WO2011006341A1 - 一种传感器网络鉴别与密钥管理机制的融合方法 - Google Patents
一种传感器网络鉴别与密钥管理机制的融合方法 Download PDFInfo
- Publication number
- WO2011006341A1 WO2011006341A1 PCT/CN2009/076173 CN2009076173W WO2011006341A1 WO 2011006341 A1 WO2011006341 A1 WO 2011006341A1 CN 2009076173 W CN2009076173 W CN 2009076173W WO 2011006341 A1 WO2011006341 A1 WO 2011006341A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- node
- key
- authentication
- broadcast message
- broadcast
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/601—Broadcast encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- the invention relates to a fusion method of sensor network authentication and key management mechanism.
- the sensor network consists of a large number of small, inexpensive, battery-powered sensor nodes with wireless communication and monitoring capabilities. These nodes are densely deployed in the monitoring area for the purpose of monitoring the physical world.
- Wireless sensor networks are a new research direction in information technology. They have broad application prospects in environmental monitoring, military, homeland security, traffic control, community security, forest fire prevention, and target location.
- the sensor network is a data-centric data collection platform. Establishing a secure sensor network authentication and key management infrastructure is the basis for secure data integration, storage and access control. At present, the research on sensor network security technology has made great breakthroughs, and many sensor network security technologies have been designed. Key management is the basis of sensor network security. It is a supporting technology for node secure communication and inter-node identity authentication. It is generally composed of key pre-distribution before network deployment and key establishment and session key negotiation after network deployment. Stage composition. Identification is divided into message authentication and identity authentication. The sensor network implements important functions such as routing table creation, network query, software update, time synchronization, and network management based on broadcast.
- broadcast information may be modified by an attacker or inserted into malicious information. It is necessary to introduce an authentication mechanism to ensure broadcast.
- the legitimacy and integrity of information, broadcast message authentication technology is also the basis of sensor network security.
- Identity authentication is the basis of computer network security. It is also the basis of sensor network security. It is used to verify the legitimacy and validity of the identity of both parties.
- key management and authentication are indispensable and mutually supportive in sensor network security solutions.
- the authentication mechanism requires key pre-distribution technology in the key management mechanism to provide pre-shared or initial keys.
- the session key negotiation technology in the key management mechanism is based on the results of the identity authentication technology. Only when the two work in coordination can form a basic sensor network security solution. However, at present, the sensor network key management and authentication mechanism is not fully considered in the design, and cannot be transmitted.
- the sensor network provides complete secure communication and authentication services, and the sensor network still has security risks. Summary of the invention
- the present invention integrates a security mechanism such as sensor network key management, identity authentication, and broadcast message authentication from a protocol processing flow to form a comprehensive sensor network authentication and key management method.
- a security mechanism such as sensor network key management, identity authentication, and broadcast message authentication from a protocol processing flow to form a comprehensive sensor network authentication and key management method.
- the technical solution of the present invention is:
- the present invention provides a fusion method of sensor network authentication and key management mechanism, which is special in that: the method comprises the following steps:
- the communication key used to establish a secure connection between the nodes is pre-distributed to the node;
- the communication node After the network is deployed, the communication node authenticates the legitimacy of the identity of the other party before communicating;
- the broadcast message receiving node After the network is deployed, when the broadcast exists in the network, the broadcast message receiving node authenticates the validity of the broadcast message;
- the session key is negotiated to generate a session key based on the result of the node identity authentication process.
- step 1.1 The specific implementation of step 1.1 above is:
- the basic random key pre-distribution method is adopted.
- the specific implementation of the above step 1.1) is as follows: Before the sensor network is deployed, the deployment server first generates a key pool with a total number of keys P and all keys in the key pool. Key identifier; then based on the number of nodes in the network and the expected network connectivity and the section Click the desired number of neighbor nodes, and randomly select k different keys from the key pool for each node to form a key chain, and load it into the node, where k «P.
- step 1.2 The specific implementation of step 1.2) above is:
- the deployment server Before the network is deployed, the deployment server generates a broadcast message authentication key chain according to the network size and the characteristics of the broadcast node;
- the deployment server pre-distributes the initial key in the broadcast message authentication keychain to all broadcast message receiving nodes.
- the TESLA broadcast message authentication method is adopted.
- the specific implementation manner of the foregoing step 1.2) is: Before the network deployment, the deployment server generates a one-way ha used for authenticating the broadcast message according to parameters such as the lifetime of the broadcast node, the broadcast message authentication key disclosure delay, and the like.
- the hash chain that is, the broadcast message authentication key chain; then, the deployment server distributes the broadcast message authentication key chain to the broadcast node, and distributes the chain key in the key chain to all broadcast message receiving nodes.
- step 2.1 After the network is deployed, before the node communicates, the nodes establish a shared key, perform pre-shared key-based authentication based on the shared key, or perform nodes according to other preset authentication methods. Identification of identity.
- the above pre-shared key based authentication process includes the following steps:
- node A generates a random number N A and sends it to node B;
- the PSK represents a pre-shared key
- F represents a key generation algorithm
- H represents a one-way hash function
- the specific implementation of the above step 2.2) is: When there is a broadcast in the network, the node authenticates the validity of the broadcast message according to the pre-distributed initial broadcast message authentication key.
- the TESLA broadcast message authentication method is adopted.
- the specific implementation manner of the foregoing step 2.2) is: the broadcast node uses a broadcast message to authenticate a certain key in the key chain to perform MAC calculation on the message to be broadcast, and combines the broadcast message with the MAC value.
- the broadcast node will send the broadcast message to the receiving node, and the receiving node first authenticates the validity of the key according to the pre-distributed initial broadcast message, and then according to Verify the validity of the broadcast message MAC value to verify the legitimacy of the broadcast message.
- step 3 is:
- the negotiation method in step 3 above is:
- the multicast node generates a multicast session key MSK
- the MSK is encrypted and sent to the multicast message receiving node by using the unicast session key generated between the receiving node and the multicast message receiving node, and the multicast message receiving node saves the MSK and responds to the multicast node.
- the broadcast message receiving node authenticates the legitimacy of the broadcast message.
- the above nodes are base stations, cluster head nodes, and common nodes in the sensor network.
- a fusion system of sensor network authentication and key management mechanism is characterized in that: the system includes a deployment server and a node, and the node includes a broadcast node, a broadcast message receiving node, a multicast message receiving node, and a multicast node.
- the deployment server pre-distributes the communication key and the initial broadcast message authentication key to the node; the node performs authentication and session key negotiation; wherein the broadcast node sends a broadcast message to the broadcast message receiving node;
- the broadcast message receiving node receives and processes the broadcast message of the broadcast node; the multicast node sends the multicast message to the multicast message receiving node; and the multicast message receiving node receives and processes the multicast message of the multicast node.
- the invention has the advantages that the invention provides a fusion method of sensor network identification and key management mechanism, and constructs a sensor network by integrating sensor network basic security technologies such as key management, identity authentication and broadcast message authentication from a process.
- Security infrastructure The invention firstly identifies the key pre-distribution in the sensor network key management technology and the initial broadcast message in the broadcast message authentication technology.
- the key pre-distribution process is integrated to provide pre-distribution of the communication key and the initial broadcast message authentication key to the network node before network deployment, and provides support for identity authentication, secure communication, and broadcast message authentication after network deployment.
- it is a combination of broadcast message authentication and identity authentication, session key negotiation process, and can provide authentication of broadcast messages while performing identity authentication and session key negotiation.
- the present invention constructs a sensor network security architecture to form a basic sensor network security solution.
- FIG. 1 is a schematic flow chart of a fusion method provided by the present invention.
- the present invention provides a method for merging a sensor network authentication and key management mechanism, the method comprising the following steps:
- the communication key used to establish a secure connection between the nodes is pre-distributed to the node.
- the specific implementation manner is as follows:
- the basic random key pre-distribution method is adopted. Before the sensor network is deployed, the deployment server first generates a key pool with a total number of keys P and key identifiers of all keys in the key pool. Then, according to the nodes in the network The number and expected network connectivity and the number of neighbor nodes expected by the node, for each node randomly picking k different keys from the key pool to form a key chain, and loading into the node, where k «P.
- This random pre-allocation method enables neighboring nodes to share keys with a certain probability, so that a secure connection can be established to ensure that the desired network connectivity can be achieved after network deployment.
