[go: up one dir, main page]

CN116781280A - A nurse station information interaction platform authentication management method and system - Google Patents

A nurse station information interaction platform authentication management method and system Download PDF

Info

Publication number
CN116781280A
CN116781280A CN202310822934.2A CN202310822934A CN116781280A CN 116781280 A CN116781280 A CN 116781280A CN 202310822934 A CN202310822934 A CN 202310822934A CN 116781280 A CN116781280 A CN 116781280A
Authority
CN
China
Prior art keywords
authentication
user
gateway node
smart card
new
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310822934.2A
Other languages
Chinese (zh)
Other versions
CN116781280B (en
Inventor
潘晓亭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lonbon Technology Co ltd
Original Assignee
Lonbon Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lonbon Technology Co ltd filed Critical Lonbon Technology Co ltd
Priority to CN202310822934.2A priority Critical patent/CN116781280B/en
Publication of CN116781280A publication Critical patent/CN116781280A/en
Application granted granted Critical
Publication of CN116781280B publication Critical patent/CN116781280B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Small-Scale Networks (AREA)

Abstract

本发明公开了一种护士站信息交互平台认证管理方法及系统,方法包括:数据保存,用户注册,用户登录,局域网状态下设备激活认证,互联网状态下设备激活认证,无网络状态下设备激活认证,密码更改和新的传感器设备节点连接。本发明属于平台认证技术领域,具体是指一种护士站信息交互平台认证管理方法及系统,本方案采用哈希函数计算私钥,增加了数据的安全性,session的断开和失败机制保护用户信息的安全和系统的稳定性;通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题;引入身份验证机制,并加入失败重试机制,双机制增加认证的安全性和流程的稳定性。

The invention discloses a nurse station information interaction platform authentication management method and system. The method includes: data saving, user registration, user login, device activation authentication in the local area network state, device activation authentication in the Internet state, and device activation authentication in the non-network state. , password changes and new sensor device node connections. The invention belongs to the field of platform authentication technology, and specifically refers to a nurse station information interaction platform authentication management method and system. This solution uses a hash function to calculate the private key, which increases the security of the data, and the session disconnection and failure mechanism protects the user. Information security and system stability; avoid excessive delays and data expiration issues by comparing timestamps and setting the maximum allowable transmission delay; introduce an identity authentication mechanism, and add a failed retry mechanism, dual mechanisms to increase the security of authentication and process stability.

Description

一种护士站信息交互平台认证管理方法及系统A nurse station information interaction platform authentication management method and system

技术领域Technical field

本发明属于平台认证技术领域,具体是指一种护士站信息交互平台认证管理方法及系统。The invention belongs to the field of platform authentication technology, and specifically refers to a nurse station information interaction platform authentication management method and system.

背景技术Background technique

随着信息技术的迅猛发展,信息安全和用户身份认证成为护士站平台管理的重要任务。但是现有的护士站信息交互平台认证管理方法存在由于数据的安全性、可信性和防篡改能力弱导致信息泄露,通信的安全性降低,进而导致系统的整体安全性和稳定性降低的问题;存在由于认证过程不完整导致各节点数据不一致,进而出现攻击者篡改传输的数据和冒充身份,降低数据的安全性和可靠性,因传输延迟设置不当导致数据过期的问题;存在未经授权的设备在设备激活认证过程中被激活,系统安全性弱,由于网络问题及其他错误导致的认证失败的问题。With the rapid development of information technology, information security and user identity authentication have become important tasks for nurse station platform management. However, the existing nurse station information interaction platform authentication management method has problems such as information leakage due to weak data security, credibility and anti-tampering capabilities, and reduced communication security, which in turn leads to a reduction in the overall security and stability of the system. ;There are problems such as data inconsistency among nodes due to incomplete authentication process, and then attackers tampering with transmitted data and impersonating identities, reducing the security and reliability of data, and data expiration due to improper transmission delay settings; there are problems such as unauthorized The device is activated during the device activation authentication process, the system security is weak, and authentication fails due to network problems and other errors.

发明内容Contents of the invention

针对上述情况,为克服现有技术的缺陷,本发明提供了一种护士站信息交互平台认证管理方法及系统,针对由于数据的安全性、可信性和防篡改能力弱导致信息泄露,通信的安全性降低,进而导致系统的整体安全性和稳定性降低的问题,本方案采用哈希函数计算私钥,增加了数据的安全性,密钥库存储在区块链中心,保证了数据的可信性和防篡改能力,加密生成激活序列文件保证了敏感信息的安全性和防止信息泄露,智能卡的保存和身份散列值增加了身份验证的可靠性,session的断开和失败机制保护了用户信息的安全和系统的稳定性;针对由于认证过程不完整导致各节点数据不一致,进而出现攻击者篡改传输的数据和冒充身份,降低数据的安全性和可靠性,因传输延迟设置不当导致数据过期的问题,本方案确保设备激活认证的完整性和安全性,每个步骤都有特定的计算和验证,确保各节点和数据的正确性和一致性,利用哈希值和异或运算对数据处理,确保数据的完整性,防止攻击者冒充身份,篡改传输数据,通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题,运用多次验证机制提高安全性和可靠性,进而减少潜在的安全风险和攻击;针对设备激活认证流程过程中存在未经授权的设备被激活,系统安全性弱,由于网络问题及其他错误导致的认证失败的问题,本方案在认证过程中引入身份验证机制,确保激活请求来自合法的设备,并防止恶意激活请求,并加入失败重试机制,确保数据的正确传输和保存,双机制增加认证的安全性和流程的稳定性,使得认证安全性提升,容错性增强,认证流程清晰明确,减少错误与混淆。In view of the above situation, in order to overcome the shortcomings of the existing technology, the present invention provides a nurse station information interaction platform authentication management method and system, which is aimed at information leakage due to weak data security, credibility and tamper-proof ability, and communication problems. The security is reduced, which in turn leads to the reduction of the overall security and stability of the system. This solution uses a hash function to calculate the private key, which increases the security of the data. The key library is stored in the blockchain center, ensuring the reliability of the data. Reliability and anti-tampering capabilities, encryption to generate activation sequence files ensures the security of sensitive information and prevents information leakage, storage of smart cards and identity hash values increase the reliability of authentication, and session disconnection and failure mechanisms protect users Information security and system stability; In case of data inconsistency among nodes due to incomplete authentication process, attackers may tamper with transmitted data and impersonate identities, reducing the security and reliability of data. Improper transmission delay settings may cause data to expire. This solution ensures the integrity and security of device activation authentication. Each step has specific calculations and verifications to ensure the correctness and consistency of each node and data. Hash values and XOR operations are used to process data. , ensure the integrity of data, prevent attackers from impersonating identities and tampering with transmitted data, avoid excessive delays and data expiration issues by comparing timestamps and setting the maximum allowable transmission delay, and use multiple verification mechanisms to improve security and reliability , thereby reducing potential security risks and attacks; in view of the problems that unauthorized devices are activated during the device activation authentication process, system security is weak, and authentication fails due to network problems and other errors, this solution is used during the authentication process. Introduce an identity verification mechanism to ensure that activation requests come from legitimate devices and prevent malicious activation requests, and add a failed retry mechanism to ensure the correct transmission and storage of data. The dual mechanism increases the security of authentication and the stability of the process, making authentication safe. Improved security, enhanced fault tolerance, clear certification process, reducing errors and confusion.

本发明采取的技术方案如下:本发明提供的一种护士站信息交互平台认证管理方法,该方法包括以下步骤:The technical solution adopted by the present invention is as follows: the present invention provides a nurse station information interaction platform authentication management method, which method includes the following steps:

步骤S1:数据保存,采用哈希函数计算私钥和共享密钥,保存信息到密钥库,并加密生成激活序列文件;Step S1: Data saving, using the hash function to calculate the private key and shared key, saving the information to the key library, and encrypting it to generate the activation sequence file;

步骤S2:用户注册,用户选择唯一的ID和密码,计算用户密码的哈希值和身份散列值,并将其保存到智能卡中;Step S2: User registration, the user selects a unique ID and password, calculates the hash value of the user password and the identity hash value, and saves them to the smart card;

步骤S3:用户登录,用户将智能卡插入读取机,并输入ID和密码,引入哈希值和随机数的计算、session的断开和失败机制,智能卡通过公共信道向网关节点发送登录请求;Step S3: User logs in. The user inserts the smart card into the reader and enters the ID and password. The calculation of hash value and random number, session disconnection and failure mechanism are introduced. The smart card sends a login request to the gateway node through the public channel;

步骤S4:局域网状态下设备激活认证,采用完整的认证过程,利用哈希值和异或运算对数据加密、验证和防篡改,通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题,同时运用多次验证机制;Step S4: Device activation authentication in LAN state, using a complete authentication process, using hash value and XOR operation to encrypt, verify and prevent tampering of data, and avoid excessive delays and occurrences by comparing timestamps and setting the maximum allowable transmission delay To solve the problem of data expiration, multiple verification mechanisms are used at the same time;

步骤S5:互联网状态下设备激活认证,在认证过程中引入身份验证机制,确保激活请求来自合法的设备,并防止恶意激活请求,加入失败重试机制;Step S5: Device activation authentication in the Internet state, introducing an identity verification mechanism during the authentication process to ensure that the activation request comes from a legitimate device, prevent malicious activation requests, and add a failed retry mechanism;

步骤S6:无网络状态下设备激活认证,认证设备通过蓝牙扫描并配对,使用私钥加密发送激活设备认证的BLE协议,同时引入身份验证机制进行认证;Step S6: Activate the device for authentication when there is no network. The authentication device scans and pairs through Bluetooth, uses private key encryption to send the BLE protocol that activates device authentication, and introduces an identity verification mechanism for authentication;

步骤S7:密码更改,用户将智能卡插入读取机,并输入ID和密码,智能卡计算相关随机数值和哈希值,并进行身份验证,若验证通过,则输入新密码并修改智能卡内的相关信息,否则,会话中断;Step S7: Password change. The user inserts the smart card into the reader and enters the ID and password. The smart card calculates the relevant random values and hash values and performs identity verification. If the verification is passed, the user enters the new password and modifies the relevant information in the smart card. , otherwise, the session is interrupted;

步骤S8:新的传感器设备节点连接,区块链中心选择新的传感器设备节点,计算新的共享密钥,保存相关信息并将其发送至网关节点,网关节点存储并更新密钥库中的信息。Step S8: The new sensor device node is connected. The blockchain center selects the new sensor device node, calculates the new shared key, saves the relevant information and sends it to the gateway node. The gateway node stores and updates the information in the key database. .

进一步地,在步骤S1中,所述数据保存具体包括以下步骤:Further, in step S1, the data saving specifically includes the following steps:

步骤S11:计算网关节点私钥,所用公式如下:Step S11: Calculate the private key of the gateway node. The formula used is as follows:

Sg=h(IDg||SBC);S g =h(ID g ||S BC );

式中,Sg是网关节点的私钥,h()是哈希函数,IDg是网关节点的标识符,SBC是区块链中心BC的私钥,||是拼接操作;In the formula, S g is the private key of the gateway node, h () is the hash function, ID g is the identifier of the gateway node, S BC is the private key of the blockchain center BC, || is the splicing operation;

步骤S12:计算共享密钥,所用公式如下:Step S12: Calculate the shared key, the formula used is as follows:

Ssn=h(IDsn||SBC);S sn =h(ID sn ||S BC );

式中,Ssn是网关节点和传感器设备节点之间的共享密钥,IDsn是传感器设备节点的标识符;In the formula, S sn is the shared key between the gateway node and the sensor device node, and ID sn is the identifier of the sensor device node;

步骤S13:密钥库保存,{IDsn,Ssn}由区块链中心BC保存在传感器设备节点SNk中;Step S13: The key database is saved, {ID sn , S sn } is saved in the sensor device node SN k by the blockchain center BC;

步骤S14:区块链中心保存并发送至网关节点,区块链中心BC保存{IDg,Sg,IDsn,Ssn},并将其发送到网关节点GWjStep S14: The blockchain center saves and sends it to the gateway node. The blockchain center BC saves {ID g , S g , ID sn , S sn } and sends it to the gateway node GW j ;

步骤S15:信息入库,所有护士站主机在出厂时需记录批次与设备硬件信息至设备库中,记录主板序列号等关键信息入库;Step S15: Information is stored in the database. All nurse station hosts need to record batch and equipment hardware information into the equipment library when leaving the factory, and record key information such as the motherboard serial number and store it in the database;

步骤S16:加密生成激活序列文件,其中包含硬件信息、平台模块模块配置内容、账号等加密内容。Step S16: Encrypt and generate an activation sequence file, which contains hardware information, platform module module configuration content, account number and other encrypted content.

进一步地,在步骤S2中,所述用户注册具体包括以下步骤:Further, in step S2, the user registration specifically includes the following steps:

步骤S21:计算用户密码的哈希值,用户选择唯一的ID和密码,并生成一个随机数r1,计算密码的哈希值,将{IDi,HPWi}发送给网关节点GWj,所用公式如下:Step S21: Calculate the hash value of the user's password, the user selects a unique ID and password, and generates a random number r 1 , calculates the hash value of the password, and sends {ID i , HPW i } to the gateway node GW j , using The formula is as follows:

HPWi=h(r1||PWi);HPW i =h(r 1 ||PW i );

式中,HPWi是用户i密码的哈希值,IDi是用户i的ID,PWi是用户i的密码;In the formula, HPW i is the hash value of user i’s password, ID i is the ID of user i, and PW i is the password of user i;

步骤S22:计算哈希值,网关节点GWj接收到{IDi,HPWi}后,使用伪随机数生成器生成一个随机数r2,在时间戳T1计算R1、R2和R3,所用公式如下:Step S22: Calculate the hash value. After receiving {ID i , HPW i }, the gateway node GW j uses a pseudo-random number generator to generate a random number r 2 and calculates R 1 , R 2 and R 3 at the timestamp T 1 , the formula used is as follows:

R1=h(HPWi||T1);R 1 =h(HPW i ||T 1 );

R2=h(HPWi||IDg);R 2 =h(HPW i ||ID g );

R3=h(R1||r2||Sg)⊕h(HPWi||T1);R 3 =h(R 1 ||r 2 ||S g )⊕h(HPW i ||T 1 );

式中,||是字符串连接操作,⊕是异或操作,R1是用户i密码的哈希值和时间戳T1的结合并用哈希函数计算哈希值,R2是用户i密码的哈希值和网关节点的标识符IDg的结合并计算哈希值,R3是异或操作后计算哈希值;In the formula, || is a string concatenation operation, ⊕ is an XOR operation, R 1 is the combination of the hash value of user i’s password and the timestamp T 1 and uses a hash function to calculate the hash value, R 2 is the hash value of user i’s password The hash value is combined with the identifier ID g of the gateway node and the hash value is calculated. R 3 is the hash value calculated after the XOR operation;

步骤S23:智能卡保存,网关节点GWj将{r2,T1,IDg,h(),R1,R2,R3}保存在存储用户标识信息的智能卡SC中,并将其发送给用户i;Step S23: Smart card saving, gateway node GW j saves {r 2 , T 1 , ID g , h (), R 1 , R 2 , R 3 } in the smart card SC that stores user identification information, and sends it to useri;

步骤S24:计算身份散列值,用户i接收到{r2,T1,IDg,h(),R1,R2,R3}后,计算出身份散列值,并将其写入智能卡SC,所用公式如下:Step S24: Calculate the identity hash value. After user i receives {r 2 , T 1 , ID g , h (), R 1 , R 2 , R 3 }, the identity hash value is calculated and written into For smart card SC, the formula used is as follows:

HIDi=h(PWi||IDi)⊕r1HID i =h(PW i ||ID i )⊕r 1 ;

式中,HIDi是用户i的身份散列值。In the formula, HID i is the identity hash value of user i.

进一步地,在步骤S3中,所述用户登录具体包括以下步骤:Further, in step S3, the user login specifically includes the following steps:

步骤S31:智能卡插入,用户i将智能卡SC插入读取机,并输入IDi和PWiStep S31: Smart card insertion, user i inserts the smart card SC into the reader and enters ID i and PW i ;

步骤S32:获取数据,用户i选择最近的一个网关节点,建立与传感器设备节点之间的通信链路,获取用户所需的数据;Step S32: Obtain data. User i selects the nearest gateway node, establishes a communication link with the sensor device node, and obtains the data required by the user;

步骤S33:智能卡第一次计算,所用公式如下:Step S33: The first calculation of the smart card, the formula used is as follows:

r1 *=HIDi⊕h(PWi||IDi);r 1 * =HID i ⊕h (PW i ||ID i );

HPWi *=h(r1 *||PWi);HPW i * =h (r 1 * ||PW i );

R2 *=h(HPWi *||IDg);R 2 * =h (HPW i * ||ID g );

式中,r1 *是智能卡SC计算的随机数值,HPWi *是智能卡SC计算的用户i密码的哈希值,R2 *是网关节点生成的随机数;In the formula, r 1 * is the random value calculated by the smart card SC, HPW i * is the hash value of user i's password calculated by the smart card SC, and R 2 * is the random number generated by the gateway node;

步骤S34:验证,智能卡SC检查R2和R2 *是否相等,若R2=R2 *,则验证用户i的IDi和PWi,否则,会话中断;Step S34: Verification, the smart card SC checks whether R 2 and R 2 * are equal. If R 2 =R 2 * , then verify the ID i and PW i of the user i, otherwise, the session is interrupted;

步骤S35:智能卡第二次计算,智能卡SC生成一个随机数r3,在时间戳T2计算F1、F2和F3,所用公式如下:Step S35: The smart card calculates for the second time. The smart card SC generates a random number r 3 and calculates F 1 , F 2 and F 3 at timestamp T 2. The formula used is as follows:

F1=R3⊕h(HPWi||T1);F 1 =R 3 ⊕h (HPW i ||T 1 );

F2=h(T2||r3||F1||IDg);F 2 =h(T 2 ||r 3 ||F 1 ||ID g );

F3=h(r3||T2)⊕F1F 3 =h(r 3 ||T 2 )⊕F 1 ;

式中,F1是异或运算得到的值,F2是智能卡SC计算得到的哈希值,F3是异或运算得到的值;In the formula, F 1 is the value obtained by the XOR operation, F 2 is the hash value calculated by the smart card SC, and F 3 is the value obtained by the XOR operation;

步骤S36:发送登录请求,智能卡SC通过公共信道向网关节点GWj发送登录请求{IDsn,F2,F3}。Step S36: Send a login request. The smart card SC sends the login request {ID sn , F 2 , F 3 } to the gateway node GW j through the public channel.

进一步地,在步骤S4中,所述局域网状态下设备激活认证具体包括以下步骤:Further, in step S4, the device activation authentication in the local area network state specifically includes the following steps:

步骤S41:网关节点第一次计算,当网关节点GWj接收到登录请求{IDsn,F2,F3}后,在时间戳T3计算F1 *、F1 *⊕F3,所用公式如下:Step S41: The gateway node calculates for the first time. When the gateway node GW j receives the login request {ID sn , F 2 , F 3 }, it calculates F 1 * and F 1 * ⊕F 3 at timestamp T 3. The formula used is as follows:

r3 *=h(PWi||IDi)⊕r3⊕h(PWi||IDir 3 * =h(PW i ||ID i )⊕r 3 ⊕h(PW i ||ID i )

T2 *=h(T2);T 2 * =h(T 2 );

F1 *=h(R1||r2||Sg);F 1 * =h (R 1 ||r 2 ||S g );

F1 *⊕F3=h(r3 *||T2 *);式中,F1 *是网关节点GWj计算得到的值,F1 *⊕F3是网关节点GWj计算得到的哈希值,r3 *是异或运算得到的值,T2 *是对时间戳T2进行哈希运算得到的哈希值;F 1 * ⊕F 3 =h (r 3 * ||T 2 * ); in the formula, F 1 * is the value calculated by gateway node GW j , F 1 * ⊕F 3 is the value calculated by gateway node GW j Hash value, r 3 * is the value obtained by XOR operation, T 2 * is the hash value obtained by hashing the timestamp T 2 ;

步骤S42:第一次检查,网关节点GWj检查(T3-T2)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T3-T2)<ΔT,则进行下一步骤,否则,终止会话;Step S42: For the first check, the gateway node GW j checks whether (T 3 -T 2 ) is less than the maximum allowable transmission delay ΔT of the sender and receiver. If (T 3 -T 2 ) < ΔT, proceed to the next step. , otherwise, terminate the session;

步骤S43:第一次验证,网关节点GWj计算F2 *,并验证F2 *是否等于F2,若F2 *=F2,则对用户i的进行身份验证,否则,会话被中断,所用公式如下:Step S43: For the first verification, gateway node GW j calculates F 2 * and verifies whether F 2 * is equal to F 2 . If F 2 * =F 2 , authenticate user i. Otherwise, the session is interrupted. The formula used is as follows:

F2 *=h(T2 *||r3 *||F1 *||IDg);F 2 * =h (T 2 * ||r 3 * ||F 1 * ||ID g );

式中,F2 *是网关节点GWj计算得到的哈希值;In the formula, F 2 * is the hash value calculated by the gateway node GW j ;

步骤S44:网关节点第二次计算,网关节点GWj生成一个随机数r4,并计算R4、R5和R6,所用公式如下:Step S44: The gateway node calculates for the second time. The gateway node GW j generates a random number r4 and calculates R 4 , R 5 and R 6 . The formula used is as follows:

R4=h(IDsn||R1||Ssn||r4||T3);R 4 =h(ID sn ||R 1 ||S sn ||r 4 ||T 3 );

R5=(r3 *||T3||r4)⊕SsnR 5 = (r 3 * ||T 3 ||r 4 )⊕S sn ;

R6=R1⊕h(IDsn||h(r4)||r3 *);R 6 =R 1 ⊕h(ID sn ||h(r 4 )||r 3 * );

式中,R4是网关节点GWj计算得到的哈希值,R5是异或运算得到的值,R6是异或运算得到的值;In the formula, R 4 is the hash value calculated by the gateway node GW j , R 5 is the value obtained by the XOR operation, and R 6 is the value obtained by the XOR operation;

步骤S45:网关节点第一次发送请求,网关节点GWj向传感器设备节点SNk发送{IDsn,R4,R5,R6};Step S45: The gateway node sends a request for the first time, and the gateway node GW j sends {ID sn , R 4 , R 5 , R 6 } to the sensor device node SN k ;

步骤S46:传感器设备节点第一次计算,传感器设备节点SNk接收{IDsn,R4,R5,R6}后,在时间戳T4计算h(r3 **||r4 *||T3 *),所用公式如下:Step S46: The sensor device node calculates for the first time. After the sensor device node SN k receives {ID sn , R 4 , R 5 , R 6 }, it calculates h (r 3 ** ||r 4 * | at timestamp T 4 |T 3 * ), the formula used is as follows:

r3 **=h(PWi *||IDi)⊕r3⊕h(PWi *||IDir 3 ** =h(PW i * ||ID i )⊕r 3 ⊕h(PW i * ||ID i )

r4 *=h(PWi||IDi)⊕r4⊕h(PWi||IDir 4 * =h(PW i ||ID i )⊕r 4 ⊕h(PW i ||ID i )

T3 *=h(T3);T 3 * =h(T 3 );

h(r3 **||r4 *||T3 *)=R5⊕Ssnh(r 3 ** ||r 4 * ||T 3 * )=R 5 ⊕S sn ;

式中,h(r3 **||r4 *||T3 *)是异或运算得到的值,r3 **是异或运算得到的值,r4 *是异或运算得到的值,T3 *是对时间戳T3进行哈希运算得到的哈希值;In the formula, h (r 3 ** ||r 4 * ||T 3 * ) is the value obtained by the exclusive OR operation, r 3 ** is the value obtained by the exclusive OR operation, r 4 * is the value obtained by the exclusive OR operation , T 3 * is the hash value obtained by hashing the timestamp T 3 ;

步骤S47:第二次检查,传感器设备节点SNk检查(T4-T3)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T4-T3)<ΔT,则进行下一步骤,否则,终止会话;Step S47: For the second check, the sensor device node SN k checks whether (T 4 -T 3 ) is less than the maximum allowable transmission delay ΔT of the transmitter and receiver. If (T 4 -T 3 ) <ΔT, proceed to the next step. Step, otherwise, terminate the session;

步骤S48:传感器设备节点第二次计算,所用公式如下:Step S48: The sensor device node is calculated for the second time. The formula used is as follows:

R1 *=R6⊕h(IDsn||h(r4 *)||r3 **);R 1 * =R 6 ⊕h (ID sn ||h (r 4 * ) ||r 3 ** );

R4 *=h(IDsn||R1 *||Ssn||r4 *||T3 *);R 4 * =h (ID sn ||R 1 * ||S sn ||r 4 * ||T 3 * );

式中,R1 *是异或运算得到的值,R4 *是传感器设备节点SNk计算得到的哈希值;In the formula, R 1 * is the value obtained by the XOR operation, and R 4 * is the hash value calculated by the sensor device node SN k ;

步骤S49:第三次检查,传感器设备节点SNk检查R4 *是否等于R4,若R4 *=R4,则进行下一步骤,否则,终止会话;Step S49: For the third check, the sensor device node SN k checks whether R 4 * is equal to R 4 . If R 4 * =R 4 , proceed to the next step. Otherwise, terminate the session;

步骤S410:传感器设备节点第三次计算,传感器设备节点SNk生成一个随机数r5,并计算SKi、B1和B2,所用公式如下:Step S410: The sensor device node calculates for the third time. The sensor device node SN k generates a random number r5 and calculates SK i , B 1 and B 2 . The formula used is as follows:

SKi=h(R1 *||r3 **||r4 *||r5);SK i =h(R 1 * ||r 3 ** ||r 4 * ||r 5 );

B1=h(T4||r5||Ssn||IDsn||T3||SKi);B 1 =h (T 4 ||r 5 ||S sn ||ID sn ||T 3 ||SK i );

B2=h(r5||T4)⊕r4 *B 2 =h(r 5 ||T 4 )⊕r 4 * ;

式中,SKi是传感器设备节点SNk的密钥,B1是用于验证和识别身份的哈希值,B2是用于验证数据完整性的哈希值;In the formula, SK i is the key of the sensor device node SN k , B 1 is the hash value used to verify and identify the identity, and B 2 is the hash value used to verify data integrity;

步骤S411:传感器设备节点发送消息,传感器设备节点SNk向网关节点GWj发送{B1,B2};Step S411: The sensor device node sends a message, and the sensor device node SN k sends {B 1 , B 2 } to the gateway node GW j ;

步骤S412:网关节点第三次计算,网关节点GWj接收{B1,B2}后,在时间戳T5计算h(r5 *||T4 *),所用公式如下:Step S412: The gateway node calculates for the third time. After the gateway node GW j receives {B 1 , B 2 }, it calculates h (r 5 * ||T 4 * ) at the timestamp T 5 . The formula used is as follows:

r5 *=h(PWi||IDi)⊕r5⊕h(PWi||IDir 5 * =h(PW i ||ID i )⊕r 5 ⊕h(PW i ||ID i )

T4 *=h(T4);T 4 * =h(T 4 );

h(r5 *||T4 *)=B2⊕r4h(r 5 * ||T 4 * )=B 2 ⊕r 4 ;

式中,h(r5 *||T4 *)是异或运算得到的值,r5 *是异或运算得到的值,T4 *是对时间戳T4进行哈希运算得到的哈希值;In the formula, h (r 5 * ||T 4 * ) is the value obtained by the XOR operation, r 5 * is the value obtained by the XOR operation, and T 4 * is the hash obtained by hashing the timestamp T 4 value;

步骤S413:第四次检查,网关节点GWj检查(T5-T4)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T5-T4)<ΔT,则进行下一步骤,否则,终止会话;Step S413: For the fourth check, the gateway node GW j checks whether (T 5 -T 4 ) is less than the maximum allowable transmission delay ΔT of the sender and receiver. If (T 5 -T 4 ) <ΔT, proceed to the next step. , otherwise, terminate the session;

步骤S414:第二次验证,网关节点GWj计算B1 *,并验证B1 *是否等于B1,若B1 *=B1,则对传感器设备节点SNk进行验证,否则,终止会话,所用公式如下:Step S414: For the second verification, the gateway node GW j calculates B 1 * and verifies whether B 1 * is equal to B 1 . If B 1 * =B 1 , then verify the sensor device node SN k . Otherwise, terminate the session. The formula used is as follows:

B1 *=h(T4 *||r5 *||Ssn||IDsn||T3 *||SKi);B 1 * =h (T 4 * ||r 5 * ||S sn ||ID sn ||T 3 * ||SK i );

式中,B1 *是网关节点GWj计算得到的哈希值;In the formula, B 1 * is the hash value calculated by the gateway node GW j ;

步骤S415:网关节点第四次计算,所用公式如下:Step S415: The gateway node calculates for the fourth time. The formula used is as follows:

R7=h(SKi||R1||r4||T5||R4);R 7 =h (SK i ||R 1 ||r 4 ||T 5 ||R 4 );

R8=h(r5 *||r4||T5)⊕r3 *R 8 =h(r 5 * ||r 4 ||T 5 )⊕r 3 * ;

式中,R7是网关节点GWj计算得到的哈希值,R8是异或运算得到的值;In the formula, R 7 is the hash value calculated by the gateway node GW j , and R 8 is the value obtained by the XOR operation;

步骤S416:网关节点第二次发送请求,网关节点GWj向用户i发送{R4,R7,R8};Step S416: The gateway node sends a request for the second time, and the gateway node GW j sends {R 4 , R 7 , R 8 } to user i;

步骤S417:智能卡第三次计算,用户i接收{R4,R7,R8}后,在时间戳T6计算h(r5 **||r4 *||T5 *),所用公式如下:Step S417: The smart card calculates for the third time. After user i receives {R 4 , R 7 , R 8 }, it calculates h (r 5 ** ||r 4 * ||T 5 * ) at timestamp T 6 , using the formula as follows:

r5 **=HIDi⊕h(PWi||IDi);r 5 ** =HID i ⊕h (PW i ||ID i );

T5 *=h(T5);T 5 * =h (T 5 );

h(r5 **||r4 *||T5 *)=R8⊕r3h(r 5 ** ||r 4 * ||T 5 * )=R 8 ⊕r 3 ;

式中,h(r5 **||r4 *||T5 *)是异或运算得到的值,r5 **是异或运算得到的值,T5 *是对时间戳T5进行哈希运算得到的哈希值;In the formula, h (r 5 ** ||r 4 * ||T 5 * ) is the value obtained by the exclusive OR operation, r 5 ** is the value obtained by the exclusive OR operation, and T 5 * is performed on the timestamp T 5 The hash value obtained by the hash operation;

步骤S418:第五次检查,智能卡SC检查(T6-T5)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T6-T5)<ΔT,则进行下一步骤,否则,终止会话;Step S418: The fifth check, the smart card SC checks whether (T 6 -T 5 ) is less than the maximum allowable transmission delay ΔT of the sender and receiver. If (T 6 -T 5 ) < ΔT, proceed to the next step, otherwise , terminate the session;

步骤S419:第三次验证,智能卡SC计算R7 *,并验证R7 *是否等于R7,若R7 *=R7,则身份验证成功,设备激活,否则,会话中断,所用公式如下:Step S419: For the third verification, the smart card SC calculates R 7 * and verifies whether R 7 * is equal to R 7 . If R 7 * =R 7 , the authentication is successful and the device is activated. Otherwise, the session is interrupted. The formula used is as follows:

R7 *=h(SKi||h(HPWi||T1)||r4 *||T5 *||R4);R 7 * =h (SK i ||h (HPW i ||T 1 ) ||r 4 * ||T 5 * ||R 4 );

式中,R7 *是智能卡SC计算得到的哈希值。In the formula, R 7 * is the hash value calculated by the smart card SC.

进一步地,在步骤S5中,所述互联网状态下设备激活认证具体包括以下步骤:Further, in step S5, the device activation authentication in the Internet state specifically includes the following steps:

步骤S51:平台设备开启,并保证主程序正常工作;Step S51: Turn on the platform device and ensure that the main program works normally;

步骤S52:主程序在正常联网状态下,根据设备中保存的公钥内容,通过加密算法生成设备信息动态码;Step S52: In a normal networking state, the main program generates a device information dynamic code through an encryption algorithm based on the public key content saved in the device;

步骤S53:服务端在输入动态码,根据私钥文件解密获得硬件设备信息及IP地址网关等内容,通过UDP通信协议向该平台设备发送激活邀请协议①;Step S53: The server inputs the dynamic code, decrypts the private key file to obtain the hardware device information and IP address gateway, etc., and sends the activation invitation agreement ① to the platform device through the UDP communication protocol;

步骤S54:平台设备接收到激活邀请协议①,响应并提供设备信息至护士站服务端认证激活UDP协议②,同时引入身份验证机制;Step S54: The platform device receives the activation invitation protocol ①, responds and provides device information to the nurse station server to authenticate the activation UDP protocol ②, and introduces an identity verification mechanism;

步骤S55:护士站服务端接收到认证激活UDP协议②后,记录和发送认证序列内容TCP协议③给指定设备;Step S55: After receiving the authentication activation UDP protocol ②, the nurse station server records and sends the authentication sequence content TCP protocol ③ to the designated device;

步骤S56:平台设备接收到认证序列内容TCP协议③后,将序列文件内容保存至内部存储共有目录下,并设置文件为只读模式,成功保存文件后发送确认认证激活协议④,并加入失败重试机制;Step S56: After the platform device receives the authentication sequence content TCP protocol ③, it saves the sequence file content to the internal storage shared directory, and sets the file to read-only mode. After successfully saving the file, it sends the confirmation authentication activation protocol ④, and adds the failed retry. test mechanism;

步骤S57:护士站服务端确认接收到确认认证激活协议④后,记录当前设备信息和序列文件信息至数据库,完成认证;Step S57: After confirming receipt of the confirmation authentication activation protocol ④, the nurse station server records the current device information and sequence file information to the database to complete the authentication;

步骤S58:完成认证设备进行重启后,系统主程序会检查步骤S56中存放的认证序列文件,使用序列文件内容,完成平台系统功能初始化,并请求服务器完成token内容注册和激活,完成认证,读取平台系统功能配置开始运行平台多应用系统;若文件读失败或文件无效,重新进入到步骤S53等待。Step S58: After the authentication device is restarted, the system main program will check the authentication sequence file stored in step S56, use the contents of the sequence file to complete the platform system function initialization, and request the server to complete token content registration and activation, complete authentication, and read The platform system function configuration starts to run the platform multi-application system; if the file reading fails or the file is invalid, re-enter step S53 and wait.

进一步地,在步骤S6中,所述无网络状态下设备激活认证具体包括以下步骤:Further, in step S6, the device activation authentication in the non-network state specifically includes the following steps:

步骤S61:平台设备开启,并保证主程序正常工作;Step S61: Turn on the platform device and ensure that the main program works normally;

步骤S62:保证蓝牙模块正常无损坏,通过传输工具在系统存储位置记录认证设备公钥文件和认证序列表文件;Step S62: Ensure that the Bluetooth module is normal and not damaged, and record the authentication device public key file and authentication sequence list file in the system storage location through the transmission tool;

步骤S63:认证设备通过蓝牙扫描配对,私钥加密发送激活设备认证BLE协议①,同时引入身份验证机制;Step S63: The authentication device is paired through Bluetooth scanning, the private key is encrypted and sent to activate the device authentication BLE protocol ①, and an identity verification mechanism is introduced;

步骤S64:平台设备持续保存设备认证BLE协议①,遇到指定结尾内容,停止内容解析接收,同时引入错误处理机制;Step S64: The platform device continues to save the device authentication BLE protocol ①. When encountering the specified ending content, it stops content parsing and reception, and introduces an error handling mechanism;

步骤S65:平台设备利用公钥文件解析协议内容,截取指定字节内容;Step S65: The platform device uses the public key file to parse the protocol content and intercept the specified byte content;

步骤S66:若平台设备已完成认证激活,则保存设备认证BLE协议①中指定字节解析的发送端设备信息,加入认证序列表文件,并拼接设备信息反馈确认激活BLE协议②,随后断开蓝牙链接,固定间隔时间后,重新返回步骤步骤S63;Step S66: If the platform device has completed authentication activation, save the sending device information of the specified byte parsing in the device authentication BLE protocol ①, add the authentication sequence list file, and splice the device information feedback to confirm the activation of the BLE protocol ②, and then disconnect Bluetooth Link, after a fixed interval, return to step S63;

步骤S67:若平台设备未认证激活,则拼接设备信息反馈确认激活BLE协议②;Step S67: If the platform device has not been authenticated and activated, the splicing device information feedback confirms the activation of the BLE protocol ②;

步骤S68:认证设备密钥盒接收到BLE协议②,根据自身私钥文件解析并截取指定字节内容,若对应步骤S66保存的设备信息,则记录该认证设备,加入认证序列表文件,并直接停止步骤断开蓝牙,固定间隔时间后,重新返回步骤步骤S63;若对应步骤步骤S67生成的设备认证序列,则转至步骤S69;若指定时间内未接收到BLE协议②,则在认证序列表文件移除该设备,断开蓝牙,固定间隔时间后,重新返回步骤步骤S63,过程中加入身份验证机制;Step S68: The authentication device key box receives the BLE protocol ②, parses and intercepts the specified byte content according to its own private key file, and if it corresponds to the device information saved in step S66, records the authentication device, adds the authentication sequence list file, and directly The stop step disconnects Bluetooth, and after a fixed interval, returns to step S63; if it corresponds to the device authentication sequence generated in step S67, go to step S69; if the BLE protocol ② is not received within the specified time, in the authentication sequence list The file removes the device, disconnects Bluetooth, and returns to step S63 after a fixed interval, adding an identity authentication mechanism in the process;

步骤S69:认证设备拼接私钥文件内容与设备认证序列内容,加密发送认证激活BLE协议③;Step S69: The authentication device splices the content of the private key file and the content of the device authentication sequence, and encrypts and sends the authentication to activate the BLE protocol ③;

步骤S610:平台设备保存BLE协议③,遇到指定结尾内容,停止内容解析接收,利用公钥内容,解析协议内容,完成认证序列内容和公钥内容保存,并记录当前发送端认证设备加入认证序列表文件,断开蓝牙链接,过程中采用错误处理机制;Step S610: The platform device saves the BLE protocol ③. When encountering the specified ending content, it stops content parsing and reception, uses the public key content to parse the protocol content, completes the storage of the authentication sequence content and public key content, and records that the current sending end authentication device has joined the authentication sequence. List file, disconnect the Bluetooth link, and use an error handling mechanism in the process;

步骤S611:所有完成认证的平台设备开启感染激活区块链算法,代替认证设备密钥盒进行步骤S63,对所有处于步骤S62的附近设备进行BLE协议通;Step S611: All platform devices that have completed authentication turn on the infection activation blockchain algorithm, proceed to step S63 instead of the authentication device key box, and perform BLE protocol communication on all nearby devices in step S62;

步骤S612:上述操作可通过蓝牙基站巩固步骤S63至步骤S610,只作为数据中转,不影响实际认证结果;Step S612: The above operation can be consolidated from step S63 to step S610 through the Bluetooth base station, which is only used as data transfer and does not affect the actual authentication result;

步骤S613:当设备处于局域网或者互联网状态下,随机导入任意一台认证设备的认证序列表文件至信息交互服务器,即可直接完成所有设备注册初始化使用;Step S613: When the device is in the LAN or Internet state, randomly import the authentication sequence list file of any authentication device to the information exchange server to directly complete the registration, initialization and use of all devices;

步骤S614:增加日志记录和监测功能,定期检查系统的运行状况。Step S614: Add logging and monitoring functions to regularly check the operating status of the system.

进一步地,在步骤S7中,所述密码更改具体包括以下步骤:Further, in step S7, the password change specifically includes the following steps:

步骤S71:智能卡插入,用户i将智能卡SC插入读取机,并输入IDi和PWiStep S71: Smart card insertion, user i inserts smart card SC into the reader and enters ID i and PW i ;

步骤S72:智能卡第一次计算,所用公式如下:Step S72: The first calculation of the smart card, the formula used is as follows:

r1 *=HIDi⊕h(PWi||IDi);r 1 * =HID i ⊕h (PW i ||ID i );

HPWi *=h(r1 *||PWi);HPW i * =h (r 1 * ||PW i );

R2 *=h(HPWi *||IDg);R 2 * =h (HPW i * ||ID g );

h(R1||r2||Sg)=R3⊕h(HPWi||T1);h(R 1 ||r 2 ||S g )=R 3 ⊕h(HPW i ||T 1 );

式中,r1 *是智能卡SC计算的随机数值,HPWi *是智能卡SC计算的用户i密码的哈希值,R2 *是网关节点生成的随机数,h(R1||r2||Sg)是异或运算得到的值;In the formula, r 1 * is the random value calculated by the smart card SC, HPW i * is the hash value of user i's password calculated by the smart card SC, R 2 * is the random number generated by the gateway node, h (R 1 ||r 2 | |S g ) is the value obtained by the XOR operation;

步骤S73:验证,智能卡SC检查R2和R2 *是否相等,若R2=R2 *,则验证用户i的IDi和PWi,否则,会话中断;Step S73: Verification, the smart card SC checks whether R 2 and R 2 * are equal. If R 2 =R 2 * , then verify the ID i and PW i of the user i, otherwise, the session is interrupted;

步骤S74:输入新密码,用户i输入新密码PWi newStep S74: Enter a new password, user i enters a new password PW i new ;

步骤S75:智能卡第二次计算,智能卡SC使用伪随机数生成器生成一个新的随机数r1 new,所用公式如下:Step S75: The smart card calculates for the second time. The smart card SC uses a pseudo-random number generator to generate a new random number r 1 new , and the formula used is as follows:

HIDi new=r1 new⊕h(PWi new||IDi);HID i new =r 1 new ⊕h (PW i new ||ID i );

HPWi new=h(r1 *||PWi new);HPW i new =h(r 1 * ||PW i new );

R2 new=h(HPWi new||IDg);R 2 new =h(HPW i new ||ID g );

R3 new=h(R1||r2||Sg)⊕h(PWi new||T1);R 3 new =h(R 1 ||r 2 ||S g )⊕h(PW i new ||T 1 );

式中,HIDi new是用户i的新的身份散列值,HPWi new是智能卡SC计算的用户i密码的新的哈希值,R2 new是新的随机数,R3 new是异或运算得到的值;In the formula, HID i new is the new identity hash value of user i, HPW i new is the new hash value of user i password calculated by smart card SC, R 2 new is the new random number, R 3 new is XOR The value obtained by the operation;

步骤S76:替换,智能卡SC将R2、R3和HID替换为相应的新值R2 new、R3 new和HIDi new,密码更改成功。Step S76: Replacement, the smart card SC replaces R 2 , R 3 and HID with the corresponding new values R 2 new , R 3 new and HID i new , and the password is changed successfully.

进一步地,在步骤S8中,所述新的传感器设备节点连接具体包括以下步骤:Further, in step S8, the new sensor device node connection specifically includes the following steps:

步骤S81:计算共享密钥并保存,区块链中心BC选择新的传感器设备节点SNk,计算新的共享密钥,并存储{SNk,Ssn},所用公式如下:Step S81: Calculate the shared key and save it. The blockchain center BC selects the new sensor device node SN k , calculates the new shared key, and stores {SN k , S sn }. The formula used is as follows:

Ssn=h(IDsn||SBC);S sn =h(ID sn ||S BC );

式中,Ssn是网关节点和新的传感器设备节点之间的共享密钥,IDsn是新的传感器设备节点的标识符;In the formula, S sn is the shared key between the gateway node and the new sensor device node, and ID sn is the identifier of the new sensor device node;

步骤S82:区块链中心发送至网关节点,区块链中心BC发送{SNk,Ssn}至网关节点GWjStep S82: The blockchain center sends to the gateway node, and the blockchain center BC sends {SN k , S sn } to the gateway node GW j ;

步骤S83:网关节点存储并更新密钥库,网关节点GWj存储{SNk,Ssn},并更新密钥库中的信息。Step S83: The gateway node stores and updates the key database, and the gateway node GW j stores {SN k , S sn } and updates the information in the key database.

本发明提供的一种护士站信息交互平台认证管理系统,包括数据保存模块、用户注册模块、用户登录模块、局域网状态下设备激活认证模块、互联网状态下设备激活认证模块、无网络状态下设备激活认证模块、密码更改模块和新的传感器设备节点连接模块;The invention provides a nurse station information interaction platform authentication management system, which includes a data storage module, a user registration module, a user login module, a device activation authentication module in a local area network state, a device activation authentication module in an Internet state, and a device activation authentication module in a non-network state. Authentication module, password change module and new sensor device node connection module;

所述数据保存模块采用哈希函数计算私钥和共享密钥,保存信息到密钥库,加密生成激活序列文件,并将激活序列文件发送至用户注册模块;The data storage module uses a hash function to calculate the private key and shared key, saves the information to the key library, encrypts and generates the activation sequence file, and sends the activation sequence file to the user registration module;

所述用户注册模块接收数据保存模块发送的激活序列文件,用户选择唯一的ID和密码,计算用户密码的哈希值和身份散列值,将其保存到智能卡中;The user registration module receives the activation sequence file sent by the data storage module, the user selects a unique ID and password, calculates the hash value and identity hash value of the user password, and saves it to the smart card;

所述用户登录模块用户将智能卡插入读取机,并输入ID和密码,通过哈希值和随机数的计算、session的断开和失败机制提供安全认证的可靠性,并将登录请求发送至局域网状态下设备激活认证模块、互联网状态下设备激活认证模块和无网络状态下设备激活认证模块;The user login module inserts the smart card into the reader and enters the ID and password. It provides the reliability of security authentication through the calculation of hash value and random number, session disconnection and failure mechanism, and sends the login request to the LAN. The device activation authentication module in the state, the device activation authentication module in the Internet state and the device activation authentication module in the non-network state;

所述局域网状态下设备激活认证模块接收用户登录模块发送的登录请求,采用完整的认证过程,利用哈希值和异或运算对数据加密、验证和防篡改,通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题,运用多次验证机制提高安全性和可靠性,并将认证结果发送至密码更改模块;The device activation authentication module in the LAN state receives the login request sent by the user login module, adopts a complete authentication process, uses hash values and XOR operations to encrypt, verify and prevent tampering of data, and compares timestamps and sets the maximum allowable Transmission delay avoids excessive delays and data expiration issues, uses multiple verification mechanisms to improve security and reliability, and sends the verification results to the password change module;

所述互联网状态下设备激活认证模块接收用户登录模块发送的登录请求,在认证过程中引入身份验证机制,确保激活请求来自合法的设备,并防止恶意激活请求,加入失败重试机制,确保数据的正确传输和保存,双机制增加认证的安全性和流程的稳定性,并将认证结果发送至密码更改模块;The device activation authentication module in the Internet state receives the login request sent by the user login module, introduces an identity verification mechanism during the authentication process, ensures that the activation request comes from a legitimate device, and prevents malicious activation requests, and adds a failed retry mechanism to ensure data security. Correctly transmit and save, the dual mechanism increases the security of authentication and the stability of the process, and sends the authentication result to the password change module;

所述无网络状态下设备激活认证模块接收用户登录模块发送的登录请求,采用BLE协议和身份验证机制进行认证,并将认证结果发送至密码更改模块;The device activation authentication module in the non-network state receives the login request sent by the user login module, uses the BLE protocol and identity verification mechanism for authentication, and sends the authentication result to the password change module;

所述密码更改模块接收局域网状态下设备激活认证模块、互联网状态下设备激活认证模块和无网络状态下设备激活认证模块发送的认证结果,用户将智能卡插入读取机,输入ID和密码,智能卡计算相关随机数值和哈希值,并进行身份验证,若验证通过,则输入新密码并修改智能卡内的相关信息,否则,会话中断;The password change module receives the authentication results sent by the device activation authentication module in the LAN state, the device activation authentication module in the Internet state, and the device activation authentication module in the non-network state. The user inserts the smart card into the reader, enters the ID and password, and the smart card calculates Relevant random values and hash values, and perform identity verification. If the verification is passed, enter a new password and modify the relevant information in the smart card. Otherwise, the session will be interrupted;

所述新的传感器设备节点连接模块选择新的传感器设备节点,计算新的共享密钥,保存相关信息并将其发送至网关节点,网关节点存储并更新密钥库中的信息,完成新的传感器设备节点连接。The new sensor device node connection module selects a new sensor device node, calculates a new shared key, saves relevant information and sends it to the gateway node. The gateway node stores and updates the information in the key database to complete the new sensor Device node connection.

采用上述方案本发明取得的有益效果如下:The beneficial effects achieved by the present invention by adopting the above scheme are as follows:

(1)针对由于数据的安全性、可信性和防篡改能力弱导致信息泄露,通信的安全性降低,进而导致系统的整体安全性和稳定性降低的问题,本方案采用哈希函数计算私钥,增加了数据的安全性,密钥库存储在区块链中心,保证了数据的可信性和防篡改能力,加密生成激活序列文件保证了敏感信息的安全性和防止信息泄露,智能卡的保存和身份散列值增加了身份验证的可靠性,session的断开和失败机制保护了用户信息的安全和系统的稳定性。(1) In order to solve the problem of information leakage and reduced communication security due to weak data security, credibility and anti-tampering capabilities, which in turn leads to a reduction in the overall security and stability of the system, this solution uses a hash function to calculate the private data. The key increases the security of the data. The key library is stored in the blockchain center to ensure the credibility and anti-tampering ability of the data. The encryption and generation of activation sequence files ensures the security of sensitive information and prevents information leakage. The smart card Saving and identity hash values increase the reliability of authentication, and the session disconnection and failure mechanism protects the security of user information and system stability.

(2)针对由于认证过程不完整导致各节点数据不一致,进而出现攻击者篡改传输的数据和冒充身份,降低数据的安全性和可靠性,因传输延迟设置不当导致数据过期的问题,本方案确保设备激活认证的完整性和安全性,每个步骤都有特定的计算和验证,确保各节点和数据的正确性和一致性,利用哈希值和异或运算对数据处理,确保数据的完整性,防止攻击者冒充身份,篡改传输数据,通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题,运用多次验证机制提高安全性和可靠性,进而减少潜在的安全风险和攻击。(2) In view of the problem that the data of each node is inconsistent due to the incomplete authentication process, and then attackers tamper with the transmitted data and impersonate the identity, reducing the security and reliability of the data, and the data expires due to improper transmission delay settings, this solution ensures The integrity and security of device activation authentication. Each step has specific calculations and verifications to ensure the correctness and consistency of each node and data. Hash values and XOR operations are used to process data to ensure data integrity. , to prevent attackers from impersonating identities and tampering with transmission data. By comparing timestamps and setting the maximum allowable transmission delay, avoid excessive delays and data expiration issues, and use multiple verification mechanisms to improve security and reliability, thereby reducing potential security risks. Risks and Attacks.

(3)针对设备激活认证流程过程中存在未经授权的设备被激活,系统安全性弱,由于网络问题及其他错误导致的认证失败的问题,本方案在认证过程中引入身份验证机制,确保激活请求来自合法的设备,并防止恶意激活请求,并加入失败重试机制,确保数据的正确传输和保存,双机制增加认证的安全性和流程的稳定性,使得认证安全性提升,容错性增强,认证流程清晰明确,减少错误与混淆。(3) In view of the problems that unauthorized devices are activated during the device activation authentication process, system security is weak, and authentication fails due to network problems and other errors, this solution introduces an identity verification mechanism during the authentication process to ensure activation. The request comes from a legitimate device and prevents malicious activation requests. A failed retry mechanism is added to ensure the correct transmission and storage of data. The dual mechanism increases the security of authentication and the stability of the process, improving authentication security and fault tolerance. The certification process is clear and unambiguous, reducing errors and confusion.

附图说明Description of drawings

图1为本发明提供的一种护士站信息交互平台认证管理方法的流程示意图;Figure 1 is a schematic flow chart of a nurse station information interaction platform authentication management method provided by the present invention;

图2为本发明提供的一种护士站信息交互平台认证管理系统的流程示意图;Figure 2 is a schematic flow chart of a nurse station information interaction platform authentication management system provided by the present invention;

图3为步骤S1的流程示意图;Figure 3 is a schematic flow chart of step S1;

图4为步骤S2的流程示意图;Figure 4 is a schematic flow chart of step S2;

图5为步骤S3的流程示意图;Figure 5 is a schematic flow chart of step S3;

图6为步骤S7的流程示意图。Figure 6 is a schematic flowchart of step S7.

附图用来提供对本发明的进一步理解,并且构成说明书的一部分,与本发明的实施例一起用于解释本发明,并不构成对本发明的限制。The drawings are used to provide a further understanding of the present invention and constitute a part of the specification. They are used to explain the present invention together with the embodiments of the present invention and do not constitute a limitation of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例;基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them; based on The embodiments of the present invention and all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of the present invention.

在本发明的描述中,需要理解的是,术语“上”、“下”、“前”、“后”、“左”、“右”、“顶”、“底”、“内”、“外”等指示方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本发明和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本发明的限制。In the description of the present invention, it should be understood that the terms "upper", "lower", "front", "back", "left", "right", "top", "bottom", "inner", " The orientation or positional relationship indicated by "outside" is based on the orientation or positional relationship shown in the drawings. It is only for the convenience of describing the present invention and simplifying the description. It does not indicate or imply that the device or element referred to must have a specific orientation or a specific location. orientation, construction and operation, and therefore should not be construed as limitations of the present invention.

实施例一,参阅图1,本发明提供的一种护士站信息交互平台认证管理方法,该方法包括以下步骤:Embodiment 1. Referring to Figure 1, the present invention provides a nurse station information interaction platform authentication management method. The method includes the following steps:

步骤S1:数据保存,采用哈希函数计算私钥和共享密钥,保存信息到密钥库,并加密生成激活序列文件;Step S1: Data saving, using the hash function to calculate the private key and shared key, saving the information to the key library, and encrypting it to generate the activation sequence file;

步骤S2:用户注册,用户选择唯一的ID和密码,计算用户密码的哈希值和身份散列值,并将其保存到智能卡中;Step S2: User registration, the user selects a unique ID and password, calculates the hash value of the user password and the identity hash value, and saves them to the smart card;

步骤S3:用户登录,用户将智能卡插入读取机,并输入ID和密码,引入哈希值和随机数的计算、session的断开和失败机制,智能卡通过公共信道向网关节点发送登录请求;Step S3: User logs in. The user inserts the smart card into the reader and enters the ID and password. The calculation of hash value and random number, session disconnection and failure mechanism are introduced. The smart card sends a login request to the gateway node through the public channel;

步骤S4:局域网状态下设备激活认证,采用完整的认证过程,利用哈希值和异或运算对数据加密、验证和防篡改,通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题,同时运用多次验证机制;Step S4: Device activation authentication in LAN state, using a complete authentication process, using hash value and XOR operation to encrypt, verify and prevent tampering of data, and avoid excessive delays and occurrences by comparing timestamps and setting the maximum allowable transmission delay To solve the problem of data expiration, multiple verification mechanisms are used at the same time;

步骤S5:互联网状态下设备激活认证,在认证过程中引入身份验证机制,确保激活请求来自合法的设备,并防止恶意激活请求,加入失败重试机制;Step S5: Device activation authentication in the Internet state, introducing an identity verification mechanism during the authentication process to ensure that the activation request comes from a legitimate device, prevent malicious activation requests, and add a failed retry mechanism;

步骤S6:无网络状态下设备激活认证,认证设备通过蓝牙扫描并配对,使用私钥加密发送激活设备认证的BLE协议,同时引入身份验证机制进行认证;Step S6: Activate the device for authentication when there is no network. The authentication device scans and pairs through Bluetooth, uses private key encryption to send the BLE protocol that activates device authentication, and introduces an identity verification mechanism for authentication;

步骤S7:密码更改,用户将智能卡插入读取机,并输入ID和密码,智能卡计算相关随机数值和哈希值,并进行身份验证,若验证通过,则输入新密码并修改智能卡内的相关信息,否则,会话中断;Step S7: Password change. The user inserts the smart card into the reader and enters the ID and password. The smart card calculates the relevant random values and hash values and performs identity verification. If the verification is passed, the user enters the new password and modifies the relevant information in the smart card. , otherwise, the session is interrupted;

步骤S8:新的传感器设备节点连接,区块链中心选择新的传感器设备节点,计算新的共享密钥,保存相关信息并将其发送至网关节点,网关节点存储并更新密钥库中的信息。Step S8: The new sensor device node is connected. The blockchain center selects the new sensor device node, calculates the new shared key, saves the relevant information and sends it to the gateway node. The gateway node stores and updates the information in the key database. .

实施例二,参阅图1和图3,该实施例基于上述实施例,在步骤S1中,数据保存具体包括以下步骤:Embodiment 2. Refer to Figures 1 and 3. This embodiment is based on the above embodiment. In step S1, data saving specifically includes the following steps:

步骤S11:计算网关节点私钥,所用公式如下:Step S11: Calculate the private key of the gateway node. The formula used is as follows:

Sg=h(IDg||SBC);S g =h(ID g ||S BC );

式中,Sg是网关节点的私钥,h()是哈希函数,IDg是网关节点的标识符,SBC是区块链中心BC的私钥,||是拼接操作;In the formula, S g is the private key of the gateway node, h () is the hash function, ID g is the identifier of the gateway node, S BC is the private key of the blockchain center BC, || is the splicing operation;

步骤S12:计算共享密钥,所用公式如下:Step S12: Calculate the shared key, the formula used is as follows:

Ssn=h(IDsn||SBC);S sn =h(ID sn ||S BC );

式中,Ssn是网关节点和传感器设备节点之间的共享密钥,IDsn是传感器设备节点的标识符;In the formula, S sn is the shared key between the gateway node and the sensor device node, and ID sn is the identifier of the sensor device node;

步骤S13:密钥库保存,{IDsn,Ssn}由区块链中心BC保存在传感器设备节点SNk中;Step S13: The key database is saved, {ID sn , S sn } is saved in the sensor device node SN k by the blockchain center BC;

步骤S14:区块链中心保存并发送至网关节点,区块链中心BC保存{IDg,Sg,IDsn,Ssn},并将其发送到网关节点GWjStep S14: The blockchain center saves and sends it to the gateway node. The blockchain center BC saves {ID g , S g , ID sn , S sn } and sends it to the gateway node GW j ;

步骤S15:信息入库,所有护士站主机在出厂时需记录批次与设备硬件信息至设备库中,记录主板序列号等关键信息入库;Step S15: Information is stored in the database. All nurse station hosts need to record batch and equipment hardware information into the equipment library when leaving the factory, and record key information such as the motherboard serial number and store it in the database;

步骤S16:加密生成激活序列文件,其中包含硬件信息、平台模块模块配置内容、账号等加密内容。Step S16: Encrypt and generate an activation sequence file, which contains hardware information, platform module module configuration content, account number and other encrypted content.

实施例三,参阅图1和图4,该实施例基于上述实施例,在步骤S2中,用户注册具体包括以下步骤:Embodiment 3. Refer to Figures 1 and 4. This embodiment is based on the above embodiment. In step S2, user registration specifically includes the following steps:

步骤S21:计算用户密码的哈希值,用户选择唯一的ID和密码,并生成一个随机数r1,计算密码的哈希值,将{IDi,HPWi}发送给网关节点GWj,所用公式如下:Step S21: Calculate the hash value of the user's password, the user selects a unique ID and password, and generates a random number r 1 , calculates the hash value of the password, and sends {ID i , HPW i } to the gateway node GW j , using The formula is as follows:

HPWi=h(r1||PWi);HPW i =h(r 1 ||PW i );

式中,HPWi是用户i密码的哈希值,IDi是用户i的ID,PWi是用户i的密码;In the formula, HPW i is the hash value of user i’s password, ID i is the ID of user i, and PW i is the password of user i;

步骤S22:计算哈希值,网关节点GWj接收到{IDi,HPWi}后,使用伪随机数生成器生成一个随机数r2,在时间戳T1计算R1、R2和R3,所用公式如下:Step S22: Calculate the hash value. After receiving {ID i , HPW i }, the gateway node GW j uses a pseudo-random number generator to generate a random number r 2 and calculates R 1 , R 2 and R 3 at the timestamp T 1 , the formula used is as follows:

R1=h(HPWi||T1);R 1 =h(HPW i ||T 1 );

R2=h(HPWi||IDg);R 2 =h(HPW i ||ID g );

R3=h(R1||r2||Sg)⊕h(HPWi||T1);R 3 =h(R 1 ||r 2 ||S g )⊕h(HPW i ||T 1 );

式中,||是字符串连接操作,⊕是异或操作,R1是用户i密码的哈希值和时间戳T1的结合并用哈希函数计算哈希值,R2是用户i密码的哈希值和网关节点的标识符IDg的结合并计算哈希值,R3是异或操作后计算哈希值;In the formula, || is a string concatenation operation, ⊕ is an XOR operation, R 1 is the combination of the hash value of user i’s password and the timestamp T 1 and uses a hash function to calculate the hash value, R 2 is the hash value of user i’s password The hash value is combined with the identifier ID g of the gateway node and the hash value is calculated. R 3 is the hash value calculated after the XOR operation;

步骤S23:智能卡保存,网关节点GWj将{r2,T1,IDg,h(),R1,R2,R3}保存在存储用户标识信息的智能卡SC中,并将其发送给用户i;Step S23: Smart card saving, gateway node GW j saves {r 2 , T 1 , ID g , h (), R 1 , R 2 , R 3 } in the smart card SC that stores user identification information, and sends it to useri;

步骤S24:计算身份散列值,用户i接收到{r2,T1,IDg,h(),R1,R2,R3}后,计算出身份散列值,并将其写入智能卡SC,所用公式如下:Step S24: Calculate the identity hash value. After user i receives {r 2 , T 1 , ID g , h (), R 1 , R 2 , R 3 }, the identity hash value is calculated and written into For smart card SC, the formula used is as follows:

HIDi=h(PWi||IDi)⊕r1HID i =h(PW i ||ID i )⊕r 1 ;

式中,HIDi是用户i的身份散列值。In the formula, HID i is the identity hash value of user i.

实施例四,参阅图1和图5,该实施例基于上述实施例,在步骤S3中,用户登录具体包括以下步骤:Embodiment 4. Refer to Figures 1 and 5. This embodiment is based on the above embodiment. In step S3, user login specifically includes the following steps:

步骤S31:智能卡插入,用户i将智能卡SC插入读取机,并输入IDi和PWiStep S31: Smart card insertion, user i inserts the smart card SC into the reader and enters ID i and PW i ;

步骤S32:获取数据,用户i选择最近的一个网关节点,建立与传感器设备节点之间的通信链路,获取用户所需的数据;Step S32: Obtain data. User i selects the nearest gateway node, establishes a communication link with the sensor device node, and obtains the data required by the user;

步骤S33:智能卡第一次计算,所用公式如下:Step S33: The first calculation of the smart card, the formula used is as follows:

r1 *=HIDi⊕h(PWi||IDi);r 1 * =HID i ⊕h (PW i ||ID i );

HPWi *=h(r1 *||PWi);HPW i * =h (r 1 * ||PW i );

R2 *=h(HPWi *||IDg);R 2 * =h (HPW i * ||ID g );

式中,r1 *是智能卡SC计算的随机数值,HPWi *是智能卡SC计算的用户i密码的哈希值,R2 *是网关节点生成的随机数;In the formula, r 1 * is the random value calculated by the smart card SC, HPW i * is the hash value of user i's password calculated by the smart card SC, and R 2 * is the random number generated by the gateway node;

步骤S34:验证,智能卡SC检查R2和R2 *是否相等,若R2=R2 *,则验证用户i的IDi和PWi,否则,会话中断;Step S34: Verification, the smart card SC checks whether R 2 and R 2 * are equal. If R 2 =R 2 * , then verify the ID i and PW i of the user i, otherwise, the session is interrupted;

步骤S35:智能卡第二次计算,智能卡SC生成一个随机数r3,在时间戳T2计算F1、F2和F3,所用公式如下:Step S35: The smart card calculates for the second time. The smart card SC generates a random number r 3 and calculates F 1 , F 2 and F 3 at timestamp T 2. The formula used is as follows:

F1=R3⊕h(HPWi||T1);F 1 =R 3 ⊕h (HPW i ||T 1 );

F2=h(T2||r3||F1||IDg);F 2 =h(T 2 ||r 3 ||F 1 ||ID g );

F3=h(r3||T2)⊕F1F 3 =h(r 3 ||T 2 )⊕F 1 ;

式中,F1是异或运算得到的值,F2是智能卡SC计算得到的哈希值,F3是异或运算得到的值;In the formula, F 1 is the value obtained by the XOR operation, F 2 is the hash value calculated by the smart card SC, and F 3 is the value obtained by the XOR operation;

步骤S36:发送登录请求,智能卡SC通过公共信道向网关节点GWj发送登录请求{IDsn,F2,F3}。Step S36: Send a login request. The smart card SC sends the login request {ID sn , F 2 , F 3 } to the gateway node GW j through the public channel.

通过执行上述操作,针对由于数据的安全性、可信性和防篡改能力弱导致信息泄露,通信的安全性降低,进而导致系统的整体安全性和稳定性降低的问题,本方案采用哈希函数计算私钥,增加了数据的安全性,密钥库存储在区块链中心,保证了数据的可信性和防篡改能力,加密生成激活序列文件保证了敏感信息的安全性和防止信息泄露,智能卡的保存和身份散列值增加了身份验证的可靠性,session的断开和失败机制保护了用户信息的安全和系统的稳定性。By performing the above operations, in order to solve the problem of information leakage and reduced communication security due to weak data security, credibility and tamper resistance, which in turn leads to a reduction in the overall security and stability of the system, this solution uses a hash function Calculating the private key increases the security of the data. The key library is stored in the blockchain center to ensure the credibility and anti-tampering ability of the data. The encryption and generation of activation sequence files ensures the security of sensitive information and prevents information leakage. The storage of smart cards and identity hash values increase the reliability of authentication, and the session disconnection and failure mechanism protects the security of user information and the stability of the system.

实施例五,参阅图1,该实施例基于上述实施例,在步骤S4中,局域网状态下设备激活认证具体包括以下步骤:Embodiment 5. Refer to Figure 1. This embodiment is based on the above embodiment. In step S4, device activation authentication in the local area network state specifically includes the following steps:

步骤S41:网关节点第一次计算,当网关节点GWj接收到登录请求{IDsn,F2,F3}后,在时间戳T3计算F1 *、F1 *⊕F3,所用公式如下:Step S41: The gateway node calculates for the first time. When the gateway node GW j receives the login request {ID sn , F 2 , F 3 }, it calculates F 1 * and F 1 * ⊕F 3 at timestamp T 3. The formula used is as follows:

r3 *=h(PWi||IDi)⊕r3⊕h(PWi||IDir 3 * =h(PW i ||ID i )⊕r 3 ⊕h(PW i ||ID i )

T2 *=h(T2);T 2 * =h(T 2 );

F1 *=h(R1||r2||Sg);F 1 * =h (R 1 ||r 2 ||S g );

F1 *⊕F3=h(r3 *||T2 *);F 1 * ⊕F 3 =h (r 3 * ||T 2 * );

式中,F1 *是网关节点GWj计算得到的值,F1 *⊕F3是网关节点GWj计算得到的哈希值,r3 *是异或运算得到的值,T2 *是对时间戳T2进行哈希运算得到的哈希值;In the formula, F 1 * is the value calculated by the gateway node GW j , F 1 * ⊕F 3 is the hash value calculated by the gateway node GW j , r 3 * is the value obtained by the XOR operation, and T 2 * is the value calculated by the XOR operation. The hash value obtained by hashing the timestamp T 2 ;

步骤S42:第一次检查,网关节点GWj检查(T3-T2)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T3-T2)<ΔT,则进行下一步骤,否则,终止会话;Step S42: For the first check, the gateway node GW j checks whether (T 3 -T 2 ) is less than the maximum allowable transmission delay ΔT of the sender and receiver. If (T 3 -T 2 ) < ΔT, proceed to the next step. , otherwise, terminate the session;

步骤S43:第一次验证,网关节点GWj计算F2 *,并验证F2 *是否等于F2,若F2 *=F2,则对用户i的进行身份验证,否则,会话被中断,所用公式如下:Step S43: For the first verification, gateway node GW j calculates F 2 * and verifies whether F 2 * is equal to F 2 . If F 2 * =F 2 , authenticate user i. Otherwise, the session is interrupted. The formula used is as follows:

F2 *=h(T2 *||r3 *||F1 *||IDg);F 2 * =h (T 2 * ||r 3 * ||F 1 * ||ID g );

式中,F2 *是网关节点GWj计算得到的哈希值;In the formula, F 2 * is the hash value calculated by the gateway node GW j ;

步骤S44:网关节点第二次计算,网关节点GWj生成一个随机数r4,并计算R4、R5和R6,所用公式如下:Step S44: The gateway node calculates for the second time. The gateway node GW j generates a random number r4 and calculates R 4 , R 5 and R 6 . The formula used is as follows:

R4=h(IDsn||R1||Ssn||r4||T3);R 4 =h(ID sn ||R 1 ||S sn ||r 4 ||T 3 );

R5=(r3 *||T3||r4)⊕SsnR 5 = (r 3 * ||T 3 ||r 4 )⊕S sn ;

R6=R1⊕h(IDsn||h(r4)||r3 *);R 6 =R 1 ⊕h(ID sn ||h(r 4 )||r 3 * );

式中,R4是网关节点GWj计算得到的哈希值,R5是异或运算得到的值,R6是异或运算得到的值;In the formula, R 4 is the hash value calculated by the gateway node GW j , R 5 is the value obtained by the XOR operation, and R 6 is the value obtained by the XOR operation;

步骤S45:网关节点第一次发送请求,网关节点GWj向传感器设备节点SNk发送{IDsn,R4,R5,R6};Step S45: The gateway node sends a request for the first time, and the gateway node GW j sends {ID sn , R 4 , R 5 , R 6 } to the sensor device node SN k ;

步骤S46:传感器设备节点第一次计算,传感器设备节点SNk接收{IDsn,R4,R5,R6}后,在时间戳T4计算h(r3 **||r4 *||T3 *),所用公式如下:Step S46: The sensor device node calculates for the first time. After the sensor device node SN k receives {ID sn , R 4 , R 5 , R 6 }, it calculates h (r 3 ** ||r 4 * | at timestamp T 4 |T 3 * ), the formula used is as follows:

r3 **=h(PWi *||IDi)⊕r3⊕h(PWi *||IDir 3 ** =h(PW i * ||ID i )⊕r 3 ⊕h(PW i * ||ID i )

r4 *=h(PWi||IDi)⊕r4⊕h(PWi||IDir 4 * =h(PW i ||ID i )⊕r 4 ⊕h(PW i ||ID i )

T3 *=h(T3);T 3 * =h(T 3 );

h(r3 **||r4 *||T3 *)=R5⊕Ssnh(r 3 ** ||r 4 * ||T 3 * )=R 5 ⊕S sn ;

式中,h(r3 **||r4 *||T3 *)是异或运算得到的值,r3 **是异或运算得到的值,r4 *是异或运算得到的值,T3 *是对时间戳T3进行哈希运算得到的哈希值;In the formula, h (r 3 ** ||r 4 * ||T 3 * ) is the value obtained by the exclusive OR operation, r 3 ** is the value obtained by the exclusive OR operation, r 4 * is the value obtained by the exclusive OR operation , T 3 * is the hash value obtained by hashing the timestamp T 3 ;

步骤S47:第二次检查,传感器设备节点SNk检查(T4-T3)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T4-T3)<ΔT,则进行下一步骤,否则,终止会话;Step S47: For the second check, the sensor device node SN k checks whether (T 4 -T 3 ) is less than the maximum allowable transmission delay ΔT of the transmitter and receiver. If (T 4 -T 3 ) <ΔT, proceed to the next step. Step, otherwise, terminate the session;

步骤S48:传感器设备节点第二次计算,所用公式如下:Step S48: The sensor device node is calculated for the second time. The formula used is as follows:

R1 *=R6⊕h(IDsn||h(r4 *)||r3 **);R 1 * =R 6 ⊕h (ID sn ||h (r 4 * ) ||r 3 ** );

R4 *=h(IDsn||R1 *||Ssn||r4 *||T3 *);R 4 * =h (ID sn ||R 1 * ||S sn ||r 4 * ||T 3 * );

式中,R1 *是异或运算得到的值,R4 *是传感器设备节点SNk计算得到的哈希值;In the formula, R 1 * is the value obtained by the XOR operation, and R 4 * is the hash value calculated by the sensor device node SN k ;

步骤S49:第三次检查,传感器设备节点SNk检查R4 *是否等于R4,若R4 *=R4,则进行下一步骤,否则,终止会话;Step S49: For the third check, the sensor device node SN k checks whether R 4 * is equal to R 4 . If R 4 * =R 4 , proceed to the next step. Otherwise, terminate the session;

步骤S410:传感器设备节点第三次计算,传感器设备节点SNk生成一个随机数r5,并计算SKi、B1和B2,所用公式如下:Step S410: The sensor device node calculates for the third time. The sensor device node SN k generates a random number r5 and calculates SK i , B 1 and B 2 . The formula used is as follows:

SKi=h(R1 *||r3 **||r4 *||r5);SK i =h(R 1 * ||r 3 ** ||r 4 * ||r 5 );

B1=h(T4||r5||Ssn||IDsn||T3||SKi);B 1 =h (T 4 ||r 5 ||S sn ||ID sn ||T 3 ||SK i );

B2=h(r5||T4)⊕r4 *B 2 =h(r 5 ||T 4 )⊕r 4 * ;

式中,SKi是传感器设备节点SNk的密钥,B1是用于验证和识别身份的哈希值,B2是用于验证数据完整性的哈希值;In the formula, SK i is the key of the sensor device node SN k , B 1 is the hash value used to verify and identify the identity, and B 2 is the hash value used to verify data integrity;

步骤S411:传感器设备节点发送消息,传感器设备节点SNk向网关节点GWj发送{B1,B2};Step S411: The sensor device node sends a message, and the sensor device node SN k sends {B 1 , B 2 } to the gateway node GW j ;

步骤S412:网关节点第三次计算,网关节点GWj接收{B1,B2}后,在时间戳T5计算h(r5 *||T4 *),所用公式如下:Step S412: The gateway node calculates for the third time. After the gateway node GW j receives {B 1 , B 2 }, it calculates h (r 5 * ||T 4 * ) at the timestamp T 5 . The formula used is as follows:

r5 *=h(PWi||IDi)⊕r5⊕h(PWi||IDir 5 * =h(PW i ||ID i )⊕r 5 ⊕h(PW i ||ID i )

T4 *=h(T4);T 4 * =h(T 4 );

h(r5 *||T4 *)=B2⊕r4h(r 5 * ||T 4 * )=B 2 ⊕r 4 ;

式中,h(r5 *||T4 *)是异或运算得到的值,r5 *是异或运算得到的值,T4 *是对时间戳T4进行哈希运算得到的哈希值;In the formula, h (r 5 * ||T 4 * ) is the value obtained by the XOR operation, r 5 * is the value obtained by the XOR operation, and T 4 * is the hash obtained by hashing the timestamp T 4 value;

步骤S413:第四次检查,网关节点GWj检查(T5-T4)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T5-T4)<ΔT,则进行下一步骤,否则,终止会话;Step S413: For the fourth check, the gateway node GW j checks whether (T 5 -T 4 ) is less than the maximum allowable transmission delay ΔT of the sender and receiver. If (T 5 -T 4 ) <ΔT, proceed to the next step. , otherwise, terminate the session;

步骤S414:第二次验证,网关节点GWj计算B1 *,并验证B1 *是否等于B1,若B1 *=B1,则对传感器设备节点SNk进行验证,否则,终止会话,所用公式如下:Step S414: For the second verification, the gateway node GW j calculates B 1 * and verifies whether B 1 * is equal to B 1 . If B 1 * =B 1 , then verify the sensor device node SN k . Otherwise, terminate the session. The formula used is as follows:

B1 *=h(T4 *||r5 *||Ssn||IDsn||T3 *||SKi);B 1 * =h (T 4 * ||r 5 * ||S sn ||ID sn ||T 3 * ||SK i );

式中,B1 *是网关节点GWj计算得到的哈希值;In the formula, B 1 * is the hash value calculated by the gateway node GW j ;

步骤S415:网关节点第四次计算,所用公式如下:Step S415: The gateway node calculates for the fourth time. The formula used is as follows:

R7=h(SKi||R1||r4||T5||R4);R 7 =h (SK i ||R 1 ||r 4 ||T 5 ||R 4 );

R8=h(r5 *||r4||T5)⊕r3 *R 8 =h(r 5 * ||r 4 ||T 5 )⊕r 3 * ;

式中,R7是网关节点GWj计算得到的哈希值,R8是异或运算得到的值;In the formula, R 7 is the hash value calculated by the gateway node GW j , and R 8 is the value obtained by the XOR operation;

步骤S416:网关节点第二次发送请求,网关节点GWj向用户i发送{R4,R7,R8};Step S416: The gateway node sends a request for the second time, and the gateway node GW j sends {R 4 , R 7 , R 8 } to user i;

步骤S417:智能卡第三次计算,用户i接收{R4,R7,R8}后,在时间戳T6计算h(r5 **||r4 *||T5 *),所用公式如下:Step S417: The smart card calculates for the third time. After user i receives {R 4 , R 7 , R 8 }, it calculates h (r 5 ** ||r 4 * ||T 5 * ) at timestamp T 6 , using the formula as follows:

r5 **=HIDi⊕h(PWi||IDi);r 5 ** =HID i ⊕h (PW i ||ID i );

T5 *=h(T5);T 5 * =h (T 5 );

h(r5 **||r4 *||T5 *)=R8⊕r3h(r 5 ** ||r 4 * ||T 5 * )=R 8 ⊕r 3 ;

式中,h(r5 **||r4 *||T5 *)是异或运算得到的值,r5 **是异或运算得到的值,T5 *是对时间戳T5进行哈希运算得到的哈希值;In the formula, h (r 5 ** ||r 4 * ||T 5 * ) is the value obtained by the exclusive OR operation, r 5 ** is the value obtained by the exclusive OR operation, and T 5 * is performed on the timestamp T 5 The hash value obtained by the hash operation;

步骤S418:第五次检查,智能卡SC检查(T6-T5)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T6-T5)<ΔT,则进行下一步骤,否则,终止会话;Step S418: The fifth check, the smart card SC checks whether (T 6 -T 5 ) is less than the maximum allowable transmission delay ΔT of the sender and receiver. If (T 6 -T 5 ) < ΔT, proceed to the next step, otherwise , terminate the session;

步骤S419:第三次验证,智能卡SC计算R7 *,并验证R7 *是否等于R7,若R7 *=R7,则身份验证成功,设备激活,否则,会话中断,所用公式如下:Step S419: For the third verification, the smart card SC calculates R 7 * and verifies whether R 7 * is equal to R 7 . If R 7 * =R 7 , the authentication is successful and the device is activated. Otherwise, the session is interrupted. The formula used is as follows:

R7 *=h(SKi||h(HPWi||T1)||r4 *||T5 *||R4);R 7 * =h (SK i ||h (HPW i ||T 1 ) ||r 4 * ||T 5 * ||R 4 );

式中,R7 *是智能卡SC计算得到的哈希值。In the formula, R 7 * is the hash value calculated by the smart card SC.

通过执行上述操作,针对由于认证过程不完整导致各节点数据不一致,进而出现攻击者篡改传输的数据和冒充身份,降低数据的安全性和可靠性,因传输延迟设置不当导致数据过期的问题,本方案确保设备激活认证的完整性和安全性,每个步骤都有特定的计算和验证,确保各节点和数据的正确性和一致性,利用哈希值和异或运算对数据处理,确保数据的完整性,防止攻击者冒充身份,篡改传输数据,通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题,运用多次验证机制提高安全性和可靠性,进而减少潜在的安全风险和攻击。By performing the above operations, in order to solve the problem of data inconsistency among nodes due to incomplete authentication process, attackers tampering with transmitted data and impersonating identities, reducing the security and reliability of data, and data expiration due to improper transmission delay settings, this paper The solution ensures the integrity and security of device activation authentication. Each step has specific calculations and verifications to ensure the correctness and consistency of each node and data. Hash values and XOR operations are used to process data to ensure the integrity of the data. Integrity prevents attackers from impersonating identities and tampering with transmitted data. By comparing timestamps and setting the maximum allowable transmission delay, it avoids excessive delays and data expiration issues. It uses multiple verification mechanisms to improve security and reliability, thereby reducing potential security risks and attacks.

实施例六,参阅图1,该实施例基于上述实施例,在步骤S5中,互联网状态下设备激活认证具体包括以下步骤:Embodiment 6. Refer to Figure 1. This embodiment is based on the above embodiment. In step S5, device activation authentication in the Internet state specifically includes the following steps:

步骤S51:平台设备开启,并保证主程序正常工作;Step S51: Turn on the platform device and ensure that the main program works normally;

步骤S52:主程序在正常联网状态下,根据设备中保存的公钥内容,通过加密算法生成设备信息动态码;Step S52: In a normal networking state, the main program generates a device information dynamic code through an encryption algorithm based on the public key content saved in the device;

步骤S53:服务端在输入动态码,根据私钥文件解密获得硬件设备信息及IP地址网关等内容,通过UDP通信协议向该平台设备发送激活邀请协议①;Step S53: The server inputs the dynamic code, decrypts the private key file to obtain the hardware device information and IP address gateway, etc., and sends the activation invitation agreement ① to the platform device through the UDP communication protocol;

步骤S54:平台设备接收到激活邀请协议①,响应并提供设备信息至护士站服务端认证激活UDP协议②,同时引入身份验证机制;Step S54: The platform device receives the activation invitation protocol ①, responds and provides device information to the nurse station server to authenticate the activation UDP protocol ②, and introduces an identity verification mechanism;

步骤S55:护士站服务端接收到认证激活UDP协议②后,记录和发送认证序列内容TCP协议③给指定设备;Step S55: After receiving the authentication activation UDP protocol ②, the nurse station server records and sends the authentication sequence content TCP protocol ③ to the designated device;

步骤S56:平台设备接收到认证序列内容TCP协议③后,将序列文件内容保存至内部存储共有目录下,并设置文件为只读模式,成功保存文件后发送确认认证激活协议④,并加入失败重试机制;Step S56: After the platform device receives the authentication sequence content TCP protocol ③, it saves the sequence file content to the internal storage shared directory, and sets the file to read-only mode. After successfully saving the file, it sends the confirmation authentication activation protocol ④, and adds the failed retry. test mechanism;

步骤S57:护士站服务端确认接收到确认认证激活协议④后,记录当前设备信息和序列文件信息至数据库,完成认证;Step S57: After confirming receipt of the confirmation authentication activation protocol ④, the nurse station server records the current device information and sequence file information to the database to complete the authentication;

步骤S58:完成认证设备进行重启后,系统主程序会检查步骤S56中存放的认证序列文件,使用序列文件内容,完成平台系统功能初始化,并请求服务器完成token内容注册和激活,完成认证,读取平台系统功能配置开始运行平台多应用系统;若文件读失败或文件无效,重新进入到步骤S53等待。Step S58: After the authentication device is restarted, the system main program will check the authentication sequence file stored in step S56, use the contents of the sequence file to complete the platform system function initialization, and request the server to complete token content registration and activation, complete authentication, and read The platform system function configuration starts to run the platform multi-application system; if the file reading fails or the file is invalid, re-enter step S53 and wait.

通过执行上述操作,针对设备激活认证流程过程中存在未经授权的设备被激活,系统安全性弱,由于网络问题及其他错误导致的认证失败的问题,本方案在认证过程中引入身份验证机制,确保激活请求来自合法的设备,并防止恶意激活请求,并加入失败重试机制,确保数据的正确传输和保存,双机制增加认证的安全性和流程的稳定性,使得认证安全性提升,容错性增强,认证流程清晰明确,减少错误与混淆。By performing the above operations, in order to solve the problems of unauthorized device activation, weak system security, and authentication failure due to network problems and other errors during the device activation authentication process, this solution introduces an identity verification mechanism in the authentication process. Ensure that activation requests come from legitimate devices and prevent malicious activation requests, and add a failed retry mechanism to ensure the correct transmission and storage of data. The dual mechanism increases the security of authentication and the stability of the process, making authentication security more secure and fault-tolerant. Enhanced, clear certification process to reduce errors and confusion.

实施例七,参阅图1,该实施例基于上述实施例,在步骤S6中,无网络状态下设备激活认证具体包括以下步骤:Embodiment 7. Refer to Figure 1. This embodiment is based on the above embodiment. In step S6, device activation authentication in a non-network state specifically includes the following steps:

步骤S61:平台设备开启,并保证主程序正常工作;Step S61: Turn on the platform device and ensure that the main program works normally;

步骤S62:保证蓝牙模块正常无损坏,通过传输工具在系统存储位置记录认证设备公钥文件和认证序列表文件;Step S62: Ensure that the Bluetooth module is normal and not damaged, and record the authentication device public key file and authentication sequence list file in the system storage location through the transmission tool;

步骤S63:认证设备通过蓝牙扫描配对,私钥加密发送激活设备认证BLE协议①,同时引入身份验证机制;Step S63: The authentication device is paired through Bluetooth scanning, the private key is encrypted and sent to activate the device authentication BLE protocol ①, and an identity verification mechanism is introduced;

步骤S64:平台设备持续保存设备认证BLE协议①,遇到指定结尾内容,停止内容解析接收,同时引入错误处理机制;Step S64: The platform device continues to save the device authentication BLE protocol ①. When encountering the specified ending content, it stops content parsing and reception, and introduces an error handling mechanism;

步骤S65:平台设备利用公钥文件解析协议内容,截取指定字节内容;Step S65: The platform device uses the public key file to parse the protocol content and intercept the specified byte content;

步骤S66:若平台设备已完成认证激活,则保存设备认证BLE协议①中指定字节解析的发送端设备信息,加入认证序列表文件,并拼接设备信息反馈确认激活BLE协议②,随后断开蓝牙链接,固定间隔时间后,重新返回步骤步骤S63;Step S66: If the platform device has completed authentication activation, save the sending device information of the specified byte parsing in the device authentication BLE protocol ①, add the authentication sequence list file, and splice the device information feedback to confirm the activation of the BLE protocol ②, and then disconnect Bluetooth Link, after a fixed interval, return to step S63;

步骤S67:若平台设备未认证激活,则拼接设备信息反馈确认激活BLE协议②;Step S67: If the platform device has not been authenticated and activated, the splicing device information feedback confirms the activation of the BLE protocol ②;

步骤S68:认证设备密钥盒接收到BLE协议②,根据自身私钥文件解析并截取指定字节内容,若对应步骤S66保存的设备信息,则记录该认证设备,加入认证序列表文件,并直接停止步骤断开蓝牙,固定间隔时间后,重新返回步骤步骤S63;若对应步骤步骤S67生成的设备认证序列,则转至步骤S69;若指定时间内未接收到BLE协议②,则在认证序列表文件移除该设备,断开蓝牙,固定间隔时间后,重新返回步骤步骤S63,过程中加入身份验证机制;Step S68: The authentication device key box receives the BLE protocol ②, parses and intercepts the specified byte content according to its own private key file, and if it corresponds to the device information saved in step S66, records the authentication device, adds the authentication sequence list file, and directly The stop step disconnects Bluetooth, and after a fixed interval, returns to step S63; if it corresponds to the device authentication sequence generated in step S67, go to step S69; if the BLE protocol ② is not received within the specified time, in the authentication sequence list The file removes the device, disconnects Bluetooth, and returns to step S63 after a fixed interval, adding an identity authentication mechanism in the process;

步骤S69:认证设备拼接私钥文件内容与设备认证序列内容,加密发送认证激活BLE协议③;Step S69: The authentication device splices the content of the private key file and the content of the device authentication sequence, and encrypts and sends the authentication to activate the BLE protocol ③;

步骤S610:平台设备保存BLE协议③,遇到指定结尾内容,停止内容解析接收,利用公钥内容,解析协议内容,完成认证序列内容和公钥内容保存,并记录当前发送端认证设备加入认证序列表文件,断开蓝牙链接,过程中采用错误处理机制;Step S610: The platform device saves the BLE protocol ③. When encountering the specified ending content, it stops content parsing and reception, uses the public key content to parse the protocol content, completes the storage of the authentication sequence content and public key content, and records that the current sending end authentication device has joined the authentication sequence. List file, disconnect the Bluetooth link, and use an error handling mechanism in the process;

步骤S611:所有完成认证的平台设备开启感染激活区块链算法,代替认证设备密钥盒进行步骤S63,对所有处于步骤S62的附近设备进行BLE协议通;Step S611: All platform devices that have completed authentication turn on the infection activation blockchain algorithm, proceed to step S63 instead of the authentication device key box, and perform BLE protocol communication on all nearby devices in step S62;

步骤S612:上述操作可通过蓝牙基站巩固步骤S63至步骤S610,只作为数据中转,不影响实际认证结果;Step S612: The above operation can be consolidated from step S63 to step S610 through the Bluetooth base station, which is only used as data transfer and does not affect the actual authentication result;

步骤S613:当设备处于局域网或者互联网状态下,随机导入任意一台认证设备的认证序列表文件至信息交互服务器,即可直接完成所有设备注册初始化使用;Step S613: When the device is in the LAN or Internet state, randomly import the authentication sequence list file of any authentication device to the information exchange server to directly complete the registration, initialization and use of all devices;

步骤S614:增加日志记录和监测功能,定期检查系统的运行状况。Step S614: Add logging and monitoring functions to regularly check the operating status of the system.

实施例八,参阅图1和图6,该实施例基于上述实施例,在步骤S7中,密码更改具体包括以下步骤:Embodiment 8. Refer to Figures 1 and 6. This embodiment is based on the above embodiment. In step S7, the password change specifically includes the following steps:

步骤S71:智能卡插入,用户i将智能卡SC插入读取机,并输入IDi和PWiStep S71: Smart card insertion, user i inserts smart card SC into the reader and enters ID i and PW i ;

步骤S72:智能卡第一次计算,所用公式如下:Step S72: The first calculation of the smart card, the formula used is as follows:

r1 *=HIDi⊕h(PWi||IDi);r 1 * =HID i ⊕h (PW i ||ID i );

HPWi *=h(r1 *||PWi);HPW i * =h (r 1 * ||PW i );

R2 *=h(HPWi *||IDg);R 2 * =h (HPW i * ||ID g );

h(R1||r2||Sg)=R3⊕h(HPWi||T1);h(R 1 ||r 2 ||S g )=R 3 ⊕h(HPW i ||T 1 );

式中,r1 *是智能卡SC计算的随机数值,HPWi *是智能卡SC计算的用户i密码的哈希值,R2 *是网关节点生成的随机数,h(R1||r2||Sg)是异或运算得到的值;In the formula, r 1 * is the random value calculated by the smart card SC, HPW i * is the hash value of user i's password calculated by the smart card SC, R 2 * is the random number generated by the gateway node, h (R 1 ||r 2 | |S g ) is the value obtained by the XOR operation;

步骤S73:验证,智能卡SC检查R2和R2 *是否相等,若R2=R2 *,则验证用户i的IDi和PWi,否则,会话中断;Step S73: Verification, the smart card SC checks whether R 2 and R 2 * are equal. If R 2 =R 2 * , then verify the ID i and PW i of the user i, otherwise, the session is interrupted;

步骤S74:输入新密码,用户i输入新密码PWi newStep S74: Enter a new password, user i enters a new password PW i new ;

步骤S75:智能卡第二次计算,智能卡SC使用伪随机数生成器生成一个新的随机数r1 new,所用公式如下:Step S75: The smart card calculates for the second time. The smart card SC uses a pseudo-random number generator to generate a new random number r 1 new , and the formula used is as follows:

HIDi new=r1 new⊕h(PWi new||IDi);HID i new =r 1 new ⊕h (PW i new ||ID i );

HPWi new=h(r1 *||PWi new);HPW i new =h(r 1 * ||PW i new );

R2 new=h(HPWi new||IDg);R 2 new =h(HPW i new ||ID g );

R3 new=h(R1||r2||Sg)⊕h(PWi new||T1);R 3 new =h(R 1 ||r 2 ||S g )⊕h(PW i new ||T 1 );

式中,HIDi new是用户i的新的身份散列值,HPWi new是智能卡SC计算的用户i密码的新的哈希值,R2 new是新的随机数,R3 new是异或运算得到的值;In the formula, HID i new is the new identity hash value of user i, HPW i new is the new hash value of user i password calculated by smart card SC, R 2 new is the new random number, R 3 new is XOR The value obtained by the operation;

步骤S76:替换,智能卡SC将R2、R3和HID替换为相应的新值R2 new、R3 new和HIDi new,密码更改成功。Step S76: Replacement, the smart card SC replaces R 2 , R 3 and HID with the corresponding new values R 2 new , R 3 new and HID i new , and the password is changed successfully.

实施例九,参阅图1,该实施例基于上述实施例,在步骤S8中,新的传感器设备节点连接具体包括以下步骤:Embodiment 9. Refer to Figure 1. This embodiment is based on the above embodiment. In step S8, the new sensor device node connection specifically includes the following steps:

步骤S81:计算共享密钥并保存,区块链中心BC选择新的传感器设备节点SNk,计算新的共享密钥,并存储{SNk,Ssn},所用公式如下:Step S81: Calculate the shared key and save it. The blockchain center BC selects the new sensor device node SN k , calculates the new shared key, and stores {SN k , S sn }. The formula used is as follows:

Ssn=h(IDsn||SBC);S sn =h(ID sn ||S BC );

式中,Ssn是网关节点和新的传感器设备节点之间的共享密钥,IDsn是新的传感器设备节点的标识符;In the formula, S sn is the shared key between the gateway node and the new sensor device node, and ID sn is the identifier of the new sensor device node;

步骤S82:区块链中心发送至网关节点,区块链中心BC发送{SNk,Ssn}至网关节点GWjStep S82: The blockchain center sends to the gateway node, and the blockchain center BC sends {SN k , S sn } to the gateway node GW j ;

步骤S83:网关节点存储并更新密钥库,网关节点GWj存储{SNk,Ssn},并更新密钥库中的信息。Step S83: The gateway node stores and updates the key database, and the gateway node GW j stores {SN k , S sn } and updates the information in the key database.

实施例十,参阅图2,该实施例基于上述实施例,本发明提供的一种护士站信息交互平台认证管理系统,包括数据保存模块、用户注册模块、用户登录模块、局域网状态下设备激活认证模块、互联网状态下设备激活认证模块、无网络状态下设备激活认证模块、密码更改模块和新的传感器设备节点连接模块;Embodiment 10. Refer to Figure 2. This embodiment is based on the above embodiment. The present invention provides a nurse station information interaction platform authentication management system, including a data storage module, a user registration module, a user login module, and device activation authentication in a local area network state. module, device activation authentication module in the Internet state, device activation authentication module in the non-network state, password change module and new sensor device node connection module;

所述数据保存模块采用哈希函数计算私钥和共享密钥,保存信息到密钥库,加密生成激活序列文件,并将激活序列文件发送至用户注册模块;The data storage module uses a hash function to calculate the private key and shared key, saves the information to the key library, encrypts and generates the activation sequence file, and sends the activation sequence file to the user registration module;

所述用户注册模块接收数据保存模块发送的激活序列文件,用户选择唯一的ID和密码,计算用户密码的哈希值和身份散列值,将其保存到智能卡中;The user registration module receives the activation sequence file sent by the data storage module, the user selects a unique ID and password, calculates the hash value and identity hash value of the user password, and saves it to the smart card;

所述用户登录模块用户将智能卡插入读取机,并输入ID和密码,通过哈希值和随机数的计算、session的断开和失败机制提供安全认证的可靠性,并将登录请求发送至局域网状态下设备激活认证模块、互联网状态下设备激活认证模块和无网络状态下设备激活认证模块;The user login module inserts the smart card into the reader and enters the ID and password. It provides the reliability of security authentication through the calculation of hash value and random number, session disconnection and failure mechanism, and sends the login request to the LAN. The device activation authentication module in the state, the device activation authentication module in the Internet state and the device activation authentication module in the non-network state;

所述局域网状态下设备激活认证模块接收用户登录模块发送的登录请求,采用完整的认证过程,利用哈希值和异或运算对数据加密、验证和防篡改,通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题,运用多次验证机制提高安全性和可靠性,并将认证结果发送至密码更改模块;The device activation authentication module in the LAN state receives the login request sent by the user login module, adopts a complete authentication process, uses hash values and XOR operations to encrypt, verify and prevent tampering of data, and compares timestamps and sets the maximum allowable Transmission delay avoids excessive delays and data expiration issues, uses multiple verification mechanisms to improve security and reliability, and sends the verification results to the password change module;

所述互联网状态下设备激活认证模块接收用户登录模块发送的登录请求,在认证过程中引入身份验证机制,确保激活请求来自合法的设备,并防止恶意激活请求,加入失败重试机制,确保数据的正确传输和保存,双机制增加认证的安全性和流程的稳定性,并将认证结果发送至密码更改模块;The device activation authentication module in the Internet state receives the login request sent by the user login module, introduces an identity verification mechanism during the authentication process, ensures that the activation request comes from a legitimate device, and prevents malicious activation requests, and adds a failed retry mechanism to ensure data security. Correctly transmit and save, the dual mechanism increases the security of authentication and the stability of the process, and sends the authentication result to the password change module;

所述无网络状态下设备激活认证模块接收用户登录模块发送的登录请求,采用BLE协议和身份验证机制进行认证,并将认证结果发送至密码更改模块;The device activation authentication module in the non-network state receives the login request sent by the user login module, uses the BLE protocol and identity verification mechanism for authentication, and sends the authentication result to the password change module;

所述密码更改模块接收局域网状态下设备激活认证模块、互联网状态下设备激活认证模块和无网络状态下设备激活认证模块发送的认证结果,用户将智能卡插入读取机,输入ID和密码,智能卡计算相关随机数值和哈希值,并进行身份验证,若验证通过,则输入新密码并修改智能卡内的相关信息,否则,会话中断;The password change module receives the authentication results sent by the device activation authentication module in the LAN state, the device activation authentication module in the Internet state, and the device activation authentication module in the non-network state. The user inserts the smart card into the reader, enters the ID and password, and the smart card calculates Relevant random values and hash values, and perform identity verification. If the verification is passed, enter a new password and modify the relevant information in the smart card. Otherwise, the session will be interrupted;

所述新的传感器设备节点连接模块选择新的传感器设备节点,计算新的共享密钥,保存相关信息并将其发送至网关节点,网关节点存储并更新密钥库中的信息,完成新的传感器设备节点连接。The new sensor device node connection module selects a new sensor device node, calculates a new shared key, saves relevant information and sends it to the gateway node. The gateway node stores and updates the information in the key database to complete the new sensor Device node connection.

需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。It should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that these entities or operations are mutually exclusive. any such actual relationship or sequence exists between them. Furthermore, the terms "comprises," "comprises," or any other variations thereof are intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus that includes a list of elements includes not only those elements, but also those not expressly listed other elements, or elements inherent to the process, method, article or equipment.

尽管已经示出和描述了本发明的实施例,对于本领域的普通技术人员而言,可以理解在不脱离本发明的原理和精神的情况下可以对这些实施例进行多种变化、修改、替换和变型,本发明的范围由所附权利要求及其等同物限定。Although the embodiments of the present invention have been shown and described, those of ordinary skill in the art will understand that various changes, modifications, and substitutions can be made to these embodiments without departing from the principles and spirit of the invention. and modifications, the scope of the invention is defined by the appended claims and their equivalents.

以上对本发明及其实施方式进行了描述,这种描述没有限制性,附图中所示的也只是本发明的实施方式之一,实际的结构并不局限于此。总而言之如果本领域的普通技术人员受其启示,在不脱离本发明创造宗旨的情况下,不经创造性的设计出与该技术方案相似的结构方式及实施例,均应属于本发明的保护范围。The present invention and its embodiments have been described above. This description is not limiting. What is shown in the drawings is only one embodiment of the present invention, and the actual structure is not limited thereto. In short, if a person of ordinary skill in the art is inspired by the invention and without departing from the spirit of the invention, can devise structural methods and embodiments similar to the technical solution without inventiveness, they shall all fall within the protection scope of the invention.

Claims (10)

1.一种护士站信息交互平台认证管理方法,其特征在于:该方法包括以下步骤:1. A nurse station information interaction platform authentication management method, characterized in that: the method includes the following steps: 步骤S1:数据保存,采用哈希函数计算私钥和共享密钥,保存信息到密钥库,并加密生成激活序列文件;Step S1: Data saving, using the hash function to calculate the private key and shared key, saving the information to the key library, and encrypting it to generate the activation sequence file; 步骤S2:用户注册,用户选择唯一的ID和密码,计算用户密码的哈希值和身份散列值,并将其保存到智能卡中;Step S2: User registration, the user selects a unique ID and password, calculates the hash value of the user password and the identity hash value, and saves them to the smart card; 步骤S3:用户登录,用户将智能卡插入读取机,并输入ID和密码,引入哈希值和随机数的计算、session的断开和失败机制,智能卡通过公共信道向网关节点发送登录请求;Step S3: User logs in. The user inserts the smart card into the reader and enters the ID and password. The calculation of hash value and random number, session disconnection and failure mechanism are introduced. The smart card sends a login request to the gateway node through the public channel; 步骤S4:局域网状态下设备激活认证,采用完整的认证过程,利用哈希值和异或运算对数据加密、验证和防篡改,通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题,同时运用多次验证机制;Step S4: Device activation authentication in LAN state, using a complete authentication process, using hash value and XOR operation to encrypt, verify and prevent tampering of data, and avoid excessive delays and occurrences by comparing timestamps and setting the maximum allowable transmission delay To solve the problem of data expiration, multiple verification mechanisms are used at the same time; 步骤S5:互联网状态下设备激活认证,在认证过程中引入身份验证机制,确保激活请求来自合法的设备,并防止恶意激活请求,加入失败重试机制;Step S5: Device activation authentication in the Internet state, introducing an identity verification mechanism during the authentication process to ensure that the activation request comes from a legitimate device, prevent malicious activation requests, and add a failed retry mechanism; 步骤S6:无网络状态下设备激活认证,认证设备通过蓝牙扫描并配对,使用私钥加密发送激活设备认证的BLE协议,同时引入身份验证机制进行认证;Step S6: Activate the device for authentication when there is no network. The authentication device scans and pairs through Bluetooth, uses private key encryption to send the BLE protocol that activates device authentication, and introduces an identity verification mechanism for authentication; 步骤S7:密码更改,用户将智能卡插入读取机,并输入ID和密码,智能卡计算相关随机数值和哈希值,并进行身份验证,若验证通过,则输入新密码并修改智能卡内的相关信息,否则,会话中断;Step S7: Password change. The user inserts the smart card into the reader and enters the ID and password. The smart card calculates the relevant random values and hash values and performs identity verification. If the verification is passed, the user enters the new password and modifies the relevant information in the smart card. , otherwise, the session is interrupted; 步骤S8:新的传感器设备节点连接,区块链中心选择新的传感器设备节点,计算新的共享密钥,保存相关信息并将其发送至网关节点,网关节点存储并更新密钥库中的信息。Step S8: The new sensor device node is connected. The blockchain center selects the new sensor device node, calculates the new shared key, saves the relevant information and sends it to the gateway node. The gateway node stores and updates the information in the key database. . 2.根据权利要求1所述的一种护士站信息交互平台认证管理方法,其特征在于:在步骤S4中,所述局域网状态下设备激活认证具体包括以下步骤:2. A nurse station information interaction platform authentication management method according to claim 1, characterized in that: in step S4, the device activation authentication in the local area network state specifically includes the following steps: 步骤S41:网关节点第一次计算,当网关节点GWj接收到登录请求{IDsn,F2,F3}后,在时间戳T3计算F1 *、F1 *⊕F3,所用公式如下:Step S41: The gateway node calculates for the first time. When the gateway node GW j receives the login request {ID sn , F 2 , F 3 }, it calculates F 1 * and F 1 * ⊕F 3 at timestamp T 3. The formula used is as follows: r3 *=h(PWi||IDi)⊕r3⊕h(PWi||IDi);r 3 * =h(PW i ||ID i )⊕r 3 ⊕h(PW i ||ID i ); T2 *=h(T2);T 2 * =h(T 2 ); F1 *=h(R1||r2||Sg);F 1 * =h (R 1 ||r 2 ||S g ); F1 *⊕F3=h(r3 *||T2 *);F 1 * ⊕F 3 =h (r 3 * ||T 2 * ); 式中,F1 *是网关节点GWj计算得到的值,F1 *⊕F3是网关节点GWj计算得到的哈希值,r3 *是异或运算得到的值,T2 *是对时间戳T2进行哈希运算得到的哈希值;In the formula, F 1 * is the value calculated by the gateway node GW j , F 1 * ⊕F 3 is the hash value calculated by the gateway node GW j , r 3 * is the value obtained by the XOR operation, and T 2 * is the value calculated by the XOR operation. The hash value obtained by hashing the timestamp T 2 ; 步骤S42:第一次检查,网关节点GWj检查(T3-T2)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T3-T2)<ΔT,则进行下一步骤,否则,终止会话;Step S42: For the first check, the gateway node GW j checks whether (T 3 -T 2 ) is less than the maximum allowable transmission delay ΔT of the sender and receiver. If (T 3 -T 2 ) < ΔT, proceed to the next step. , otherwise, terminate the session; 步骤S43:第一次验证,网关节点GWj计算F2 *,并验证F2 *是否等于F2,若F2 *=F2,则对用户i的进行身份验证,否则,会话被中断,所用公式如下:Step S43: For the first verification, gateway node GW j calculates F 2 * and verifies whether F 2 * is equal to F 2 . If F 2 * =F 2 , authenticate user i. Otherwise, the session is interrupted. The formula used is as follows: F2 *=h(T2 *||r3 *||F1 *||IDg);F 2 * =h (T 2 * ||r 3 * ||F 1 * ||ID g ); 式中,F2 *是网关节点GWj计算得到的哈希值;In the formula, F 2 * is the hash value calculated by the gateway node GW j ; 步骤S44:网关节点第二次计算,网关节点GWj生成一个随机数r4,并计算R4、R5和R6,所用公式如下:Step S44: The gateway node calculates for the second time. The gateway node GW j generates a random number r4 and calculates R 4 , R 5 and R 6 . The formula used is as follows: R4=h(IDsn||R1||Ssn||r4||T3);R 4 =h(ID sn ||R 1 ||S sn ||r 4 ||T 3 ); R5=(r3 *||T3||r4)⊕SsnR 5 = (r 3 * ||T 3 ||r 4 )⊕S sn ; R6=R1⊕h(IDsn||h(r4)||r3 *);R 6 =R 1 ⊕h(ID sn ||h(r 4 )||r 3 * ); 式中,R4是网关节点GWj计算得到的哈希值,R5是异或运算得到的值,R6是异或运算得到的值;In the formula, R 4 is the hash value calculated by the gateway node GW j , R 5 is the value obtained by the XOR operation, and R 6 is the value obtained by the XOR operation; 步骤S45:网关节点第一次发送请求,网关节点GWj向传感器设备节点SNk发送{IDsn,R4,R5,R6};Step S45: The gateway node sends a request for the first time, and the gateway node GW j sends {ID sn , R 4 , R 5 , R 6 } to the sensor device node SN k ; 步骤S46:传感器设备节点第一次计算,传感器设备节点SNk接收{IDsn,R4,R5,R6}后,在时间戳T4计算h(r3 **||r4 *||T3 *),所用公式如下:Step S46: The sensor device node calculates for the first time. After the sensor device node SN k receives {ID sn , R 4 , R 5 , R 6 }, it calculates h (r 3 ** ||r 4 * | at timestamp T 4 |T 3 * ), the formula used is as follows: r3 **=h(PWi *||IDi)⊕r3⊕h(PWi *||IDir 3 ** =h(PW i * ||ID i )⊕r 3 ⊕h(PW i * ||ID i ) r4 *=h(PWi||IDi)⊕r4⊕h(PWi||IDir 4 * =h(PW i ||ID i )⊕r 4 ⊕h(PW i ||ID i ) T3 *=h(T3);T 3 * =h(T 3 ); h(r3 **||r4 *||T3 *)=R5⊕Ssnh(r 3 ** ||r 4 * ||T 3 * )=R 5 ⊕S sn ; 式中,h(r3 **||r4 *||T3 *)是异或运算得到的值,r3 **是异或运算得到的值,r4 *是异或运算得到的值,T3 *是对时间戳T3进行哈希运算得到的哈希值;In the formula, h (r 3 ** ||r 4 * ||T 3 * ) is the value obtained by the exclusive OR operation, r 3 ** is the value obtained by the exclusive OR operation, r 4 * is the value obtained by the exclusive OR operation , T 3 * is the hash value obtained by hashing the timestamp T 3 ; 步骤S47:第二次检查,传感器设备节点SNk检查(T4-T3)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T4-T3)<ΔT,则进行下一步骤,否则,终止会话;Step S47: For the second check, the sensor device node SN k checks whether (T 4 -T 3 ) is less than the maximum allowable transmission delay ΔT of the transmitter and receiver. If (T 4 -T 3 ) <ΔT, proceed to the next step. Step, otherwise, terminate the session; 步骤S48:传感器设备节点第二次计算,所用公式如下:Step S48: The sensor device node is calculated for the second time. The formula used is as follows: R1 *=R6⊕h(IDsn||h(r4 *)||r3 **);R 1 * =R 6 ⊕h (ID sn ||h (r 4 * ) ||r 3 ** ); R4 *=h(IDsn||R1 *||Ssn||r4 *||T3 *);R 4 * =h (ID sn ||R 1 * ||S sn ||r 4 * ||T 3 * ); 式中,R1 *是异或运算得到的值,R4 *是传感器设备节点SNk计算得到的哈希值;In the formula, R 1 * is the value obtained by the XOR operation, and R 4 * is the hash value calculated by the sensor device node SN k ; 步骤S49:第三次检查,传感器设备节点SNk检查R4 *是否等于R4,若R4 *=R4,则进行下一步骤,否则,终止会话;Step S49: For the third check, the sensor device node SN k checks whether R 4 * is equal to R 4 . If R 4 * =R 4 , proceed to the next step. Otherwise, terminate the session; 步骤S410:传感器设备节点第三次计算,传感器设备节点SNk生成一个随机数r5,并计算SKi、B1和B2,所用公式如下:Step S410: The sensor device node calculates for the third time. The sensor device node SN k generates a random number r5 and calculates SK i , B 1 and B 2 . The formula used is as follows: SKi=h(R1 *||r3 **||r4 *||r5);SK i =h(R 1 * ||r 3 ** ||r 4 * ||r 5 ); B1=h(T4||r5||Ssn||IDsn||T3||SKi);B 1 =h (T 4 ||r 5 ||S sn ||ID sn ||T 3 ||SK i ); B2=h(r5||T4)⊕r4 *B 2 =h(r 5 ||T 4 )⊕r 4 * ; 式中,SKi是传感器设备节点SNk的密钥,B1是用于验证和识别身份的哈希值,B2是用于验证数据完整性的哈希值;In the formula, SK i is the key of the sensor device node SN k , B 1 is the hash value used to verify and identify the identity, and B 2 is the hash value used to verify data integrity; 步骤S411:传感器设备节点发送消息,传感器设备节点SNk向网关节点GWj发送{B1,B2};Step S411: The sensor device node sends a message, and the sensor device node SN k sends {B 1 , B 2 } to the gateway node GW j ; 步骤S412:网关节点第三次计算,网关节点GWj接收{B1,B2}后,在时间戳T5计算h(r5 *||T4 *),所用公式如下:Step S412: The gateway node calculates for the third time. After the gateway node GW j receives {B 1 , B 2 }, it calculates h (r 5 * ||T 4 * ) at the timestamp T 5 . The formula used is as follows: r5 *=h(PWi||IDi)⊕r5⊕h(PWi||IDir 5 * =h(PW i ||ID i )⊕r 5 ⊕h(PW i ||ID i ) T4 *=h(T4);T 4 * =h(T 4 ); h(r5 *||T4 *)=B2⊕r4h(r 5 * ||T 4 * )=B 2 ⊕r 4 ; 式中,h(r5 *||T4 *)是异或运算得到的值,r5 *是异或运算得到的值,T4 *是对时间戳T4进行哈希运算得到的哈希值;In the formula, h (r 5 * ||T 4 * ) is the value obtained by the XOR operation, r 5 * is the value obtained by the XOR operation, and T 4 * is the hash obtained by hashing the timestamp T 4 value; 步骤S413:第四次检查,网关节点GWj检查(T5-T4)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T5-T4)<ΔT,则进行下一步骤,否则,终止会话;Step S413: For the fourth check, the gateway node GW j checks whether (T 5 -T 4 ) is less than the maximum allowable transmission delay ΔT of the sender and receiver. If (T 5 -T 4 ) <ΔT, proceed to the next step. , otherwise, terminate the session; 步骤S414:第二次验证,网关节点GWj计算B1 *,并验证B1 *是否等于B1,若B1 *=B1,则对传感器设备节点SNk进行验证,否则,终止会话,所用公式如下:Step S414: For the second verification, the gateway node GW j calculates B 1 * and verifies whether B 1 * is equal to B 1 . If B 1 * =B 1 , then verify the sensor device node SN k . Otherwise, terminate the session. The formula used is as follows: B1 *=h(T4 *||r5 *||Ssn||IDsn||T3 *||SKi);B 1 * =h (T 4 * ||r 5 * ||S sn ||ID sn ||T 3 * ||SK i ); 式中,B1 *是网关节点GWj计算得到的哈希值;In the formula, B 1 * is the hash value calculated by the gateway node GW j ; 步骤S415:网关节点第四次计算,所用公式如下:Step S415: The gateway node calculates for the fourth time. The formula used is as follows: R7=h(SKi||R1||r4||T5||R4);R 7 =h (SK i ||R 1 ||r 4 ||T 5 ||R 4 ); R8=h(r5 *||r4||T5)⊕r3 *R 8 =h(r 5 * ||r 4 ||T 5 )⊕r 3 * ; 式中,R7是网关节点GWj计算得到的哈希值,R8是异或运算得到的值;In the formula, R 7 is the hash value calculated by the gateway node GW j , and R 8 is the value obtained by the XOR operation; 步骤S416:网关节点第二次发送请求,网关节点GWj向用户i发送{R4,R7,R8};Step S416: The gateway node sends a request for the second time, and the gateway node GW j sends {R 4 , R 7 , R 8 } to user i; 步骤S417:智能卡第三次计算,用户i接收{R4,R7,R8}后,在时间戳T6计算h(r5 **||r4 *||T5 *),所用公式如下:Step S417: The smart card calculates for the third time. After user i receives {R 4 , R 7 , R 8 }, it calculates h (r 5 ** ||r 4 * ||T 5 * ) at timestamp T 6 , using the formula as follows: r5 **=HIDi⊕h(PWi||IDi);r 5 ** =HID i ⊕h (PW i ||ID i ); T5 *=h(T5);T 5 * =h (T 5 ); h(r5 **||r4 *||T5 *)=R8⊕r3h(r 5 ** ||r 4 * ||T 5 * )=R 8 ⊕r 3 ; 式中,h(r5 **||r4 *||T5 *)是异或运算得到的值,r5 **是异或运算得到的值,T5 *是对时间戳T5进行哈希运算得到的哈希值;In the formula, h (r 5 ** ||r 4 * ||T 5 * ) is the value obtained by the exclusive OR operation, r 5 ** is the value obtained by the exclusive OR operation, and T 5 * is performed on the timestamp T 5 The hash value obtained by the hash operation; 步骤S418:第五次检查,智能卡SC检查(T6-T5)是否小于发送器和接收器的最大允许传输延迟ΔT,若(T6-T5)<ΔT,则进行下一步骤,否则,终止会话;Step S418: The fifth check, the smart card SC checks whether (T 6 -T 5 ) is less than the maximum allowable transmission delay ΔT of the sender and receiver. If (T 6 -T 5 ) < ΔT, proceed to the next step, otherwise , terminate the session; 步骤S419:第三次验证,智能卡SC计算R7 *,并验证R7 *是否等于R7,若R7 *=R7,则身份验证成功,设备激活,否则,会话中断,所用公式如下:Step S419: For the third verification, the smart card SC calculates R 7 * and verifies whether R 7 * is equal to R 7 . If R 7 * =R 7 , the authentication is successful and the device is activated. Otherwise, the session is interrupted. The formula used is as follows: R7 *=h(SKi||h(HPWi||T1)||r4 *||T5 *||R4);R 7 * =h (SK i ||h (HPW i ||T 1 ) ||r 4 * ||T 5 * ||R 4 ); 式中,R7 *是智能卡SC计算得到的哈希值。In the formula, R 7 * is the hash value calculated by the smart card SC. 3.根据权利要求1所述的一种护士站信息交互平台认证管理方法,其特征在于:在步骤S1中,所述数据保存具体包括以下步骤:3. A nurse station information interaction platform authentication management method according to claim 1, characterized in that: in step S1, the data saving specifically includes the following steps: 步骤S11:计算网关节点私钥,所用公式如下:Step S11: Calculate the private key of the gateway node. The formula used is as follows: Sg=h(IDg||SBC);S g =h(ID g ||S BC ); 式中,Sg是网关节点的私钥,h()是哈希函数,IDg是网关节点的标识符,SBC是区块链中心BC的私钥,||是拼接操作;In the formula, S g is the private key of the gateway node, h () is the hash function, ID g is the identifier of the gateway node, S BC is the private key of the blockchain center BC, || is the splicing operation; 步骤S12:计算共享密钥,所用公式如下:Step S12: Calculate the shared key, the formula used is as follows: Ssn=h(IDsn||SBC);S sn =h(ID sn ||S BC ); 式中,Ssn是网关节点和传感器设备节点之间的共享密钥,IDsn是传感器设备节点的标识符;In the formula, S sn is the shared key between the gateway node and the sensor device node, and ID sn is the identifier of the sensor device node; 步骤S13:密钥库保存,{IDsn,Ssn}由区块链中心BC保存在传感器设备节点SNk中;Step S13: The key database is saved, {ID sn , S sn } is saved in the sensor device node SN k by the blockchain center BC; 步骤S14:区块链中心保存并发送至网关节点,区块链中心BC保存{IDg,Sg,IDsn,Ssn},并将其发送到网关节点GWjStep S14: The blockchain center saves and sends it to the gateway node. The blockchain center BC saves {ID g , S g , ID sn , S sn } and sends it to the gateway node GW j ; 步骤S15:信息入库,所有护士站主机在出厂时需记录批次与设备硬件信息至设备库中,记录主板序列号等关键信息入库;Step S15: Information is stored in the database. All nurse station hosts need to record batch and equipment hardware information into the equipment library when leaving the factory, and record key information such as the motherboard serial number and store it in the database; 步骤S16:加密生成激活序列文件,其中包含硬件信息、平台模块模块配置内容、账号等加密内容;Step S16: Encrypt and generate an activation sequence file, which contains hardware information, platform module module configuration content, account number and other encrypted content; 在步骤S2中,所述用户注册具体包括以下步骤:In step S2, the user registration specifically includes the following steps: 步骤S21:计算用户密码的哈希值,用户选择唯一的ID和密码,并生成一个随机数r1,计算密码的哈希值,将{IDi,HPWi}发送给网关节点GWj,所用公式如下:Step S21: Calculate the hash value of the user's password, the user selects a unique ID and password, and generates a random number r 1 , calculates the hash value of the password, and sends {ID i , HPW i } to the gateway node GW j , using The formula is as follows: HPWi=h(r1||PWi);HPW i =h(r 1 ||PW i ); 式中,HPWi是用户i密码的哈希值,IDi是用户i的ID,PWi是用户i的密码;In the formula, HPW i is the hash value of user i’s password, ID i is the ID of user i, and PW i is the password of user i; 步骤S22:计算哈希值,网关节点GWj接收到{IDi,HPWi}后,使用伪随机数生成器生成一个随机数r2,在时间戳T1计算R1、R2和R3,所用公式如下:Step S22: Calculate the hash value. After receiving {ID i , HPW i }, the gateway node GW j uses a pseudo-random number generator to generate a random number r 2 and calculates R 1 , R 2 and R 3 at the timestamp T 1 , the formula used is as follows: R1=h(HPWi||T1);R 1 =h(HPW i ||T 1 ); R2=h(HPWi||IDg);R 2 =h(HPW i ||ID g ); R3=h(R1||r2||Sg)⊕h(HPWi||T1);R 3 =h(R 1 ||r 2 ||S g )⊕h(HPW i ||T 1 ); 式中,||是字符串连接操作,⊕是异或操作,R1是用户i密码的哈希值和时间戳T1的结合并用哈希函数计算哈希值,R2是用户i密码的哈希值和网关节点的标识符IDg的结合并计算哈希值,R3是异或操作后计算哈希值;In the formula, || is a string concatenation operation, ⊕ is an XOR operation, R 1 is the combination of the hash value of user i’s password and the timestamp T 1 and uses a hash function to calculate the hash value, R 2 is the hash value of user i’s password The hash value is combined with the identifier ID g of the gateway node and the hash value is calculated. R 3 is the hash value calculated after the XOR operation; 步骤S23:智能卡保存,网关节点GWj将{r2,T1,IDg,h(),R1,R2,R3}保存在存储用户标识信息的智能卡SC中,并将其发送给用户i;Step S23: Smart card saving, gateway node GW j saves {r 2 , T 1 , ID g , h (), R 1 , R 2 , R 3 } in the smart card SC that stores user identification information, and sends it to useri; 步骤S24:计算身份散列值,用户i接收到{r2,T1,IDg,h(),R1,R2,R3}后,计算出身份散列值,并将其写入智能卡SC,所用公式如下:Step S24: Calculate the identity hash value. After user i receives {r 2 , T 1 , ID g , h (), R 1 , R 2 , R 3 }, the identity hash value is calculated and written into For smart card SC, the formula used is as follows: HIDi=h(PWi||IDi)⊕r1HID i =h(PW i ||ID i )⊕r 1 ; 式中,HIDi是用户i的身份散列值。In the formula, HID i is the identity hash value of user i. 4.根据权利要求1所述的一种护士站信息交互平台认证管理方法,其特征在于:在步骤S3中,所述用户登录具体包括以下步骤:4. A nurse station information interaction platform authentication management method according to claim 1, characterized in that: in step S3, the user login specifically includes the following steps: 步骤S31:智能卡插入,用户i将智能卡SC插入读取机,并输入IDi和PWiStep S31: Smart card insertion, user i inserts the smart card SC into the reader and enters ID i and PW i ; 步骤S32:获取数据,用户i选择最近的一个网关节点,建立与传感器设备节点之间的通信链路,获取用户所需的数据;Step S32: Obtain data. User i selects the nearest gateway node, establishes a communication link with the sensor device node, and obtains the data required by the user; 步骤S33:智能卡第一次计算,所用公式如下:Step S33: The first calculation of the smart card, the formula used is as follows: r1 *=HIDi⊕h(PWi||IDi);r 1 * =HID i ⊕h (PW i ||ID i ); HPWi *=h(r1 *||PWi);HPW i * =h (r 1 * ||PW i ); R2 *=h(HPWi *||IDg);R 2 * =h (HPW i * ||ID g ); 式中,r1 *是智能卡SC计算的随机数值,HPWi *是智能卡SC计算的用户i密码的哈希值,R2 *是网关节点生成的随机数;In the formula, r 1 * is the random value calculated by the smart card SC, HPW i * is the hash value of user i's password calculated by the smart card SC, and R 2 * is the random number generated by the gateway node; 步骤S34:验证,智能卡SC检查R2和R2 *是否相等,若R2=R2 *,则验证用户i的IDi和PWi,否则,会话中断;Step S34: Verification, the smart card SC checks whether R 2 and R 2 * are equal. If R 2 =R 2 * , then verify the ID i and PW i of the user i, otherwise, the session is interrupted; 步骤S35:智能卡第二次计算,智能卡SC生成一个随机数r3,在时间戳T2计算F1、F2和F3,所用公式如下:Step S35: The smart card calculates for the second time. The smart card SC generates a random number r 3 and calculates F 1 , F 2 and F 3 at timestamp T 2. The formula used is as follows: F1=R3⊕h(HPWi||T1);F 1 =R 3 ⊕h (HPW i ||T 1 ); F2=h(T2||r3||F1||IDg);F 2 =h(T 2 ||r 3 ||F 1 ||ID g ); F3=h(r3||T2)⊕F1F 3 =h(r 3 ||T 2 )⊕F 1 ; 式中,F1是异或运算得到的值,F2是智能卡SC计算得到的哈希值,F3是异或运算得到的值;In the formula, F 1 is the value obtained by the XOR operation, F 2 is the hash value calculated by the smart card SC, and F 3 is the value obtained by the XOR operation; 步骤S36:发送登录请求,智能卡SC通过公共信道向网关节点GWj发送登录请求{IDsn,F2,F3}。Step S36: Send a login request. The smart card SC sends the login request {ID sn , F 2 , F 3 } to the gateway node GW j through the public channel. 5.根据权利要求1所述的一种护士站信息交互平台认证管理方法,其特征在于:在步骤S5中,所述互联网状态下设备激活认证具体包括以下步骤:5. A nurse station information interaction platform authentication management method according to claim 1, characterized in that: in step S5, the device activation authentication in the Internet state specifically includes the following steps: 步骤S51:平台设备开启,并保证主程序正常工作;Step S51: Turn on the platform device and ensure that the main program works normally; 步骤S52:主程序在正常联网状态下,根据设备中保存的公钥内容,通过加密算法生成设备信息动态码;Step S52: In a normal networking state, the main program generates a device information dynamic code through an encryption algorithm based on the public key content saved in the device; 步骤S53:服务端在输入动态码,根据私钥文件解密获得硬件设备信息及IP地址网关等内容,通过UDP通信协议向该平台设备发送激活邀请协议①;Step S53: The server inputs the dynamic code, decrypts the private key file to obtain the hardware device information and IP address gateway, etc., and sends the activation invitation agreement ① to the platform device through the UDP communication protocol; 步骤S54:平台设备接收到激活邀请协议①,响应并提供设备信息至护士站服务端认证激活UDP协议②,同时引入身份验证机制;Step S54: The platform device receives the activation invitation protocol ①, responds and provides device information to the nurse station server to authenticate the activation UDP protocol ②, and introduces an identity verification mechanism; 步骤S55:护士站服务端接收到认证激活UDP协议②后,记录和发送认证序列内容TCP协议③给指定设备;Step S55: After receiving the authentication activation UDP protocol ②, the nurse station server records and sends the authentication sequence content TCP protocol ③ to the designated device; 步骤S56:平台设备接收到认证序列内容TCP协议③后,将序列文件内容保存至内部存储共有目录下,并设置文件为只读模式,成功保存文件后发送确认认证激活协议④,并加入失败重试机制;Step S56: After the platform device receives the authentication sequence content TCP protocol ③, it saves the sequence file content to the internal storage shared directory, and sets the file to read-only mode. After successfully saving the file, it sends the confirmation authentication activation protocol ④, and adds the failed retry. test mechanism; 步骤S57:护士站服务端确认接收到确认认证激活协议④后,记录当前设备信息和序列文件信息至数据库,完成认证;Step S57: After confirming receipt of the confirmation authentication activation protocol ④, the nurse station server records the current device information and sequence file information to the database to complete the authentication; 步骤S58:完成认证设备进行重启后,系统主程序会检查步骤S56中存放的认证序列文件,使用序列文件内容,完成平台系统功能初始化,并请求服务器完成token内容注册和激活,完成认证,读取平台系统功能配置开始运行平台多应用系统;若文件读失败或文件无效,重新进入到步骤S53等待。Step S58: After the authentication device is restarted, the system main program will check the authentication sequence file stored in step S56, use the contents of the sequence file to complete the platform system function initialization, and request the server to complete token content registration and activation, complete authentication, and read The platform system function configuration starts to run the platform multi-application system; if the file reading fails or the file is invalid, re-enter step S53 and wait. 6.根据权利要求1所述的一种护士站信息交互平台认证管理方法,其特征在于:在步骤S6中,所述无网络状态下设备激活认证具体包括以下步骤:6. A nurse station information interaction platform authentication management method according to claim 1, characterized in that: in step S6, the device activation authentication in the non-network state specifically includes the following steps: 步骤S61:平台设备开启,并保证主程序正常工作;Step S61: Turn on the platform device and ensure that the main program works normally; 步骤S62:保证蓝牙模块正常无损坏,通过传输工具在系统存储位置记录认证设备公钥文件和认证序列表文件;Step S62: Ensure that the Bluetooth module is normal and not damaged, and record the authentication device public key file and authentication sequence list file in the system storage location through the transmission tool; 步骤S63:认证设备通过蓝牙扫描配对,私钥加密发送激活设备认证BLE协议①,同时引入身份验证机制;Step S63: The authentication device is paired through Bluetooth scanning, the private key is encrypted and sent to activate the device authentication BLE protocol ①, and an identity verification mechanism is introduced; 步骤S64:平台设备持续保存设备认证BLE协议①,遇到指定结尾内容,停止内容解析接收,同时引入错误处理机制;Step S64: The platform device continues to save the device authentication BLE protocol ①. When encountering the specified ending content, it stops content parsing and reception, and introduces an error handling mechanism; 步骤S65:平台设备利用公钥文件解析协议内容,截取指定字节内容;Step S65: The platform device uses the public key file to parse the protocol content and intercept the specified byte content; 步骤S66:若平台设备已完成认证激活,则保存设备认证BLE协议①中指定字节解析的发送端设备信息,加入认证序列表文件,并拼接设备信息反馈确认激活BLE协议②,随后断开蓝牙链接,固定间隔时间后,重新返回步骤步骤S63;Step S66: If the platform device has completed authentication activation, save the sending device information of the specified byte parsing in the device authentication BLE protocol ①, add the authentication sequence list file, and splice the device information feedback to confirm the activation of the BLE protocol ②, and then disconnect Bluetooth Link, after a fixed interval, return to step S63; 步骤S67:若平台设备未认证激活,则拼接设备信息反馈确认激活BLE协议②;Step S67: If the platform device has not been authenticated and activated, the splicing device information feedback confirms the activation of the BLE protocol ②; 步骤S68:认证设备密钥盒接收到BLE协议②,根据自身私钥文件解析并截取指定字节内容,若对应步骤S66保存的设备信息,则记录该认证设备,加入认证序列表文件,并直接停止步骤断开蓝牙,固定间隔时间后,重新返回步骤步骤S63;若对应步骤步骤S67生成的设备认证序列,则转至步骤S69;若指定时间内未接收到BLE协议②,则在认证序列表文件移除该设备,断开蓝牙,固定间隔时间后,重新返回步骤步骤S63,过程中加入身份验证机制;Step S68: The authentication device key box receives the BLE protocol ②, parses and intercepts the specified byte content according to its own private key file, and if it corresponds to the device information saved in step S66, records the authentication device, adds the authentication sequence list file, and directly The stop step disconnects Bluetooth, and after a fixed interval, returns to step S63; if it corresponds to the device authentication sequence generated in step S67, go to step S69; if the BLE protocol ② is not received within the specified time, in the authentication sequence list The file removes the device, disconnects Bluetooth, and returns to step S63 after a fixed interval, adding an identity authentication mechanism in the process; 步骤S69:认证设备拼接私钥文件内容与设备认证序列内容,加密发送认证激活BLE协议③;Step S69: The authentication device splices the content of the private key file and the content of the device authentication sequence, and encrypts and sends the authentication to activate the BLE protocol ③; 步骤S610:平台设备保存BLE协议③,遇到指定结尾内容,停止内容解析接收,利用公钥内容,解析协议内容,完成认证序列内容和公钥内容保存,并记录当前发送端认证设备加入认证序列表文件,断开蓝牙链接,过程中采用错误处理机制;Step S610: The platform device saves the BLE protocol ③. When encountering the specified ending content, it stops content parsing and reception, uses the public key content to parse the protocol content, completes the storage of the authentication sequence content and public key content, and records that the current sending end authentication device has joined the authentication sequence. List file, disconnect the Bluetooth link, and use an error handling mechanism in the process; 步骤S611:所有完成认证的平台设备开启感染激活区块链算法,代替认证设备密钥盒进行步骤S63,对所有处于步骤S62的附近设备进行BLE协议通;Step S611: All platform devices that have completed authentication turn on the infection activation blockchain algorithm, proceed to step S63 instead of the authentication device key box, and perform BLE protocol communication on all nearby devices in step S62; 步骤S612:上述操作可通过蓝牙基站巩固步骤S63至步骤S610,只作为数据中转,不影响实际认证结果;Step S612: The above operation can be consolidated from step S63 to step S610 through the Bluetooth base station, which is only used as data transfer and does not affect the actual authentication result; 步骤S613:当设备处于局域网或者互联网状态下,随机导入任意一台认证设备的认证序列表文件至信息交互服务器,即可直接完成所有设备注册初始化使用;Step S613: When the device is in the LAN or Internet state, randomly import the authentication sequence list file of any authentication device to the information exchange server to directly complete the registration, initialization and use of all devices; 步骤S614:增加日志记录和监测功能,定期检查系统的运行状况。Step S614: Add logging and monitoring functions to regularly check the operating status of the system. 7.根据权利要求1所述的一种护士站信息交互平台认证管理方法,其特征在于:在步骤S7中,所述密码更改具体包括以下步骤:7. A nurse station information interaction platform authentication management method according to claim 1, characterized in that: in step S7, the password change specifically includes the following steps: 步骤S71:智能卡插入,用户i将智能卡SC插入读取机,并输入IDi和PWi;步骤S72:智能卡第一次计算,所用公式如下:Step S71: Smart card insertion, user i inserts the smart card SC into the reader, and inputs ID i and PW i ; Step S72: Smart card calculation for the first time, the formula used is as follows: r1 *=HIDi⊕h(PWi||IDi);r 1 * =HID i ⊕h (PW i ||ID i ); HPWi *=h(r1 *||PWi);HPW i * =h (r 1 * ||PW i ); R2 *=h(HPWi *||IDg);R 2 * =h (HPW i * ||ID g ); h(R1||r2||Sg)=R3⊕h(HPWi||T1);h(R 1 ||r 2 ||S g )=R 3 ⊕h(HPW i ||T 1 ); 式中,r1 *是智能卡SC计算的随机数值,HPWi *是智能卡SC计算的用户i密码的哈希值,R2 *是网关节点生成的随机数,h(R1||r2||Sg)是异或运算得到的值;In the formula, r 1 * is the random value calculated by the smart card SC, HPW i * is the hash value of user i's password calculated by the smart card SC, R 2 * is the random number generated by the gateway node, h (R 1 ||r 2 | |S g ) is the value obtained by the XOR operation; 步骤S73:验证,智能卡SC检查R2和R2 *是否相等,若R2=R2 *,则验证用户i的IDi和PWi,否则,会话中断;Step S73: Verification, the smart card SC checks whether R 2 and R 2 * are equal. If R 2 =R 2 * , then verify the ID i and PW i of the user i, otherwise, the session is interrupted; 步骤S74:输入新密码,用户i输入新密码PWi newStep S74: Enter a new password, user i enters a new password PW i new ; 步骤S75:智能卡第二次计算,智能卡SC使用伪随机数生成器生成一个新的随机数r1 new,所用公式如下:Step S75: The smart card calculates for the second time. The smart card SC uses a pseudo-random number generator to generate a new random number r 1 new , and the formula used is as follows: HIDi new=r1 new⊕h(PWi new||IDi);HID i new =r 1 new ⊕h (PW i new ||ID i ); HPWi new=h(r1 *||PWi new);HPW i new =h(r 1 * ||PW i new ); R2 new=h(HPWi new||IDg);R 2 new =h(HPW i new ||ID g ); R3 new=h(R1||r2||Sg)⊕h(PWi new||T1);R 3 new =h(R 1 ||r 2 ||S g )⊕h(PW i new ||T 1 ); 式中,HIDi new是用户i的新的身份散列值,HPWi new是智能卡SC计算的用户i密码的新的哈希值,R2 new是新的随机数,R3 new是异或运算得到的值;In the formula, HID i new is the new identity hash value of user i, HPW i new is the new hash value of user i password calculated by smart card SC, R 2 new is the new random number, R 3 new is XOR The value obtained by the operation; 步骤S76:替换,智能卡SC将R2、R3和HID替换为相应的新值R2 new、R3 new和HIDi new,密码更改成功。Step S76: Replacement, the smart card SC replaces R 2 , R 3 and HID with the corresponding new values R 2 new , R 3 new and HID i new , and the password is changed successfully. 8.根据权利要求1所述的一种护士站信息交互平台认证管理方法,其特征在于:在步骤S8中,所述新的传感器设备节点连接具体包括以下步骤:8. A nurse station information interaction platform authentication management method according to claim 1, characterized in that: in step S8, the new sensor device node connection specifically includes the following steps: 步骤S81:计算共享密钥并保存,区块链中心BC选择新的传感器设备节点SNk,计算新的共享密钥,并存储{SNk,Ssn},所用公式如下:Step S81: Calculate the shared key and save it. The blockchain center BC selects the new sensor device node SN k , calculates the new shared key, and stores {SN k , S sn }. The formula used is as follows: Ssn=h(IDsn||SBC);S sn =h(ID sn ||S BC ); 式中,Ssn是网关节点和新的传感器设备节点之间的共享密钥,IDsn是新的传感器设备节点的标识符;In the formula, S sn is the shared key between the gateway node and the new sensor device node, and ID sn is the identifier of the new sensor device node; 步骤S82:区块链中心发送至网关节点,区块链中心BC发送{SNk,Ssn}至网关节点GWjStep S82: The blockchain center sends to the gateway node, and the blockchain center BC sends {SN k , S sn } to the gateway node GW j ; 步骤S83:网关节点存储并更新密钥库,网关节点GWj存储{SNk,Ssn},并更新密钥库中的信息。Step S83: The gateway node stores and updates the key database, and the gateway node GW j stores {SN k , S sn } and updates the information in the key database. 9.一种护士站信息交互平台认证管理系统,用于实现如权利要求1-8中任一项所述的一种护士站信息交互平台认证管理方法,其特征在于:包括数据保存模块、用户注册模块、用户登录模块、局域网状态下设备激活认证模块、互联网状态下设备激活认证模块、无网络状态下设备激活认证模块、密码更改模块和新的传感器设备节点连接模块。9. A nurse station information interaction platform authentication management system, used to implement a nurse station information interaction platform authentication management method as claimed in any one of claims 1 to 8, characterized by: including a data storage module, a user Registration module, user login module, device activation authentication module in LAN status, device activation authentication module in Internet status, device activation authentication module in non-network status, password change module and new sensor device node connection module. 10.根据权利要求9所述的一种护士站信息交互平台认证管理系统,其特征在于:所述数据保存模块采用哈希函数计算私钥和共享密钥,保存信息到密钥库,加密生成激活序列文件,并将激活序列文件发送至用户注册模块;10. A nurse station information interaction platform authentication management system according to claim 9, characterized in that: the data saving module uses a hash function to calculate the private key and the shared key, save the information to the key library, and encrypt and generate Activate the sequence file and send the activated sequence file to the user registration module; 所述用户注册模块接收数据保存模块发送的激活序列文件,用户选择唯一的ID和密码,计算用户密码的哈希值和身份散列值,将其保存到智能卡中;The user registration module receives the activation sequence file sent by the data storage module, the user selects a unique ID and password, calculates the hash value and identity hash value of the user password, and saves it to the smart card; 所述用户登录模块用户将智能卡插入读取机,并输入ID和密码,通过哈希值和随机数的计算、session的断开和失败机制提供安全认证的可靠性,并将登录请求发送至局域网状态下设备激活认证模块、互联网状态下设备激活认证模块和无网络状态下设备激活认证模块;The user login module inserts the smart card into the reader and enters the ID and password. It provides the reliability of security authentication through the calculation of hash value and random number, session disconnection and failure mechanism, and sends the login request to the LAN. The device activation authentication module in the state, the device activation authentication module in the Internet state and the device activation authentication module in the non-network state; 所述局域网状态下设备激活认证模块接收用户登录模块发送的登录请求,采用完整的认证过程,利用哈希值和异或运算对数据加密、验证和防篡改,通过比较时间戳和设定最大允许传输延迟避免过大延迟和出现数据过期的问题,运用多次验证机制提高安全性和可靠性,并将认证结果发送至密码更改模块;The device activation authentication module in the LAN state receives the login request sent by the user login module, adopts a complete authentication process, uses hash values and XOR operations to encrypt, verify and prevent tampering of data, and compares timestamps and sets the maximum allowable Transmission delay avoids excessive delays and data expiration issues, uses multiple verification mechanisms to improve security and reliability, and sends the verification results to the password change module; 所述互联网状态下设备激活认证模块接收用户登录模块发送的登录请求,在认证过程中引入身份验证机制,确保激活请求来自合法的设备,并防止恶意激活请求,加入失败重试机制,确保数据的正确传输和保存,双机制增加认证的安全性和流程的稳定性,并将认证结果发送至密码更改模块;The device activation authentication module in the Internet state receives the login request sent by the user login module, introduces an identity verification mechanism during the authentication process, ensures that the activation request comes from a legitimate device, and prevents malicious activation requests, and adds a failed retry mechanism to ensure data security. Correctly transmit and save, the dual mechanism increases the security of authentication and the stability of the process, and sends the authentication result to the password change module; 所述无网络状态下设备激活认证模块接收用户登录模块发送的登录请求,采用BLE协议和身份验证机制进行认证,并将认证结果发送至密码更改模块;The device activation authentication module in the non-network state receives the login request sent by the user login module, uses the BLE protocol and identity verification mechanism for authentication, and sends the authentication result to the password change module; 所述密码更改模块接收局域网状态下设备激活认证模块、互联网状态下设备激活认证模块和无网络状态下设备激活认证模块发送的认证结果,用户将智能卡插入读取机,输入ID和密码,智能卡计算相关随机数值和哈希值,并进行身份验证,若验证通过,则输入新密码并修改智能卡内的相关信息,否则,会话中断;The password change module receives the authentication results sent by the device activation authentication module in the LAN state, the device activation authentication module in the Internet state, and the device activation authentication module in the non-network state. The user inserts the smart card into the reader, enters the ID and password, and the smart card calculates Relevant random values and hash values, and perform identity verification. If the verification is passed, enter a new password and modify the relevant information in the smart card. Otherwise, the session will be interrupted; 所述新的传感器设备节点连接模块选择新的传感器设备节点,计算新的共享密钥,保存相关信息并将其发送至网关节点,网关节点存储并更新密钥库中的信息,完成新的传感器设备节点连接。The new sensor device node connection module selects a new sensor device node, calculates a new shared key, saves relevant information and sends it to the gateway node. The gateway node stores and updates the information in the key database to complete the new sensor Device node connection.
CN202310822934.2A 2023-07-06 2023-07-06 Authentication management method and system for information interaction platform of nurse station Active CN116781280B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310822934.2A CN116781280B (en) 2023-07-06 2023-07-06 Authentication management method and system for information interaction platform of nurse station

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310822934.2A CN116781280B (en) 2023-07-06 2023-07-06 Authentication management method and system for information interaction platform of nurse station

Publications (2)

Publication Number Publication Date
CN116781280A true CN116781280A (en) 2023-09-19
CN116781280B CN116781280B (en) 2025-05-06

Family

ID=88009867

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310822934.2A Active CN116781280B (en) 2023-07-06 2023-07-06 Authentication management method and system for information interaction platform of nurse station

Country Status (1)

Country Link
CN (1) CN116781280B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117891614A (en) * 2024-03-14 2024-04-16 山西泓禾惜贤科贸有限公司 Big data analysis platform based on cloud service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150069416A (en) * 2013-12-13 2015-06-23 경북대학교 산학협력단 Password Mutual Authentication System and Method for u-Healthcare Environment
CN110234111A (en) * 2019-06-10 2019-09-13 北京航空航天大学 A kind of two-factor authentication key agreement protocol suitable for multiple gateway wireless sensor network
CN111586658A (en) * 2020-04-30 2020-08-25 贵州电网有限责任公司 Bluetooth transmission method and system based on image recognition service in transformer substation
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150069416A (en) * 2013-12-13 2015-06-23 경북대학교 산학협력단 Password Mutual Authentication System and Method for u-Healthcare Environment
CN110234111A (en) * 2019-06-10 2019-09-13 北京航空航天大学 A kind of two-factor authentication key agreement protocol suitable for multiple gateway wireless sensor network
CN111586658A (en) * 2020-04-30 2020-08-25 贵州电网有限责任公司 Bluetooth transmission method and system based on image recognition service in transformer substation
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张志;张巧丽;: "一种改进的无线传感器网络的匿名认证与密钥协商方案", 中南民族大学学报(自然科学版), no. 03, 15 September 2018 (2018-09-15) *
王晨宇;汪定;王菲菲;徐国爱;: "面向多网关的无线传感器网络多因素认证协议", 计算机学报, no. 04, 15 April 2020 (2020-04-15) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117891614A (en) * 2024-03-14 2024-04-16 山西泓禾惜贤科贸有限公司 Big data analysis platform based on cloud service
CN117891614B (en) * 2024-03-14 2024-05-14 山西泓禾惜贤科贸有限公司 Big data analysis platform based on cloud service

Also Published As

Publication number Publication date
CN116781280B (en) 2025-05-06

Similar Documents

Publication Publication Date Title
CN111010376B (en) IoT authentication system and method based on master-slave chain
AU2003284144B2 (en) Lightweight extensible authentication protocol password preprocessing
JP3844762B2 (en) Authentication method and authentication apparatus in EPON
US8321670B2 (en) Securing dynamic authorization messages
CA2573171C (en) Host credentials authorization protocol
CN110267270B (en) Identity authentication method for sensor terminal access edge gateway in transformer substation
US20120102546A1 (en) Method And System For Authenticating Network Device
CN101075869B (en) Method for realizing network certification
CN102624744B (en) Authentication method, device and system of network device and network device
CN102349320A (en) Method and system for authentication in a communication system
CN112436940A (en) Internet of things equipment trusted boot management method based on zero-knowledge proof
KR20230039722A (en) Pre-shared key PSK update method and device
CN116015807A (en) Lightweight terminal security access authentication method based on edge calculation
CN114827150A (en) Internet of things terminal data uplink adaptation method, system and storage medium
CN116781280A (en) A nurse station information interaction platform authentication management method and system
WO2015178597A1 (en) System and method for updating secret key using puf
CN103781026B (en) The authentication method of common authentication mechanism
CN118590884A (en) A secure wireless connection method and system for controlling a ball
CN117097488A (en) Equipment group security verification method based on node path finding
JP2001186186A (en) Device for exchanging packets, network system and method for exchanging packets
CN117375871A (en) A certificate-less authentication method for Internet of Things terminals based on blockchain and TEE
CN112637128B (en) Identity mutual trust method and system for data center host
Dahm et al. RFC 8907: The Terminal Access Controller Access-Control System Plus (TACACS+) Protocol
TWI850187B (en) Trusted mobile device exclusive certificate production system, method and computer readable medium
Dahm et al. The terminal access controller access-control system plus (TACACS+) protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant