M Technologies, Llc | Cryptographic unit for public key infrastructure (PKI) operations |
US20170250822A1 (en) * | 2016-02-25 | 2017-08-31 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method of managing implicit certificates using a distributed public keys infrastructure |
US20190036906A1 (en) * | 2017-07-28 | 2019-01-31 | SmartAxiom, Inc. | System and method for iot security |
CN108390851A (en) * | 2018-01-05 | 2018-08-10 | 郑州信大捷安信息技术股份有限公司 | A kind of secure remote control system and method for industrial equipment |
TWI732247B (en) * | 2019-07-16 | 2021-07-01 | 中華電信股份有限公司 | Method to display the validation of certificate at signing time |
Also Published As
Publication number | Publication date |
---|---|
TW202224378A (en) | 2022-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ding et al. | A novel attribute-based access control scheme using blockchain for IoT | |
WO2020062668A1 (en) | Identity authentication method, identity authentication device, and computer readable medium | |
TW201914254A (en) | Method, apparatus and system for data encryption and decryption | |
CN110959163B (en) | Computer-implemented system and method for enabling secure storage of large blockchains on multiple storage nodes | |
CN101212293B (en) | Identity authentication method and system | |
US11228450B2 (en) | Method and apparatus for performing multi-party secure computing based-on issuing certificate | |
WO2019110018A1 (en) | Message authentication method for communication network system, communication method and communication network system | |
Su et al. | A financial data security sharing solution based on blockchain technology and proxy re-encryption technology | |
CN114710275B (en) | Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment | |
Liu et al. | Efficient decentralized access control for secure data sharing in cloud computing | |
Mao et al. | BTAA: Blockchain and TEE Assisted Authentication for IoT Systems | |
Lv et al. | Heterogeneous cross-domain identity authentication scheme based on proxy resignature in cloud environment | |
Zhang et al. | A Lightweight Cross-Domain Authentication Protocol for Trusted Access to Industrial Internet | |
TWI747659B (en) | Iot system and privacy authorization method | |
CN115001673A (en) | Key processing method, device and system based on unified multi-domain identifier | |
CN114091009A (en) | Method for establishing secure link by using distributed identity | |
Ashraf et al. | Lightweight and authentic symmetric session key cryptosystem for client–server mobile communication | |
Tanwar et al. | Design and implementation of a secure hierarchical trust model for PKI | |
Vegendla et al. | Implementation of an RFID key management system for DASH7 | |
Hsu et al. | ECDSA Certificate Enrollment and Authentication for SCEP Protocol in Smart Grid PKI | |
Thangavel et al. | A survey on provable data possession in cloud storage | |
Benrebbouh et al. | Enhancing Security and Authentication in IoT-based Energy Internet using Post-Quantum Blockchain | |
Renner et al. | Towards key management challenges in the smart grid | |
Chang et al. | A dependable storage service system in cloud environment | |
JP7377495B2 (en) | Cryptographic systems and methods |