- the initial key for authenticating the broadcast message is pre-distributed to the broadcast message receiving node, and the specific implementation manner is as follows:
- the deployment server Before the network is deployed, the deployment server generates a broadcast message authentication key chain according to the network size and the characteristics of the broadcast node;
- the deployment server pre-distributes the initial key in the broadcast message authentication keychain to all broadcast message receiving nodes.
- the TESLA broadcast message authentication method is used.
- the deployment server Before the network is deployed, the deployment server generates a one-way hash chain for authenticating the broadcast message according to parameters such as the lifetime of the broadcast node and the broadcast message authentication key disclosure delay, that is, the broadcast message authentication key. Chain; then, the deployment server distributes the broadcast message authentication key chain to the broadcast node, and distributes the chain key in the key chain to all broadcast message receiving nodes, wherein the deployment server sends a broadcast message authentication secret to the broadcast node
- the keychain can also be taken online.
- Node identity authentication after network deployment, the communication node authenticates the legitimacy of the identity of the other party before communication.
- the specific implementation manner is as follows: After the network is deployed, before the node communicates, the nodes establish a shared key and then use the shared key. The authentication process based on the pre-shared key, or the identification of the identity between the nodes according to other preset authentication methods.
- the pre-shared key-based authentication method is used to perform authentication based on the shared key PSK.
- the node A first checks whether the random number N B in the message is consistent with the random number that it sends to the node B in step a).
- broadcast message authentication After the network is deployed, when the broadcast exists in the network, the broadcast message receiving node authenticates the validity of the broadcast message.
- the specific implementation manner is as follows: When there is broadcast in the network, the node authenticates the secret according to the pre-distributed initial broadcast message. The key authenticates the legitimacy of the broadcast message.
- the authentication of broadcast messages may occur at any time after the network is deployed, such as during session key negotiation, depending on the broadcast conditions in the network.
- the broadcast node first performs MAC calculation on the message to be broadcast by using a certain key in the broadcast message authentication key chain, and sends the broadcast message together with the MAC value to the broadcast message receiving node; After the preset broadcast message authentication key disclosure delay, the broadcast node will send to the broadcast message receiving node, and the receiving node authenticates the validity of the key first verification according to the pre-distributed initial broadcast message, and then according to the validity of verifying the broadcast message MAC value. Sex, from And verify the legitimacy of the broadcast message.
- Session key negotiation after the node identity authentication succeeds, based on the result of the node identity authentication process, the session key is negotiated between the nodes.
- the broadcast message receiving node authenticates the broadcast message.
- Sex which is mainly done by the following substeps:
- the specific negotiation method may adopt the following steps: a) the multicast node generates a multicast session key MSK; b) encrypts the MSK and sends it to the multicast message receiving node by using a unicast session key generated between the receiving node and the multicast message receiving node The multicast message receiving node responds to the multicast node after saving the MSK.
- the nodes in the present invention generally refer to various network entities in a sensor network, including but not limited to a base station, a cluster head node, a common node, and the like.
- a fusion system of sensor network authentication and key management mechanism comprising a deployment server and a node, the node comprising a broadcast node, a broadcast message receiving node, a multicast message receiving node and a multicast node; the deployment server will communicate the key and The initial broadcast message authentication key is pre-distributed to the node; the node performs authentication and session key negotiation; wherein the broadcast node sends the broadcast message to the broadcast message receiving node; the broadcast message receiving node receives and processes the broadcast message of the broadcast node; The multicast message is sent to the multicast message receiving node; the multicast message receiving node receives and processes the multicast message of the multicast node.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020127001604A KR101486030B1 (ko) | 2009-07-15 | 2009-12-29 | 센서 네트워크에서 인증 및 비밀 키 관리 메커니즘을 결합하는 방법 |
JP2012519869A JP5367168B2 (ja) | 2009-07-15 | 2009-12-29 | センサーネットワーク認証と鍵管理メカニズムの統合方法 |
EP09847266.5A EP2456243B1 (en) | 2009-07-15 | 2009-12-29 | Method for combining authentication and secret keys management mechanism in a sensor network |
US13/382,651 US8571223B2 (en) | 2009-07-15 | 2009-12-29 | Method for combining authentication and secret keys management mechanism in a sensor network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100233829A CN101610452B (zh) | 2009-07-15 | 2009-07-15 | 一种传感器网络鉴别与密钥管理机制的融合方法 |
CN200910023382.9 | 2009-07-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011006341A1 true WO2011006341A1 (zh) | 2011-01-20 |
Family
ID=41483987
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2009/076173 WO2011006341A1 (zh) | 2009-07-15 | 2009-12-29 | 一种传感器网络鉴别与密钥管理机制的融合方法 |
Country Status (6)
Country | Link |
---|---|
US (1) | US8571223B2 (zh) |
EP (1) | EP2456243B1 (zh) |
JP (1) | JP5367168B2 (zh) |
KR (1) | KR101486030B1 (zh) |
CN (1) | CN101610452B (zh) |
WO (1) | WO2011006341A1 (zh) |
Families Citing this family (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012533761A (ja) * | 2009-07-15 | 2012-12-27 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | 無線ネットワークにおいて機密データを安全にブロードキャストするための方法 |
CN101699891B (zh) * | 2009-10-21 | 2012-07-25 | 西安西电捷通无线网络通信股份有限公司 | 一种传感器网络密钥管理和节点鉴别方法 |
CN101895888A (zh) * | 2010-07-30 | 2010-11-24 | 中国移动通信集团重庆有限公司 | 传感器鉴权的方法、装置及传感器鉴权系统 |
US10797864B2 (en) | 2011-11-21 | 2020-10-06 | Combined Conditional Access Development And Support, Llc | System and method for authenticating data while minimizing bandwidth |
CN102547693B (zh) * | 2012-02-17 | 2014-09-10 | 南京邮电大学 | 一种无线传感网分簇安全路由方法 |
US9210578B2 (en) * | 2012-07-12 | 2015-12-08 | Nokia Technologies Oy | Methods and apparatus for authentication |
CN102917313B (zh) * | 2012-10-17 | 2015-05-27 | 重庆邮电大学 | 一种适用于无线传感器网络广播认证的方法 |
EP2912799B1 (en) * | 2012-10-26 | 2021-08-18 | Nokia Technologies Oy | Methods and apparatus for data security in mobile ad hoc networks |
KR101363291B1 (ko) * | 2012-10-31 | 2014-02-19 | 고려대학교 산학협력단 | 노드간 인증을 통한 네트워크 접근 제어 방법 |
US9559851B2 (en) | 2013-06-13 | 2017-01-31 | Intel Corporation | Secure pairing for secure communication across devices |
US9444580B2 (en) | 2013-08-06 | 2016-09-13 | OptCTS, Inc. | Optimized data transfer utilizing optimized code table signaling |
US10523490B2 (en) * | 2013-08-06 | 2019-12-31 | Agilepq, Inc. | Authentication of a subscribed code table user utilizing optimized code table signaling |
US9455799B2 (en) | 2013-08-06 | 2016-09-27 | OptCTS, Inc. | Dynamic control of quality of service (QOS) using derived QOS measures |
CN103763096B (zh) * | 2014-01-17 | 2018-02-09 | 北京邮电大学 | 随机密钥分配方法和装置 |
CN103856939B (zh) * | 2014-03-27 | 2017-01-25 | 北京工业大学 | 一种基于随机数的两级身份认证方法 |
KR101507046B1 (ko) * | 2014-04-02 | 2015-04-01 | 인하대학교 산학협력단 | UWSN 환경에서 브로드캐스트 메시지 인증을 위한 가변 키 슬롯을 사용하는 μTESLA 방법 및 이용한 UWSN 시스템 |
EP3164942A1 (en) | 2014-07-02 | 2017-05-10 | Agilepq, Inc. | Data recovery utilizing optimized code table signaling |
KR101759133B1 (ko) * | 2015-03-17 | 2017-07-18 | 현대자동차주식회사 | 비밀 정보 기반의 상호 인증 방법 및 장치 |
US9697359B2 (en) | 2015-04-15 | 2017-07-04 | Qualcomm Incorporated | Secure software authentication and verification |
US20170063853A1 (en) * | 2015-07-10 | 2017-03-02 | Infineon Technologies Ag | Data cipher and decipher based on device and data authentication |
CN106850508B (zh) * | 2015-12-07 | 2020-04-17 | 中国电信股份有限公司 | 安全组通信方法和系统以及相关设备 |
US10237305B2 (en) * | 2016-02-17 | 2019-03-19 | Nagravision S.A. | Methods and systems for enabling legal-intercept mode for a targeted secure element |
US10587399B2 (en) | 2016-06-06 | 2020-03-10 | Agilepq, Inc. | Data conversion systems and methods |
US10819701B2 (en) | 2018-03-14 | 2020-10-27 | Microsoft Technology Licensing, Llc | Autonomous secrets management for a managed service identity |
US10691790B2 (en) | 2018-03-14 | 2020-06-23 | Microsoft Technology Licensing, Llc | Autonomous secrets management for a temporary shared access signature service |
US10965457B2 (en) | 2018-03-14 | 2021-03-30 | Microsoft Technology Licensing, Llc | Autonomous cross-scope secrets management |
US11762980B2 (en) | 2018-03-14 | 2023-09-19 | Microsoft Technology Licensing, Llc | Autonomous secrets renewal and distribution |
CN109040132B (zh) * | 2018-09-26 | 2021-05-28 | 南京南瑞继保电气有限公司 | 一种基于共享密钥随机选择的加密通信方法 |
CN109728905B (zh) * | 2019-01-11 | 2021-04-06 | 如般量子科技有限公司 | 基于非对称密钥池的抗量子计算mqv密钥协商方法和系统 |
CN109687962B (zh) * | 2019-01-15 | 2021-04-06 | 如般量子科技有限公司 | 基于私钥池的抗量子计算mqv密钥协商方法和系统 |
CN110048849B (zh) * | 2019-03-11 | 2022-10-21 | 广东安创信息科技开发有限公司 | 一种多层保护的会话密钥协商方法 |
CN111447615B (zh) * | 2020-03-18 | 2022-07-15 | 重庆邮电大学 | 一种适用于分簇无线传感器网络模型的对密钥管理方法 |
CN111491270B (zh) * | 2020-04-08 | 2022-02-01 | 四川轻化工大学 | 一种层簇型无线传感器网络全局密钥管理方法 |
CN112911599B (zh) * | 2021-01-20 | 2023-03-28 | 沈阳化工大学 | 支持完整性验证无线传感器网络低能耗数据融合隐性方法 |
CN114124388B (zh) * | 2022-01-27 | 2022-05-10 | 济南量子技术研究院 | 一种基于量子密钥的Gossip协议同步方法 |
CN114726515B (zh) * | 2022-03-25 | 2024-08-06 | 杭州舜时科技有限公司 | 一种量子加密通信方法及相应通信系统 |
CN117792674A (zh) * | 2023-11-15 | 2024-03-29 | 北京计算机技术及应用研究所 | 一种基于身份标识的天地一体化网络双向认证方法 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1996833A (zh) * | 2006-12-04 | 2007-07-11 | 中国科学院计算技术研究所 | 一种传感器网络中对密钥进行分配和管理的方法 |
CN101243673A (zh) * | 2005-08-19 | 2008-08-13 | 英特尔公司 | 用于保护无线网络中广播的管理控制消息的无线通信设备和方法 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7486795B2 (en) * | 2002-09-20 | 2009-02-03 | University Of Maryland | Method and apparatus for key management in distributed sensor networks |
CN103647641B (zh) | 2005-06-08 | 2017-07-11 | 皇家飞利浦电子股份有限公司 | 识别传感器和最大化无线系统的可扩展性、弹性和性能的方法 |
JP4213176B2 (ja) * | 2006-11-16 | 2009-01-21 | シャープ株式会社 | センサデバイス、サーバノード、センサネットワークシステム、通信経路の構築方法、制御プログラム、および記録媒体 |
CN101005459B (zh) * | 2007-01-18 | 2011-01-05 | 西安电子科技大学 | 基于密钥链的无线传感器访问控制方法 |
US8027474B2 (en) * | 2007-04-05 | 2011-09-27 | Industrial Technology Research Institute | Method and system for secure data aggregation in wireless sensor networks |
CN101232378B (zh) * | 2007-12-29 | 2010-12-08 | 西安西电捷通无线网络通信股份有限公司 | 一种无线多跳网络的认证接入方法 |
-
2009
- 2009-07-15 CN CN2009100233829A patent/CN101610452B/zh active Active
- 2009-12-29 WO PCT/CN2009/076173 patent/WO2011006341A1/zh active Application Filing
- 2009-12-29 EP EP09847266.5A patent/EP2456243B1/en active Active
- 2009-12-29 US US13/382,651 patent/US8571223B2/en active Active
- 2009-12-29 JP JP2012519869A patent/JP5367168B2/ja active Active
- 2009-12-29 KR KR1020127001604A patent/KR101486030B1/ko active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101243673A (zh) * | 2005-08-19 | 2008-08-13 | 英特尔公司 | 用于保护无线网络中广播的管理控制消息的无线通信设备和方法 |
CN1996833A (zh) * | 2006-12-04 | 2007-07-11 | 中国科学院计算技术研究所 | 一种传感器网络中对密钥进行分配和管理的方法 |
Non-Patent Citations (1)
Title |
---|
LI YAO ET AL.: "Efficient authentication and key agreement scheme for wireless sensor network.", COMPUTER ENGINEERING AND APPLICATIONS., no. 19, 10 July 2009 (2009-07-10), pages 107 - 109, XP008150218 * |
Also Published As
Publication number | Publication date |
---|---|
CN101610452B (zh) | 2011-06-01 |
EP2456243B1 (en) | 2018-08-22 |
JP5367168B2 (ja) | 2013-12-11 |
KR101486030B1 (ko) | 2015-01-22 |
US20120114124A1 (en) | 2012-05-10 |
EP2456243A1 (en) | 2012-05-23 |
CN101610452A (zh) | 2009-12-23 |
KR20120047911A (ko) | 2012-05-14 |
US8571223B2 (en) | 2013-10-29 |
JP2012533237A (ja) | 2012-12-20 |
EP2456243A4 (en) | 2017-06-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2011006341A1 (zh) | 一种传感器网络鉴别与密钥管理机制的融合方法 | |
CA2662846C (en) | Method and apparatus for establishing security associations between nodes of an ad hoc wireless network | |
KR101198570B1 (ko) | Id 기반 무선 멀티-홉 네트워크 인증 액세스의 방법,장치 및 시스템 | |
US20140007207A1 (en) | Method and device for generating local interface key | |
WO2009089738A1 (fr) | Système et procédé d'accès pour authentification destinés à un réseau sans fil à sauts multiples | |
CN101371491A (zh) | 提供无线网状网络的方法和装置 | |
KR20120085826A (ko) | 센서 네트워크의 암호키 관리 및 노드 인증 방법 | |
WO2008083628A1 (fr) | Serveur d'authentification, procédé, système et dispositif d'authentification mutuelle dans un réseau sans fil maillé | |
WO2010020186A1 (zh) | 基于单播会话密钥的组播密钥分发方法、更新方法及基站 | |
CN104145465A (zh) | 机器类型通信中基于群组的自举 | |
CN108964897B (zh) | 基于群组通信的身份认证系统和方法 | |
CN108880799B (zh) | 基于群组密钥池的多次身份认证系统和方法 | |
CN111865593B (zh) | 一种基于混合密钥的节点群密钥的预分配方法和装置 | |
CN102006595B (zh) | 一种无线传感器网络密钥管理方法 | |
CN114466318B (zh) | 组播服务有效认证和密钥分配协议实现方法、系统及设备 | |
You et al. | A novel group key agreement protocol for wireless mesh network | |
Roychoudhury et al. | A secure Device-to-Device communication scheme for massive Machine Type Communication | |
Nam et al. | Security enhancement to a password-authenticated group key exchange protocol for mobile ad-hoc networks | |
Lu et al. | Distributed ledger technology based architecture for decentralized device-to-device communication network | |
CN109067705B (zh) | 基于群组通信的改进型Kerberos身份认证系统和方法 | |
Leshem et al. | Probability based keys sharing for IoT security | |
JP5472977B2 (ja) | 無線通信装置 | |
CN116830533A (zh) | 用于分发多播加密密钥的方法和设备 | |
CN117459935A (zh) | 一种基于国密sm9支持批认证的高效切换认证方法 | |
CN117729056A (zh) | 一种设备身份认证方法和系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09847266 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13382651 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012519869 Country of ref document: JP |
|
ENP | Entry into the national phase |
Ref document number: 20127001604 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009847266 Country of ref document: EP |