[go: up one dir, main page]

CN108616504A - A kind of sensor node identity authorization system and method based on Internet of Things - Google Patents

A kind of sensor node identity authorization system and method based on Internet of Things Download PDF

Info

Publication number
CN108616504A
CN108616504A CN201810236903.8A CN201810236903A CN108616504A CN 108616504 A CN108616504 A CN 108616504A CN 201810236903 A CN201810236903 A CN 201810236903A CN 108616504 A CN108616504 A CN 108616504A
Authority
CN
China
Prior art keywords
sensor node
authentication
identity
internet
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810236903.8A
Other languages
Chinese (zh)
Other versions
CN108616504B (en
Inventor
沈玉龙
刘佳
邬俊杰
郝飞扬
潘超杰
常二慧
张立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810236903.8A priority Critical patent/CN108616504B/en
Publication of CN108616504A publication Critical patent/CN108616504A/en
Application granted granted Critical
Publication of CN108616504B publication Critical patent/CN108616504B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明公开了一种基于物联网的传感器节点身份认证系统,包括认证服务器、设备管理中心、安全网关、至少一个传感器节点;所述传感器节点连接所述安全网关,用于发送认证信息到所述安全网关;所述安全网关连接所述认证服务器,用于将所述认证信息连同网关号发送到所述认证服务器;所述认证服务器连接所述设备管理中心,用于对所述认证信息进行认证,认证完成后生成身份令牌,将所述身份令牌返回所述传感器节点,并将该认证后的传感器节点存储在所述设备管理中心。此外,本发明还公开了一种基于物联网的传感器节点身份认证方法,来保证传感器节点与物联网共性支撑平台双向认证,并且提高传感器节点认证效率,降低物联网组网时间。

The invention discloses a sensor node identity authentication system based on the Internet of Things, which includes an authentication server, a device management center, a security gateway, and at least one sensor node; the sensor node is connected to the security gateway for sending authentication information to the A security gateway; the security gateway is connected to the authentication server, and is used to send the authentication information together with the gateway number to the authentication server; the authentication server is connected to the device management center, and is used to authenticate the authentication information After the authentication is completed, an identity token is generated, the identity token is returned to the sensor node, and the authenticated sensor node is stored in the device management center. In addition, the present invention also discloses a sensor node identity authentication method based on the Internet of Things to ensure two-way authentication between the sensor node and the Internet of Things common support platform, improve the authentication efficiency of the sensor nodes, and reduce the networking time of the Internet of Things.

Description

一种基于物联网的传感器节点身份认证系统及方法A sensor node identity authentication system and method based on the internet of things

技术领域technical field

本发明属于物联网与信息安全领域,具体涉及一种基于物联网的传感器节点身份认证系统及方法,在物联网共性支撑平台下,对于新接入的传感器节点身份合法性的认证,保证该传感器节点的数据及状态安全性。The invention belongs to the field of the Internet of Things and information security, and specifically relates to a sensor node identity authentication system and method based on the Internet of Things. Under the common support platform of the Internet of Things, for the authentication of the legality of a newly connected sensor node identity, the sensor node is guaranteed Node data and state security.

背景技术Background technique

在物联网环境中,物物互联,互通信息,传感器节点也具有接收、传递、处理数据和命令的能力。然而,由于物联网中所传递的数据对安全性需求较高,因此,对于物联网中极为重要的组成部分之一的传感器节点在接入物联网共性支撑平台时的身份需要得到有效的认证。如果不进行安全的身份认证,攻击者极有可能使用伪造的节点进入物联网平台,使平台以及其中的数据安全受到极大的威胁。In the Internet of Things environment, things are interconnected and information is exchanged, and sensor nodes also have the ability to receive, transmit, and process data and commands. However, due to the high security requirements of the data transmitted in the Internet of Things, the identity of sensor nodes, one of the most important components of the Internet of Things, needs to be effectively authenticated when accessing the common supporting platform of the Internet of Things. Without secure identity authentication, attackers are very likely to use forged nodes to enter the IoT platform, posing a great threat to the security of the platform and its data.

面对物联网平台系统快速发展的现状,传感器节点将会以井喷的方式大量进行接入要求和身份认证,需要更加快速安全的节点认证方式。Faced with the rapid development of the Internet of Things platform system, sensor nodes will perform access requirements and identity authentication in a blowout manner, requiring a faster and safer node authentication method.

然而,现有的传感器节点认证方法无法提供大批量的节点进行即插即用而不需要额外分配的身份认证方式,其未能基于节点自身的特点提供身份认证,在进行物联网的组网时,需要进行人工操作和干预,需要花费较多的组网时间,大大降低了组网的工作效率。However, the existing sensor node authentication methods cannot provide a large number of nodes for plug-and-play without additional allocation of identity authentication methods, which fail to provide identity authentication based on the characteristics of the nodes themselves. , requires manual operation and intervention, takes a lot of networking time, and greatly reduces the working efficiency of networking.

发明内容Contents of the invention

为了解决现有技术中存在的上述问题,本发明提供了一种基于物联网的传感器节点身份认证系统及方法,来保证传感器节点与物联网共性支撑平台双向认证,并且提高传感器节点认证效率,降低物联网组网时间。In order to solve the above-mentioned problems existing in the prior art, the present invention provides a sensor node identity authentication system and method based on the Internet of Things to ensure two-way authentication between the sensor node and the common supporting platform of the Internet of Things, and improve the authentication efficiency of the sensor node and reduce the IoT networking time.

本发明要解决的技术问题通过以下技术方案实现:The technical problem to be solved in the present invention is realized through the following technical solutions:

本发明实施例提供了一种基于物联网的传感器节点身份认证系统,包括认证服务器、设备管理中心、安全网关、至少一个传感器节点;An embodiment of the present invention provides a sensor node identity authentication system based on the Internet of Things, including an authentication server, a device management center, a security gateway, and at least one sensor node;

所述传感器节点连接所述安全网关,用于发送认证信息到所述安全网关;The sensor node is connected to the security gateway for sending authentication information to the security gateway;

所述安全网关连接所述认证服务器,用于将所述认证信息连同网关号发送到所述认证服务器;The security gateway is connected to the authentication server, and is used to send the authentication information together with the gateway number to the authentication server;

所述认证服务器连接所述设备管理中心,用于对所述认证信息进行认证,认证完成后生成身份令牌,将所述身份令牌返回所述传感器节点,并将该认证后的传感器节点存储在所述设备管理中心。The authentication server is connected to the device management center for authenticating the authentication information, generates an identity token after the authentication is completed, returns the identity token to the sensor node, and stores the authenticated sensor node in the Device Management Center.

本发明实施例同时提供了一种基于物联网的传感器节点身份认证方法,包括:The embodiment of the present invention also provides a sensor node identity authentication method based on the Internet of Things, including:

S1、初始化待认证传感器节点信息列表;S1. Initialize the sensor node information list to be authenticated;

S2、接收所述待认证传感器节点发送的认证信息;S2. Receive the authentication information sent by the sensor node to be authenticated;

S3、对所述认证信息进行第一解密运算,若第一解密运算失败,则判定认证失败,退出认证;若第一解密运算成功,则得到传感器节点身份信息、初始时间戳、节点唯一识别码,执行步骤S4;S3. Perform a first decryption operation on the authentication information. If the first decryption operation fails, it is determined that the authentication has failed, and the authentication is exited; if the first decryption operation is successful, the sensor node identity information, initial time stamp, and node unique identification code are obtained. , execute step S4;

S4、判断所述待认证传感器节点身份信息是否存在身份令牌,若是,则判定认证完成,若否,则执行步骤S5;S4. Judging whether there is an identity token in the identity information of the sensor node to be authenticated, if so, then judging that the authentication is completed, if not, then performing step S5;

S5、判断所述初始时间戳是否有效,若否,则判定认证失败,退出认证;若是,则执行步骤S6;S5. Judging whether the initial time stamp is valid, if not, judging that the authentication has failed, and exiting the authentication; if so, executing step S6;

S6、根据所述节点唯一识别码查询该传感器节点属性生成的公钥,对所述传感器节点身份信息进行第二解密运算,若第二解密运算失败,则判定认证失败,退出认证;若第二解密运算成功,则得到解密身份信息,执行步骤S7;S6. Query the public key generated by the attribute of the sensor node according to the unique identification code of the node, and perform a second decryption operation on the identity information of the sensor node. If the second decryption operation fails, it is determined that the authentication fails and exits the authentication; if the second If the decryption operation is successful, the decrypted identity information is obtained, and step S7 is executed;

S7、根据所述解密身份信息生成新的身份令牌和新的认证时间戳,存储所述解密身份信息,并将所述新的身份令牌和新的认证时间戳发送到所述待认证传感器节点。S7. Generate a new identity token and a new authentication time stamp according to the decrypted identity information, store the decrypted identity information, and send the new identity token and new authentication time stamp to the sensor to be authenticated node.

在一个具体实施例中,所述认证信息包括:经过物联网共性支撑平台公钥与传感器节点属性生成的私钥依次加密后的传感器节点身份信息和传感器节点初始时间戳。In a specific embodiment, the authentication information includes: the identity information of the sensor node and the initial time stamp of the sensor node encrypted sequentially by the public key of the common support platform of the Internet of Things and the private key generated by the attribute of the sensor node.

在一个具体实施例中,所述步骤S4还包括:In a specific embodiment, the step S4 also includes:

判断所述待认证传感器节点的身份令牌是否过期,若是,则执行步骤S5。It is judged whether the identity token of the sensor node to be authenticated has expired, and if yes, step S5 is executed.

在一个具体实施例中,所述步骤S7还包括:In a specific embodiment, the step S7 also includes:

对发送到所述待认证传感器节点的所述新的身份令牌设置令牌失效时间,若判断所述传感器节点的令牌失效,则发送重新认证信息到该失效的传感器节点。Set a token expiration time for the new identity token sent to the sensor node to be authenticated, and if it is judged that the token of the sensor node is invalid, send re-authentication information to the invalid sensor node.

在一个具体实施例中,所述步骤S7之后还包括:In a specific embodiment, after the step S7, it also includes:

当判断预定数量个传感器节点认证完成时,利用认证完成后的每个传感器节点得到认证圆域,根据所述认证圆域对待认证传感器节点进行认证。When it is judged that the authentication of the predetermined number of sensor nodes is completed, each sensor node after authentication is used to obtain an authentication circle, and the sensor node to be authenticated is authenticated according to the authentication circle.

在一个具体实施例中,根据所述认证圆域对待认证传感器节点进行认证,包括:In a specific embodiment, authenticating the sensor node to be authenticated according to the authentication circle includes:

当有新的待认证传感器节点请求认证时,计算所述新的待认证传感器节点与所述认证圆域之间的距离,当判断所述新的待认证传感器节点属于所述认证圆域时,判定认证完成。When a new sensor node to be authenticated requests authentication, calculate the distance between the new sensor node to be authenticated and the authentication circle, and when it is judged that the new sensor node to be authenticated belongs to the authentication circle, It is judged that the authentication is completed.

在一个具体实施例中,根据所述认证圆域对待认证传感器节点进行认证,包括:In a specific embodiment, authenticating the sensor node to be authenticated according to the authentication circle includes:

当有新的待认证传感器节点请求认证时,计算所述新的待认证传感器节点与所述认证圆域之间的距离,当判断所述新的待认证传感器节点不属于所述认证圆域,并且查询到未有节点接入时,则判定认证失败。When a new sensor node to be authenticated requests authentication, calculate the distance between the new sensor node to be authenticated and the authentication circle, and when it is judged that the new sensor node to be authenticated does not belong to the authentication circle, And when it is found that no node is connected, it is determined that the authentication fails.

与现有技术相比,本发明的有益效果:Compared with prior art, the beneficial effect of the present invention:

1、本发明方法中,其传感器节点使用自身的属性生成的密钥加密身份信息,该密钥对的公钥保存于物联网共性支撑平台,私钥不做保存。由于所有传感器节点设备属性都不尽相同,物联网平台外的第三方无法生成同样有效的身份信息,保证了身份信息的唯一有效性和合法性。1. In the method of the present invention, the sensor node encrypts the identity information with a key generated by its own attributes, and the public key of the key pair is stored in the common support platform of the Internet of Things, and the private key is not stored. Since the properties of all sensor node devices are different, third parties outside the IoT platform cannot generate equally valid identity information, which ensures the unique validity and legitimacy of identity information.

2、本发明方法中,传感器节点身份信息只能由本发明物联网平台获取,即传感器节点使用物联网平台公钥加密平台特征码,确保传感器节点不会被平台外未授权的第三方平台认证,信息不会被第三方获取,达到传感器节点与物联网平台双向认证的效果。2. In the method of the present invention, the sensor node identity information can only be obtained by the Internet of Things platform of the present invention, that is, the sensor node uses the public key of the Internet of Things platform to encrypt the platform feature code to ensure that the sensor node will not be authenticated by an unauthorized third-party platform outside the platform, The information will not be obtained by a third party, achieving the effect of two-way authentication between the sensor node and the IoT platform.

3、本发明方法中,传感器节点认证成功后,节点身份信息与节点接入的安全网关相对应,便于物联网平台根据不同安全网关以及不同的设备类型设置相应访问权限,保证传感器节点每次的访问都是被授权的,使得传感器节点所采集的数据不被物联网平台内未授权的第三方获取,并且在有一定数量已知身份的安全节点的条件下,能够对未知节点实现快速安全认证,其认证简单,安全可靠,应用前景及市场价值高。3. In the method of the present invention, after the sensor node is successfully authenticated, the node identity information corresponds to the security gateway connected to the node, which facilitates the Internet of Things platform to set corresponding access rights according to different security gateways and different device types, and ensures that the sensor node is authenticated every time. Access is authorized, so that the data collected by sensor nodes will not be obtained by unauthorized third parties in the Internet of Things platform, and under the condition of a certain number of security nodes with known identities, fast security authentication can be realized for unknown nodes , its certification is simple, safe and reliable, with high application prospects and market value.

附图说明Description of drawings

图1为本发明实施例提供的一种基于物联网的传感器节点身份认证系统模块框图;Fig. 1 is a block diagram of a sensor node identity authentication system based on the Internet of Things provided by an embodiment of the present invention;

图2为本发明一个传感器节点内部构造示意图;Fig. 2 is a schematic diagram of the internal structure of a sensor node of the present invention;

图3为本发明实施例提供的一种基于物联网的传感器节点身份认证方法流程图;Fig. 3 is a kind of flow chart of the sensor node identity authentication method based on Internet of Things provided by the embodiment of the present invention;

图4为本发明实施例的快速认证后续节点的方法示意图。FIG. 4 is a schematic diagram of a method for quickly authenticating a subsequent node according to an embodiment of the present invention.

具体实施方式Detailed ways

下面结合具体实施例对本发明做进一步详细的描述,但本发明的实施方式不限于此。The present invention will be described in further detail below in conjunction with specific examples, but the embodiments of the present invention are not limited thereto.

实施例一Embodiment one

请参见图1,图1为本发明实施例提供的一种基于物联网的传感器节点身份认证系统模块框图,包括认证服务器、设备管理中心、安全网关、至少一个传感器节点;Please refer to FIG. 1. FIG. 1 is a module block diagram of a sensor node identity authentication system based on the Internet of Things provided by an embodiment of the present invention, including an authentication server, a device management center, a security gateway, and at least one sensor node;

所述传感器节点连接所述安全网关,用于发送认证信息到所述安全网关;The sensor node is connected to the security gateway for sending authentication information to the security gateway;

所述安全网关连接所述认证服务器,用于将所述认证信息连同网关号发送到所述认证服务器;The security gateway is connected to the authentication server, and is used to send the authentication information together with the gateway number to the authentication server;

安全网关作为物联网共性支撑平台中不同的场景下与平台接入的安全网关,传感器节点按照需要部署于各个不同的场景中,安全网关对传感器节点有发送数据和接收数据的权限,传感器节点在认证过程以及之后的数据交互过程均与该安全网关做唯一交流,并且不接受其他安全网关的命令,也就是说每个传感器节点对应唯一的一个安全网关,通过网关号进行标识。As a security gateway connected to the platform in different scenarios in the common support platform of the Internet of Things, the security gateway is deployed in different scenarios as required. The security gateway has the authority to send and receive data to the sensor node. The sensor node is in The authentication process and the subsequent data interaction process all communicate with the security gateway exclusively, and do not accept commands from other security gateways, that is to say, each sensor node corresponds to a unique security gateway, which is identified by the gateway number.

在本实施例中,安全网关负责物联网共性支撑平台与传感器节点数据的交互,当安全网关收到下属节点发送的认证消息A时,分配节点序列Us给该节点,作为安全网关识别下属节点身份的标识,之后更新数据负责发送给物联网平台;当安全网关接收到物联网平台返回的信息时,检索节点序列Us,并将信息发送给对应的节点。In this embodiment, the security gateway is responsible for the interaction between the Internet of Things common support platform and the sensor node data. When the security gateway receives the authentication message A sent by the subordinate node, it assigns the node sequence Us to the node as a security gateway to identify the identity of the subordinate node After the update data is responsible for sending to the IoT platform; when the security gateway receives the information returned by the IoT platform, it retrieves the node sequence Us and sends the information to the corresponding node.

所述认证服务器连接所述设备管理中心,用于对所述认证信息进行认证,认证完成后生成身份令牌,将所述身份令牌返回所述传感器节点,并将该认证后的传感器节点存储在所述设备管理中心。The authentication server is connected to the device management center for authenticating the authentication information, generates an identity token after the authentication is completed, returns the identity token to the sensor node, and stores the authenticated sensor node in the Device Management Center.

设备管理中心管理平台内所有安全网关的详细信息及安全网关下所有传感器节点的身份信息,根据认证服务器的要求将通过验证的传感器节点身份信息加入其所属安全网关下。认证服务器接收安全网关发送的认证消息A,并根据相应策略对A的真实性、有效性进行认证,认证成功后生成身份令牌Uauth和认证时间戳Tauth,并负责管理身份令牌的失效时间。The device management center manages the detailed information of all security gateways in the management platform and the identity information of all sensor nodes under the security gateway, and adds the verified sensor node identity information under the security gateway to which it belongs according to the requirements of the authentication server. The authentication server receives the authentication message A sent by the security gateway, and authenticates the authenticity and validity of A according to the corresponding policy. After the authentication is successful, it generates the identity token Uauth and the authentication timestamp Tauth, and is responsible for managing the expiration time of the identity token.

具体的,在一个实施例中,所述设备管理中心和认证服务器均处于物联网共性支撑平台;所述传感器节点接入所述安全网关,并通过所述安全网关获取所述认证服务器的认证;所述传感器节点包括CPU、传感器、安全SoC(System on Chip系统级芯片)芯片、存储器、I/O接口等,请参见图2,图2为一个传感器节点内部构造示意图;所述安全SoC芯片存储包括所述物联网共性支撑平台特征码、由节点自身属性生成的私钥加密后的身份信息以及所述传感器节点唯一识别码以及初始时间戳。上述安全SoC芯片中存储的数据应当以加密的方式存储于所述传感器节点中,密钥为所述物联网共性支撑平台所公开的公钥。所述传感器节点自身携带的身份信息包括所述传感器节点类型,所述传感器节点安全级别,所述传感器节点控制命令类型。所述传感器节点中的存储器存储将来所述认证服务器认证成功之后发送给传感器节点存储的身份令牌以及其他传感器需要存储的信息。Specifically, in one embodiment, both the device management center and the authentication server are on a common support platform of the Internet of Things; the sensor node accesses the security gateway, and obtains the authentication of the authentication server through the security gateway; Described sensor node comprises CPU, sensor, safety SoC (System on Chip system level chip) chip, memory, I/O interface etc., please refer to Fig. 2, Fig. 2 is a schematic diagram of internal structure of a sensor node; Described safety SoC chip stores It includes the feature code of the common support platform of the Internet of Things, the identity information encrypted by the private key generated by the node's own attributes, the unique identification code of the sensor node, and the initial time stamp. The data stored in the above-mentioned secure SoC chip should be stored in the sensor node in an encrypted manner, and the key is the public key disclosed by the Internet of Things common support platform. The identity information carried by the sensor node itself includes the sensor node type, the sensor node security level, and the sensor node control command type. The memory in the sensor node stores the identity token that the authentication server sends to the sensor node after successful authentication in the future and other information that the sensor needs to store.

在一个具体实施场景中,传感器节点认证过程具体包括如下步骤:In a specific implementation scenario, the sensor node authentication process specifically includes the following steps:

步骤一、在系统运行时,传感器节点和安全网关启动,传感器节点确认以密文形式保存的身份信息可用,安全网关确认安全网关号可用;设备管理中心确认节点信息列表合法可用,确认安全网关管理表合法可用。节点信息列表包括传感器节点唯一识别码与其根据自身属性生成的公钥,安全网关管理表包括物联网共性支撑平台下所有安全网关信息以及各个安全网关下所有传感器节点身份信息。Step 1. When the system is running, the sensor node and the security gateway are started. The sensor node confirms that the identity information stored in ciphertext is available, and the security gateway confirms that the security gateway number is available; the device management center confirms that the node information list is legal and available, and confirms that the security gateway management Table legally available. The node information list includes the unique identification code of the sensor node and the public key generated according to its own attributes, and the security gateway management table includes all security gateway information under the Internet of Things common support platform and all sensor node identity information under each security gateway.

步骤二、传感器节点发送认证信息A,通过安全网关时与安全网关号Sid合并,并获得安全网关给该节点分配的节点序列Us,更新认证信息A,发送给认证服务器。其中,认证信息A由传感器节点身份信息C与物联网共性支撑平台特征码Tid和传感器节点唯一识别码Uid以及初始时间戳T1通过二次加密获得,两次加密密钥分别为由传感器节点自身属性生成的私钥Pra和物联网共性支撑平台的公钥Pub,加密方法为E[Pub,E(Pra,C)||Tid||Uid||T1],通过安全网关之后与安全网关号合并后认证消息A更新为E[Pub,E(Pra,C)||Tid||Uid||T1]||Sid||Us,将认证消息A发送给认证服务器。Step 2: The sensor node sends the authentication information A, merges with the security gateway number Sid when passing through the security gateway, and obtains the node sequence Us assigned by the security gateway to the node, updates the authentication information A, and sends it to the authentication server. Among them, the authentication information A is obtained by secondary encryption from the sensor node identity information C and the common support platform feature code Tid of the Internet of Things, the unique identification code Uid of the sensor node and the initial time stamp T1. The generated private key Pra and the public key Pub of the Internet of Things common support platform, the encryption method is E[Pub,E(Pra,C)||Tid||Uid||T1], after passing through the security gateway and merging with the security gateway number The authentication message A is updated to E[Pub,E(Pra,C)||Tid||Uid||T1]||Sid||Us, and the authentication message A is sent to the authentication server.

步骤三、认证服务器接收到认证消息A后,使用物联网共性支撑平台私钥Prb对认证消息A解密,成功解密后得到解密消息B。之后验证初始时间戳T1、平台特征码Tid和传感器唯一识别码Uid的合法性,验证成功后得到传感器节点身份信息C,根据身份信息C生成身份令牌Uauth以及认证时间戳Tauth,返回给传感器节点。同时,将身份信息根据安全网关号Sid发送给设备管理中心。Step 3: After receiving the authentication message A, the authentication server decrypts the authentication message A using the private key Prb of the common supporting platform of the Internet of Things, and obtains the decrypted message B after successful decryption. Then verify the legitimacy of the initial timestamp T1, platform feature code Tid, and sensor unique identification code Uid. After successful verification, the sensor node identity information C is obtained, and the identity token Uauth and authentication timestamp Tauth are generated according to the identity information C, and returned to the sensor node. . At the same time, the identity information is sent to the device management center according to the security gateway number Sid.

步骤四、传感器节点收到身份令牌Uauth和认证时间戳,并将其存入节点内安全芯片SoC中,作为后续数据交互的凭证。安全芯片存储节点的身份信息C,将身份令牌Uauth和认证时间戳Tauth等无法被第三方使用的数据存入节点存储器中。从而降低对安全SOC芯片容量的要求。Step 4: The sensor node receives the identity token Uauth and the authentication time stamp, and stores it in the SoC of the security chip in the node as a credential for subsequent data interaction. The security chip stores the identity information C of the node, and stores data that cannot be used by a third party, such as the identity token Uauth and the authentication time stamp Tauth, into the node memory. Therefore, the requirement on the capacity of the secure SOC chip is reduced.

本发明方法中,其传感器节点使用自身的属性生成的密钥加密身份信息,该密钥对的公钥保存于物联网共性支撑平台,私钥不做保存。由于所有传感器节点设备属性都不尽相同,物联网平台外的第三方无法生成同样有效的身份信息,保证了身份信息的唯一有效性和合法性。In the method of the present invention, the sensor node uses the key generated by its own attribute to encrypt the identity information, the public key of the key pair is stored in the Internet of Things common support platform, and the private key is not stored. Since the properties of all sensor node devices are different, third parties outside the IoT platform cannot generate equally valid identity information, which ensures the unique validity and legitimacy of identity information.

此外,传感器节点身份信息只能由本发明的物联网平台获取,即传感器节点使用物联网平台公钥加密平台特征码,确保传感器节点不会被平台外未授权的第三方平台认证,信息不会被第三方获取,达到传感器节点与物联网平台双向认证的效果。In addition, the sensor node identity information can only be obtained by the Internet of Things platform of the present invention, that is, the sensor node uses the public key of the Internet of Things platform to encrypt the platform feature code, so as to ensure that the sensor node will not be authenticated by an unauthorized third-party platform outside the platform, and the information will not be stolen. Obtained by a third party to achieve the effect of two-way authentication between the sensor node and the IoT platform.

实施例二Embodiment two

认证服务器对传感器节点身份认证过程请参见图3,图3为本发明实施例提供的一种基于物联网的传感器节点身份认证方法流程图,包括:Please refer to FIG. 3 for the process of authenticating the identity of the sensor node by the authentication server. FIG. 3 is a flow chart of a method for authenticating the identity of a sensor node based on the Internet of Things provided by an embodiment of the present invention, including:

S1、初始化待认证传感器节点信息列表;S1. Initialize the sensor node information list to be authenticated;

其中,首先进行系统初始化,启动每个待认证的传感器节点以及用于传递数据的安全网关,认证服务器初始化传感器节点信息列表,设备管理中心初始化及安全网关及对应节点列表,传感器节点初始化,以保证传感器节点确认以密文形式保存的身份信息可用,安全网关确认安全网关号可用;设备管理中心确认节点信息列表合法可用,确认安全网关管理表合法可用。Among them, the system is initialized first, each sensor node to be authenticated and the security gateway used to transmit data are started, the authentication server initializes the sensor node information list, the device management center initializes and the list of security gateways and corresponding nodes, and the sensor node is initialized to ensure The sensor node confirms that the identity information stored in ciphertext is available, and the security gateway confirms that the security gateway number is available; the device management center confirms that the node information list is legally available, and that the security gateway management table is legally available.

S2、接收所述待认证传感器节点发送的认证信息;S2. Receive the authentication information sent by the sensor node to be authenticated;

其中,传感器节点将认证信息经由物联网平台组网系统中的安全网关发送给认证服务器,认证服务器接收认证信息。所述认证信息由经过物联网共性支撑平台公钥与传感器节点属性生成的私钥依次加密后的传感器节点身份信息和传感器节点初始时间戳组成;所述传感器节点身份信息包括节点自身信息和所述物联网共性支撑平台特征码。经过安全网关时,将认证信息与安全网关号进行拼接。Wherein, the sensor node sends the authentication information to the authentication server via the security gateway in the IoT platform networking system, and the authentication server receives the authentication information. The authentication information is composed of the sensor node identity information and the sensor node initial time stamp after being encrypted sequentially by the public key of the common support platform of the Internet of Things and the private key generated by the sensor node attributes; the sensor node identity information includes the node's own information and the Internet of Things common support platform feature code. When passing through the security gateway, the authentication information is spliced with the security gateway number.

认证服务器接收到认证消息A后,使用物联网共性支撑平台的私钥Prb对A解密,方法为D[Prb,E(Pra,C)||Tid||Uid||T1]||Sid||Us,得到物联网平台特征码Tid,传感器节点唯一识别码Uid,初始时间戳T1。After receiving the authentication message A, the authentication server uses the private key Prb of the Internet of Things common support platform to decrypt A, and the method is D[Prb,E(Pra,C)||Tid||Uid||T1]||Sid|| Us, get the IoT platform feature code Tid, the unique identification code Uid of the sensor node, and the initial timestamp T1.

S3、对所述认证信息进行第一解密运算,若第一解密运算失败,则判定认证失败,退出认证;若第一解密运算成功,则得到传感器节点身份信息、初始时间戳、节点唯一识别码,执行步骤S4;S3. Perform a first decryption operation on the authentication information. If the first decryption operation fails, it is determined that the authentication has failed, and the authentication is exited; if the first decryption operation is successful, the sensor node identity information, initial time stamp, and node unique identification code are obtained. , execute step S4;

其中,认证服务器接收认证信息,使用物联网共性支撑平台公钥对认证信息进行初次解密,得到物联网平台特征码、设备初始时间戳以及传感器节点唯一识别码。若解密失败或者解密得到的特征码匹配失败,则认证失败。Among them, the authentication server receives the authentication information, uses the public key of the Internet of Things common support platform to decrypt the authentication information for the first time, and obtains the characteristic code of the Internet of Things platform, the initial time stamp of the device, and the unique identification code of the sensor node. If the decryption fails or the decrypted feature code fails to match, the authentication fails.

认证服务器验证上一步得到的物联网平台特征码Tid是否与认证服务器所保存的特征码TID匹配,若Tid=TID,则执行下一步,若否,则证明该传感器节点不适用于本物联网平台,认证失败。The authentication server verifies whether the Internet of Things platform feature code Tid obtained in the previous step matches the feature code TID saved by the authentication server, if Tid=TID, then executes the next step, if not, it proves that the sensor node is not applicable to the Internet of Things platform, Authentication failed.

S4、判断所述待认证传感器节点身份信息是否存在身份令牌,若是,则判定认证完成,若否,则执行步骤S5;S4. Judging whether there is an identity token in the identity information of the sensor node to be authenticated, if so, then judging that the authentication is completed, if not, then performing step S5;

其中,当判断存在身份令牌,但身份令牌过期时,则执行步骤S5。Wherein, when it is judged that there is an identity token but the identity token has expired, step S5 is performed.

即判断密得到的信息是否包含身份令牌Uauth且Uauth是否可用。That is, it is judged whether the encrypted information contains the identity token Uauth and whether Uauth is available.

S5、判断所述初始时间戳是否有效,若否,则判定认证失败,退出认证;若是,则执行步骤S6;S5. Judging whether the initial time stamp is valid, if not, judging that the authentication has failed, and exiting the authentication; if so, executing step S6;

即判断解密得到的初始时间戳T1是否有效,若初始时间戳T1有异常情况,则证明该节点安全性有待验证,认证失败。That is to judge whether the initial timestamp T1 obtained by decryption is valid. If the initial timestamp T1 is abnormal, it proves that the security of the node needs to be verified, and the authentication fails.

S6、根据所述节点唯一识别码查询该传感器节点属性生成的公钥,对所述传感器节点身份信息进行第二解密运算,若第二解密运算失败,则判定认证失败,退出认证;若第二解密运算成功,则得到解密身份信息,执行步骤S7;S6. Query the public key generated by the attribute of the sensor node according to the unique identification code of the node, and perform a second decryption operation on the identity information of the sensor node. If the second decryption operation fails, it is determined that the authentication fails and exits the authentication; if the second If the decryption operation is successful, the decrypted identity information is obtained, and step S7 is executed;

使用解密得到的节点唯一识别码Uid查询节点公钥Pua,若节点唯一识别码无效或者无法查询到节点公钥Pua,则证明该节点可用性有待验证,认证失败,若查询到节点公钥Pua,则利用节点公钥Pua对初次解密消息B进行二次解密,解密方法为D(Pua,C)。Use the decrypted node unique identification code Uid to query the node public key Pua. If the node unique identification code is invalid or the node public key Pua cannot be queried, it proves that the availability of the node needs to be verified, and the authentication fails. If the node public key Pua is queried, then Use the node public key Pua to decrypt the message B for the second time, and the decryption method is D(Pua,C).

S7、根据所述解密身份信息生成新的身份令牌和新的认证时间戳,存储所述解密身份信息,并将所述新的身份令牌和新的认证时间戳发送到所述待认证传感器节点。S7. Generate a new identity token and a new authentication time stamp according to the decrypted identity information, store the decrypted identity information, and send the new identity token and new authentication time stamp to the sensor to be authenticated node.

具体的,根据节点身份信息C生成节点身份令牌Uauth和认证时间戳Tauth,将身份令牌Uauth和认证时间戳Tauth返回给传感器节点,并将节点身份信息C根据安全网关号Sid写入设备管理中心。Specifically, the node identity token Uauth and the authentication timestamp Tauth are generated according to the node identity information C, the identity token Uauth and the authentication timestamp Tauth are returned to the sensor node, and the node identity information C is written into the device management according to the security gateway number Sid center.

在一个具体实施例中,所述步骤S7还包括:In a specific embodiment, the step S7 also includes:

对发送到所述待认证传感器节点的所述新的身份令牌设置令牌失效时间,若判断所述传感器节点的令牌失效,则发送重新认证信息到该失效的传感器节点。Set a token expiration time for the new identity token sent to the sensor node to be authenticated, and if it is judged that the token of the sensor node is invalid, send re-authentication information to the invalid sensor node.

为保证更高的安全要求,认证服务器可以对已认证的传感器节点存于系统中的安全级别设置不同的令牌失效时间。之后,身份令牌失效的传感器将信息发送给服务器,服务器要求传感器重新进行身份认证,成功后对节点存储的令牌进行更新。In order to ensure higher security requirements, the authentication server can set different token expiration times for the security levels of the authenticated sensor nodes stored in the system. Afterwards, the sensor whose identity token expires sends information to the server, and the server requires the sensor to re-authenticate, and updates the token stored by the node after success.

在一种实施方式中,物联网平台可以根据初次认证时得到的传感器节点安全级别高低设置不同的安全认证方案。例如,可以为安全级别较高的传感器节点设置更短的身份令牌有效时间,设置传感器节点a的有效时间为Ta,初次验证成功之后,传感器节点在数据交互过程中通过认证服务器时,认证服务器验证时间戳Tauth有效性,若当前时间Tc–Tauth>Ta,则表明身份令牌失效,该传感器节点a需要再一次进行身份认证。这一措施可以保证为不同种类的传感器节点根据其类型设置不同的安全措施,在保证节点身份安全的同时由于验证策略的灵活性而减少了验证次数,从而提高了物联网平台中传感器节点整体认证时间。In one embodiment, the Internet of Things platform can set different security authentication schemes according to the security level of the sensor node obtained during the initial authentication. For example, a shorter valid time of the identity token can be set for a sensor node with a higher security level, and the valid time of sensor node a is set to Ta. After the initial verification is successful, when the sensor node passes the authentication server during the data interaction process, the authentication server Verify the validity of the timestamp Tauth. If the current time Tc-Tauth>Ta, it indicates that the identity token is invalid, and the sensor node a needs to perform identity authentication again. This measure can ensure that different security measures are set for different types of sensor nodes according to their types. While ensuring the security of node identities, the number of verifications is reduced due to the flexibility of verification strategies, thereby improving the overall authentication of sensor nodes in the IoT platform. time.

在一个具体实施例中,所述步骤S7之后还包括:In a specific embodiment, after the step S7, it also includes:

当判断预定数量个传感器节点认证完成时,利用认证完成后的每个传感器节点得到认证圆域,根据所述认证圆域对待认证传感器节点进行认证。When it is judged that the authentication of the predetermined number of sensor nodes is completed, each sensor node after authentication is used to obtain an authentication circle, and the sensor node to be authenticated is authenticated according to the authentication circle.

根据所述认证圆域对待认证传感器节点进行认证,包括:According to the authentication circle field, the sensor node to be authenticated is authenticated, including:

当有新的待认证传感器节点请求认证时,计算所述新的待认证传感器节点与所述认证圆域之间的距离,当判断所述新的待认证传感器节点属于所述认证圆域时,判定认证完成。When a new sensor node to be authenticated requests authentication, calculate the distance between the new sensor node to be authenticated and the authentication circle, and when it is judged that the new sensor node to be authenticated belongs to the authentication circle, It is judged that the authentication is completed.

根据所述认证圆域对待认证传感器节点进行认证,包括:According to the authentication circle field, the sensor node to be authenticated is authenticated, including:

当有新的待认证传感器节点请求认证时,计算所述新的待认证传感器节点与所述认证圆域之间的距离,当判断所述新的待认证传感器节点不属于所述认证圆域,并且查询到未有节点接入时,则判定认证失败。When a new sensor node to be authenticated requests authentication, calculate the distance between the new sensor node to be authenticated and the authentication circle, and when it is judged that the new sensor node to be authenticated does not belong to the authentication circle, And when it is found that no node is connected, it is determined that the authentication fails.

其中,在完成一批传感器节点的认证之后,使用流K-means算法计算当前几种类型节点的中心点并画出圆域。当有新的节点请求认证时,计算新节点与中心点之间的距离,若属于当前已知类型节点,则通过认证,若不属于当前类型节点范围,则查询是否有新类型节点接入物联网平台,否则不予通过认证。Among them, after completing the authentication of a batch of sensor nodes, the current K-means algorithm is used to calculate the center points of several types of nodes and draw a circle. When a new node requests authentication, calculate the distance between the new node and the central point. If it belongs to the currently known type of node, it will pass the authentication. If it does not belong to the range of the current type of node, then query whether there is a new type of node access object Internet platform, otherwise it will not pass the certification.

为了更清楚的说明该实施方式,请参见图4,图4为本发明实施例的快速认证后续节点的方法示意图。In order to illustrate this implementation manner more clearly, please refer to FIG. 4 , which is a schematic diagram of a method for quickly authenticating a subsequent node in an embodiment of the present invention.

在完成一批传感器节点的认证之后,使用流K-means算法计算当前几种类型节点的中心点并画出圆域,如图中r1,r2所示。当有新的节点请求认证时,计算新节点与中心点之间的距离,若属于当前已知类型节点,则通过认证,如节点p2在r1范围内,通过认证;若不属于当前类型节点范围,则查询是否有新类型节点接入物联网平台,否则不予通过认证,如节点p1不属于当前已知类型节点,则不予立即认证。After completing the authentication of a batch of sensor nodes, use the flow K-means algorithm to calculate the center points of several types of nodes and draw a circle, as shown in r1 and r2 in the figure. When a new node requests authentication, calculate the distance between the new node and the center point. If it belongs to the currently known type of node, it will pass the authentication. If node p2 is within the range of r1, it will pass the authentication; if it does not belong to the range of the current type of node , then query whether there is a new type of node connected to the IoT platform, otherwise the authentication will not be passed. If the node p1 does not belong to the currently known type of node, the authentication will not be performed immediately.

通过上述方法,在新节点的认证过程中,对于验证已知相同类型的节点情况下,通过快速认证方式进行身份认证,对于验证未知属性类型节点情况下,通过谨慎认证的方式,直到确认该节点可信抑或不可信为止,本发明实施例能够在实现传感器快速认证、物联网平台快速组装的情况下保证节点可信的身份。Through the above method, in the authentication process of new nodes, in the case of verifying known nodes of the same type, identity authentication is performed through quick authentication, and in the case of verifying unknown attribute type nodes, cautious authentication is used until the node is confirmed Trusted or untrusted, the embodiment of the present invention can guarantee the trusted identity of the node under the condition of fast sensor authentication and rapid assembly of the Internet of Things platform.

本发明方法中,传感器节点认证成功后,节点身份信息与节点接入的安全网关相对应,便于物联网平台根据不同安全网关以及不同的设备类型设置相应访问权限,保证传感器节点每次的访问都是被授权的,使得传感器节点所采集的数据不被物联网平台内未授权的第三方获取,并且在有一定数量已知身份的安全节点的条件下,能够对未知节点实现快速安全认证,其认证简单,安全可靠,应用前景及市场价值高。In the method of the present invention, after the sensor node is authenticated successfully, the node identity information corresponds to the security gateway connected to the node, which facilitates the Internet of Things platform to set corresponding access rights according to different security gateways and different device types, and ensures that each access of the sensor node is guaranteed. It is authorized, so that the data collected by the sensor nodes will not be obtained by unauthorized third parties in the IoT platform, and under the condition of a certain number of security nodes with known identities, it can quickly and securely authenticate unknown nodes. The certification is simple, safe and reliable, with high application prospects and market value.

以上内容是结合具体的优选实施方式对本发明所作的进一步详细说明,不能认定本发明的具体实施只局限于这些说明。对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be assumed that the specific implementation of the present invention is limited to these descriptions. For those of ordinary skill in the technical field of the present invention, without departing from the concept of the present invention, some simple deduction or replacement can be made, which should be regarded as belonging to the protection scope of the present invention.

Claims (8)

1. a kind of sensor node identity authorization system based on Internet of Things, which is characterized in that including certificate server, equipment pipe Reason center, security gateway, at least one sensor node;
The sensor node connects the security gateway, for sending authentication information to the security gateway;
The security gateway connects the certificate server, for the authentication information to be sent to the certification together with gateway number Server;
The certificate server connects the equipment management center, for being authenticated to the authentication information, after the completion of certification Identity token is generated, the identity token is returned into the sensor node, and the sensor node after the certification is stored in The equipment management center.
2. a kind of sensor node identity identifying method based on Internet of Things, which is characterized in that including:
S1, initialization sensor node information list to be certified;
S2, the authentication information that the sensor node to be certified is sent is received;
S3, the first decryption operation is carried out to the authentication information, if the first decryption operation failure, judges authentification failure, exit Certification;If the first decryption operation success, obtains sensor node identity information, initial time stamp, nodes unique identifier, holds Row step S4;
S4, judge that the sensor node identity information to be certified whether there is identity token, if so, judgement certification is completed, If it is not, thening follow the steps S5;
S5, judge whether the initial time stamp is effective, if it is not, then judging authentification failure, exit certification;If so, executing step Rapid S6;
S6, the public key that sensor node attribute generation is inquired according to the nodes unique identifier, to the sensor node Identity information carries out the second decryption operation, if the second decryption operation failure, judges authentification failure, exit certification;If the second solution Close operation success, then obtain decryption identity information, execute step S7;
S7, new identity token and new authenticated time stamp are generated according to the decryption identity information, store the decryption identity Information, and the new identity token and new authenticated time stamp are sent to the sensor node to be certified.
3. the sensor node identity identifying method according to claim 2 based on Internet of Things, which is characterized in that described to recognize Demonstrate,proving information includes:By Internet of Things general character support platform public key and the private key of sensor node attribute generation successively encrypted biography Sensor node identity information and sensor node initial time stamp.
4. the sensor node identity identifying method according to claim 2 based on Internet of Things, which is characterized in that the step Suddenly S4 further includes:
Judge whether the identity token of the sensor node to be certified is expired, if so, thening follow the steps S5.
5. the sensor node identity identifying method according to claim 2 based on Internet of Things, which is characterized in that the step Suddenly S7 further includes:
The token out-of-service time is arranged in the new identity token to being sent to the sensor node to be certified, if described in judging The token of sensor node fails, then send re-authentication information to the failure sensor node.
6. the sensor node identity identifying method according to claim 2 based on Internet of Things, which is characterized in that the step Further include after rapid S7:
When judging that predetermined quantity sensor node certification is completed, recognized using each sensor node after the completion of certification Card circle domain is justified domain according to the certification and is authenticated to sensor node to be certified.
7. the sensor node identity identifying method according to claim 6 based on Internet of Things, which is characterized in that according to institute Certification circle domain is stated to be authenticated sensor node to be certified, including:
When there is new sensor node to be certified to ask certification, the new sensor node to be certified and the certification are calculated The distance between circle domain, when judging that the new sensor node to be certified belongs to the certification circle domain, judgement certification is completed.
8. the sensor node identity identifying method according to claim 6 based on Internet of Things, which is characterized in that according to institute Certification circle domain is stated to be authenticated sensor node to be certified, including:
When there is new sensor node to be certified to ask certification, the new sensor node to be certified and the certification are calculated Circle the distance between domain when judging that the new sensor node to be certified is not belonging to certification circle domain, and inquires not When having node access, then authentification failure is judged.
CN201810236903.8A 2018-03-21 2018-03-21 A sensor node identity authentication system and method based on the Internet of Things Active CN108616504B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810236903.8A CN108616504B (en) 2018-03-21 2018-03-21 A sensor node identity authentication system and method based on the Internet of Things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810236903.8A CN108616504B (en) 2018-03-21 2018-03-21 A sensor node identity authentication system and method based on the Internet of Things

Publications (2)

Publication Number Publication Date
CN108616504A true CN108616504A (en) 2018-10-02
CN108616504B CN108616504B (en) 2020-12-15

Family

ID=63658556

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810236903.8A Active CN108616504B (en) 2018-03-21 2018-03-21 A sensor node identity authentication system and method based on the Internet of Things

Country Status (1)

Country Link
CN (1) CN108616504B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111010281A (en) * 2019-12-11 2020-04-14 上海上药神象健康药业有限公司 3-channel Internet of things network system and data security access method
CN110474921B (en) * 2019-08-28 2020-06-26 中国石油大学(北京) A perceptual layer data fidelity method for local IoT
CN111629004A (en) * 2020-05-28 2020-09-04 河南智云数据信息技术股份有限公司 Rapid authentication method for nodes of Internet of things
CN111787540A (en) * 2020-06-29 2020-10-16 百度在线网络技术(北京)有限公司 Method, apparatus, electronic device and readable storage medium for accessing the Internet of Things
CN112087417A (en) * 2020-07-22 2020-12-15 深圳奇迹智慧网络有限公司 Terminal authority control method and device, computer equipment and storage medium
WO2021204083A1 (en) * 2020-04-08 2021-10-14 华为技术有限公司 Bluetooth networking method for electronic device, and related device
CN113642239A (en) * 2021-07-16 2021-11-12 北京融数联智科技有限公司 Method and system for modeling federated learning
CN113973299A (en) * 2020-07-22 2022-01-25 中国石油化工股份有限公司 Wireless sensor with identity authentication function and identity authentication method
WO2022166775A1 (en) * 2021-02-08 2022-08-11 上海新时达电气股份有限公司 Elevator accessory authentication method and system, and server and storage medium
CN115243257A (en) * 2022-06-28 2022-10-25 交控科技股份有限公司 Authentication system and authentication method for sensing equipment of subway station
CN115461689A (en) * 2020-04-27 2022-12-09 株式会社荏原制作所 Sensor authentication login system, data collection system and data collection method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932790A (en) * 2012-10-31 2013-02-13 江苏博智软件科技有限公司 Mobile-communication-network-based security authentication method of Internet of Things
CN103647762B (en) * 2013-11-27 2016-08-17 清华大学 IPv6 Internet of things node identity identifying method based on access path
CN107454079A (en) * 2017-08-04 2017-12-08 西安电子科技大学 Lightweight device authentication and shared key machinery of consultation based on platform of internet of things

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932790A (en) * 2012-10-31 2013-02-13 江苏博智软件科技有限公司 Mobile-communication-network-based security authentication method of Internet of Things
CN103647762B (en) * 2013-11-27 2016-08-17 清华大学 IPv6 Internet of things node identity identifying method based on access path
CN107454079A (en) * 2017-08-04 2017-12-08 西安电子科技大学 Lightweight device authentication and shared key machinery of consultation based on platform of internet of things

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YONGZHAO ZHAN: "Wireless Sensor Networks for the Internet of Things", 《INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474921B (en) * 2019-08-28 2020-06-26 中国石油大学(北京) A perceptual layer data fidelity method for local IoT
CN111010281A (en) * 2019-12-11 2020-04-14 上海上药神象健康药业有限公司 3-channel Internet of things network system and data security access method
WO2021204083A1 (en) * 2020-04-08 2021-10-14 华为技术有限公司 Bluetooth networking method for electronic device, and related device
US12408029B2 (en) 2020-04-08 2025-09-02 Huawei Technologies Co., Ltd. Bluetooth networking method for electronic device and related device
CN115461689A (en) * 2020-04-27 2022-12-09 株式会社荏原制作所 Sensor authentication login system, data collection system and data collection method
CN111629004A (en) * 2020-05-28 2020-09-04 河南智云数据信息技术股份有限公司 Rapid authentication method for nodes of Internet of things
CN111787540A (en) * 2020-06-29 2020-10-16 百度在线网络技术(北京)有限公司 Method, apparatus, electronic device and readable storage medium for accessing the Internet of Things
CN111787540B (en) * 2020-06-29 2023-07-07 百度在线网络技术(北京)有限公司 Method, device, electronic device and readable storage medium for accessing Internet of Things
CN113973299B (en) * 2020-07-22 2023-09-29 中国石油化工股份有限公司 Wireless sensor with identity authentication function and identity authentication method
CN112087417A (en) * 2020-07-22 2020-12-15 深圳奇迹智慧网络有限公司 Terminal authority control method and device, computer equipment and storage medium
CN113973299A (en) * 2020-07-22 2022-01-25 中国石油化工股份有限公司 Wireless sensor with identity authentication function and identity authentication method
WO2022166775A1 (en) * 2021-02-08 2022-08-11 上海新时达电气股份有限公司 Elevator accessory authentication method and system, and server and storage medium
CN113642239A (en) * 2021-07-16 2021-11-12 北京融数联智科技有限公司 Method and system for modeling federated learning
CN113642239B (en) * 2021-07-16 2024-06-18 北京融数联智科技有限公司 Federal learning modeling method and system
CN115243257A (en) * 2022-06-28 2022-10-25 交控科技股份有限公司 Authentication system and authentication method for sensing equipment of subway station

Also Published As

Publication number Publication date
CN108616504B (en) 2020-12-15

Similar Documents

Publication Publication Date Title
US12143476B2 (en) Method of data transfer, a method of controlling use of data and cryptographic device
CN108616504B (en) A sensor node identity authentication system and method based on the Internet of Things
CN112311735B (en) Credible authentication method, network equipment, system and storage medium
US8024488B2 (en) Methods and apparatus to validate configuration of computerized devices
CN103685282B (en) A kind of identity identifying method based on single-sign-on
CN112887282B (en) An identity authentication method, device, system and electronic equipment
US10333930B2 (en) System and method for transparent multi-factor authentication and security posture checking
WO2021179449A1 (en) Mimic defense system based on certificate identity authentication, and certificate issuing method
US20050166051A1 (en) System and method for certification of a secure platform
CN103517273A (en) Authentication method, managing platform and Internet-of-Things equipment
CN113572791B (en) Video Internet of things big data encryption service method, system and device
CN113032814B (en) Internet of things data management method and system
CN115277168A (en) Method, device and system for accessing server
CN106559408A (en) A kind of SDN authentication methods based on trust management
CN119249401B (en) Internet of Things data processing method and system based on blockchain
CN116707983A (en) Authorization authentication method and device, access authentication method and device, equipment, medium
CN110929231A (en) Digital asset authorization method and device and server
CN114036490B (en) Plug-in software interface calling security authentication method, USBKey driving device and authentication system
CN108881280A (en) Cut-in method, content distribution network system and access system
CN119484898A (en) Encrypted video playback method, device, storage medium and computer equipment
CN113647080B (en) Providing digital certificates in a cryptographically secure manner
Liou et al. T-auth: A novel authentication mechanism for the iot based on smart contracts and pufs
CN115865320A (en) Block chain-based security service management method and system
KR101358704B1 (en) Method of authenticating for single sign on
TWI390937B (en) Method, system, and storage medium for eliminating password exposure when requesting third party attribute certificates

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant