CN112039660B - Internet of things node group identity security authentication method - Google Patents
Internet of things node group identity security authentication method Download PDFInfo
- Publication number
- CN112039660B CN112039660B CN202010811970.5A CN202010811970A CN112039660B CN 112039660 B CN112039660 B CN 112039660B CN 202010811970 A CN202010811970 A CN 202010811970A CN 112039660 B CN112039660 B CN 112039660B
- Authority
- CN
- China
- Prior art keywords
- group
- server
- key
- authentication
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000002776 aggregation Effects 0.000 claims abstract description 14
- 238000004220 aggregation Methods 0.000 claims abstract description 14
- 230000008569 process Effects 0.000 claims description 17
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims description 3
- 239000000654 additive Substances 0.000 claims description 2
- 230000000996 additive effect Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 7
- 230000008859 change Effects 0.000 abstract description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000011664 signaling Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000004931 aggregating effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an identity security authentication method for a node group of the Internet of things, which comprises the following steps: the server generates various parameters required in authentication and a key of the server according to the selected security level; the group member registers to the server to obtain a key and related information of the group; all group members use Schnorr aggregate signatures to sign the current timestamp, and the request is sent to a server after aggregation by a group Leader; after verifying the validity of the group authentication request, the server encrypts and distributes random numbers for generating subsequent session keys according to the Chinese remainder theorem and signs the random numbers; and after the group member authenticates the server signature, the private key is used for decrypting the encrypted random number and generating a session key. The invention can reduce the data communication traffic when large-scale group applies for identity authentication, and the sizes of the group aggregation authentication application and the server reply information are constant values and do not change along with the change of the number of the group members.
Description
Technical Field
The invention relates to the technical field of security authentication, in particular to an Internet of things node group identity security authentication method which is mainly used for solving the problems of low efficiency and large bandwidth resource occupation in large-scale Internet of things equipment security authentication.
Background
With the rapid development of the internet of things technology, the internet of things equipment has been deeply grown into the life of people and is widely applied to various fields, and the quantity of the internet of things equipment is also increased explosively. At the same time, the security of internet of things devices is becoming more problematic, especially those used to collect and transmit user sensitive data. The internet of things equipment is usually limited in computing capacity, cannot adopt a high-complexity security technology, and is very vulnerable. Once these devices are attacked, the sensitive data of the user is leaked, and irreparable loss is caused. Therefore, in the access authentication process and the data transmission process, the guarantee of the user identity privacy and the transmission data safety is very important.
With the mature development of the low-power-consumption wide area network technology, an effective transmission solution is provided for the deployment of large-scale internet of things application. However, when a large-scale internet of things device simultaneously makes an identity authentication request to a server, the generated signaling may cause huge communication burden and computational pressure on a physical channel and the server, possibly cause channel blockage, and reduce the operating efficiency of the system.
The invention of CN110149214A provides a LTE-R network group authentication key negotiation method without certificate aggregation signature, which mainly comprises the following operation steps: A. system establishment and participant registration: entities participating in authentication complete registration at a key generation center to acquire public and private key information; B. initial access authentication: when the user equipment is uniformly connected to the LTE-R network before the train is sent out, executing a certificateless signature algorithm to generate respective signatures and then sending the signatures to the relay server, and executing a certificateless aggregation signature algorithm by the relay server to realize rapid mutual authentication and key agreement sharing among the user equipment, the relay server and the roadside base station; C. switching authentication: in the running process of the train, the user equipment is always stably connected with the relay server, and the relay server and the roadside base station realize rapid and frequent switching authentication by executing a certificateless signature algorithm; D. the session is terminated. The method has the advantages of high authentication efficiency, low signaling overhead and good safety. However, in the invention, after the authentication is completed, the secure communication from the user to the relay server and then to the roadside base station is established, and the direct secure communication between the user members in the group and the roadside base station cannot be directly established, so that the authentication of large-scale users requiring relay equipment is aimed at, and the method is not suitable for the internet of things equipment which can directly communicate with the base station server by using a low-power wide area network technology. In the invention, the relay server only aggregates the signature of the user authentication request message, and still forwards the authentication request messages including the ID of all members in the group, the data volume received by the roadside base station is positively correlated with the number of the members in the group, and meanwhile, the calculation amount required during verification is increased along with the increase of the number of the members. Therefore, the foregoing invention can only alleviate the problem of signaling overhead to a certain extent, but in fact, when the number of devices involved is too large, the computation amount of the group aggregation authentication application and the server reply information is still huge, and the data traffic still puts a high demand on the operating efficiency of the system.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides the Internet of things node group identity security authentication method, which can reduce the data communication traffic when large-scale group application identity authentication is carried out, the sizes of the group aggregation authentication application and the server reply information are constant values and do not change along with the change of the number of group members, and the method is particularly suitable for large-scale Internet of things equipment deployment scenes such as NB-IoT.
In order to achieve the purpose, the invention adopts the following technical scheme:
an identity security authentication method for a node group of an Internet of things comprises the following steps:
s1, initialization stage: the server generates various parameters required in authentication and a key of the server according to the selected security level;
s2, registration stage: the group member registers to the server to obtain a key and related information of the group;
s3, group aggregate authentication request: all group members use Schnorr aggregate signatures to sign the current timestamp, and the request is sent to a server after aggregation by a group Leader;
s4, server authentication reply: after verifying the validity of the group authentication request, the server encrypts and distributes random numbers for generating subsequent session keys according to the Chinese remainder theorem and signs the random numbers;
s5, the group member generates a session key: and after the group member authenticates the server signature, the private key is used for decrypting the encrypted random number and generating a session key.
In order to optimize the technical scheme, the specific measures adopted further comprise:
further, the process of the server generating parameters required for authentication and its own key according to the selected security level in step S1 includes the following steps:
s11, the server selects a system security level parameter k and selects a prime number q > 2k;
S12, selecting a q-order cyclic group E (F)q) The generator is G;
s14, the server selects a random number xc∈ZqAs private key, the public key P is calculatedc=xc·G;
S15, Server publish { q, E (F)q),G,hash(),Pc}。
Further, in step S2, the process of registering the group member with the server and obtaining the key and the information related to the group includes the following steps:
s21, the server selects xi∈ZqAs a UEiThe private key, the private keys of the members in the group are mutually prime, and the public key P is calculatedi=xiG and M ═ Σ xi,Mi=M/xi,vari=Mi·yiWherein M isi·yi≡1(modxi);
S22, the server generates the group ID GID and the group key g for the groupkGroup common parameter L ═ hash (g)k,P1,P2,…,Pn) And a group public key P ═ Σ [ hash (L, P)i)·Pi];
S23, the server will { xi,Pi,GID,gkL, P to group member UEi。
Further, in step S3, the process that all group members sign the current timestamp by using a Schnorr aggregate signature, and the group Leader sends the request to the server after aggregating includes the following steps:
s31, group member UEiSelecting a random number ri∈ZqCalculating Ri=riG and send to group Leader;
s32, the group Leader collects all the group member UEsiR of (A) to (B)iCalculating R ═ Σ Ri;
S33, the group Leader sends the current time stamp TuAnd R is sent to group member UEi;
S34, group member UEiVerifying timestamp TuAfter validation, use private key xiSigning a timestamp si=ri+hash(P,R,Tu)·hash(L,Pi)·xiAnd sending the data to a group Leader;
s35, the group Leader collects all the group member UEsiS ofiCalculating the aggregate signature s ═ Σ siAnd will { GID, s, R, TuAnd sending the data to the server.
Further, after the server verifies the validity of the group authentication request in step S4, the process of distributing the random number for generating the subsequent session key according to the china remainder theorem by encryption and signing the random number includes the following steps:
s41, the server verifies the timestamp TuValidity by calculating the equation s · G ═ R + hash (P, R, T)u) Whether P holds to verify the legitimacy of the group identity;
s42, is a group member UEiGenerating a random number ki∈ZqGenerating K ═ Σ (K)i·vari)(modM);
S43, the server selects a random number rc∈ZqCalculating Rc=rcG, pair K and current time stamp TcMaking a signature sc=rc+hash(P,Rc,Tc,K)·xc;
S44, the server will { K, Tc,sc,RcAnd sending the data to a group Leader.
Further, in step S5, after authenticating the server signature, the process of decrypting the encrypted random number by using the private key and generating the session key includes the following steps:
s51, group Leader will { K, Tc,sc,RcForward to group member UEi;
S52, group member UEiVerifying timestamp TcBy calculating the equation sc·G=Rc+hash(P,Rc,Tc,K)·PcWhether the identity of the server is established or not is verified;
s53, group member UEiUsing a private key xiDecrypting to obtain ki=K(modxi);
S54, group member UEiAccording to kiA session key SK is generated.
The invention has the beneficial effects that:
the method can reduce data communication traffic when the large-scale group applies for identity authentication, the sizes of the group aggregation authentication application and the server reply information are constant values and do not change along with the change of the number of group members, and the method is particularly suitable for the scenes of large-scale Internet of things equipment deployment such as NB-IoT and the like; the invention can ensure the security of group identity authentication and can resist common attacks such as replay attack, man-in-the-middle attack and the like; the method can ensure the security of the identity authentication and can complete the session key negotiation of the subsequent communication between the group members and the server.
Drawings
Fig. 1 is a flowchart of an internet of things node group identity security authentication method of the present invention.
FIG. 2 is a flow chart of one embodiment of the present invention.
Detailed Description
The present invention will now be described in further detail with reference to the accompanying drawings.
It should be noted that the terms "upper", "lower", "left", "right", "front", "back", etc. used in the present invention are for clarity of description only, and are not intended to limit the scope of the present invention, and the relative relationship between the terms and the terms is not limited by the technical contents of the essential changes.
With reference to fig. 1, the present invention provides an internet of things node group identity security authentication method, where the authentication method includes the following steps:
s1, initialization stage: and the server generates various parameters required in authentication and own keys according to the selected security level.
S2, registration stage: the group member registers to the server to obtain the key and the related information of the group.
S3, group aggregate authentication request: all group members use Schnorr aggregate signature to sign the current timestamp, and the request is sent to the server after the aggregation by the group Leader.
S4, server authentication reply: after verifying the validity of the group authentication request, the server encrypts and distributes random numbers for generating subsequent session keys according to the Chinese remainder theorem and signs the random numbers.
S5, the group member generates a session key: and after the group member authenticates the server signature, the private key is used for decrypting the encrypted random number and generating a session key.
The authentication method of the present invention is explained by one specific embodiment with reference to fig. 2.
First, initialization phase
Initialization: the server selects a system security level parameter k, generates and publishes security parameters used in protocol authentication and a public key { q, E (F) of the serverq),G,hash(),Pc}。
The process of the server generating parameters required for authentication and its own key according to the selected security level in step S1 includes the following steps:
s11, the server selects a system security level parameter k and selects a prime number q > 2k。
S12, selecting a q-order cyclic group E (F)q) The generator is G.
S14, the server selects a random number xc∈ZqAs private key, the public key P is calculatedc=xc·G。
S15, Server publish { q, E (F)q),G,hash(),Pc}。
Second, registration stage
Registering: group member device UEiRegister with a server, UEiObtain a private key, a group identity identifier, a group key, a group public parameter, and a group public key { x }i,GID,gk,L,P}。
In step S2, the process of registering the group member with the server and obtaining the key and the related information of the group includes the following steps:
s21, the server selects xi∈ZqAs a UEiThe private key, the private keys of the members in the group are mutually prime, and the public key P is calculatedi=xiG and M ═ Σ xi,Mi=M/xi,vari=Mi·yiWherein M isi·yi≡1(modxi)。
S22, the server generates the group ID GID and the group key g for the groupkGroup common parameter L ═ hash (g)k,P1,P2,…,Pn) And a group public key P ═ Σ [ hash (L, P)i)·Pi]。
S23, the server will { xi,Pi,GID,gkL, P to group member UEi。
Third, group aggregation authentication request
Group aggregation authentication request: group Leader collects all UEsiR of (A) to (B)iCalculating and distributing R ═ Σ RiAnd a current time stamp Tu;UEiFor time stamp TuSigning is carried out, and the signature s is obtainediSending the data to a Leader; leader collects all UEsiSignature s ofiAnd generating an aggregation signature s and sending the aggregation signature s to the server.
In step S3, the process in which all group members sign the current timestamp using a Schnorr aggregate signature, and the group Leader aggregates the current timestamp and sends the request to the server includes the following steps:
s31, group member UEiSelecting a random number ri∈ZqCalculating Ri=riG and sends to the group Leader.
S32, the group Leader collects all the group member UEsiR of (A) to (B)iCalculating R ═ Σ Ri。
S33, the group Leader sends the current time stamp TuAnd R is sent toGroup member UEi。
S34, group member UEiVerifying timestamp TuAfter validation, use private key xiSigning a timestamp si=ri+hash(P,R,Tu)·hash(L,Pi)·xiAnd sends it to the group Leader.
S35, the group Leader collects all the group member UEsiS ofiCalculating the aggregate signature s ═ Σ siAnd will { GID, s, R, TuAnd sending the data to the server.
Fourth, server authentication reply
And (3) server authentication reply: server verification timestamp TuAnd validity of the aggregated signature s for the UEiGenerating a random number kiAnd obtaining K by using the Chinese remainder theorem for encryption; server pair K and current timestamp TcMaking a signature scWill { K, Tc,scAnd sending the data to a group Leader.
After the server verifies the validity of the group authentication request in step S4, the process of distributing the random number for generating the subsequent session key according to the china remainder theorem in an encrypted manner and signing the random number includes the following steps:
s41, the server verifies the timestamp TuValidity by calculating the equation s · G ═ R + hash (P, R, T)u) Whether P holds to verify the legitimacy of the group identity. The principle is as follows:
s42, is a group member UEiGenerating a random number ki∈ZqGenerating K ═ Σ (K)i·vari)(modM)。
S43, the server selects a random number rc∈ZqCalculating Rc=rcG, pair K and current time stamp TcMaking a signature sc=rc+hash(P,Rc,Tc,K)·xc。
S44, serviceWill { K, Tc,sc,RcAnd sending the data to a group Leader.
Fifthly, the group members generate the session key
Group member generation session key: group Leader will { K, Tc,scForward to UEi,UEiVerifying timestamp TcAnd a signature scValidity of, decryption yields kiAnd generates a session key SK accordingly.
In step S5, the process of decrypting the encrypted random number using the private key and generating the session key after the group member authenticates the server signature includes the following steps:
s51, group Leader will { K, Tc,sc,RcForward to group member UEi。
S52, group member UEiVerifying timestamp TcBy calculating the equation sc·G=Rc+hash(P,Rc,Tc,K)·PcWhether it is true to verify the validity of the server identity. The principle is as follows:
s53, group member UEiUsing a private key xiDecrypting to obtain ki=K(modxi)。
S54, group member UEiAccording to kiA session key SK is generated.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above-mentioned embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may be made by those skilled in the art without departing from the principle of the invention.
Claims (3)
1. An identity security authentication method for a node group of the Internet of things is characterized by comprising the following steps:
s1, initialization stage: the server generates various parameters required in authentication and a key of the server according to the selected security level;
s2, registration stage: the group member registers to the server to obtain a key and related information of the group;
s3, group aggregate authentication request: all group members use Schnorr aggregate signatures to sign the current timestamp, and the request is sent to a server after aggregation by a group Leader;
s4, server authentication reply: after verifying the validity of the group authentication request, the server encrypts and distributes random numbers for generating subsequent session keys according to the Chinese remainder theorem and signs the random numbers;
s5, the group member generates a session key: after the group member authenticates the server signature, the private key is used for decrypting the encrypted random number and generating a session key;
the process of the server generating parameters required for authentication and its own key according to the selected security level in step S1 includes the following steps:
s11, the server selects a system security level parameter k and selects a prime number q > 2k;
S12, selecting a q-order cyclic group E (F)q) The generator is G;
s14, the server selects a random number xc∈ZqAs private key, the public key P is calculatedc=xc·G;
S15, Server publish { q, E (F)q),G,hash(),Pc};
In step S2, the process of registering the group member with the server and obtaining the key and the related information of the group includes the following steps:
s21, the server selects xi∈ZqAs a UEiThe private key, the private keys of the members in the group are mutually prime, and the public key P is calculatedi=xiG and M ═ Σ xi,Mi=M/xi,vari=Mi·yiWherein M isi·yi≡1(mod xi);
S22, the server generates the group ID GID and the group key g for the groupkGroup common parameter L ═ hash (g)k,P1,P2,…,Pn) And a group public key P ═ Σ [ hash (L, P)i)·Pi];
S23, the server will { xi,Pi,GID,gkL, P to group member UEi;
In step S3, the process in which all group members sign the current timestamp using a Schnorr aggregate signature, and the group Leader aggregates the current timestamp and sends the request to the server includes the following steps:
s31, group member UEiSelecting a random number ri∈ZqCalculating Ri=riG and send to group Leader;
s32, the group Leader collects all the group member UEsiR of (A) to (B)iCalculating R ═ Σ Ri;
S33, the group Leader sends the current time stamp TuAnd R is sent to group member UEi;
S34, group member UEiVerifying timestamp TuAfter validation, use private key xiSigning a timestamp si=ri+hash(P,R,Tu)·hash(L,Pi)·xiAnd sending the data to a group Leader;
s35, the group Leader collects all the group member UEsiS ofiCalculating the aggregate signature s ═ Σ siAnd will { GID, s, R, TuAnd sending the data to the server.
2. The internet of things node group identity security authentication method of claim 1, wherein after the server verifies the validity of the group authentication request in step S4, the process of distributing the random number for generating the subsequent session key according to the china remainder theorem in an encrypted manner and signing the random number comprises the following steps:
s41, the server verifies the timestamp TuValidity by calculating the equation s · G ═ R + hash (P, R, T)u) Whether P holds to verify the legitimacy of the group identity;
s42, is a group member UEiGenerating a random number ki∈ZqGenerating K ═ Σ (K)i·vari)(mod M);
S43, the server selects a random number rc∈ZqCalculating Rc=rcG, pair K and current time stamp TcMaking a signature sc=rc+hash(P,Rc,Tc,K)·xc;
S44, the server will { K, Tc,sc,RcAnd sending the data to a group Leader.
3. The internet of things node group identity security authentication method of claim 2, wherein in step S5, after authenticating the server signature, the process of decrypting the encrypted random number using a private key and generating a session key comprises the steps of:
s51, group Leader will { K, Tc,sc,RcForward to group member UEi;
S52, group member UEiVerifying timestamp TcBy calculating the equation sc·G=Rc+hash(P,Rc,Tc,K)·PcWhether the identity of the server is established or not is verified;
s53, group member UEiUsing a private key xiDecrypting to obtain ki=K(mod xi);
S54, group member UEiAccording to kiA session key SK is generated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010811970.5A CN112039660B (en) | 2020-08-13 | 2020-08-13 | Internet of things node group identity security authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010811970.5A CN112039660B (en) | 2020-08-13 | 2020-08-13 | Internet of things node group identity security authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112039660A CN112039660A (en) | 2020-12-04 |
CN112039660B true CN112039660B (en) | 2021-06-08 |
Family
ID=73577127
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010811970.5A Active CN112039660B (en) | 2020-08-13 | 2020-08-13 | Internet of things node group identity security authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112039660B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112699352B (en) * | 2021-03-23 | 2021-06-18 | 中国信息通信研究院 | Trusted data acquisition terminal identity verification method, computer storage medium and electronic equipment |
CN113726511B (en) * | 2021-08-31 | 2024-02-06 | 南方电网科学研究院有限责任公司 | On-demand communication key distribution method and system based on China remainder theorem |
CN114050905B (en) * | 2022-01-13 | 2022-04-01 | 杭州雅观科技有限公司 | Asynchronous firmware authentication method for Internet of things group |
CN116208345B (en) * | 2023-05-04 | 2023-08-22 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Group authentication method based on secret sharing and related equipment |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111031519A (en) * | 2019-11-25 | 2020-04-17 | 北京邮电大学 | Terminal access authentication method and device based on edge calculation |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110417636B (en) * | 2018-04-28 | 2022-06-21 | 黄楚媛 | Decentralized self-organizing instant messaging system and method thereof |
WO2020112994A1 (en) * | 2018-11-27 | 2020-06-04 | Akamai Technologies, Inc. | High performance distributed system of record with conference-based consensus |
CN109831296A (en) * | 2019-04-04 | 2019-05-31 | 郑州师范学院 | A kind of car networking privacy-protection certification method based on group ranking |
-
2020
- 2020-08-13 CN CN202010811970.5A patent/CN112039660B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111031519A (en) * | 2019-11-25 | 2020-04-17 | 北京邮电大学 | Terminal access authentication method and device based on edge calculation |
Also Published As
Publication number | Publication date |
---|---|
CN112039660A (en) | 2020-12-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105959269B (en) | A kind of identifiable dynamic group key agreement method of identity-based | |
CN112039660B (en) | Internet of things node group identity security authentication method | |
Semal et al. | A certificateless group authenticated key agreement protocol for secure communication in untrusted UAV networks | |
Li et al. | Efficient certificateless access control for industrial Internet of Things | |
CN103491540B (en) | The two-way access authentication system of a kind of WLAN based on identity documents and method | |
CN110958229A (en) | Credible identity authentication method based on block chain | |
CN114710275B (en) | Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment | |
CN104660415A (en) | Multi-inter-domain asymmetric group key agreement protocol method in mobile cloud computing environment | |
CN104079412B (en) | The threshold proxy signature method without credible PKG based on intelligent grid identity security | |
CN113572603B (en) | Heterogeneous user authentication and key negotiation method | |
CN112187450B (en) | Method, device, equipment and storage medium for key management communication | |
CN110336664B (en) | SM2 cryptographic algorithm-based cross-domain authentication method for information service entity | |
CN109756877A (en) | A kind of anti-quantum rapid authentication and data transmission method of magnanimity NB-IoT equipment | |
Mishra et al. | A pairing-free identity based authentication framework for cloud computing | |
CN113411801A (en) | Mobile terminal authentication method based on identity signcryption | |
Zhang et al. | Identity‐based construction for secure and efficient handoff authentication schemes in wireless networks | |
CN112564923B (en) | Certificateless-based secure network connection handshake method | |
CN106953727B (en) | Group safety certifying method based on no certificate in D2D communication | |
CN116599659B (en) | Certificate-free identity authentication and key negotiation method and system | |
Lin et al. | TUA: A novel compromise-resilient authentication architecture for wireless mesh networks | |
CN116488800B (en) | Heterogeneous aggregation signature system applied to signature terminal | |
CN111669275A (en) | Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment | |
Boudguiga et al. | An authentication scheme for IEEE 802.11 s mesh networks relying on Sakai-Kasahara ID-Based Cryptographic algorithms | |
CN116436640A (en) | Lightweight terminal cross-domain authentication method for edge calculation | |
CN112118569A (en) | Group authentication method and system in asynchronous group communication of LTE network machine type communication equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |