CN112039660B - Internet of things node group identity security authentication method - Google Patents

Internet of things node group identity security authentication method Download PDF

Info

Publication number
CN112039660B
CN112039660B CN202010811970.5A CN202010811970A CN112039660B CN 112039660 B CN112039660 B CN 112039660B CN 202010811970 A CN202010811970 A CN 202010811970A CN 112039660 B CN112039660 B CN 112039660B
Authority
CN
China
Prior art keywords
group
server
key
authentication
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010811970.5A
Other languages
Chinese (zh)
Other versions
CN112039660A (en
Inventor
常相茂
王杜毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Aeronautics and Astronautics
Original Assignee
Nanjing University of Aeronautics and Astronautics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Aeronautics and Astronautics filed Critical Nanjing University of Aeronautics and Astronautics
Priority to CN202010811970.5A priority Critical patent/CN112039660B/en
Publication of CN112039660A publication Critical patent/CN112039660A/en
Application granted granted Critical
Publication of CN112039660B publication Critical patent/CN112039660B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an identity security authentication method for a node group of the Internet of things, which comprises the following steps: the server generates various parameters required in authentication and a key of the server according to the selected security level; the group member registers to the server to obtain a key and related information of the group; all group members use Schnorr aggregate signatures to sign the current timestamp, and the request is sent to a server after aggregation by a group Leader; after verifying the validity of the group authentication request, the server encrypts and distributes random numbers for generating subsequent session keys according to the Chinese remainder theorem and signs the random numbers; and after the group member authenticates the server signature, the private key is used for decrypting the encrypted random number and generating a session key. The invention can reduce the data communication traffic when large-scale group applies for identity authentication, and the sizes of the group aggregation authentication application and the server reply information are constant values and do not change along with the change of the number of the group members.

Description

Internet of things node group identity security authentication method
Technical Field
The invention relates to the technical field of security authentication, in particular to an Internet of things node group identity security authentication method which is mainly used for solving the problems of low efficiency and large bandwidth resource occupation in large-scale Internet of things equipment security authentication.
Background
With the rapid development of the internet of things technology, the internet of things equipment has been deeply grown into the life of people and is widely applied to various fields, and the quantity of the internet of things equipment is also increased explosively. At the same time, the security of internet of things devices is becoming more problematic, especially those used to collect and transmit user sensitive data. The internet of things equipment is usually limited in computing capacity, cannot adopt a high-complexity security technology, and is very vulnerable. Once these devices are attacked, the sensitive data of the user is leaked, and irreparable loss is caused. Therefore, in the access authentication process and the data transmission process, the guarantee of the user identity privacy and the transmission data safety is very important.
With the mature development of the low-power-consumption wide area network technology, an effective transmission solution is provided for the deployment of large-scale internet of things application. However, when a large-scale internet of things device simultaneously makes an identity authentication request to a server, the generated signaling may cause huge communication burden and computational pressure on a physical channel and the server, possibly cause channel blockage, and reduce the operating efficiency of the system.
The invention of CN110149214A provides a LTE-R network group authentication key negotiation method without certificate aggregation signature, which mainly comprises the following operation steps: A. system establishment and participant registration: entities participating in authentication complete registration at a key generation center to acquire public and private key information; B. initial access authentication: when the user equipment is uniformly connected to the LTE-R network before the train is sent out, executing a certificateless signature algorithm to generate respective signatures and then sending the signatures to the relay server, and executing a certificateless aggregation signature algorithm by the relay server to realize rapid mutual authentication and key agreement sharing among the user equipment, the relay server and the roadside base station; C. switching authentication: in the running process of the train, the user equipment is always stably connected with the relay server, and the relay server and the roadside base station realize rapid and frequent switching authentication by executing a certificateless signature algorithm; D. the session is terminated. The method has the advantages of high authentication efficiency, low signaling overhead and good safety. However, in the invention, after the authentication is completed, the secure communication from the user to the relay server and then to the roadside base station is established, and the direct secure communication between the user members in the group and the roadside base station cannot be directly established, so that the authentication of large-scale users requiring relay equipment is aimed at, and the method is not suitable for the internet of things equipment which can directly communicate with the base station server by using a low-power wide area network technology. In the invention, the relay server only aggregates the signature of the user authentication request message, and still forwards the authentication request messages including the ID of all members in the group, the data volume received by the roadside base station is positively correlated with the number of the members in the group, and meanwhile, the calculation amount required during verification is increased along with the increase of the number of the members. Therefore, the foregoing invention can only alleviate the problem of signaling overhead to a certain extent, but in fact, when the number of devices involved is too large, the computation amount of the group aggregation authentication application and the server reply information is still huge, and the data traffic still puts a high demand on the operating efficiency of the system.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides the Internet of things node group identity security authentication method, which can reduce the data communication traffic when large-scale group application identity authentication is carried out, the sizes of the group aggregation authentication application and the server reply information are constant values and do not change along with the change of the number of group members, and the method is particularly suitable for large-scale Internet of things equipment deployment scenes such as NB-IoT.
In order to achieve the purpose, the invention adopts the following technical scheme:
an identity security authentication method for a node group of an Internet of things comprises the following steps:
s1, initialization stage: the server generates various parameters required in authentication and a key of the server according to the selected security level;
s2, registration stage: the group member registers to the server to obtain a key and related information of the group;
s3, group aggregate authentication request: all group members use Schnorr aggregate signatures to sign the current timestamp, and the request is sent to a server after aggregation by a group Leader;
s4, server authentication reply: after verifying the validity of the group authentication request, the server encrypts and distributes random numbers for generating subsequent session keys according to the Chinese remainder theorem and signs the random numbers;
s5, the group member generates a session key: and after the group member authenticates the server signature, the private key is used for decrypting the encrypted random number and generating a session key.
In order to optimize the technical scheme, the specific measures adopted further comprise:
further, the process of the server generating parameters required for authentication and its own key according to the selected security level in step S1 includes the following steps:
s11, the server selects a system security level parameter k and selects a prime number q > 2k
S12, selecting a q-order cyclic group E (F)q) The generator is G;
s13, selecting hash function hash ():
Figure BDA0002631323340000021
wherein ZqA group of additive cycles modulo q;
s14, the server selects a random number xc∈ZqAs private key, the public key P is calculatedc=xc·G;
S15, Server publish { q, E (F)q),G,hash(),Pc}。
Further, in step S2, the process of registering the group member with the server and obtaining the key and the information related to the group includes the following steps:
s21, the server selects xi∈ZqAs a UEiThe private key, the private keys of the members in the group are mutually prime, and the public key P is calculatedi=xiG and M ═ Σ xi,Mi=M/xi,vari=Mi·yiWherein M isi·yi≡1(modxi);
S22, the server generates the group ID GID and the group key g for the groupkGroup common parameter L ═ hash (g)k,P1,P2,…,Pn) And a group public key P ═ Σ [ hash (L, P)i)·Pi];
S23, the server will { xi,Pi,GID,gkL, P to group member UEi
Further, in step S3, the process that all group members sign the current timestamp by using a Schnorr aggregate signature, and the group Leader sends the request to the server after aggregating includes the following steps:
s31, group member UEiSelecting a random number ri∈ZqCalculating Ri=riG and send to group Leader;
s32, the group Leader collects all the group member UEsiR of (A) to (B)iCalculating R ═ Σ Ri
S33, the group Leader sends the current time stamp TuAnd R is sent to group member UEi
S34, group member UEiVerifying timestamp TuAfter validation, use private key xiSigning a timestamp si=ri+hash(P,R,Tu)·hash(L,Pi)·xiAnd sending the data to a group Leader;
s35, the group Leader collects all the group member UEsiS ofiCalculating the aggregate signature s ═ Σ siAnd will { GID, s, R, TuAnd sending the data to the server.
Further, after the server verifies the validity of the group authentication request in step S4, the process of distributing the random number for generating the subsequent session key according to the china remainder theorem by encryption and signing the random number includes the following steps:
s41, the server verifies the timestamp TuValidity by calculating the equation s · G ═ R + hash (P, R, T)u) Whether P holds to verify the legitimacy of the group identity;
s42, is a group member UEiGenerating a random number ki∈ZqGenerating K ═ Σ (K)i·vari)(modM);
S43, the server selects a random number rc∈ZqCalculating Rc=rcG, pair K and current time stamp TcMaking a signature sc=rc+hash(P,Rc,Tc,K)·xc
S44, the server will { K, Tc,sc,RcAnd sending the data to a group Leader.
Further, in step S5, after authenticating the server signature, the process of decrypting the encrypted random number by using the private key and generating the session key includes the following steps:
s51, group Leader will { K, Tc,sc,RcForward to group member UEi
S52, group member UEiVerifying timestamp TcBy calculating the equation sc·G=Rc+hash(P,Rc,Tc,K)·PcWhether the identity of the server is established or not is verified;
s53, group member UEiUsing a private key xiDecrypting to obtain ki=K(modxi);
S54, group member UEiAccording to kiA session key SK is generated.
The invention has the beneficial effects that:
the method can reduce data communication traffic when the large-scale group applies for identity authentication, the sizes of the group aggregation authentication application and the server reply information are constant values and do not change along with the change of the number of group members, and the method is particularly suitable for the scenes of large-scale Internet of things equipment deployment such as NB-IoT and the like; the invention can ensure the security of group identity authentication and can resist common attacks such as replay attack, man-in-the-middle attack and the like; the method can ensure the security of the identity authentication and can complete the session key negotiation of the subsequent communication between the group members and the server.
Drawings
Fig. 1 is a flowchart of an internet of things node group identity security authentication method of the present invention.
FIG. 2 is a flow chart of one embodiment of the present invention.
Detailed Description
The present invention will now be described in further detail with reference to the accompanying drawings.
It should be noted that the terms "upper", "lower", "left", "right", "front", "back", etc. used in the present invention are for clarity of description only, and are not intended to limit the scope of the present invention, and the relative relationship between the terms and the terms is not limited by the technical contents of the essential changes.
With reference to fig. 1, the present invention provides an internet of things node group identity security authentication method, where the authentication method includes the following steps:
s1, initialization stage: and the server generates various parameters required in authentication and own keys according to the selected security level.
S2, registration stage: the group member registers to the server to obtain the key and the related information of the group.
S3, group aggregate authentication request: all group members use Schnorr aggregate signature to sign the current timestamp, and the request is sent to the server after the aggregation by the group Leader.
S4, server authentication reply: after verifying the validity of the group authentication request, the server encrypts and distributes random numbers for generating subsequent session keys according to the Chinese remainder theorem and signs the random numbers.
S5, the group member generates a session key: and after the group member authenticates the server signature, the private key is used for decrypting the encrypted random number and generating a session key.
The authentication method of the present invention is explained by one specific embodiment with reference to fig. 2.
First, initialization phase
Initialization: the server selects a system security level parameter k, generates and publishes security parameters used in protocol authentication and a public key { q, E (F) of the serverq),G,hash(),Pc}。
The process of the server generating parameters required for authentication and its own key according to the selected security level in step S1 includes the following steps:
s11, the server selects a system security level parameter k and selects a prime number q > 2k
S12, selecting a q-order cyclic group E (F)q) The generator is G.
S13, selecting hash function hash ():
Figure BDA0002631323340000041
wherein ZqModulo q, the group of addition cycles.
S14, the server selects a random number xc∈ZqAs private key, the public key P is calculatedc=xc·G。
S15, Server publish { q, E (F)q),G,hash(),Pc}。
Second, registration stage
Registering: group member device UEiRegister with a server, UEiObtain a private key, a group identity identifier, a group key, a group public parameter, and a group public key { x }i,GID,gk,L,P}。
In step S2, the process of registering the group member with the server and obtaining the key and the related information of the group includes the following steps:
s21, the server selects xi∈ZqAs a UEiThe private key, the private keys of the members in the group are mutually prime, and the public key P is calculatedi=xiG and M ═ Σ xi,Mi=M/xi,vari=Mi·yiWherein M isi·yi≡1(modxi)。
S22, the server generates the group ID GID and the group key g for the groupkGroup common parameter L ═ hash (g)k,P1,P2,…,Pn) And a group public key P ═ Σ [ hash (L, P)i)·Pi]。
S23, the server will { xi,Pi,GID,gkL, P to group member UEi
Third, group aggregation authentication request
Group aggregation authentication request: group Leader collects all UEsiR of (A) to (B)iCalculating and distributing R ═ Σ RiAnd a current time stamp Tu;UEiFor time stamp TuSigning is carried out, and the signature s is obtainediSending the data to a Leader; leader collects all UEsiSignature s ofiAnd generating an aggregation signature s and sending the aggregation signature s to the server.
In step S3, the process in which all group members sign the current timestamp using a Schnorr aggregate signature, and the group Leader aggregates the current timestamp and sends the request to the server includes the following steps:
s31, group member UEiSelecting a random number ri∈ZqCalculating Ri=riG and sends to the group Leader.
S32, the group Leader collects all the group member UEsiR of (A) to (B)iCalculating R ═ Σ Ri
S33, the group Leader sends the current time stamp TuAnd R is sent toGroup member UEi
S34, group member UEiVerifying timestamp TuAfter validation, use private key xiSigning a timestamp si=ri+hash(P,R,Tu)·hash(L,Pi)·xiAnd sends it to the group Leader.
S35, the group Leader collects all the group member UEsiS ofiCalculating the aggregate signature s ═ Σ siAnd will { GID, s, R, TuAnd sending the data to the server.
Fourth, server authentication reply
And (3) server authentication reply: server verification timestamp TuAnd validity of the aggregated signature s for the UEiGenerating a random number kiAnd obtaining K by using the Chinese remainder theorem for encryption; server pair K and current timestamp TcMaking a signature scWill { K, Tc,scAnd sending the data to a group Leader.
After the server verifies the validity of the group authentication request in step S4, the process of distributing the random number for generating the subsequent session key according to the china remainder theorem in an encrypted manner and signing the random number includes the following steps:
s41, the server verifies the timestamp TuValidity by calculating the equation s · G ═ R + hash (P, R, T)u) Whether P holds to verify the legitimacy of the group identity. The principle is as follows:
Figure BDA0002631323340000061
s42, is a group member UEiGenerating a random number ki∈ZqGenerating K ═ Σ (K)i·vari)(modM)。
S43, the server selects a random number rc∈ZqCalculating Rc=rcG, pair K and current time stamp TcMaking a signature sc=rc+hash(P,Rc,Tc,K)·xc
S44, serviceWill { K, Tc,sc,RcAnd sending the data to a group Leader.
Fifthly, the group members generate the session key
Group member generation session key: group Leader will { K, Tc,scForward to UEi,UEiVerifying timestamp TcAnd a signature scValidity of, decryption yields kiAnd generates a session key SK accordingly.
In step S5, the process of decrypting the encrypted random number using the private key and generating the session key after the group member authenticates the server signature includes the following steps:
s51, group Leader will { K, Tc,sc,RcForward to group member UEi
S52, group member UEiVerifying timestamp TcBy calculating the equation sc·G=Rc+hash(P,Rc,Tc,K)·PcWhether it is true to verify the validity of the server identity. The principle is as follows:
Figure BDA0002631323340000062
s53, group member UEiUsing a private key xiDecrypting to obtain ki=K(modxi)。
S54, group member UEiAccording to kiA session key SK is generated.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above-mentioned embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may be made by those skilled in the art without departing from the principle of the invention.

Claims (3)

1. An identity security authentication method for a node group of the Internet of things is characterized by comprising the following steps:
s1, initialization stage: the server generates various parameters required in authentication and a key of the server according to the selected security level;
s2, registration stage: the group member registers to the server to obtain a key and related information of the group;
s3, group aggregate authentication request: all group members use Schnorr aggregate signatures to sign the current timestamp, and the request is sent to a server after aggregation by a group Leader;
s4, server authentication reply: after verifying the validity of the group authentication request, the server encrypts and distributes random numbers for generating subsequent session keys according to the Chinese remainder theorem and signs the random numbers;
s5, the group member generates a session key: after the group member authenticates the server signature, the private key is used for decrypting the encrypted random number and generating a session key;
the process of the server generating parameters required for authentication and its own key according to the selected security level in step S1 includes the following steps:
s11, the server selects a system security level parameter k and selects a prime number q > 2k
S12, selecting a q-order cyclic group E (F)q) The generator is G;
s13, selecting a hash function
Figure FDA0003004770870000011
Wherein ZqA group of additive cycles modulo q;
s14, the server selects a random number xc∈ZqAs private key, the public key P is calculatedc=xc·G;
S15, Server publish { q, E (F)q),G,hash(),Pc};
In step S2, the process of registering the group member with the server and obtaining the key and the related information of the group includes the following steps:
s21, the server selects xi∈ZqAs a UEiThe private key, the private keys of the members in the group are mutually prime, and the public key P is calculatedi=xiG and M ═ Σ xi,Mi=M/xi,vari=Mi·yiWherein M isi·yi≡1(mod xi);
S22, the server generates the group ID GID and the group key g for the groupkGroup common parameter L ═ hash (g)k,P1,P2,…,Pn) And a group public key P ═ Σ [ hash (L, P)i)·Pi];
S23, the server will { xi,Pi,GID,gkL, P to group member UEi
In step S3, the process in which all group members sign the current timestamp using a Schnorr aggregate signature, and the group Leader aggregates the current timestamp and sends the request to the server includes the following steps:
s31, group member UEiSelecting a random number ri∈ZqCalculating Ri=riG and send to group Leader;
s32, the group Leader collects all the group member UEsiR of (A) to (B)iCalculating R ═ Σ Ri
S33, the group Leader sends the current time stamp TuAnd R is sent to group member UEi
S34, group member UEiVerifying timestamp TuAfter validation, use private key xiSigning a timestamp si=ri+hash(P,R,Tu)·hash(L,Pi)·xiAnd sending the data to a group Leader;
s35, the group Leader collects all the group member UEsiS ofiCalculating the aggregate signature s ═ Σ siAnd will { GID, s, R, TuAnd sending the data to the server.
2. The internet of things node group identity security authentication method of claim 1, wherein after the server verifies the validity of the group authentication request in step S4, the process of distributing the random number for generating the subsequent session key according to the china remainder theorem in an encrypted manner and signing the random number comprises the following steps:
s41, the server verifies the timestamp TuValidity by calculating the equation s · G ═ R + hash (P, R, T)u) Whether P holds to verify the legitimacy of the group identity;
s42, is a group member UEiGenerating a random number ki∈ZqGenerating K ═ Σ (K)i·vari)(mod M);
S43, the server selects a random number rc∈ZqCalculating Rc=rcG, pair K and current time stamp TcMaking a signature sc=rc+hash(P,Rc,Tc,K)·xc
S44, the server will { K, Tc,sc,RcAnd sending the data to a group Leader.
3. The internet of things node group identity security authentication method of claim 2, wherein in step S5, after authenticating the server signature, the process of decrypting the encrypted random number using a private key and generating a session key comprises the steps of:
s51, group Leader will { K, Tc,sc,RcForward to group member UEi
S52, group member UEiVerifying timestamp TcBy calculating the equation sc·G=Rc+hash(P,Rc,Tc,K)·PcWhether the identity of the server is established or not is verified;
s53, group member UEiUsing a private key xiDecrypting to obtain ki=K(mod xi);
S54, group member UEiAccording to kiA session key SK is generated.
CN202010811970.5A 2020-08-13 2020-08-13 Internet of things node group identity security authentication method Active CN112039660B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010811970.5A CN112039660B (en) 2020-08-13 2020-08-13 Internet of things node group identity security authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010811970.5A CN112039660B (en) 2020-08-13 2020-08-13 Internet of things node group identity security authentication method

Publications (2)

Publication Number Publication Date
CN112039660A CN112039660A (en) 2020-12-04
CN112039660B true CN112039660B (en) 2021-06-08

Family

ID=73577127

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010811970.5A Active CN112039660B (en) 2020-08-13 2020-08-13 Internet of things node group identity security authentication method

Country Status (1)

Country Link
CN (1) CN112039660B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112699352B (en) * 2021-03-23 2021-06-18 中国信息通信研究院 Trusted data acquisition terminal identity verification method, computer storage medium and electronic equipment
CN113726511B (en) * 2021-08-31 2024-02-06 南方电网科学研究院有限责任公司 On-demand communication key distribution method and system based on China remainder theorem
CN114050905B (en) * 2022-01-13 2022-04-01 杭州雅观科技有限公司 Asynchronous firmware authentication method for Internet of things group
CN116208345B (en) * 2023-05-04 2023-08-22 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Group authentication method based on secret sharing and related equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031519A (en) * 2019-11-25 2020-04-17 北京邮电大学 Terminal access authentication method and device based on edge calculation

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110417636B (en) * 2018-04-28 2022-06-21 黄楚媛 Decentralized self-organizing instant messaging system and method thereof
WO2020112994A1 (en) * 2018-11-27 2020-06-04 Akamai Technologies, Inc. High performance distributed system of record with conference-based consensus
CN109831296A (en) * 2019-04-04 2019-05-31 郑州师范学院 A kind of car networking privacy-protection certification method based on group ranking

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031519A (en) * 2019-11-25 2020-04-17 北京邮电大学 Terminal access authentication method and device based on edge calculation

Also Published As

Publication number Publication date
CN112039660A (en) 2020-12-04

Similar Documents

Publication Publication Date Title
CN105959269B (en) A kind of identifiable dynamic group key agreement method of identity-based
CN112039660B (en) Internet of things node group identity security authentication method
Semal et al. A certificateless group authenticated key agreement protocol for secure communication in untrusted UAV networks
Li et al. Efficient certificateless access control for industrial Internet of Things
CN103491540B (en) The two-way access authentication system of a kind of WLAN based on identity documents and method
CN110958229A (en) Credible identity authentication method based on block chain
CN114710275B (en) Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment
CN104660415A (en) Multi-inter-domain asymmetric group key agreement protocol method in mobile cloud computing environment
CN104079412B (en) The threshold proxy signature method without credible PKG based on intelligent grid identity security
CN113572603B (en) Heterogeneous user authentication and key negotiation method
CN112187450B (en) Method, device, equipment and storage medium for key management communication
CN110336664B (en) SM2 cryptographic algorithm-based cross-domain authentication method for information service entity
CN109756877A (en) A kind of anti-quantum rapid authentication and data transmission method of magnanimity NB-IoT equipment
Mishra et al. A pairing-free identity based authentication framework for cloud computing
CN113411801A (en) Mobile terminal authentication method based on identity signcryption
Zhang et al. Identity‐based construction for secure and efficient handoff authentication schemes in wireless networks
CN112564923B (en) Certificateless-based secure network connection handshake method
CN106953727B (en) Group safety certifying method based on no certificate in D2D communication
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
Lin et al. TUA: A novel compromise-resilient authentication architecture for wireless mesh networks
CN116488800B (en) Heterogeneous aggregation signature system applied to signature terminal
CN111669275A (en) Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment
Boudguiga et al. An authentication scheme for IEEE 802.11 s mesh networks relying on Sakai-Kasahara ID-Based Cryptographic algorithms
CN116436640A (en) Lightweight terminal cross-domain authentication method for edge calculation
CN112118569A (en) Group authentication method and system in asynchronous group communication of LTE network machine type communication equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant