CN114422588A - Safety autonomous implementing system and method for authenticating terminal access by edge internet of things agent - Google Patents

Safety autonomous implementing system and method for authenticating terminal access by edge internet of things agent Download PDF

Info

Publication number
CN114422588A
CN114422588A CN202210060167.1A CN202210060167A CN114422588A CN 114422588 A CN114422588 A CN 114422588A CN 202210060167 A CN202210060167 A CN 202210060167A CN 114422588 A CN114422588 A CN 114422588A
Authority
CN
China
Prior art keywords
key
encryption
function
terminal
edge internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210060167.1A
Other languages
Chinese (zh)
Other versions
CN114422588B (en
Inventor
何迎利
梁伟
缪巍巍
王佳
赵华
马涛
曾锃
葛红舞
王元强
张翔
陈民
张明轩
曹光耀
卢岸
龚雯雯
翁春华
左浩然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nari Information and Communication Technology Co
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
Nari Information and Communication Technology Co
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nari Information and Communication Technology Co, Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd filed Critical Nari Information and Communication Technology Co
Priority to CN202210060167.1A priority Critical patent/CN114422588B/en
Publication of CN114422588A publication Critical patent/CN114422588A/en
Application granted granted Critical
Publication of CN114422588B publication Critical patent/CN114422588B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a security self-governing realization system and a method for terminal access authentication of an edge internet of things agent.

Description

Safety autonomous implementing system and method for authenticating terminal access by edge internet of things agent
Technical Field
The invention relates to a security self-governing realization system and a method for authenticating terminal access by an edge Internet of things agent, belonging to the technical field of security encryption authentication.
Background
The electric power internet of things is an important component of the industrial internet, and the construction of an efficient, safe and credible sensing layer becomes an important construction work of the electric power industry. At present, edge computing provides an important technical means for data sharing and regional autonomy, mainly focuses on preprocessing service data, and still continues to use a traditional identity authentication mechanism in the aspect of security protection. However, with the access of multiple data such as voice, video, image, and the like, and with the high-frequency data acquisition and heterogeneous data storage, the edge internet of things agent device still needs to solve the key problems of security, reliability, and the like.
In a traditional identity authentication mechanism, a cloud security protection measure is high, computing resources are more, and the key management mechanism has advantages in the aspects of key management performance and security, so that a key management center is arranged at the cloud. However, in the mechanism, since the terminal (i.e., the service terminal) directly interacts with the cloud key management center, an illegal terminal can directly and maliciously attack the cloud, so that the risk of the cloud system being attacked is high, and the cloud key management center needs to provide key management service for a large number of terminals, which is heavy in load.
Disclosure of Invention
The invention provides a safety self-governing realization system and a method for authenticating terminal access by an edge Internet of things agent, which solve the problems disclosed in the background technology.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
the safety autonomy realization system comprises an edge internet of things agent, a cloud end connected with the edge internet of things agent and a terminal accessed to the edge internet of things agent, wherein a key generation function, a signature verification function, an encryption and decryption function and a key encapsulation/decapsulation function of a cloud end key management center are sunk into the edge internet of things agent, and the edge internet of things agent is used for carrying out access authentication and secret communication on the accessed terminal.
The key generation function, the signature verification function, the encryption and decryption function and the key encapsulation/decapsulation function are realized by adopting an encryption chip, and the encryption chip is connected with the terminal and the cloud end through a hardware API (application program interface).
The key generation function, the signature verification function, the encryption and decryption function and the key encapsulation/decapsulation function are realized by software, and are connected with the terminal and the cloud end through a software API (application programming interface).
The method for authenticating the terminal access by the edge Internet of things agent is characterized in that the edge Internet of things agent is an edge Internet of things agent in a safety autonomous implementation system, and the access authentication method comprises the following steps:
receiving an ID sent by a terminal;
calling a key generation function to generate a main public key pair and a private key pair corresponding to the ID; the master public key pair comprises an encryption master public key and a signature master public key, and the private key pair comprises an encryption private key and a signature private key;
receiving an encrypted temporary key sent by a terminal;
calling an encryption and decryption function, and decrypting the encrypted temporary key by adopting an encrypted private key to obtain a temporary key;
calling an encryption and decryption function, encrypting the private key pair by adopting a temporary secret key, and sending the encrypted private key pair to the terminal;
receiving a message of an encrypted signature sent by a terminal;
calling an encryption and decryption function, and decrypting the encrypted and signed message to obtain a signed message;
calling a signature verification function, and verifying the signature of the signed message;
responding to the verification and sign passing, calling a key encapsulation/decapsulation function, and generating an encapsulated session key;
and calling an encryption and decryption function, encrypting the packaged session key, and sending the encrypted packaged session key to the terminal.
The ID is validated prior to generating the master public key pair and the private key pair.
The method for the access authentication of the edge Internet of things agent to the terminal, wherein the terminal is the edge Internet of things agent in a safe autonomous implementation system, and the access authentication method comprises the following steps:
sending the ID to the edge Internet of things agent;
receiving a main public key sent by an edge Internet of things agent; the master public key pair comprises an encryption master public key and a signature master public key;
generating a temporary key;
calling an encryption and decryption function, encrypting the temporary secret key by adopting the encryption main public key, and sending the encrypted temporary secret key to the edge Internet of things agent;
receiving an encrypted private key pair sent by an edge Internet of things agent;
calling an encryption and decryption function, decrypting the encrypted private key pair and obtaining a private key pair; wherein the private key pair comprises an encryption private key and a signature private key;
calling a signature verification function to sign the message;
calling an encryption and decryption function, encrypting the signed message, and sending the encrypted and signed message to the edge Internet of things agent;
receiving an encrypted encapsulation session key sent by an edge Internet of things agent;
calling an encryption and decryption function, and decrypting the encrypted encapsulated session key to obtain an encapsulated session key;
and calling a key encapsulation/decapsulation function to decapsulate the encapsulated session key to obtain the session key.
The invention achieves the following beneficial effects: according to the invention, the key generation function, the signature verification function, the encryption and decryption function and the key encapsulation/decapsulation function of the cloud key management center are sunk into the edge internet of things agent, the data communication behavior of the terminal is stopped at the edge internet of things agent, the possibility of security attack on the cloud is reduced, and the load of the cloud is reduced.
Drawings
FIG. 1 is a block diagram of the system of the present invention;
FIG. 2 is a diagram of functions based on a hardware cryptographic chip design;
FIG. 3 is a diagram of software design based functionality;
FIG. 4 is a functional integration diagram;
fig. 5 is a flowchart of an access authentication method.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
As shown in fig. 1, the secure autonomous implementation system includes an edge internet of things agent, a cloud, and a terminal, where the cloud accesses the edge internet of things agent through a secure access device and a 4G/5G/wired connection edge internet of things agent, and the terminal accesses the edge internet of things agent.
A key management center is still deployed at the cloud and is responsible for security authentication such as a root certificate of an agent of an edge internet of things and distribution and authentication of parameters and the like required by secret communication, but identity authentication service is not directly provided for the terminal; the method is characterized in that partial functions of an original key management center are deployed on an edge internet of things agent, and the partial functions mainly comprise a key generation function, a signature verification function, an encryption and decryption function and a key encapsulation function, namely the key generation function, the signature verification function, the encryption and decryption function and the key encapsulation/decapsulation function of a cloud key management center sink to the edge internet of things agent, the edge internet of things agent is a small-area central node and comprises the functions of generating a root certificate, auditing the authentication access of the edge internet of things agent and the like, and the edge internet of things agent is responsible for performing access authentication and secret communication on an accessed terminal.
The authentication access and the secret communication between the edge internet of things agent and the terminal equipment are mainly based on lightweight encryption algorithms SM7 and SM9, and considering the condition that the SM7 algorithm needs hardware to be realized, and part of the terminal equipment and the edge internet of things agent hardware resources are difficult to meet the requirements, the SM4 algorithm can be used for replacing the SM7 algorithm.
That is to say, the above functions can be realized by adopting an encryption chip according to different situations, wherein the encryption chip is connected with the terminal and the cloud end through a hardware API interface; one is realized by software, and the terminal and the cloud are connected through a software API (application program interface).
As shown in fig. 2, the hardware encryption chip is used for implementation, and mainly includes a hardware API interface, an instruction function, and a cos program, where the cos program is loaded and run in the encryption chip.
The hardware API interfaces comprise API interfaces such as SM4, SM7 encryption and decryption, SM9 signature and verification, SM9 encryption and decryption, SM9 encapsulation and decapsulation and the like, and are provided for the terminal to use in a dynamic library or static library mode; in the command function, commands of various functions such as SM4, SM7 and SM9 lightweight encryption algorithm encryption and decryption are defined, and the commands correspond to the commands of the cos program one by one; the cos program aims at the encapsulation and integration of the instruction sets of the chip-side SM4, SM7 and SM9 lightweight encryption algorithms, namely the specific implementation process of the lightweight encryption algorithms. And the terminal calls the API interface, sends an instruction to the encryption chip through the functional function, and after the cos program receives the corresponding instruction, searches the corresponding instruction set packaging function, executes the corresponding function and returns a result.
The terminal can realize the functions of light-weight encryption algorithms SM4 and SM7 encryption and decryption, SM9 signature verification, SM9 encryption and decryption, SM9 encapsulation and decapsulation and the like by calling a hardware API interface, thereby reducing the dependence of a user on an encryption chip, improving the maintainability and expandability of the light-weight encryption algorithm and improving the working efficiency of the user.
As shown in fig. 3, the software implementation mainly includes two parts: software API interface, function. The software API interface comprises the same API interfaces as the hardware API interface, such as SM4, SM7 encryption and decryption, SM9 signature and verification, SM9 encryption and decryption, SM9 encapsulation and decapsulation and the like, and is provided for users in a dynamic library or static library mode; in the function, different from the instruction function of hardware encryption, the soft encryption function directly realizes various functions of SM4, SM7, SM9 lightweight encryption algorithm encryption and decryption and the like. And calling the API interface by the user, executing the corresponding function through the function, and returning the result.
As shown in fig. 4, the edge proxy may open support multiple lightweight cryptographic authentication algorithm integrations (currently supporting SM4, SM7, and SM 9). The difference shielding of the algorithms realized by different software and hardware is realized through a group of uniform API interfaces, and the software definition of different encryption algorithms is realized by adopting a dynamic library or static library mode; a relatively fixed API interface is also provided for the application, and services such as security authentication, secret communication, key distribution and the like are provided for other applications. And for procedural differences brought by different authentication processes and different encryption algorithms, the functions are packaged into a uniform API interface to be provided for other APP calls.
Typically, hybrid encryption schemes use asymmetric cryptographic algorithms to transmit a key, and then use symmetric cryptographic algorithms to securely transmit messages using this key. This hybrid usage mode is suitable for situations where the message is significantly longer than the key. The system adopts a SM4, SM7 and SM9 mixed encryption scheme, and improves the security.
In the above system, the method for authenticating the terminal access by the edge internet of things agent specifically includes an edge internet of things agent side method and a terminal side method, as shown in fig. 5.
The edge internet of things agent side method comprises the following steps:
1) receiving an ID sent by a terminal;
2) carrying out validity verification on the ID (searching in an existing equipment list, if the ID exists, the ID is legal, otherwise, the ID is illegal), if the ID passes the verification, turning to 3, and if the ID does not pass the verification, rejecting the access;
3) calling a key generation function to generate a main public key pair and a private key pair corresponding to the ID; the master public key pair comprises an SM9 encrypted master public key and a signature master public key, the public key is transmitted in a transparent mode without encryption, and the private key pair comprises an SM9 encrypted private key and a signature private key;
4) receiving an encrypted SM4/SM7 temporary key sent by the terminal;
5) calling an encryption and decryption function, encrypting a private key by using SM9, decrypting the encrypted temporary key, and obtaining an SM4/SM7 temporary key;
6) calling an encryption and decryption function, carrying out SM9 encryption on the private key pair by adopting an SM4/SM7 temporary key, and sending the encrypted private key pair to the terminal;
7) receiving a message of an encrypted signature sent by a terminal;
8) calling an encryption and decryption function, and carrying out SM9 decryption on the encrypted and signed message to obtain a signed message;
9) calling a signature verification function, and verifying the signature of the signed message;
10) responding to the verification and sign passing, calling a key encapsulation/decapsulation function, and generating an encapsulated session key;
11) the encryption and decryption function is invoked, the SM9 encrypts the encapsulated session key, and the encrypted encapsulated session key is transmitted to the terminal.
A terminal-side method, comprising:
21) sending the ID to the edge Internet of things agent;
22) receiving a main public key pair sent by an edge Internet of things agent; the master public key pair comprises an encryption master public key and a signature master public key;
after the terminal obtains the main public key pair, the main public key pair can be stored locally and safely, and does not need to be reapplied after being powered on and powered off again within the validity period;
23) generating SM4/SM7 temporary keys;
24) calling an encryption and decryption function, encrypting the SM4/SM7 temporary key by using the SM9 encrypted master public key, and sending the encrypted SM4/SM7 temporary key to the edge agent;
25) receiving an encrypted private key pair sent by an edge Internet of things agent;
26) calling an encryption and decryption function, and carrying out SM4/SM7 decryption on the encrypted private key pair to obtain a private key pair;
the terminal can be locally and safely stored after acquiring the private key pair, and does not need to reapply after being powered on and powered off again within the validity period of the private key; the terminal applies for the completion of the master public key pair and the private key pair;
27) calling a signature verification function to sign the message;
28) calling an encryption and decryption function, carrying out SM9 encryption on the signed message, and sending the encrypted and signed message to the edge Internet of things proxy;
29) receiving an encrypted encapsulation session key sent by an edge Internet of things agent;
210) calling an encryption and decryption function, and carrying out SM9 decryption on the encrypted encapsulated session key to obtain an encapsulated session key;
211) calling a key encapsulation function, and decapsulating the encapsulated session key to obtain a session key; the session key is a symmetric key for subsequent service data encryption communication, and the secure communication between the terminal and the edge Internet of things agent is realized.
By combining the steps, the authentication process between the edge Internet of things agent and the terminal equipment mainly adopts an SM9 lightweight encryption algorithm, so that the consumption of system resources is effectively reduced; only the terminal passing the authentication can be accessed, so that the possibility of illegal terminal intrusion is reduced, and the safety is improved; the method is compatible with a soft implementation mode and a hard implementation mode, supports API interface calling, is convenient to use, can be realized by software for a weak intelligent terminal, and can be adopted by both methods for an intelligent terminal.
The invention takes the edge physical connection agent as a core, realizes a set of edge-end small-area local authentication mechanism, sinks a key generation function, a signature verification function, an encryption and decryption function and a key encapsulation/decapsulation function which are deployed at a cloud end into the edge physical connection agent, and takes the edge physical connection agent as a small-area central node which is responsible for the authentication access of terminal equipment which is physically accessed to realize the secret communication with the terminal equipment, and stops the data communication behavior of the terminal at the edge physical connection agent, thereby reducing the possibility of safety attack to the cloud end, greatly reducing the identity authentication service objects of a cloud end key management center, releasing the calculation load of the cloud end and reducing the load of the cloud end.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (6)

1. The safety autonomy realization system comprises an edge internet of things agent, a cloud end connected with the edge internet of things agent and a terminal accessed to the edge internet of things agent, and is characterized in that a key generation function, a signature verification function, an encryption and decryption function and a key encapsulation/decapsulation function of a cloud end key management center sink to the edge internet of things agent, and the edge internet of things agent is used for carrying out access authentication and secret communication on the accessed terminal.
2. The system according to claim 1, wherein the key generation function, the signature verification function, the encryption/decryption function, and the key/decapsulation and encapsulation function are implemented by using an encryption chip, and the encryption chip is connected to the terminal and the cloud via a hardware API interface.
3. The secure autonomous implementation system of claim 1, wherein the key generation function, the signature verification function, the encryption and decryption function, and the key encapsulation/decapsulation function are implemented by software, and the terminal and the cloud are connected through a software API interface.
4. The method for authenticating the terminal access by the edge internet of things agent is characterized in that the edge internet of things agent is the edge internet of things agent in the system of any one of claims 1-3, and the method for authenticating the terminal access comprises the following steps:
receiving an ID sent by a terminal;
calling a key generation function to generate a main public key pair and a private key pair corresponding to the ID; the master public key pair comprises an encryption master public key and a signature master public key, and the private key pair comprises an encryption private key and a signature private key;
receiving an encrypted temporary key sent by a terminal;
calling an encryption and decryption function, and decrypting the encrypted temporary key by adopting an encrypted private key to obtain a temporary key;
calling an encryption and decryption function, encrypting the private key pair by adopting a temporary secret key, and sending the encrypted private key pair to the terminal;
receiving a message of an encrypted signature sent by a terminal;
calling an encryption and decryption function, and decrypting the encrypted and signed message to obtain a signed message;
calling a signature verification function, and verifying the signature of the signed message;
responding to the verification and sign passing, calling a key encapsulation/decapsulation function, and generating an encapsulated session key;
and calling an encryption and decryption function, encrypting the packaged session key, and sending the encrypted packaged session key to the terminal.
5. The method of claim 4, wherein the ID is validated before the master public key pair and the private key pair are generated.
6. The method for the access authentication of the edge internet of things agent to the terminal is characterized in that the terminal is the edge internet of things agent in the system of any one of claims 1 to 3, and the access authentication method comprises the following steps:
sending the ID to the edge Internet of things agent;
receiving a main public key sent by an edge Internet of things agent; the master public key pair comprises an encryption master public key and a signature master public key;
generating a temporary key;
calling an encryption and decryption function, encrypting the temporary secret key by adopting the encryption main public key, and sending the encrypted temporary secret key to the edge Internet of things agent;
receiving an encrypted private key pair sent by an edge Internet of things agent;
calling an encryption and decryption function, decrypting the encrypted private key pair and obtaining a private key pair; wherein the private key pair comprises an encryption private key and a signature private key;
calling a signature verification function to sign the message;
calling an encryption and decryption function, encrypting the signed message, and sending the encrypted and signed message to the edge Internet of things agent;
receiving an encrypted encapsulation session key sent by an edge Internet of things agent;
calling an encryption and decryption function, and decrypting the encrypted encapsulated session key to obtain an encapsulated session key;
and calling a key encapsulation/decapsulation function to decapsulate the encapsulated session key to obtain the session key.
CN202210060167.1A 2022-01-19 2022-01-19 Security autonomous realization system and method for authenticating terminal access by edge internet of things agent Active CN114422588B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210060167.1A CN114422588B (en) 2022-01-19 2022-01-19 Security autonomous realization system and method for authenticating terminal access by edge internet of things agent

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210060167.1A CN114422588B (en) 2022-01-19 2022-01-19 Security autonomous realization system and method for authenticating terminal access by edge internet of things agent

Publications (2)

Publication Number Publication Date
CN114422588A true CN114422588A (en) 2022-04-29
CN114422588B CN114422588B (en) 2023-12-19

Family

ID=81275303

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210060167.1A Active CN114422588B (en) 2022-01-19 2022-01-19 Security autonomous realization system and method for authenticating terminal access by edge internet of things agent

Country Status (1)

Country Link
CN (1) CN114422588B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230336538A1 (en) * 2022-04-18 2023-10-19 Cisco Technology, Inc. Automated, multi-cloud lifecycle management of digital identities of iot data originators

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291230A (en) * 2020-10-26 2021-01-29 公安部第一研究所 Data security authentication transmission method and device for terminal of Internet of things
CN112887338A (en) * 2021-03-18 2021-06-01 南瑞集团有限公司 Identity authentication method and system based on IBC identification password
CN113556307A (en) * 2020-04-03 2021-10-26 国网上海能源互联网研究院有限公司 Edge Internet of things agent, access gateway, Internet of things management platform and safety protection method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556307A (en) * 2020-04-03 2021-10-26 国网上海能源互联网研究院有限公司 Edge Internet of things agent, access gateway, Internet of things management platform and safety protection method
CN112291230A (en) * 2020-10-26 2021-01-29 公安部第一研究所 Data security authentication transmission method and device for terminal of Internet of things
CN112887338A (en) * 2021-03-18 2021-06-01 南瑞集团有限公司 Identity authentication method and system based on IBC identification password

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230336538A1 (en) * 2022-04-18 2023-10-19 Cisco Technology, Inc. Automated, multi-cloud lifecycle management of digital identities of iot data originators

Also Published As

Publication number Publication date
CN114422588B (en) 2023-12-19

Similar Documents

Publication Publication Date Title
CN111371549B (en) Message data transmission method, device and system
Kumar et al. A new approach for security in cloud data storage for IOT applications using hybrid cryptography technique
CN110519041B (en) Attribute-based encryption method based on SM9 identification encryption
CN106341375B (en) Method and system for realizing encrypted access of resources
CN112073375A (en) Isolation device and isolation method suitable for power Internet of things client side
CN107342861B (en) Data processing method, device and system
WO2020073712A1 (en) Method for sharing secure application in mobile terminal, and mobile terminal
CN117098120B (en) Beidou short message data encryption and decryption method, equipment and storage medium
CN114422588A (en) Safety autonomous implementing system and method for authenticating terminal access by edge internet of things agent
CN111163108A (en) Electric power Internet of things security terminal chip composite encryption system and method
CN112565260B (en) Uplink and downlink data security isolation system and method based on edge computing gateway
CN111064752B (en) Preset secret key sharing system and method based on public network
CN112039857A (en) Calling method and device of public basic module
CN116996210A (en) Extensible TLS protocol post quantum encryption system
CN102970134A (en) Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment
CN107172078B (en) Security management and control method and system of core framework platform based on application service
CN112925850B (en) Block chain data encryption uplink sharing method and device
CN112235103A (en) Secure network communication method for dynamically generating secret key
CN114598757B (en) Cloud-primary national secret key management method
Gao et al. Research on" Cloud-Edge-End" Security Protection System of Internet of Things Based on National Secret Algorithm
Lian et al. Lightweight identity authentication scheme based on ibc identity cryptograph
Deng et al. A Strong Identity Authentication Scheme for Electric Power Internet of Things Based on SM9 Algorithm
CN113821805B (en) Data encryption method and device
CN210578645U (en) Encryption communication device and terminal
Du et al. Research on micro-certificate based security system for internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant