[go: up one dir, main page]

CN103297963B - Based on the method and system without the M2M secret protection of certificate and key management - Google Patents

Based on the method and system without the M2M secret protection of certificate and key management Download PDF

Info

Publication number
CN103297963B
CN103297963B CN201310175413.9A CN201310175413A CN103297963B CN 103297963 B CN103297963 B CN 103297963B CN 201310175413 A CN201310175413 A CN 201310175413A CN 103297963 B CN103297963 B CN 103297963B
Authority
CN
China
Prior art keywords
terminal device
key
dynamic factor
private key
identity information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310175413.9A
Other languages
Chinese (zh)
Other versions
CN103297963A (en
Inventor
李文敏
蒋芃
张华�
王心怡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuxi Bupt Sensing Technology & Industry Academy Co ltd
Zhongshi Ruian Beijing Network Technology Co ltd
Beijing University of Posts and Telecommunications
Original Assignee
China Time Ruian (beijing) Network Technology Co Ltd
WUXI BUPT PERCEPTIVE TECHNOLOGY INDUSTRY INSTITUTE Co Ltd
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Time Ruian (beijing) Network Technology Co Ltd, WUXI BUPT PERCEPTIVE TECHNOLOGY INDUSTRY INSTITUTE Co Ltd, Beijing University of Posts and Telecommunications filed Critical China Time Ruian (beijing) Network Technology Co Ltd
Priority to CN201310175413.9A priority Critical patent/CN103297963B/en
Publication of CN103297963A publication Critical patent/CN103297963A/en
Application granted granted Critical
Publication of CN103297963B publication Critical patent/CN103297963B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosure is based on the method and system without the M2M secret protection of certificate and key management; the method: its identity information is sent to business platform by different terminal units, utilizes its system private key, initial value and identity information generate the private key of terminal unit and dynamic factor and store return;Terminal unit chooses random value, generates the public private key pair of this terminal unit;When between different terminal units, request communicates, the terminal unit of requesting party generates anonymous information and sending to Requested Party according to random value, identity information and dynamic factor it described;Requested Party receives this anonymity message, and the PKI of requesting party is verified by coupling system PKI, and as being proved to be successful, then Requested Party utilizes its private key negotiate the session key of both sides with anonymous message and carry out both sides' Dialog processing;Such as authentication failed, then refuse communication request。This invention address that the power consumption issues safeguarding certificate, all kinds of privacy informations are easily revealed, and the key safety problem of whole mechanism。

Description

基于无证书的M2M隐私保护和密钥管理的方法和系统Method and system for certificateless M2M privacy protection and key management

技术领域technical field

本发明涉及信息安全领域,尤其涉及一种基于无证书的M2M(MachinetoMachine,机器对机器通信)隐私保护和密钥管理的方法和系统。The present invention relates to the field of information security, in particular to a certificate-less M2M (Machine to Machine, machine-to-machine communication) privacy protection and key management method and system.

背景技术Background technique

目前,随着物联网建设的加快,各类物联网业务(诸如智慧医疗,智能交通,家居,军事等)渐渐进入了人们的生活。At present, with the acceleration of the construction of the Internet of Things, various Internet of Things services (such as smart medical care, smart transportation, home furnishing, military, etc.) have gradually entered people's lives.

由于物联网具有网络技术种类上的兼容和业务范围上无限扩展的特点,安全问题已经成为制约其发展的重要因素。Because the Internet of Things has the characteristics of compatibility in network technology types and unlimited expansion in business scope, security issues have become an important factor restricting its development.

一方面,当大到国家数据、小到个人情况都接到物联网时,将可能导致更加多的个人隐私信息在任何时候,任何地方被非法获取;On the one hand, when national data and personal information are connected to the Internet of Things, more personal privacy information may be illegally obtained at any time and anywhere;

另一方面,由于国家重要的基础行业和社会关键服务领域如电力、医疗等都依赖于物联网和感知业务,国家基础领域的动态信息将可能被窃取。On the other hand, since the country's important basic industries and social key service areas such as electricity and medical care rely on the Internet of Things and sensing services, dynamic information in the country's basic fields may be stolen.

换言之,在物联网中感知信息的传递常常遇到各类敌手的攻击(窃听,篡改,截获等),这样信息无法准确传递,甚至导致整个网络无法正常运行,因此必须保证信息传递的机密性、完整性。这必然涉及到密钥的管理问题,如密钥的生成、更新、撤销等,因此密钥管理是一个需要首先解决的问题。In other words, the transmission of perceived information in the Internet of Things is often attacked by various opponents (eavesdropping, tampering, interception, etc.), so that the information cannot be transmitted accurately, and even the entire network cannot operate normally. Therefore, the confidentiality of information transmission must be guaranteed. integrity. This will inevitably involve key management issues, such as key generation, update, revocation, etc., so key management is a problem that needs to be solved first.

然而由于物联网的多源异构性和感知节点的受限能力,使得安全且有效的密钥管理显得较为困难——即如何设计贯穿整个网络的密钥生成、更新、撤销方法,并与物联网的自身特点及体系结构相适应。However, due to the multi-source heterogeneity of the Internet of Things and the limited capabilities of sensing nodes, it is difficult to manage secure and effective keys—that is, how to design key generation, update, and revocation methods throughout the entire network, and how to communicate with things. Adapt to the network's own characteristics and system structure.

如图1所示,首先,现有的密钥管理方案主要是基于证书的和基于身份的,对于基于证书的密钥管理方案来说,验证所用的证书都是由授权方提供的,证书管理和维护的耗能都较大,这是感知节点所无法承受的;对于基于身份的密钥管理来说,虽然不存在证书的相关问题,但是用户的私钥完全由可信方分发,存在密钥托管问题,整个机制的安全性受到很大威胁。As shown in Figure 1, first of all, the existing key management schemes are mainly certificate-based and identity-based. For the certificate-based key management scheme, the certificates used for verification are provided by the authorized party. Both energy consumption and maintenance are large, which is unbearable for the sensing nodes; for identity-based key management, although there are no certificate-related issues, the user's private key is completely distributed by a trusted party, and there is a Key escrow issues, the security of the entire mechanism is greatly threatened.

其次,现有的密钥管理机制中终端设备的身份信息都是明文传递的,没有考虑终端设备的身份隐私保护问题。然而物联网的终端设备大都部署在无人监控的环境,易遭受非法用户的截获并加以控制,一旦设备的身份信息泄露,潜在的隐私信息可能会暴露,如:用户所处的位置、收集数据的时间等。这样一来,非法用户可以冒充合法终端进行通信,获取其会话密钥以及解密消息等,所以需要对终端设备的身份隐私进行保护。Secondly, in the existing key management mechanism, the identity information of the terminal device is transmitted in plain text, and the identity privacy protection of the terminal device is not considered. However, most IoT terminal devices are deployed in an unmanned monitoring environment, and are vulnerable to interception and control by illegal users. Once the identity information of the device is leaked, potential private information may be exposed, such as: the location of the user, the collected data time and so on. In this way, illegal users can pretend to be legitimate terminals to communicate, obtain their session keys, and decrypt messages. Therefore, it is necessary to protect the identity privacy of terminal devices.

再次,现有的密钥管理机制依赖平台来进行密钥的生成和更新,无法实现物联网中MTC(机器类型通信,machinetypecommunication)终端设备端到端的通信特点,且密钥更新方式借助于会话密钥,无法满足前向/后向安全。Thirdly, the existing key management mechanism relies on the platform to generate and update keys, and cannot realize the end-to-end communication characteristics of MTC (machine type communication, machine type communication) terminal equipment in the Internet of Things, and the key update method relies on session encryption. key, cannot satisfy forward/backward security.

因此,如何解决由于物联网的MTC终端设备能力受限,无法提供维护证书的能量消耗,由于终端设备无人值守,各类隐私信息容易泄露,现有的基于身份的密钥管理机制中存在的密钥托管,密钥无法自行更新,以及整个机制的密钥安全性问题,便成为亟待解决的技术问题。Therefore, how to solve the energy consumption of the MTC terminal equipment of the Internet of Things, which cannot provide maintenance certificates due to the limited capabilities, and because the terminal equipment is unattended, all kinds of private information are easy to leak, and the existing identity-based key management mechanism exists. Key escrow, keys that cannot be updated by themselves, and the key security issues of the entire mechanism have become technical issues that need to be solved urgently.

发明内容Contents of the invention

本发明的主要目的在于提供一种基于无证书的M2M隐私保护和密钥管理的方法和系统,以解决由于物联网的MTC终端设备能力受限,无法提供维护证书的能量消耗,由于终端设备无人值守,各类隐私信息容易泄露,现有的基于身份的密钥管理机制中存在的密钥托管,密钥无法自行更新,以及整个机制的密钥安全性问题。The main purpose of the present invention is to provide a method and system based on certificate-free M2M privacy protection and key management, so as to solve the problem of energy consumption for maintaining certificates due to the limited capabilities of MTC terminal devices in the Internet of Things. All kinds of private information are easy to leak, the key escrow exists in the existing identity-based key management mechanism, the key cannot be updated by itself, and the key security of the whole mechanism is problematic.

根据本发明的一个方面,提供了一种基于无证书的M2M隐私保护和密钥管理的方法,其特征在于,包括:According to one aspect of the present invention, a method for M2M privacy protection and key management based on certificates is provided, which is characterized in that it includes:

不同的终端设备将其身份信息发送给业务平台,所述业务平台利用其系统私钥、初始值和接收的身份信息生成该终端设备的私钥和动态因子并存储,并将所述私钥和动态因子返回给该终端设备;Different terminal devices send their identity information to the service platform, and the service platform uses its system private key, initial value and received identity information to generate and store the private key and dynamic factor of the terminal device, and store the private key and The dynamic factor is returned to the terminal equipment;

所述终端设备选取随机值,并结合收到的所述私钥和动态因子生成该终端设备的公私钥对;The terminal device selects a random value, and generates a public-private key pair of the terminal device in combination with the received private key and dynamic factors;

当不同的终端设备之间请求进行通信时,请求方的终端设备根据其所述随机值、身份信息和动态因子生成所述请求方的终端设备的匿名消息,并发送给被请求方;When different terminal devices request communication, the requester's terminal device generates an anonymous message of the requester's terminal device according to its random value, identity information and dynamic factors, and sends it to the requested party;

所述被请求方的终端设备接收该匿名消息,并结合所述业务平台的系统公钥对请求方的终端设备的公钥进行验证,如验证成功,则所述被请求方的终端设备利用其私钥与所述匿名消息协商出双方的会话密钥并进行双方会话处理;如验证失败,则拒绝所述请求方的通信请求。The terminal device of the requested party receives the anonymous message, and verifies the public key of the terminal device of the requesting party in combination with the system public key of the service platform. If the verification is successful, the terminal device of the requested party uses its The private key and the anonymous message are negotiated to obtain a session key between the two parties, and the session process between the two parties is performed; if the verification fails, the communication request of the requesting party is rejected.

优选地,其中,所述动态因子会根据所属的终端设备的会话次数进行逐次变化,同时,该终端设备也会因其动态因子变化后的值变化该终端设备的私钥。Preferably, the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, and at the same time, the terminal device will also change the private key of the terminal device due to the changed value of the dynamic factor.

优选地,其中,还包括:Preferably, it also includes:

当所述业务平台收到多个所述终端设备发送的某一终端设备为恶意设备或非法设备的举报信息时,所述业务平台会发送请求身份信息给该终端设备,该终端设备提供其身份信息给所述业务平台,所述业务平台根据该身份信息得出其动态因子,并判断该动态因子是否与存储的该终端设备的动态因子相一致,如相同,则该终端设备为合法设备;如不相同,则所述业务平台撤销该终端设备发送或接收的信息。When the service platform receives report information that a certain terminal device is a malicious device or an illegal device sent by multiple terminal devices, the service platform will send request identity information to the terminal device, and the terminal device will provide its identity The information is sent to the service platform, and the service platform obtains its dynamic factor according to the identity information, and judges whether the dynamic factor is consistent with the stored dynamic factor of the terminal device, and if the same, the terminal device is a legal device; If not, the service platform revokes the information sent or received by the terminal device.

优选地,其中,所述动态因子会根据所属的终端设备的会话次数进行逐次变化,进一步为:所述动态因子会根据所属的终端设备的上次会话使用的动态因子和该终端设备当前进行的会话次数生成新的动态因子。Preferably, the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, further: the dynamic factor will be based on the dynamic factor used in the last session of the terminal device to which it belongs and the current session of the terminal device The number of sessions generates a new dynamic factor.

根据本发明的另一个方面,还提供了一种基于无证书的M2M隐私保护和密钥管理的系统,其特征在于,包括:注册模块、密钥建立模块和密钥验证模块,其中,According to another aspect of the present invention, a certificate-free M2M privacy protection and key management system is also provided, which is characterized in that it includes: a registration module, a key establishment module and a key verification module, wherein,

所述注册模块,用于接收不同的终端设备发送的其身份信息,利用系统私钥、初始值和接收的身份信息生成该终端设备的私钥和动态因子并存储,并将所述私钥和动态因子返回给该终端设备和密钥建立模块;The registration module is used to receive the identity information sent by different terminal devices, use the system private key, initial value and received identity information to generate and store the private key and dynamic factor of the terminal device, and store the private key and The dynamic factor is returned to the terminal device and the key establishment module;

所述密钥建立模块,用于接收所述注册模块发送的不同的终端设备的所述私钥和动态因子并结合该终端设备上的随机值生成该终端设备的公私钥对,并返回给该终端设备和所述密钥验证模块;The key establishment module is used to receive the private key and the dynamic factor of the different terminal equipment sent by the registration module, combine the random value on the terminal equipment to generate the public-private key pair of the terminal equipment, and return it to the a terminal device and the key verification module;

所述密钥验证模块,用于当不同的终端设备之间请求进行通信时,接收请求方的终端设备根据其所述随机值、身份信息和动态因子生成的匿名消息,并结合所述密钥建立模块中系统公钥对请求方的终端设备的公钥进行验证,如验证成功,则指示被请求方的终端设备利用其私钥与所述匿名消息协商出双方的会话密钥并进行双方会话处理;如验证失败,则拒绝所述请求方的通信请求。The key verification module is used to receive an anonymous message generated by the terminal device of the requesting party according to its random value, identity information and dynamic factors when different terminal devices request communication, and combine the key The system public key in the establishment module verifies the public key of the requesting party's terminal device. If the verification is successful, it instructs the requesting party's terminal device to use its private key to negotiate with the anonymous message to obtain a session key for both parties and conduct a session between the two parties. Processing; if the verification fails, rejecting the communication request of the requesting party.

优选地,其中,所述动态因子会根据所属的终端设备的会话次数进行逐次变化,同时,该终端设备也会因其动态因子变化后的值变化该终端设备的私钥。Preferably, the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, and at the same time, the terminal device will also change the private key of the terminal device due to the changed value of the dynamic factor.

优选地,其中,还包括:撤销处理模块,用于当收到多个所述终端设备发送的某一终端设备为恶意设备或非法设备的举报信息时,发送请求身份信息给该终端设备,并接收其反馈的身份信息,根据该身份信息得出其动态因子,并判断该动态因子是否与所述注册模块中存储的该终端设备的动态因子相一致,如相同,则该终端设备为合法设备;如不相同,则撤销该终端设备发送或接收的信息。Preferably, it further includes: a revocation processing module, configured to send the request identity information to the terminal device when receiving a plurality of report information sent by the terminal device that a certain terminal device is a malicious device or an illegal device, and Receive its feedback identity information, obtain its dynamic factor according to the identity information, and judge whether the dynamic factor is consistent with the dynamic factor of the terminal device stored in the registration module, if the same, the terminal device is a legal device ; If they are not the same, cancel the information sent or received by the terminal device.

优选地,其中,所述动态因子会根据所属的终端设备的会话次数进行逐次变化,进一步为:所述动态因子会根据所属的终端设备的上次会话使用的动态因子和该终端设备当前进行的会话次数生成新的动态因子。Preferably, the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, further: the dynamic factor will be based on the dynamic factor used in the last session of the terminal device to which it belongs and the current session of the terminal device The number of sessions generates a new dynamic factor.

与现有的方案相比,本发明所获得的技术效果:Compared with existing solutions, the technical effects obtained by the present invention are:

1)本发明能够解决由于物联网的MTC终端设备能力受限,无法提供维护证书的能量消耗,由于终端设备无人值守,各类隐私信息容易泄露,现有的基于身份的密钥管理机制中存在的密钥托管,密钥无法自行更新,以及整个机制的密钥安全性问题。1) The present invention can solve the energy consumption of unable to provide maintenance certificates due to the limited capabilities of the MTC terminal equipment of the Internet of Things. Since the terminal equipment is unattended, various types of private information are easy to leak. In the existing identity-based key management mechanism There is key escrow, the key cannot be updated by itself, and the key security problem of the whole mechanism.

2)本发明同时还能够满足物联网中设备之间端到端的通信场景,适用于物联网计算和存储能力受限的MTC终端设备,不需要权威机构分发证书,提高了整个机制的效率,MTC终端设备之间通过认证并协商得到会话密钥,在不需要分发密钥和解决了存在的密钥托管问题,提高了会话密钥的安全性的同时,还可以对会话密钥进行动态更新,且更新不需要业务平台的参与。2) The present invention can also meet end-to-end communication scenarios between devices in the Internet of Things, and is suitable for MTC terminal devices with limited computing and storage capabilities in the Internet of Things. It does not require an authority to distribute certificates, which improves the efficiency of the entire mechanism. MTC The session key is obtained through authentication and negotiation between the terminal devices. It does not need to distribute the key and solves the existing key escrow problem, and improves the security of the session key. At the same time, the session key can also be dynamically updated. And the update does not require the participation of the business platform.

3)本发明所述的方法和系统还具有对恶意终端设备进行撤销处理,通过动态因子的选取保证密钥的前向/后向安全,以及通过匿名传递通信双方的身份有效保护终端设备的隐私信息,且本发明便于实施操作,符合物联网中MTC终端设备的通信方式。3) The method and system of the present invention also have the functions of revoking the malicious terminal equipment, ensuring the forward/backward security of the key through the selection of dynamic factors, and effectively protecting the privacy of the terminal equipment by anonymously transmitting the identities of both communication parties information, and the present invention is easy to implement and operate, and conforms to the communication mode of MTC terminal equipment in the Internet of Things.

附图说明Description of drawings

此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings described here are used to provide a further understanding of the present invention and constitute a part of the application. The schematic embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute improper limitations to the present invention. In the attached picture:

图1为现有技术中的密钥管理机制的概述结构框图;Fig. 1 is an overview structural block diagram of the key management mechanism in the prior art;

图2为本发明实施例一所述的一种基于无证书的M2M隐私保护和密钥管理的方法流程图;FIG. 2 is a flow chart of a certificate-less M2M privacy protection and key management method according to Embodiment 1 of the present invention;

图3为本发明实施例二所述的一种基于无证书的M2M隐私保护和密钥管理的系统结构框图;FIG. 3 is a block diagram of a system structure based on certificateless M2M privacy protection and key management described in Embodiment 2 of the present invention;

图4为采用图2方法后一具体实施例的结构关系图。Fig. 4 is a structural relationship diagram of a specific embodiment after adopting the method in Fig. 2 .

具体实施方式detailed description

如在说明书及权利要求当中使用了某些词汇来指称特定组件。本领域技术人员应可理解,硬件制造商可能会用不同名词来称呼同一个组件。本说明书及权利要求并不以名称的差异来作为区分组件的方式,而是以组件在功能上的差异来作为区分的准则。如在通篇说明书及权利要求当中所提及的“包含”为一开放式用语,故应解释成“包含但不限定于”。“大致”是指在可接受的误差范围内,本领域技术人员能够在一定误差范围内解决所述技术问题,基本达到所述技术效果。此外,“耦接”一词在此包含任何直接及间接的电性耦接手段。因此,若文中描述一第一装置耦接于一第二装置,则代表所述第一装置可直接电性耦接于所述第二装置,或通过其他装置或耦接手段间接地电性耦接至所述第二装置。说明书后续描述为实施本发明的较佳实施方式,然所述描述乃以说明本发明的一般原则为目的,并非用以限定本发明的范围。本发明的保护范围当视所附权利要求所界定者为准。Certain terms are used, for example, in the description and claims to refer to particular components. Those skilled in the art should understand that hardware manufacturers may use different terms to refer to the same component. The specification and claims do not use the difference in name as a way to distinguish components, but use the difference in function of components as a criterion for distinguishing. As mentioned throughout the specification and claims, "comprising" is an open term, so it should be interpreted as "including but not limited to". "Approximately" means that within an acceptable error range, those skilled in the art can solve the technical problem within a certain error range and basically achieve the technical effect. In addition, the term "coupled" herein includes any direct and indirect electrical coupling means. Therefore, if it is described that a first device is coupled to a second device, it means that the first device may be directly electrically coupled to the second device, or indirectly electrically coupled through other devices or coupling means. connected to the second device. The following descriptions in the specification are preferred implementation modes for implementing the present invention, but the descriptions are for the purpose of illustrating the general principles of the present invention, and are not intended to limit the scope of the present invention. The scope of protection of the present invention should be defined by the appended claims.

为使本发明的目的、技术方案和优点更加清楚,以下结合附图及具体实施例,对本发明作进一步地详细说明。In order to make the purpose, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

如图2和4所示,为本发明实施例一所述的一种基于无证书的M2M隐私保护和密钥管理的方法,该方法包括:As shown in Figures 2 and 4, it is a method for M2M privacy protection and key management based on no certificate according to Embodiment 1 of the present invention, the method includes:

步骤201,不同的终端设备将其身份信息发送给业务平台,所述业务平台利用其系统私钥、初始值和接收的身份信息生成该终端设备的私钥和动态因子并存储,并将所述私钥和动态因子返回给该终端设备;Step 201, different terminal devices send their identity information to the service platform, and the service platform uses its system private key, initial value and received identity information to generate and store the private key and dynamic factor of the terminal device, and store the The private key and dynamic factor are returned to the terminal device;

步骤202,所述终端设备选取随机值,并结合收到的所述私钥和动态因子生成该终端设备的公私钥对;Step 202, the terminal device selects a random value, and generates a public-private key pair of the terminal device in combination with the received private key and dynamic factors;

步骤203,当不同的终端设备之间请求进行通信时,请求方的终端设备根据其所述随机值、身份信息和动态因子生成所述请求方的终端设备的匿名消息,并发送给被请求方;Step 203, when different terminal devices request communication, the requester's terminal device generates an anonymous message of the requester's terminal device according to its random value, identity information and dynamic factors, and sends it to the requested party ;

步骤204,所述被请求方的终端设备接收该匿名消息,并结合所述业务平台的系统公钥对请求方的终端设备的公钥进行验证,如验证成功,则所述被请求方的终端设备利用其私钥与所述匿名消息协商出双方的会话密钥并进行双方会话处理;如验证失败,则拒绝所述请求方的通信请求。Step 204, the terminal device of the requested party receives the anonymous message, and verifies the public key of the terminal device of the requesting party in combination with the system public key of the service platform. If the verification is successful, the terminal device of the requested party The device uses its private key to negotiate with the anonymous message to obtain the session key of the two parties and process the session between the two parties; if the verification fails, the communication request of the requesting party is rejected.

其中,上述在步骤203每次操作时,动态因子会根据所属的终端设备的会话次数进行逐次变化,同时,该终端设备也会因其动态因子变化后的值变化该终端设备的私钥。Wherein, each operation in step 203 above, the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, and at the same time, the terminal device will also change the private key of the terminal device due to the changed value of the dynamic factor.

进一步地,所述动态因子会根据所属的终端设备的会话次数进行逐次变化,进一步为:所述动态因子会根据所属的终端设备的上次会话使用的动态因子和该终端设备当前进行的会话次数生成新的动态因子。在本发明实施例一中该动态因子会根据如下方式进行变化DKi=DKi-1H(i,IDA)(i为第i次会话,ID为MTC设备的身份标识,DK(dynamickey)为动态因子)于是终端设备的私钥也随之变化,相应的后面的会话密钥同步进行了更新。Further, the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, further: the dynamic factor will be based on the dynamic factor used in the last session of the terminal device to which it belongs and the number of sessions currently conducted by the terminal device Generate new dynamic factors. In Embodiment 1 of the present invention, the dynamic factor will change according to the following manner: DK i =DK i-1 H(i, ID A ) (i is the i-th session, ID is the identity of the MTC device, DK (dynamickey) is a dynamic factor), so the private key of the terminal device also changes accordingly, and the corresponding subsequent session key is updated synchronously.

另外,上述实施例一所述方法还包括:撤销方式,该撤销方式具体执行内容如下:In addition, the method described in the first embodiment above also includes: a revocation method, and the specific implementation content of the revocation method is as follows:

当所述业务平台收到多个所述终端设备发送的某一终端设备为恶意设备或非法设备的举报信息时,所述业务平台会发送请求身份信息给该终端设备,该终端设备提供其身份信息给所述业务平台,所述业务平台根据该身份信息得出其动态因子,并判断该动态因子是否与存储的该终端设备的动态因子相一致,如相同,则该终端设备为合法设备;如不相同,则所述业务平台撤销该终端设备发送或接收的信息。When the service platform receives report information that a certain terminal device is a malicious device or an illegal device sent by multiple terminal devices, the service platform will send request identity information to the terminal device, and the terminal device will provide its identity The information is sent to the service platform, and the service platform obtains its dynamic factor according to the identity information, and judges whether the dynamic factor is consistent with the stored dynamic factor of the terminal device, and if the same, the terminal device is a legal device; If not, the service platform revokes the information sent or received by the terminal device.

如图3所示,为本发明实施例二所述的一种基于无证书的M2M隐私保护和密钥管理的系统,包括:注册模块301、密钥建立模块302和密钥验证模块303,其中,As shown in FIG. 3 , it is a certificate-less M2M privacy protection and key management system according to Embodiment 2 of the present invention, including: a registration module 301, a key establishment module 302 and a key verification module 303, wherein ,

所述注册模块301,分别与不同的终端设备和密钥建立模块302相耦接,用于接收不同的终端设备发送的其身份信息,利用系统私钥、初始值和接收的身份信息生成该终端设备的私钥和动态因子并存储,并将所述私钥和动态因子返回给该终端设备和密钥建立模块302;The registration module 301 is respectively coupled with different terminal devices and the key establishment module 302, and is used to receive the identity information sent by different terminal devices, and use the system private key, initial value and received identity information to generate the terminal Store the private key and the dynamic factor of the device, and return the private key and the dynamic factor to the terminal device and the key establishment module 302;

所述密钥建立模块302,分别与所述不同的终端设备、注册模块301和密钥验证模块303相耦接,用于接收所述注册模块301发送的不同的终端设备的所述私钥和动态因子并结合该终端设备上的随机值生成该终端设备的公私钥对,并返回给该终端设备和所述密钥验证模块303;The key establishment module 302 is respectively coupled to the different terminal devices, the registration module 301 and the key verification module 303, and is used to receive the private keys and Dynamic factors combined with the random value on the terminal device to generate the public-private key pair of the terminal device, and return to the terminal device and the key verification module 303;

所述密钥验证模块303,分别与所述不同的终端设备和密钥建立模块302相耦接,用于当不同的终端设备之间请求进行通信时,接收请求方的终端设备根据其所述随机值、身份信息和动态因子生成的匿名消息,并结合所述密钥建立模块302中系统公钥对请求方的终端设备的公钥进行验证,如验证成功,则指示被请求方的终端设备利用其私钥与所述匿名消息协商出双方的会话密钥并进行双方会话处理;如验证失败,则拒绝所述请求方的通信请求。The key verification module 303 is respectively coupled to the different terminal devices and the key establishment module 302, and is used to receive the request from the terminal device of the requesting party according to the The anonymous message generated by random value, identity information and dynamic factor, combined with the system public key in the key establishment module 302 to verify the public key of the requesting party's terminal device, if the verification is successful, it indicates that the requested party's terminal device Using its private key to negotiate with the anonymous message to obtain the session key of the two parties and process the session between the two parties; if the verification fails, rejecting the communication request of the requesting party.

进一步地,对于所述密钥验证模块303接收请求方的终端设备根据其所述随机值、身份信息和动态因子生成的匿名消息,这里所提及的所述动态因子会根据所属的终端设备的会话次数进行逐次变化,同时,该终端设备也会因其动态因子变化后的值变化该终端设备的私钥;进一步为:所述动态因子会根据所属的终端设备的上次会话使用的动态因子和该终端设备当前进行的会话次数生成新的动态因子。在本发明实施例二中该动态因子会根据如下方式进行变化DKi=DKi-1H(i,IDA)(i为第i次会话,ID为MTC设备的身份标识,DK(dynamickey)为动态因子)于是终端设备的私钥也随之变化,相应的后面的会话密钥同步进行了更新。Further, for the anonymous message generated by the terminal device of the requesting party received by the key verification module 303 according to its random value, identity information and dynamic factor, the dynamic factor mentioned here will be based on the The number of sessions is changed successively, and at the same time, the terminal device will also change the private key of the terminal device due to the changed value of the dynamic factor; further: the dynamic factor will be based on the dynamic factor used in the last session of the terminal device to which it belongs Generate a new dynamic factor with the number of sessions currently performed by the terminal device. In the second embodiment of the present invention, the dynamic factor will change according to the following manner: DK i =DK i-1 H(i, ID A ) (i is the i session, ID is the identity of the MTC device, DK (dynamickey) is a dynamic factor), so the private key of the terminal device also changes accordingly, and the corresponding subsequent session key is updated synchronously.

另外,上述实施例二所述系统中还包括:In addition, the system described in the second embodiment above also includes:

撤销处理模块304,该撤销处理模块304具体执行内容如下:The revocation processing module 304, the specific execution content of the revocation processing module 304 is as follows:

与所述不同的终端设备和注册模块301相耦接,用于当收到多个所述终端设备发送的某一终端设备为恶意设备或非法设备的举报信息时,发送请求身份信息给该终端设备,并接收其反馈的身份信息,根据该身份信息得出其动态因子,并判断该动态因子是否与所述注册模块301中存储的该终端设备的动态因子相一致,如相同,则该终端设备为合法设备;如不相同,则撤销该终端设备发送或接收的信息。Coupled with the different terminal devices and the registration module 301, it is used to send request identity information to the terminal when receiving report information that a certain terminal device is a malicious device or an illegal device sent by multiple terminal devices device, and receive the identity information fed back by it, obtain its dynamic factor according to the identity information, and judge whether the dynamic factor is consistent with the dynamic factor of the terminal device stored in the registration module 301, if the same, then the terminal The device is a legal device; if they are not the same, the information sent or received by the terminal device will be revoked.

如图4所示,上述实施例一和二中所提到的终端设备均为MTC终端设备,这里不再赘述。As shown in FIG. 4 , the terminal devices mentioned in the first and second embodiments above are all MTC terminal devices, which will not be repeated here.

与现有的方案相比,本发明所获得的技术效果:Compared with existing solutions, the technical effects obtained by the present invention are:

1)本发明能够解决由于物联网的MTC终端设备能力受限,无法提供维护证书的能量消耗,由于终端设备无人值守,各类隐私信息容易泄露,现有的基于身份的密钥管理机制中存在的密钥托管,密钥无法自行更新,以及整个机制的密钥安全性问题。1) The present invention can solve the energy consumption of unable to provide maintenance certificates due to the limited capabilities of the MTC terminal equipment of the Internet of Things. Since the terminal equipment is unattended, various types of private information are easy to leak. In the existing identity-based key management mechanism There is key escrow, the key cannot be updated by itself, and the key security problem of the whole mechanism.

2)本发明同时还能够满足物联网中设备之间端到端的通信场景,适用于物联网计算和存储能力受限的MTC终端设备,不需要权威机构分发证书,提高了整个机制的效率,MTC终端设备之间通过认证并协商得到会话密钥,在不需要分发密钥和解决了存在的密钥托管问题,提高了会话密钥的安全性的同时,还可以对会话密钥进行动态更新,且更新不需要业务平台的参与。2) The present invention can also meet end-to-end communication scenarios between devices in the Internet of Things, and is suitable for MTC terminal devices with limited computing and storage capabilities in the Internet of Things. It does not require an authority to distribute certificates, which improves the efficiency of the entire mechanism. MTC The session key is obtained through authentication and negotiation between the terminal devices. It does not need to distribute the key and solves the existing key escrow problem, and improves the security of the session key. At the same time, the session key can also be dynamically updated. And the update does not require the participation of the business platform.

3)本发明所述的方法和系统还具有对恶意终端设备进行撤销处理,通过动态因子的选取保证密钥的前向/后向安全,以及通过匿名传递通信双方的身份有效保护终端设备的隐私信息,且本发明便于实施操作,符合物联网中MTC终端设备的通信方式。3) The method and system of the present invention also have the functions of revoking the malicious terminal equipment, ensuring the forward/backward security of the key through the selection of dynamic factors, and effectively protecting the privacy of the terminal equipment by anonymously transmitting the identities of both communication parties information, and the present invention is easy to implement and operate, and conforms to the communication mode of MTC terminal equipment in the Internet of Things.

以上所述仅为本发明的实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的权利要求范围之内。The above description is only an embodiment of the present invention, and is not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and changes. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the scope of the claims of the present invention.

Claims (8)

1.一种基于无证书的M2M隐私保护和密钥管理的方法,其特征在于,包括:1. A method for certificate-free M2M privacy protection and key management, comprising: 不同的终端设备将其身份信息发送给业务平台,所述业务平台利用其系统私钥、初始值和接收的身份信息生成该终端设备的私钥和动态因子并存储,并将所述私钥和动态因子返回给该终端设备;Different terminal devices send their identity information to the service platform, and the service platform uses its system private key, initial value and received identity information to generate and store the private key and dynamic factor of the terminal device, and store the private key and The dynamic factor is returned to the terminal equipment; 所述终端设备选取随机值,并结合收到的所述私钥和动态因子生成该终端设备的公私钥对;The terminal device selects a random value, and generates a public-private key pair of the terminal device in combination with the received private key and dynamic factors; 当不同的终端设备之间请求进行通信时,请求方的终端设备根据其所述随机值、身份信息和动态因子生成所述请求方的终端设备的匿名消息,并发送给被请求方;When different terminal devices request communication, the requester's terminal device generates an anonymous message of the requester's terminal device according to its random value, identity information and dynamic factors, and sends it to the requested party; 所述被请求方的终端设备接收该匿名消息,并结合所述业务平台的系统公钥对请求方的终端设备的公钥进行验证,如验证成功,则所述被请求方的终端设备利用其私钥与所述匿名消息协商出双方的会话密钥并进行双方会话处理;如验证失败,则拒绝所述请求方的通信请求。The terminal device of the requested party receives the anonymous message, and verifies the public key of the terminal device of the requesting party in combination with the system public key of the service platform. If the verification is successful, the terminal device of the requested party uses its The private key and the anonymous message are negotiated to obtain a session key between the two parties, and the session process between the two parties is performed; if the verification fails, the communication request of the requesting party is rejected. 2.如权利要求1所述的基于无证书的M2M隐私保护和密钥管理的方法,其特征在于,所述动态因子会根据所属的终端设备的会话次数进行逐次变化,同时,该终端设备也会因其动态因子变化后的值变化该终端设备的私钥。2. The method for M2M privacy protection and key management based on certificateless M2M as claimed in claim 1, characterized in that the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, and at the same time, the terminal device will also The private key of the terminal device will be changed by the changed value of its dynamic factor. 3.如权利要求1所述的基于无证书的M2M隐私保护和密钥管理的方法,其特征在于,还包括:3. The method for certificate-free M2M privacy protection and key management as claimed in claim 1, further comprising: 当所述业务平台收到多个所述终端设备发送的某一终端设备为恶意设备或非法设备的举报信息时,所述业务平台会发送请求身份信息给该终端设备,该终端设备提供其身份信息给所述业务平台,所述业务平台根据该身份信息得出其动态因子,并判断该动态因子是否与存储的该终端设备的动态因子相一致,如相同,则该终端设备为合法设备;如不相同,则所述业务平台撤销该终端设备发送或接收的信息。When the service platform receives report information that a certain terminal device is a malicious device or an illegal device sent by multiple terminal devices, the service platform will send request identity information to the terminal device, and the terminal device will provide its identity The information is sent to the service platform, and the service platform obtains its dynamic factor according to the identity information, and judges whether the dynamic factor is consistent with the stored dynamic factor of the terminal device, and if the same, the terminal device is a legal device; If not, the service platform revokes the information sent or received by the terminal device. 4.如权利要求2所述的基于无证书的M2M隐私保护和密钥管理的方法,其特征在于,所述动态因子会根据所属的终端设备的会话次数进行逐次变化,进一步为:所述动态因子会根据所属的终端设备的上次会话使用的动态因子和该终端设备当前进行的会话次数生成新的动态因子。4. The method for M2M privacy protection and key management based on certificateless M2M as claimed in claim 2, characterized in that the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, further comprising: the dynamic factor The factor will generate a new dynamic factor according to the dynamic factor used in the last session of the terminal device to which it belongs and the number of sessions currently performed by the terminal device. 5.一种基于无证书的M2M隐私保护和密钥管理的系统,其特征在于,包括:注册模块、密钥建立模块和密钥验证模块,其中,5. A system based on certificate-free M2M privacy protection and key management, comprising: a registration module, a key establishment module and a key verification module, wherein, 所述注册模块,用于接收不同的终端设备发送的其身份信息,利用系统私钥、初始值和接收的身份信息生成该终端设备的私钥和动态因子并存储,并将所述私钥和动态因子返回给该终端设备和密钥建立模块;The registration module is used to receive the identity information sent by different terminal devices, use the system private key, initial value and received identity information to generate and store the private key and dynamic factor of the terminal device, and store the private key and The dynamic factor is returned to the terminal device and the key establishment module; 所述密钥建立模块,用于接收所述注册模块发送的不同的终端设备的所述私钥和动态因子并结合该终端设备上的随机值生成该终端设备的公私钥对,并返回给该终端设备和所述密钥验证模块;The key establishment module is used to receive the private key and the dynamic factor of the different terminal equipment sent by the registration module, combine the random value on the terminal equipment to generate the public-private key pair of the terminal equipment, and return it to the a terminal device and the key verification module; 所述密钥验证模块,用于当不同的终端设备之间请求进行通信时,接收请求方的终端设备根据其所述随机值、身份信息和动态因子生成的匿名消息,并结合所述密钥建立模块中系统公钥对请求方的终端设备的公钥进行验证,如验证成功,则指示被请求方的终端设备利用其私钥与所述匿名消息协商出双方的会话密钥并进行双方会话处理;如验证失败,则拒绝所述请求方的通信请求。The key verification module is used to receive an anonymous message generated by the terminal device of the requesting party according to its random value, identity information and dynamic factors when different terminal devices request communication, and combine the key The system public key in the establishment module verifies the public key of the requesting party's terminal device. If the verification is successful, it instructs the requesting party's terminal device to use its private key to negotiate with the anonymous message to obtain a session key for both parties and conduct a session between the two parties. Processing; if the verification fails, rejecting the communication request of the requesting party. 6.如权利要求5所述的基于无证书的M2M隐私保护和密钥管理的系统,其特征在于,所述动态因子会根据所属的终端设备的会话次数进行逐次变化,同时,该终端设备也会因其动态因子变化后的值变化该终端设备的私钥。6. The system of M2M privacy protection and key management based on certificateless M2M as claimed in claim 5, characterized in that, the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, and at the same time, the terminal device will also The private key of the terminal device will be changed by the changed value of its dynamic factor. 7.如权利要求5所述的基于无证书的M2M隐私保护和密钥管理的系统,其特征在于,还包括:撤销处理模块,用于当收到多个所述终端设备发送的某一终端设备为恶意设备或非法设备的举报信息时,发送请求身份信息给该终端设备,并接收其反馈的身份信息,根据该身份信息得出其动态因子,并判断该动态因子是否与所述注册模块中存储的该终端设备的动态因子相一致,如相同,则该终端设备为合法设备;如不相同,则撤销该终端设备发送或接收的信息。7. The system of M2M privacy protection and key management based on certificateless M2M as claimed in claim 5, further comprising: a revocation processing module, configured to receive a certain terminal When the device is a malicious device or illegal device report information, send the request identity information to the terminal device, and receive the identity information fed back, obtain its dynamic factor according to the identity information, and judge whether the dynamic factor is consistent with the registration module The dynamic factors of the terminal device stored in the device are consistent. If they are the same, the terminal device is a legal device; 8.如权利要求6所述的基于无证书的M2M隐私保护和密钥管理的系统,其特征在于,所述动态因子会根据所属的终端设备的会话次数进行逐次变化,进一步为:所述动态因子会根据所属的终端设备的上次会话使用的动态因子和该终端设备当前进行的会话次数生成新的动态因子。8. The system of M2M privacy protection and key management based on certificateless M2M as claimed in claim 6, characterized in that, the dynamic factor will change successively according to the number of sessions of the terminal device to which it belongs, further comprising: the dynamic factor The factor will generate a new dynamic factor according to the dynamic factor used in the last session of the terminal device to which it belongs and the number of sessions currently performed by the terminal device.
CN201310175413.9A 2013-05-10 2013-05-10 Based on the method and system without the M2M secret protection of certificate and key management Expired - Fee Related CN103297963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310175413.9A CN103297963B (en) 2013-05-10 2013-05-10 Based on the method and system without the M2M secret protection of certificate and key management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310175413.9A CN103297963B (en) 2013-05-10 2013-05-10 Based on the method and system without the M2M secret protection of certificate and key management

Publications (2)

Publication Number Publication Date
CN103297963A CN103297963A (en) 2013-09-11
CN103297963B true CN103297963B (en) 2016-06-22

Family

ID=49098147

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310175413.9A Expired - Fee Related CN103297963B (en) 2013-05-10 2013-05-10 Based on the method and system without the M2M secret protection of certificate and key management

Country Status (1)

Country Link
CN (1) CN103297963B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270249B (en) * 2014-09-23 2017-10-17 电子科技大学 It is a kind of from the label decryption method without certificate environment to identity-based environment
EP3213488A1 (en) * 2014-10-31 2017-09-06 Convida Wireless, LLC End-to-end service layer authentication
CN105072609A (en) * 2015-07-07 2015-11-18 成都英力拓信息技术有限公司 Internet-of-Things realization method based on intelligent terminal
CN107770183B (en) * 2017-10-30 2020-11-20 新华三信息安全技术有限公司 Data transmission method and device
CN108449756B (en) * 2018-06-29 2020-06-05 北京邮电大学 System, method and device for updating network key
US10673625B1 (en) 2019-06-15 2020-06-02 University Of South Florida Efficient identity-based and certificateless cryptosystems
CN118075021B (en) * 2024-04-01 2025-03-25 北京英迪瑞讯网络科技有限公司 A method and system for establishing encrypted communication and a method and system for establishing encrypted communication

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1956376A (en) * 2005-10-25 2007-05-02 中兴通讯股份有限公司 Broadband access user authentication method
CN101374050A (en) * 2008-10-23 2009-02-25 普天信息技术研究院有限公司 A device, system and method for realizing identity authentication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007066994A1 (en) * 2005-12-07 2007-06-14 Electronics And Telecommunications Research Institute Apparatus and method for providing personal information sharing service using signed callback url message

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1956376A (en) * 2005-10-25 2007-05-02 中兴通讯股份有限公司 Broadband access user authentication method
CN101374050A (en) * 2008-10-23 2009-02-25 普天信息技术研究院有限公司 A device, system and method for realizing identity authentication

Also Published As

Publication number Publication date
CN103297963A (en) 2013-09-11

Similar Documents

Publication Publication Date Title
CN108270571B (en) Blockchain-based Internet of Things identity authentication system and its method
CN103297963B (en) Based on the method and system without the M2M secret protection of certificate and key management
CN103780618B (en) A Cross-Heterogeneous Domain Identity Authentication and Session Key Agreement Method Based on Access Authorization Ticket
Xi et al. ZAMA: A ZKP-based anonymous mutual authentication scheme for the IoV
CN103051628B (en) Obtain the method and system of authentication token based on server
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
JP5513482B2 (en) Station distributed identification method in network
CN102685749B (en) Wireless safety authentication method orienting to mobile terminal
Ma et al. Distributed access control with adaptive privacy preserving property for wireless sensor networks
Liu et al. An efficient certificateless remote anonymous authentication scheme for wireless body area networks
CN101534192A (en) System used for providing cross-domain token and method thereof
CN113382002B (en) Data request method, request response method, data communication system, and storage medium
CN105577377A (en) Identity-based authentication method and identity-based authentication system with secret key negotiation
Huszti et al. Scalable, password-based and threshold authentication for smart homes
WO2022135399A1 (en) Identity authentication method, authentication access controller, request device, storage medium, program, and program product
CN114417309A (en) Bidirectional identity authentication method, device, equipment and storage medium
CN117857027A (en) Group key management method and system based on quantum key distribution and token authorization technology
Li et al. Blockchain-based portable authenticated data transmission for mobile edge computing: A universally composable secure solution
Chhikara et al. Construction of elliptic curve cryptography‐based authentication protocol for internet of things
Zhang et al. A provable semi-outsourcing privacy preserving scheme for data transmission from IoT devices
Gowda et al. TAKM-FC: two-way authentication with efficient key management in fog computing environments
CN103856463A (en) Lightweight directory access protocol realizing method and device based on key exchange protocol
Lu et al. Distributed ledger technology based architecture for decentralized device-to-device communication network
GB2543359A (en) Methods and apparatus for secure communication
Weber et al. Towards trustworthy identity and access management for the future internet

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
CB03 Change of inventor or designer information

Inventor after: Li Wenmin

Inventor after: Jiang Pi

Inventor after: Zhang Hua

Inventor after: Wang Xinyi

Inventor before: Zhang Hua

Inventor before: Jiang Pi

Inventor before: Li Wenmin

Inventor before: Wang Xinyi

COR Change of bibliographic data
TA01 Transfer of patent application right

Effective date of registration: 20160512

Address after: 100876 Beijing city Haidian District Xitucheng Road No. 10

Applicant after: Beijing University of Posts and Telecommunications

Applicant after: WUXI BUPT SENSING TECHNOLOGY & INDUSTRY ACADEMY Co.,Ltd.

Applicant after: ZHONGSHI RUIAN (BEIJING) NETWORK TECHNOLOGY CO.,LTD.

Address before: 214135 Jiangsu province Wuxi city Wuxi District Road No. 97 Linghu University Science Park Innovation building two C floor

Applicant before: WUXI BUPT SENSING TECHNOLOGY & INDUSTRY ACADEMY Co.,Ltd.

Applicant before: Beijing University of Posts and Telecommunications

Applicant before: ZHONGSHI RUIAN (BEIJING) NETWORK TECHNOLOGY CO.,LTD.

C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160622