[go: up one dir, main page]

CN114866248A - A distributed and trusted identity authentication method and system in edge computing environment - Google Patents

A distributed and trusted identity authentication method and system in edge computing environment Download PDF

Info

Publication number
CN114866248A
CN114866248A CN202210406166.8A CN202210406166A CN114866248A CN 114866248 A CN114866248 A CN 114866248A CN 202210406166 A CN202210406166 A CN 202210406166A CN 114866248 A CN114866248 A CN 114866248A
Authority
CN
China
Prior art keywords
terminal device
kgc
information
distributed
edge server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210406166.8A
Other languages
Chinese (zh)
Inventor
伍卫国
柴玉香
王雄
杨诗园
张祥俊
刘松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Jiaotong University
Original Assignee
Xian Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Jiaotong University filed Critical Xian Jiaotong University
Priority to CN202210406166.8A priority Critical patent/CN114866248A/en
Publication of CN114866248A publication Critical patent/CN114866248A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3013Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a distributed credible identity authentication method and a distributed credible identity authentication system in an edge computing environment, which are characterized in that system parameters of a terminal device to be authenticated and an edge server are initialized, a chameleon hash function is constructed by adopting the initialized parameters, KGC is utilized to generate a key and trapdoor public key information for the terminal device and the edge server, then information elements needing to be authenticated of the terminal device and the edge server are registered on a block chain, the terminal device to be authenticated and the edge server are authenticated by accessing the information elements used for authentication in the block chain, and the identity authentication and session key calculation are completed; the terminal equipment authenticates with the edge server according to the application, acquires necessary information elements through the access block chain to construct authentication information and a session key, and completes authentication and calculation of the session key; the distributed trusted data authentication method can be used in the edge computing environment, realizes distributed trusted data authentication, and reduces authentication overhead.

Description

一种边缘计算环境中分布式可信的身份认证方法及系统A distributed and trusted identity authentication method and system in edge computing environment

技术领域technical field

本发明属于身份认证领域,具体涉及一种边缘计算环境中分布式可信的身份认证方法及系统。The invention belongs to the field of identity authentication, and in particular relates to a distributed and trusted identity authentication method and system in an edge computing environment.

背景技术Background technique

随着物联网和5G技术的快速发展,终端设备数量的剧增以及轻量级设备的大量使用,导致传统的云计算平台已经无法满足实时性、高响应的需求,边缘计算环境提供了解决方案,然而边缘计算环境呈复杂多样化的特点,特别是在众多数据通信认证过程中,传统的PKI数字证书的认证方式已经无法满足轻量级和分布式的要求,边缘计算环境中的身份认证对边缘计算服务于人们的生活造成一定的阻碍。With the rapid development of the Internet of Things and 5G technology, the sharp increase in the number of terminal devices and the large-scale use of lightweight devices, the traditional cloud computing platform has been unable to meet the needs of real-time and high response, and the edge computing environment provides solutions. However, the edge computing environment is complex and diverse, especially in many data communication authentication processes, the traditional PKI digital certificate authentication method has been unable to meet the requirements of lightweight and distributed, the identity authentication in the edge computing environment Computing services to people's lives create certain obstacles.

发明内容SUMMARY OF THE INVENTION

本发明的目的在于提供一种边缘计算环境中分布式可信的身份认证方法及系统,以克服现有技术的不足。The purpose of the present invention is to provide a distributed and trusted identity authentication method and system in an edge computing environment to overcome the deficiencies of the prior art.

一种边缘计算环境中分布式可信的身份认证方法,包括以下步骤:A distributed and trusted identity authentication method in an edge computing environment, comprising the following steps:

S1,对待认证的终端设备和边缘服务器的系统参数进行初始化,同时采用初始化后的参数构建变色龙哈希函数;S1, initialize the system parameters of the terminal device to be authenticated and the edge server, and use the initialized parameters to construct a chameleon hash function;

S2,利用KGC为终端设备和边缘服务器生成密钥和陷门公钥信息,然后将终端设备和边缘服务器需要认证的信息要素注册到区块链上;S2, use KGC to generate the key and trapdoor public key information for the terminal device and the edge server, and then register the information elements that the terminal device and the edge server need to authenticate to the blockchain;

S3,将待认证的终端设备和边缘服务器通过访问区块链中用于认证的信息要素进行认证,完成身份认证和会话密钥的计算。S3, authenticate the terminal device and the edge server to be authenticated by accessing the information elements used for authentication in the blockchain to complete the identity authentication and the calculation of the session key.

进一步的,采用密钥生成服务器生成椭圆曲线E,其阶数为q,生成元为P,循环加法群G,阶数为r的大整数群

Figure BDA0003602233430000011
Further, the key generation server is used to generate the elliptic curve E, the order of which is q, the generator is P, the cyclic addition group G, and the large integer group of order r
Figure BDA0003602233430000011

利用KGC从大整数群

Figure BDA0003602233430000012
中随机产生一个随机数SKkgc作为私钥,计算PKkgc=SKkgc·P,构成自己的公私钥信息(PKkgc,SKkgc),其中
Figure BDA0003602233430000021
Using KGC from the large integer group
Figure BDA0003602233430000012
Randomly generate a random number SK kgc as the private key in the
Figure BDA0003602233430000021

进一步的,采用变色龙哈希函数为终端设备每次的认证进行匿名处理,基于每次认证请求的时间构建相同的哈希值。Further, the chameleon hash function is used to perform anonymous processing for each authentication of the terminal device, and the same hash value is constructed based on the time of each authentication request.

进一步的,变色龙哈希函数采用离散对数问题进行构建。Further, the chameleon hash function is constructed using the discrete logarithm problem.

进一步的,终端设备EU将唯一的身份标识IDu进行哈希Pid=H1(IDu),生成伪身份标识Pid,并将伪身份标识Pid通过安全信道发送给KGC;Further, the terminal device EU hashes the unique identification ID u to P id =H 1 (ID u ), generates a pseudo identification P id , and sends the pseudo identification P id to the KGC through a secure channel;

KGC接收终端设备的密钥请求信息Pid之后,产生随机数

Figure BDA0003602233430000022
作为临时私钥,并计算Ri=ri·P得到临时公钥Ri,通过计算SKu=ri+SKkgc·Pid作为设备的私钥,通过计算PKu=SKu·P,得到终设备的公钥PKu,生成终端设备的公私钥信息;After the KGC receives the key request information P id of the terminal device, it generates a random number
Figure BDA0003602233430000022
As a temporary private key, and calculate R i =r i ·P to obtain a temporary public key R i , by calculating SK u =r i +SK kgc ·P id as the private key of the device, by calculating PK u =SK u ·P, Obtain the public key PK u of the terminal device, and generate the public and private key information of the terminal device;

终端设备接收到信息之后,对时间戳和陷门公钥信息进行验证。After the terminal device receives the information, it verifies the timestamp and trapdoor public key information.

进一步的,KGC生成随机数g∈G1作为变色龙哈希函数的生成公钥,通过计算

Figure BDA0003602233430000023
作为终端设备的陷门公钥,并产生当前的时间戳Tkgc。Further, KGC generates a random number g ∈ G 1 as the generated public key of the chameleon hash function, by calculating
Figure BDA0003602233430000023
As the trapdoor public key of the terminal device, and generate the current timestamp T kgc .

进一步的,首先验证接收到的时间戳与当前的时间戳Tu-Tkgc是否在设定的时间范围内,如果不在设定的范围之内,则拒绝接受响应信息。Further, first verify whether the received time stamp and the current time stamp T u -T kgc are within the set time range, and if not within the set range, refuse to accept the response information.

进一步的,边缘服务器ES将唯一的身份标识IDs进行哈希之后通过安全信道发送给KGC;Further, the edge server ES hashes the unique identification ID s and sends it to the KGC through a secure channel;

KGC收到请求后,产生随机值

Figure BDA0003602233430000024
通过计算SKs=xi+SKkgc·Pids得到边缘服务器的私钥,计算PKs=SKs·P得到公钥,并产生当前的时间戳Tkgc,并将信息<SKs,PKs,Tkgc>发送给边缘服务器;After KGC receives the request, it generates a random value
Figure BDA0003602233430000024
The private key of the edge server is obtained by calculating SK s = xi +SK kgc ·P ids , the public key is obtained by calculating PK s =SK s ·P, and the current timestamp T kgc is generated, and the information <SK s ,PK s ,T kgc >send to edge server;

边缘服务器收到响应信息后,首先判断当前的时间戳Tes和接收到的时间戳Tkgc的差是否在有效范围内,如果不在有效范围则拒绝接受响应;如果在有效范围内则接受响应。After receiving the response information, the edge server firstly judges whether the difference between the current timestamp T es and the received timestamp T kgc is within the valid range, and if it is not within the valid range, it refuses to accept the response; if it is within the valid range, it accepts the response.

进一步的,终端设备请求访问边缘服务器,通过调用智能合约获取ES的公钥信息PKs,从区块链中获取公钥信息;ES通过计算

Figure BDA0003602233430000025
得到终端设备的变色龙哈希函数值,调用智能合约查询该值是否存在,并得到对应的伪身份标识Pid,通过计算PKu′=PIDI-(P1·Pid)得到U的公钥信息。Further, the terminal device requests access to the edge server, obtains the public key information PK s of the ES by calling the smart contract, and obtains the public key information from the blockchain; ES calculates
Figure BDA0003602233430000025
Obtain the chameleon hash function value of the terminal device, call the smart contract to check whether the value exists, and obtain the corresponding pseudo-identity identifier P id , and obtain the public key information of U by calculating PK u ′=PIDI-(P 1 ·P id ) .

一种边缘计算环境中分布式可信的身份认证系统,包括终端设备、边缘服务器、密钥生成服务器和区块链:A distributed and trusted identity authentication system in an edge computing environment, including a terminal device, an edge server, a key generation server, and a blockchain:

密钥生成服务器用于为终端设备和边缘服务器生成密钥和陷门公钥信息;The key generation server is used to generate keys and trapdoor public key information for terminal devices and edge servers;

终端设备和边缘服务器将需要认证的信息要素注册到区块链上;Terminal devices and edge servers register information elements that require authentication on the blockchain;

需要认证时,对终端设备和边缘服务器的系统参数进行初始化,同时采用初始化后的参数构建变色龙哈希函数,终端设备和边缘服务器通过访问区块链中用于认证的信息要素进行认证,完成身份认证和会话密钥的计算。When authentication is required, initialize the system parameters of the terminal device and the edge server, and use the initialized parameters to construct the chameleon hash function. The terminal device and the edge server authenticate by accessing the information elements used for authentication in the blockchain to complete the identity. Authentication and calculation of session keys.

与现有技术相比,本发明具有以下有益的技术效果:Compared with the prior art, the present invention has the following beneficial technical effects:

本发明一种边缘计算环境中分布式可信的身份认证方法,通过对待认证的终端设备和边缘服务器的系统参数进行初始化,同时采用初始化后的参数构建变色龙哈希函数,利用KGC为终端设备和边缘服务器生成密钥和陷门公钥信息,然后将终端设备和边缘服务器需要认证的信息要素注册到区块链上,将待认证的终端设备和边缘服务器通过访问区块链中用于认证的信息要素进行认证,完成身份认证和会话密钥的计算;终端设备根据申请与边缘服务器进行认证,通过访问区块链获取必要的信息要素对认证信息和会话密钥进行构建,完成认证和会话密钥的计算;本发明能够用于边缘计算环境中,实现分布式的可信数据认证,降低认证开销。The invention is a distributed and credible identity authentication method in an edge computing environment. The system parameters of the terminal device to be authenticated and the edge server are initialized, and the initialized parameters are used to construct a chameleon hash function, and KGC is used for the terminal device and the edge server. The edge server generates the key and trapdoor public key information, and then registers the information elements that the terminal device and the edge server need to authenticate to the blockchain, and the terminal device and the edge server to be authenticated access the blockchain for authentication. The information elements are authenticated to complete the identity authentication and the calculation of the session key; the terminal device authenticates with the edge server according to the application, and obtains the necessary information elements by accessing the blockchain to construct the authentication information and session key, and complete the authentication and session encryption. The calculation of the key; the invention can be used in the edge computing environment to realize distributed trusted data authentication and reduce the authentication overhead.

进一步的,变色龙哈希函数为终端设备每次的认证进行匿名处理,在不改变公私钥等密钥信息的情况下,基于每次认证请求的时间构建相同的哈希值,避免向区块链中注册多次;Further, the chameleon hash function performs anonymous processing for each authentication of the terminal device. Without changing the public and private key information and other key information, the same hash value is constructed based on the time of each authentication request, avoiding the need to send data to the blockchain. registered multiple times;

进一步的,变色龙哈希函数采用离散对数问题进行构建,保证设备匿名的安全性和有效性。Further, the chameleon hash function is constructed using discrete logarithm problem to ensure the security and effectiveness of device anonymity.

进一步的,本发明采用区块链不易明文保存设备的信息,仅保存共享的认证数据部分,减轻对可信第三方的依赖。Further, the present invention adopts the block chain to not easily save the information of the device in plain text, only saves the shared authentication data part, and reduces the dependence on the trusted third party.

附图说明Description of drawings

图1是本发明实施例中身份认证的架构图。FIG. 1 is a structural diagram of identity authentication in an embodiment of the present invention.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。In order to make those skilled in the art better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only Embodiments are part of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

一种边缘计算环境中分布式可信的身份认证方法,包括以下步骤:A distributed and trusted identity authentication method in an edge computing environment, comprising the following steps:

步骤1)、对待认证的终端设备和边缘服务器的系统参数进行初始化,同时采用初始化后的参数构建变色龙哈希函数;Step 1), initialize the system parameters of the terminal device to be authenticated and the edge server, and use the initialized parameters to construct the chameleon hash function simultaneously;

具体的,首先采用密钥生成服务器(KGC)生成椭圆曲线E,其阶数为q,生成元为P,循环加法群G,阶数为r的大整数群

Figure BDA0003602233430000041
Specifically, the key generation server (KGC) is used to generate the elliptic curve E, the order of which is q, the generator is P, the cyclic addition group G, and the large integer group of order r
Figure BDA0003602233430000041

利用KGC从大整数群

Figure BDA0003602233430000042
中随机产生一个随机数SKkgc作为私钥,计算PKkgc=SKkgc·P,构成自己的公私钥信息(PKkgc,SKkgc),其中
Figure BDA0003602233430000043
Using KGC from the large integer group
Figure BDA0003602233430000042
Randomly generate a random number SK kgc as the private key in the
Figure BDA0003602233430000043

选择两个安全单向的哈希函数

Figure BDA0003602233430000044
H3:G×{0,1}*×G×0,1*→Zq*,H4:0,1*×G→Zq*,一个变色龙哈希函数H2:CHg,h,r,t。Choose two secure one-way hash functions
Figure BDA0003602233430000044
H 3 : G×{0,1} * ×G×0,1*→Zq*, H4:0,1*×G→Zq*, a chameleon hash function H2:CHg,h,r,t.

公开参数<E,G,P,q,H1,H2,H3,H4,PKkgc>,SKkgc秘密保存,不进行公开。Public parameters <E, G, P, q, H 1 , H 2 , H 3 , H 4 , PK kgc >, SK kgc is kept secret and will not be disclosed.

使用椭圆曲线离散对数难题构建变色龙哈希函数:Build the chameleon hash function using the elliptic curve discrete logarithm puzzle:

具体的,根据变色龙哈希函数的定义,整数群中随机产生

Figure BDA0003602233430000045
作为陷门私钥,加法群G1产生生成公钥g,陷门公钥通过计算
Figure BDA0003602233430000046
Specifically, according to the definition of the chameleon hash function, the integer group is randomly generated
Figure BDA0003602233430000045
As the trapdoor private key, the additive group G 1 generates the public key g, and the trapdoor public key is calculated by calculating
Figure BDA0003602233430000046

变色龙哈希函数值CH(value)通过公式计算:The chameleon hash function value CH(value) is calculated by the formula:

Figure BDA0003602233430000051
改变value的值为value′,为使变色哈希函数值不发生变化,伪造随机值r2,r2计算公式为:
Figure BDA0003602233430000051
Change the value of value to value'. In order to keep the value of the color-changing hash function unchanged, the random value r 2 is forged. The calculation formula of r 2 is:

r2=(value-value′)/SKu+r1r 2 =(value-value')/SK u +r 1 .

步骤2)、利用KGC为终端设备和边缘服务器生成密钥和陷门公钥信息,然后将终端设备和边缘服务器需要认证的信息要素注册到区块链上;Step 2), use KGC to generate key and trapdoor public key information for the terminal device and the edge server, and then register the information elements that the terminal device and the edge server need to authenticate on the blockchain;

具体包括以下步骤:Specifically include the following steps:

终端设备的注册:Registration of terminal equipment:

a、终端设备EU将唯一的身份标识IDu进行哈希Pid=H1(IDu),生成伪身份标识Pid,并将伪身份标识Pid通过安全信道发送给KGC;a. The terminal device EU hashes the unique identification ID u P id =H 1 (ID u ), generates a pseudo identification P id , and sends the pseudo identification P id to the KGC through a secure channel;

b、KGC接收终端设备的密钥请求信息Pid之后,产生随机数

Figure BDA0003602233430000052
作为临时私钥,并计算Ri=ri·P得到临时公钥Ri,通过计算SKu=ri+SKkgc·Pid作为设备的私钥,通过计算PKu=SKu·P,得到终端设备的公钥PKu,生成了设备的公私钥信息。b. After the KGC receives the key request information P id of the terminal device, it generates a random number
Figure BDA0003602233430000052
As a temporary private key, and calculate R i =r i ·P to obtain a temporary public key R i , by calculating SK u =r i +SK kgc ·P id as the private key of the device, by calculating PK u =SK u ·P, The public key PK u of the terminal device is obtained, and the public and private key information of the device is generated.

KGC从G1中产生随机数g作为变色龙哈希函数的生成公钥,通过计算

Figure BDA0003602233430000053
作为终端设备的陷门公钥,并产生当前的时间戳Tkgc。KGC generates a random number g from G 1 as the generated public key of the chameleon hash function, by calculating
Figure BDA0003602233430000053
As the trapdoor public key of the terminal device, and generate the current timestamp T kgc .

KGC将信息<SKu,PKu,h,Tkgc,Ri>发送给终端设备。The KGC sends the information <SK u , PK u , h, T kgc , R i > to the terminal device.

c、终端设备接收到信息之后,对时间戳和陷门公钥信息进行验证。c. After receiving the information, the terminal device verifies the timestamp and trapdoor public key information.

首先验证接收到的时间戳与当前的时间戳Tu-Tkgc是否在设定的时间范围内,如果不在设定的范围之内,则拒绝接受响应信息;First, verify whether the received timestamp and the current timestamp T u -T kgc are within the set time range, and if not within the set range, refuse to accept the response information;

通过计算Ri+PKkgc·Pid并与PKu进行比较,如果不相等则拒绝接受响应信息。By calculating R i +PK kgc ·P id and comparing with PK u , if they are not equal, reject the response message.

终端设备产生随机数

Figure BDA0003602233430000061
通过CH(g,h,r,t)生成变色龙哈希值,根据生成的变色龙哈希值调用智能合约
Figure BDA0003602233430000062
Figure BDA0003602233430000063
信息注册到区块链中。The terminal device generates random numbers
Figure BDA0003602233430000061
Generate the chameleon hash value through CH(g,h,r,t), and call the smart contract according to the generated chameleon hash value
Figure BDA0003602233430000062
Will
Figure BDA0003602233430000063
Information is registered in the blockchain.

边缘服务器的注册Registration of Edge Servers

a、边缘服务器ES将唯一的身份标识IDs进行哈希之后通过安全信道发送给KGC;a. The edge server ES hashes the unique identity ID s and sends it to the KGC through a secure channel;

b、KGC收到请求后,产生随机值

Figure BDA0003602233430000064
通过计算SKs=xi+SKkgc·Pids得到边缘服务器的私钥,计算PKs=SKs·P得到公钥。并产生当前的时间戳Tkgc,并将信息<SKs,PKs,Tkgc>发送给边缘服务器;b. After KGC receives the request, it generates a random value
Figure BDA0003602233430000064
The private key of the edge server is obtained by calculating SK s = xi +SK kgc ·P ids , and the public key is obtained by calculating PK s =SK s ·P. And generate the current timestamp T kgc , and send the information <SK s , PK s , T kgc > to the edge server;

c、边缘服务器收到响应信息后,首先判断当前的时间戳Tes和接收到的时间戳Tkgc的差是否在有效范围内,如果不在有效范围则拒绝接受响应;如果在有效范围内则接受响应;c. After the edge server receives the response information, it first determines whether the difference between the current timestamp T es and the received timestamp T kgc is within the valid range, and if it is not within the valid range, rejects the response; if it is within the valid range, accepts response;

调用智能合约registerS(Pids,PKs,),将边缘服务器的公钥信息注册到区块链中。Call the smart contract registerS(P ids ,PK s ,) to register the public key information of the edge server into the blockchain.

步骤3)、将待认证的终端设备和边缘服务器通过访问区块链中用于认证的信息要素进行认证,完成身份认证和会话密钥的计算。Step 3), authenticate the terminal device and the edge server to be authenticated by accessing the information elements used for authentication in the blockchain to complete the identity authentication and the calculation of the session key.

a、终端设备请求访问边缘服务器,通过调用智能合约获取ES的公钥信息PK′s,从区块链中获取公钥信息,避免公钥替换,终端设备通过陷门私钥SKu和之前的随机数r、时间戳Tu和现在的时间戳Tn生成构成相同哈希值的随机数r′,并计算得到h′=(h′)r′。生成临时私钥

Figure BDA0003602233430000071
计算P1=N1·P得到临时公钥,通过PKu+(P1·Pid)得到PIDI,将<h′,P1,PIDI,Tn>通过公共信道发送给边缘服务器ES。a. The terminal device requests access to the edge server, obtains the public key information PK' s of the ES by calling the smart contract, and obtains the public key information from the blockchain to avoid public key replacement. The terminal device passes the trapdoor private key SK u and the previous The random number r, the time stamp Tu and the current time stamp T n generate a random number r' that constitutes the same hash value, and h'=(h') r' is calculated. Generate temporary private key
Figure BDA0003602233430000071
Calculate P 1 =N 1 ·P to obtain a temporary public key, obtain PIDI through PK u +(P 1 ·P id ), and send <h′, P 1 , PIDI, T n > to the edge server ES through a public channel.

b、ES通过计算

Figure BDA0003602233430000073
得到终端设备的变色龙哈希函数值,调用智能合约查询该值是否存在,并得到对应的伪身份标识Pid,通过计算PKu′=PIDI-(P1·Pid)得到U的公钥信息。ES产生随机数
Figure BDA0003602233430000072
作为临时私钥,计算得临时公钥P2=N2·P,计算M=N2·P1,K=H4(M‖PKs),SessionKeys_u=H3(PKs‖M‖PKu′‖Tn),将<P2,K>发送给U。b. ES is calculated by
Figure BDA0003602233430000073
Obtain the chameleon hash function value of the terminal device, call the smart contract to check whether the value exists, and obtain the corresponding pseudo-identity identifier P id , and obtain the public key information of U by calculating PK u ′=PIDI-(P 1 ·P id ) . ES generates random numbers
Figure BDA0003602233430000072
As the temporary private key, calculate the temporary public key P 2 =N 2 ·P, calculate M=N 2 ·P 1 , K=H 4 (M‖PK s ), SessionKey s_u =H 3 (PK s ‖M‖PK u ′‖T n ), send <P 2 ,K> to U.

c、U收到ES发来信息之后,计算得到M′=P2·N1,生成K‘=H4(M′‖PKs),并判断K与K′是否相等,如果不相等,则终止认证。认证成功后,计算得到终端设备和边缘服务器之间的会话密钥SessionKeyu_s=H3(PKs′‖M′‖PKu‖Tn)。c. After U receives the information from ES, it calculates M'=P 2 ·N 1 , generates K'=H 4 (M'‖PK s ), and judges whether K and K' are equal, if not, then Terminate certification. After the authentication is successful, the session key SessionKey u_s = H 3 (PK s '‖M'‖ PK u ‖T n ) between the terminal device and the edge server is calculated.

实施例Example

如图1所示为身份认证的架构图,包括终端设备U(User)、密钥生成服务器KGC(KeyGeneration Center)和边缘服务器ES(Edge Server);Figure 1 shows the architecture diagram of identity authentication, including terminal device U (User), key generation server KGC (KeyGeneration Center) and edge server ES (Edge Server);

其中KGC部署在云服务中,云是相对与边缘是安全、可信的存在,又因为设备数量的庞大,采用安全可靠的KGC密钥生成服务器可以生成大量的、随机的、安全的密钥信息,负责为终端设备和边缘服务器进行密钥信息的分发,并且KGC对终端设备和边缘服务器的注册信息不进行保存,避免了集中式存储不安全导致设备信息泄露的风险。Among them, KGC is deployed in the cloud service. The cloud is relatively safe and credible compared to the edge, and because of the huge number of devices, the use of a safe and reliable KGC key generation server can generate a large amount of random and secure key information. , responsible for the distribution of key information for terminal devices and edge servers, and KGC does not save the registration information of terminal devices and edge servers, avoiding the risk of device information leakage due to insecure centralized storage.

终端设备采用任何需要请求边缘端服务的设备,例如智能摄像头、智能电表等终端设备,用户通过向区块链网络发送注册、认证请求信息,通过调用接口发送数据到区块链网络,区块链执行引擎调用智能合约功能,区块链网络对产生的注册等交易数据进行共识,并保存到区块链中,每个终端设备以及边缘服务器都需要在区块链上进行注册,才能够享受或提供服务。The terminal device adopts any device that needs to request edge services, such as smart cameras, smart meters and other terminal devices. The user sends registration and authentication request information to the blockchain network, and sends data to the blockchain network through the calling interface. The execution engine calls the smart contract function, and the blockchain network agrees on the generated registration and other transaction data, and saves it in the blockchain. Each terminal device and edge server needs to be registered on the blockchain before they can enjoy or Provide services.

ES负责为U提供高效的数据处理和分析,服务于U的使用,每一个ES加入到区块链网络中,既可以保证区块链分布式账本正常运行,又与云端进行通讯,借助云端更丰富的计算、存储等资源,保证应用服务的高效率和低成本。ES is responsible for providing efficient data processing and analysis for U and serving the use of U. Each ES added to the blockchain network can not only ensure the normal operation of the blockchain distributed ledger, but also communicate with the cloud. Rich computing, storage and other resources ensure high efficiency and low cost of application services.

本发明采用区块链作为一个分布式、可信、共享的账本,能够安全地对认证信息要素进行分布式可信的存储,实现认证数据分布式可信的共享,对身份认证提供信任帮助。ES和U通过调用智能合约完成在区块链上的注册,通过调用智能合约查询设备的认证信息要素。U的信息不以明文的形式保存在区块链中,仅保存相关的信息要素,避免终端设备身份信息的泄露,ES为了更好的发挥靠近数据源的优势,从而提供更快速便捷的服务,无需为ES提供身份的匿名性,信息以明文的方式进行保存。The invention adopts the blockchain as a distributed, credible and shared ledger, which can securely store the authentication information elements in a distributed and credible manner, realize the distributed and credible sharing of authentication data, and provide trust assistance for identity authentication. ES and U complete the registration on the blockchain by calling the smart contract, and query the authentication information elements of the device by calling the smart contract. The information of U is not stored in the blockchain in the form of plaintext, but only the relevant information elements are stored to avoid the leakage of the identity information of the terminal equipment. In order to better utilize the advantages of being close to the data source, ES provides faster and more convenient services. There is no need to provide ES with identity anonymity, and information is stored in clear text.

在整个注册认证过程中,设备通过安全信道请求获取密钥信息,终端设备和边缘服务器通过公共信道完成相互认证过程,并计算出安全的会话密钥,在一定程度上实现对应用服务的传输数据进行保护。身份认证架构During the entire registration and authentication process, the device requests to obtain key information through the secure channel, the terminal device and the edge server complete the mutual authentication process through the public channel, and calculate the secure session key, which realizes the transmission of data to the application service to a certain extent. to protect. Identity Authentication Architecture

实施例:Example:

采用阿里巴巴云服务器模拟为边缘服务器,配置:Intel(R)Xeon(R)CPU E5-26300@2.30GHz,1GB的内存和Ubuntu 14.04,另一方面,谷歌Nexus One智能手机作为终端设备,配置2GHz ARM CPU armeabi-v7a、300MiB RAM和android 4.4。Alibaba cloud server is used to simulate as edge server, configuration: Intel(R) Xeon(R) CPU E5-26300@2.30GHz, 1GB memory and Ubuntu 14.04, on the other hand, Google Nexus One smartphone is used as terminal device, configured with 2GHz ARM CPU armeabi-v7a, 300MiB RAM and android 4.4.

通过多次重复计算得到两种设备下不同的加密操作所需要的计算开销,统计数据如表1所示。The computational overhead required for different encryption operations under the two devices is obtained by repeating the calculation several times. The statistical data are shown in Table 1.

表1 不同加密运算所需的时间消耗(ms)Table 1 Time consumption (ms) required for different encryption operations

Figure BDA0003602233430000091
Figure BDA0003602233430000091

统计认证方案的计算开销和通讯开销,分别如表2,表3所示。The computational overhead and communication overhead of the statistical authentication scheme are shown in Table 2 and Table 3, respectively.

表2 开销计算Table 2 Overhead calculation

Figure BDA0003602233430000092
Figure BDA0003602233430000092

通过计算并对比几种方案的计开销,本发明的认证方案的整体开销是最小的为75.966ms,并且在终端的计算开销也是最小的为66.827ms。By calculating and comparing the overheads of several schemes, the overall overhead of the authentication scheme of the present invention is the minimum of 75.966ms, and the calculation overhead of the terminal is also the minimum of 66.827ms.

表3 通讯开销计算Table 3 Calculation of communication cost

Figure BDA0003602233430000101
Figure BDA0003602233430000101

参与方之间传输的消息数量被认为是一个度量,这些传输的消息由不同的符号表示,其代表的大小也不同,例如大整数群

Figure BDA0003602233430000102
标识ID、哈希值H、时间戳T和循环加法群G,在所提出的认证方案中,这些长度的设定如下:
Figure BDA0003602233430000103
|T|=32b、|G|=1024b、|ID|=256b。根据这些值,计算并总结了协议的通讯成本,本发明的认证方案的通讯开销为4288bits,低于基于身份的匿名认证方案,表3列出了本申请的方案和对比方案的通讯字段。The number of messages transmitted between parties is considered as a measure, and these transmitted messages are represented by different symbols, which represent different sizes, such as groups of large integers
Figure BDA0003602233430000102
Identity ID, hash value H, timestamp T and cyclic addition group G, in the proposed authentication scheme, these lengths are set as follows:
Figure BDA0003602233430000103
|T|=32b, |G|=1024b, |ID|=256b. According to these values, the communication cost of the protocol is calculated and summarized. The communication overhead of the authentication scheme of the present invention is 4288 bits, which is lower than that of the anonymous authentication scheme based on identity. Table 3 lists the communication fields of the scheme of the present application and the comparison scheme.

本发明通过离散对数构建变色龙哈希函数保证认证的匿名性和安全性,使用区块链保存认证数据的信息要素,实现分布式的数据可信性,通过对比另外三种基于椭圆加密曲线体制的身份认证方案的认证开销,由此证明,采用变色龙哈希函数对设备身份进行匿名,并且借助区块链实现分布式的身份认证,能够有效的降低认证计算开销,可以弥补轻量级设备的资源受限,并且能够弥补集中式身份认证带来的单点故障以及PKI数字证书认证方式由于设备量庞大而带来复杂证书的管理,此身份认证方式更适用与边缘计算环境的身份认证。The invention constructs the chameleon hash function through discrete logarithms to ensure the anonymity and security of the authentication, uses the block chain to save the information elements of the authentication data, and realizes the distributed data reliability. By comparing the other three systems based on elliptic encryption curve This proves that the use of the chameleon hash function to anonymize the device identity and the use of blockchain to achieve distributed identity authentication can effectively reduce the authentication calculation overhead and compensate for the cost of lightweight devices. The resources are limited, and it can make up for the single point of failure caused by centralized identity authentication and the complex certificate management caused by the PKI digital certificate authentication method due to the large number of devices. This identity authentication method is more suitable for identity authentication in edge computing environments.

Claims (10)

1.一种边缘计算环境中分布式可信的身份认证方法,其特征在于,包括以下步骤:1. a distributed and credible identity authentication method in an edge computing environment, is characterized in that, comprises the following steps: S1,对待认证的终端设备和边缘服务器的系统参数进行初始化,同时采用初始化后的参数构建变色龙哈希函数;S1, initialize the system parameters of the terminal device to be authenticated and the edge server, and use the initialized parameters to construct a chameleon hash function; S2,利用KGC为终端设备和边缘服务器生成密钥和陷门公钥信息,然后将终端设备和边缘服务器需要认证的信息要素注册到区块链上;S2, use KGC to generate the key and trapdoor public key information for the terminal device and the edge server, and then register the information elements that the terminal device and the edge server need to authenticate to the blockchain; S3,将待认证的终端设备和边缘服务器通过访问区块链中用于认证的信息要素进行认证,完成身份认证和会话密钥的计算。S3, authenticate the terminal device and the edge server to be authenticated by accessing the information elements used for authentication in the blockchain to complete the identity authentication and the calculation of the session key. 2.根据权利要求1所述的一种边缘计算环境中分布式可信的身份认证方法,其特征在于,采用密钥生成服务器生成椭圆曲线E,其阶数为q,生成元为P,循环加法群G,阶数为r的大整数群
Figure FDA0003602233420000011
2. a distributed and credible identity authentication method in a kind of edge computing environment according to claim 1, is characterized in that, adopts key generation server to generate elliptic curve E, its order is q, and generator is P, loop The additive group G, the group of large integers of order r
Figure FDA0003602233420000011
 利用KGC从大整数群
Figure FDA0003602233420000012
中随机产生一个随机数SKkgc作为私钥,计算PKkgc=SKkgc·P,构成自己的公私钥信息(PKkgc,SKkgc),其中
Figure FDA0003602233420000013
Using KGC from the large integer group
Figure FDA0003602233420000012
Randomly generate a random number SK kgc as the private key in the
Figure FDA0003602233420000013
 3.根据权利要求1所述的一种边缘计算环境中分布式可信的身份认证方法,其特征在于,采用变色龙哈希函数为终端设备每次的认证进行匿名处理,基于每次认证请求的时间构建相同的哈希值。3. The distributed and credible identity authentication method in a kind of edge computing environment according to claim 1, is characterized in that, adopts chameleon hash function to carry out anonymous processing for each authentication of terminal equipment, based on each authentication request. time to build the same hash. 4.根据权利要求3所述的一种边缘计算环境中分布式可信的身份认证方法,其特征在于,变色龙哈希函数采用离散对数问题进行构建。4 . The distributed and credible identity authentication method in an edge computing environment according to claim 3 , wherein the chameleon hash function is constructed using discrete logarithm problems. 5 . 5.根据权利要求1所述的一种边缘计算环境中分布式可信的身份认证方法,其特征在于,终端设备EU将唯一的身份标识IDu进行哈希Pid=H1(IDu),生成伪身份标识Pid,并将伪身份标识Pid通过安全信道发送给KGC;5. The distributed and credible identity authentication method in a kind of edge computing environment according to claim 1, is characterized in that, terminal equipment EU carries out hash P id =H 1 (ID u ) with unique identity ID u , generate a pseudo-identity identifier P id , and send the pseudo-identity identifier P id to the KGC through a secure channel; KGC接收终端设备的密钥请求信息Pid之后,产生随机数
Figure FDA0003602233420000014
作为临时私钥,并计算Ri=ri·P得到临时公钥Ri,通过计算SKu=ri+SKkgc·Pid作为设备的私钥,通过计算PKu=SKu·P,得到终端设备的公钥PKu,生成终端设备的公私钥信息;After the KGC receives the key request information P id of the terminal device, it generates a random number
Figure FDA0003602233420000014
As the temporary private key, and calculate Ri = ri ·P to obtain the temporary public key Ri, by calculating SK u = ri +SK kgc ·P id as the private key of the device, by calculating PK u =SK u · P, get The public key PK u of the terminal device is used to generate the public and private key information of the terminal device; 终端设备接收到信息之后,对时间戳和陷门公钥信息进行验证。After the terminal device receives the information, it verifies the timestamp and trapdoor public key information. 6.根据权利要求5所述的一种边缘计算环境中分布式可信的身份认证方法,其特征在于,KGC生成随机数g∈G1作为变色龙哈希函数的生成公钥,通过计算
Figure FDA0003602233420000022
作为终端设备的陷门公钥,并产生当前的时间戳Tkgc6. A distributed and credible identity authentication method in an edge computing environment according to claim 5, wherein the random number g ∈ G 1 generated by KGC is used as the generated public key of the chameleon hash function, and is calculated by calculating
Figure FDA0003602233420000022
As the trapdoor public key of the terminal device, and generate the current timestamp T kgc . 7.根据权利要求5所述的一种边缘计算环境中分布式可信的身份认证方法,其特征在于,首先验证接收到的时间戳与当前的时间戳Tu-Tkgc是否在设定的时间范围内,如果不在设定的范围之内,则拒绝接受响应信息。7. the distributed and credible identity authentication method in a kind of edge computing environment according to claim 5, is characterized in that, at first verify whether the time stamp received and current time stamp T u -T kgc are set in Within the time range, if it is not within the set range, it will refuse to accept the response information. 8.根据权利要求1所述的一种边缘计算环境中分布式可信的身份认证方法,其特征在于,边缘服务器ES将唯一的身份标识IDs进行哈希之后通过安全信道发送给KGC;8. The distributed and credible identity authentication method in a kind of edge computing environment according to claim 1, is characterized in that, the edge server ES sends the unique identity ID s to KGC through a secure channel after hashing; KGC收到请求后,产生随机值
Figure FDA0003602233420000021
通过计算SKs=xi+SKkgc·Pids得到边缘服务器的私钥,计算PKs=SKs·P得到公钥,并产生当前的时间戳Tkgc,并将信息<SKs,PKs,Tkgc>发送给边缘服务器;After KGC receives the request, it generates a random value
Figure FDA0003602233420000021
The private key of the edge server is obtained by calculating SK s = xi +SK kgc ·P ids , the public key is obtained by calculating PK s =SK s ·P, and the current timestamp T kgc is generated, and the information <SK s , PK s , T kgc > send to edge server; 边缘服务器收到响应信息后,首先判断当前的时间戳Tes和接收到的时间戳Tkgc的差是否在有效范围内,如果不在有效范围则拒绝接受响应;如果在有效范围内则接受响应。After receiving the response information, the edge server firstly judges whether the difference between the current timestamp T es and the received timestamp T kgc is within the valid range, and if it is not within the valid range, it refuses to accept the response; if it is within the valid range, it accepts the response. 9.根据权利要求1所述的一种边缘计算环境中分布式可信的身份认证方法,其特征在于,终端设备请求访问边缘服务器,通过调用智能合约获取ES的公钥信息PKs,从区块链中获取公钥信息;ES通过计算
Figure FDA0003602233420000023
得到终端设备的变色龙哈希函数值,调用智能合约查询该值是否存在,并得到对应的伪身份标识Pid,通过计算PKu′=PIDI-(P1·Pid)得到U的公钥信息。9. The distributed and trusted identity authentication method in an edge computing environment according to claim 1, wherein the terminal device requests access to the edge server, obtains the public key information PK s of the ES by calling a smart contract, and obtains the public key information PK s of the ES from the district Obtain public key information in the blockchain; ES calculates
Figure FDA0003602233420000023
Obtain the chameleon hash function value of the terminal device, call the smart contract to check whether the value exists, and obtain the corresponding pseudo-identity identifier P id , and obtain the public key information of U by calculating PK u ′=PIDI-(P 1 ·P id ) . 10.一种边缘计算环境中分布式可信的身份认证系统,其特征在于,包括终端设备、边缘服务器、密钥生成服务器和区块链:10. A distributed and trusted identity authentication system in an edge computing environment, characterized in that it comprises a terminal device, an edge server, a key generation server and a blockchain: 密钥生成服务器用于为终端设备和边缘服务器生成密钥和陷门公钥信息;The key generation server is used to generate keys and trapdoor public key information for terminal devices and edge servers; 终端设备和边缘服务器将需要认证的信息要素注册到区块链上;Terminal devices and edge servers register information elements that require authentication on the blockchain; 需要认证时,对终端设备和边缘服务器的系统参数进行初始化,同时采用初始化后的参数构建变色龙哈希函数,终端设备和边缘服务器通过访问区块链中用于认证的信息要素进行认证,完成身份认证和会话密钥的计算。When authentication is required, initialize the system parameters of the terminal device and the edge server, and use the initialized parameters to construct the chameleon hash function. The terminal device and the edge server authenticate by accessing the information elements used for authentication in the blockchain to complete the identity. Authentication and calculation of session keys.
CN202210406166.8A 2022-04-18 2022-04-18 A distributed and trusted identity authentication method and system in edge computing environment Pending CN114866248A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210406166.8A CN114866248A (en) 2022-04-18 2022-04-18 A distributed and trusted identity authentication method and system in edge computing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210406166.8A CN114866248A (en) 2022-04-18 2022-04-18 A distributed and trusted identity authentication method and system in edge computing environment

Publications (1)

Publication Number Publication Date
CN114866248A true CN114866248A (en) 2022-08-05

Family

ID=82630759

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210406166.8A Pending CN114866248A (en) 2022-04-18 2022-04-18 A distributed and trusted identity authentication method and system in edge computing environment

Country Status (1)

Country Link
CN (1) CN114866248A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001721A (en) * 2022-08-08 2022-09-02 北京科技大学 A security authentication method and system for smart grid based on blockchain
CN115499171A (en) * 2022-08-26 2022-12-20 先进操作系统创新中心(天津)有限公司 Artificial intelligence trusted computing unified framework, edge device secure computing trusted framework, and security control and decentralization method
CN115913534A (en) * 2022-11-04 2023-04-04 南京邮电大学 Data encryption key accidental updating management method based on edge device
CN116614807A (en) * 2023-07-20 2023-08-18 山东科技大学 Lightweight authenticated key exchange method for wireless local area network and multi-access edge computing

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190073146A1 (en) * 2017-09-01 2019-03-07 Accenture Global Solutions Limited Turn-Control Rewritable Blockchain
CN111147228A (en) * 2019-12-28 2020-05-12 西安电子科技大学 Ethernet IoT entity based lightweight authentication method, system and intelligent terminal
CN111709749A (en) * 2020-06-16 2020-09-25 西安安盟智能科技股份有限公司 Traceable blockchain transaction system with conditional privacy protection
CN112039872A (en) * 2020-08-28 2020-12-04 武汉见邦融智科技有限公司 Cross-domain anonymous authentication method and system based on block chain
CN113890740A (en) * 2021-09-28 2022-01-04 西南交通大学 A security authentication method based on chameleon hash function

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190073146A1 (en) * 2017-09-01 2019-03-07 Accenture Global Solutions Limited Turn-Control Rewritable Blockchain
CN111147228A (en) * 2019-12-28 2020-05-12 西安电子科技大学 Ethernet IoT entity based lightweight authentication method, system and intelligent terminal
CN111709749A (en) * 2020-06-16 2020-09-25 西安安盟智能科技股份有限公司 Traceable blockchain transaction system with conditional privacy protection
CN112039872A (en) * 2020-08-28 2020-12-04 武汉见邦融智科技有限公司 Cross-domain anonymous authentication method and system based on block chain
CN113890740A (en) * 2021-09-28 2022-01-04 西南交通大学 A security authentication method based on chameleon hash function

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
张秀娟: "基于以太坊的IoT实体轻量级认证方案研究", 《CNKI优秀硕士学位论文全文库》, pages 3 *
李慧: "面向智慧医疗网络的安全与隐私保护研究", 《CNKI博士学位论文全文库》, pages 3 *
梁青青;张刚要;: "融入课程质量的在线学习成果认证区块链模型及实现机理研究", 电化教育研究, no. 04 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001721A (en) * 2022-08-08 2022-09-02 北京科技大学 A security authentication method and system for smart grid based on blockchain
CN115001721B (en) * 2022-08-08 2022-11-08 北京科技大学 A security authentication method and system for smart grid based on blockchain
CN115499171A (en) * 2022-08-26 2022-12-20 先进操作系统创新中心(天津)有限公司 Artificial intelligence trusted computing unified framework, edge device secure computing trusted framework, and security control and decentralization method
CN115913534A (en) * 2022-11-04 2023-04-04 南京邮电大学 Data encryption key accidental updating management method based on edge device
CN116614807A (en) * 2023-07-20 2023-08-18 山东科技大学 Lightweight authenticated key exchange method for wireless local area network and multi-access edge computing
CN116614807B (en) * 2023-07-20 2023-10-13 山东科技大学 Lightweight authenticated key exchange method for wireless LAN and multi-access edge computing

Similar Documents

Publication Publication Date Title
Cui et al. Full session key agreement scheme based on chaotic map in vehicular ad hoc networks
Jia et al. A2 chain: a blockchain‐based decentralized authentication scheme for 5G‐enabled IoT
CN112039872A (en) Cross-domain anonymous authentication method and system based on block chain
CN112953727A (en) Internet of things-oriented equipment anonymous identity authentication method and system
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
CN114866248A (en) A distributed and trusted identity authentication method and system in edge computing environment
CN108964919A (en) The lightweight anonymous authentication method with secret protection based on car networking
CN108768988A (en) Block chain access control method, equipment and computer readable storage medium
CN109756877B (en) Quantum-resistant rapid authentication and data transmission method for massive NB-IoT (NB-IoT) equipment
CN114710275A (en) Blockchain-based cross-domain authentication and key agreement method in IoT environment
CN106254374A (en) A kind of cloud data public audit method possessing duplicate removal function
CN113873508B (en) Edge calculation bidirectional authentication method and system based on double public and private keys of user
CN107733657A (en) A kind of high in the clouds is based on PTPM and without CertPubKey signature double factor authentication method
CN115021958B (en) A smart home identity authentication method and system integrating fog computing and blockchain
CN112910861A (en) Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things
CN104283899B (en) User anonymity identity identifying method based on k assumed name set in wireless network
Zhang et al. A Novel Privacy‐Preserving Authentication Protocol Using Bilinear Pairings for the VANET Environment
CN111711607B (en) A blockchain-based trusted loading and verification method for streaming microservices
Wei et al. A mobile intelligent terminal based anonymous authenticated key exchange protocol for roaming service in global mobility networks
CN117478302B (en) Block chain-based privacy node identity verification method and device
CN107493165A (en) A kind of car networking certification and cryptographic key negotiation method with strong anonymity
Yang et al. Provably Secure Client‐Server Key Management Scheme in 5G Networks
Gao et al. Bc-aka: Blockchain based asymmetric authentication and key agreement protocol for distributed 5g core network
Wang et al. A provable secure and lightweight ECC-based authenticated key agreement scheme for edge computing infrastructure in smart grid
CN110336664A (en) Cross-domain authentication method of information service entity based on SM2 cryptographic algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20220805