[go: up one dir, main page]

CN105516980B - A kind of wireless sensor network token authentication method based on Restful frameworks - Google Patents

A kind of wireless sensor network token authentication method based on Restful frameworks Download PDF

Info

Publication number
CN105516980B
CN105516980B CN201510947805.1A CN201510947805A CN105516980B CN 105516980 B CN105516980 B CN 105516980B CN 201510947805 A CN201510947805 A CN 201510947805A CN 105516980 B CN105516980 B CN 105516980B
Authority
CN
China
Prior art keywords
web server
client
aggregation node
token
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510947805.1A
Other languages
Chinese (zh)
Other versions
CN105516980A (en
Inventor
韩志杰
张勇
吕新宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan University
Original Assignee
Henan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University filed Critical Henan University
Priority to CN201510947805.1A priority Critical patent/CN105516980B/en
Publication of CN105516980A publication Critical patent/CN105516980A/en
Application granted granted Critical
Publication of CN105516980B publication Critical patent/CN105516980B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明公开了一种基于Restful架构的无线传感器网络令牌认证方法,将传感器节点和汇聚节点自组织成为网络,将汇聚节点连接到基于Restful架构的Web服务器,汇聚节点与Web服务器之间采用挑战响应认证,Web服务器与客户端之间采用SSL认证,客户端与汇聚节点之间采用令牌认证,以上所述三种认证均为双向认证,用户通过客户端访问Web服务器获取无线传感器节点的数据。本发明能有效防止恶意攻击者对数据的破坏,保证无线传感器网络中数据的安全。

The invention discloses a token authentication method for a wireless sensor network based on a Restful architecture. Sensor nodes and aggregation nodes are self-organized into a network, the aggregation nodes are connected to a Web server based on a Restful architecture, and a challenge is adopted between the aggregation node and the Web server. Response authentication, SSL authentication is used between the Web server and the client, and token authentication is used between the client and the aggregation node. The above three authentications are two-way authentication, and the user accesses the Web server through the client to obtain the data of the wireless sensor node. . The invention can effectively prevent malicious attackers from destroying data and ensure the safety of data in the wireless sensor network.

Description

一种基于Restful架构的无线传感器网络令牌认证方法A Token Authentication Method for Wireless Sensor Networks Based on Restful Architecture

技术领域technical field

本发明涉及计算机网络技术领域,尤其涉及一种基于Restful架构的无线传感器网络令牌认证方法。The invention relates to the technical field of computer networks, in particular to a token authentication method for a wireless sensor network based on a Restful framework.

背景技术Background technique

无线传感器网络(Wireless Sensor Networks,WSN)是由一组微型传感器节点以自组织方式构成的无线网络,其目的是协作地感知、采集和处理网路覆盖地理区域中感知对象的信息,并发布给观察者。无线传感器网络中的每个传感器具有一个或多个节点,传感器节点通常是一个微型的嵌入式系统。每个节点来监测自己的感知范围对象,监测特定的行为,使用节点来采集数据,将采集到的数据传送到最近的汇聚节点,随后进入汇聚阶段,从接近节点所采集到的数据进行分析和处理,然后将结果根据需要发送给基站,基站将最终结果传送给观察员。A wireless sensor network (Wireless Sensor Networks, WSN) is a wireless network composed of a group of micro sensor nodes in a self-organizing manner. observer. Each sensor in the wireless sensor network has one or more nodes, and the sensor node is usually a miniature embedded system. Each node monitors its own perception range objects, monitors specific behaviors, uses nodes to collect data, and transmits the collected data to the nearest aggregation node, and then enters the aggregation stage to analyze and analyze the data collected from close nodes. Processing, and then sending the results as needed to the base station, which transmits the final result to the observer.

由于传感器网络配置环境一般比较恶劣,加之无线网络本身固有的脆弱性,因而极易受到各种各样的攻击。为保证信息的安全传递,需要有一种机制来验证通信各方身份的合法性。在传统的有线网络中,公钥基础设施有效地解决了这个问题,它通过对数字证书的使用和管理,来提供全面的公钥加密和数字签名服务。通过公钥基础设施,可以将公钥与合法拥有者的身份绑定起来,从而建立并维护一个可信的网络环境。然而,非对称加密体制需要很高的计算、通信和存储开销,这决定了在资源受限的传感器上使用数字签名和公钥证书机制是不可行的。为保证信息的安全传递,需要有一种机制来验证通信各方身份的合法性,必须建立一套综合考虑安全性、效率和性能并进行合理的传感器网络身份认证方案。Due to the poor configuration environment of sensor networks and the inherent vulnerability of wireless networks, they are extremely vulnerable to various attacks. In order to ensure the safe transmission of information, there needs to be a mechanism to verify the legitimacy of the identities of the communicating parties. In the traditional wired network, public key infrastructure effectively solves this problem. It provides comprehensive public key encryption and digital signature services through the use and management of digital certificates. Through the public key infrastructure, the public key can be bound to the identity of the legal owner, thereby establishing and maintaining a trusted network environment. However, asymmetric encryption requires high computation, communication and storage overhead, which makes it infeasible to use digital signature and public key certificate mechanisms on resource-constrained sensors. In order to ensure the safe transmission of information, there needs to be a mechanism to verify the legitimacy of the identities of the communicating parties, and a set of reasonable sensor network identity authentication schemes must be established that comprehensively consider security, efficiency, and performance.

发明内容Contents of the invention

本发明的目的是提供一种基于Restful架构的无线传感器网络令牌认证方法,能有效防止恶意攻击者对数据的破坏,保证无线传感器网络中数据的安全。The purpose of the present invention is to provide a token authentication method for a wireless sensor network based on a Restful architecture, which can effectively prevent malicious attackers from destroying data and ensure the security of data in a wireless sensor network.

本发明采用的技术方案为:一种基于Restful架构的无线传感器网络令牌认证方法,将传感器节点和汇聚节点自组织成为网络,将汇聚节点连接到基于Restful架构的Web服务器,汇聚节点与Web服务器之间采用挑战响应认证,Web服务器与客户端之间采用SSL认证,客户端与汇聚节点之间采用令牌认证,以上所述三种认证均为双向认证,用户通过客户端访问Web服务器获取无线传感器节点的数据。The technical scheme adopted by the present invention is: a wireless sensor network token authentication method based on Restful architecture, which self-organizes sensor nodes and aggregation nodes into a network, connects the aggregation nodes to a Web server based on Restful architecture, and connects the aggregation nodes to the Web server. Challenge-response authentication is used between the Web server and client, SSL authentication is used between the Web server and the client, and token authentication is used between the client and the aggregation node. The above three types of authentication are two-way authentication. data from sensor nodes.

所述的汇聚节点与Web服务器之间的挑战响应认证,包括以下步骤:The challenge response authentication between the described aggregation node and the web server comprises the following steps:

A 汇聚节点向Web服务器发起身份注册请求,进入步骤B;A sink node initiates an identity registration request to the web server and enters step B;

B Web服务器为汇聚节点分配ID,在本地保存汇聚节点的ID信息及与汇聚节点协商得到的认证密钥,并将此ID发送给汇聚节点,进入步骤C;B The Web server assigns an ID to the sink node, saves the ID information of the sink node and the authentication key negotiated with the sink node locally, and sends the ID to the sink node, and enters step C;

C 汇聚节点接收ID信息,向Web服务器发送包含汇聚节点ID信息的认证请求,进入步骤D;C The sink node receives the ID information, sends an authentication request containing the sink node ID information to the Web server, and enters step D;

D Web服务器在本地查询接收到的ID是否存在,若存在,则生成第一随机数并发送给汇聚节点,同时发送给汇聚节点一组函数算法表,进入步骤E;若不存在,进入步骤H;D The web server inquires locally whether the received ID exists, if it exists, generates the first random number and sends it to the sink node, and at the same time sends a set of function algorithm tables to the sink node, and enters step E; if it does not exist, enters step H ;

E汇聚节点采用认证密钥对第一随机数进行加密,并采用函数算法表中的一种算法对加密后的第一随机数再加密,汇聚节点将再加密后的第一随机数以及所选择的加密算法发送给Web服务器,进入步骤F;E The sink node uses the authentication key to encrypt the first random number, and uses an algorithm in the function algorithm table to re-encrypt the encrypted first random number, and the sink node will re-encrypt the first random number and the selected The encryption algorithm is sent to the web server and enters step F;

F Web服务器采用认证密钥对第一随机数进行加密,采用汇聚节点发送的加密算法对加密后的第一随机数再加密,并判断加密结果与汇聚节点发送的再加密后的第一随机数是否一致,若一致,则通过验证,进入步骤G,否则,验证不通过,进入步骤H;F The Web server uses the authentication key to encrypt the first random number, uses the encryption algorithm sent by the sink node to re-encrypt the encrypted first random number, and judges the encrypted result and the re-encrypted first random number sent by the sink node Whether they are consistent, if they are consistent, pass the verification and go to step G, otherwise, fail the verification and go to step H;

G Web服务器与汇聚节点协商得到会话密钥;G Web server negotiates with the aggregation node to obtain the session key;

H Web服务器拒绝接收汇聚节点的数据。The H Web server refuses to receive data from the sink node.

所述的步骤B和步骤G中,Web服务器与汇聚节点采用DH算法分别生成认证秘钥和会话密钥。In the step B and step G, the Web server and the aggregation node use the DH algorithm to generate the authentication key and the session key respectively.

所述的步骤D中的函数算法表为单向Hash函数算法表。The function algorithm table in the step D is a one-way Hash function algorithm table.

所述的客户端与Web服务器之间的令牌认证,依次包括客户端与Web服务器之间的身份认证和客户端与Web服务器之间的身份注册;The token authentication between the client and the Web server includes successively identity authentication between the client and the Web server and identity registration between the client and the Web server;

客户端与Web服务器之间的身份认证,依次包括以下步骤:The identity authentication between the client and the web server includes the following steps in turn:

A1、客户端向Web服务器发起连接请求,并接收Web服务器返回的第一CA证书以及与第一CA证书相关的信息;A1. The client initiates a connection request to the web server, and receives the first CA certificate returned by the web server and information related to the first CA certificate;

B1、客户端验证Web服务器身份的合法性,并保存Web服务器的公钥;B1. The client verifies the legitimacy of the identity of the Web server, and saves the public key of the Web server;

C1、客户端向Web服务器发送第二CA证书;C1. The client sends the second CA certificate to the Web server;

D1、Web服务器验证客户端身份的合法性,并保存客户端的公钥;D1. The web server verifies the legitimacy of the client's identity and saves the client's public key;

E1、客户端将自身支持的通讯对称密码方案发送给Web服务器;E1. The client sends the communication symmetric encryption scheme supported by itself to the Web server;

F1、Web服务器从接收到的通讯对称密码方案中选择一种密码方案,并将此密码方案采用客户端的公钥加密后发送给客户端;F1. The web server selects a cipher scheme from the received communication symmetric cipher schemes, and encrypts the cipher scheme with the client's public key and sends it to the client;

G1、客户端对接收到的加密后的密码方案解密,获得Web服务器选择的密码方案,确定通话密钥,并将通话密钥采用Web服务器的公钥加密后发送给Web服务器;G1. The client decrypts the received encrypted password scheme, obtains the password scheme selected by the Web server, determines the call key, and sends the call key to the Web server after encrypting it with the public key of the Web server;

H1、Web服务器接收加密后的通话密钥,进行解密,获得通话密钥;H1. The web server receives the encrypted call key, decrypts it, and obtains the call key;

客户端与Web服务器之间的身份注册,依次包括以下步骤:The identity registration between the client and the web server includes the following steps in turn:

A2、客户端向Web服务器发起注册请求,并将注册信息通过SSL安全信道发给Web服务器;A2. The client initiates a registration request to the Web server, and sends the registration information to the Web server through the SSL secure channel;

B2、客户端第一次登录时,Web服务器将用户导向授权页,用户自定义个人数据的访问权限,并通过SSL安全信道发给Web服务器;B2. When the client logs in for the first time, the web server directs the user to the authorization page, and the user defines the access rights of personal data, and sends it to the web server through the SSL secure channel;

C2、Web服务器将用户授权情况存入访问控制列表,根据用户的用户名、密码和当前时间生成临时令牌,并将临时令牌发送给客户端;C2. The web server stores the user authorization status in the access control list, generates a temporary token according to the user name, password and current time of the user, and sends the temporary token to the client;

D2、客户端使用临时令牌向Web服务器发出数据操作请求;D2. The client uses the temporary token to send a data operation request to the Web server;

E2、Web服务器判断临时令牌是否失效,若失效要求客户端重新进行登录操作并生成新的临时令牌发送给客户端作为凭证;若令牌未失效,则回应客户端的请求。E2. The web server judges whether the temporary token is invalid. If it is invalid, the client is required to log in again and generate a new temporary token and send it to the client as a certificate; if the token is not invalid, it responds to the client's request.

所述的步骤C2中,若用户拥有私人汇聚节点,Web服务器也将生成的临时令牌发送给汇聚节点。In step C2, if the user has a private sink node, the web server will also send the generated temporary token to the sink node.

在客户端与汇聚节点之间的令牌认证过程中,用户在购买私人汇聚节点时,获取一个唯一标识编号,Web服务器将此汇聚节点的ID与此标识编号进行绑定。During the token authentication process between the client and the sink node, the user obtains a unique identification number when purchasing a private sink node, and the Web server binds the ID of the sink node to the identification number.

客户端与汇聚节点之间的令牌认证过程,依次包括以下步骤:The token authentication process between the client and the sink node includes the following steps in turn:

A3、客户端向Web服务器发起注册请求,填写私人汇聚节点的ID与标识编号;A3. The client initiates a registration request to the web server, and fills in the ID and identification number of the private aggregation node;

B3、Web服务器接收客户端的注册信息,若发现汇聚节点的ID与标识编号匹配,则承认此汇聚节点为此用户的私人汇聚节点,并在客户端登陆后生成临时令牌时,将临时令牌发送给客户端的同时发送给用户的私人汇聚节点;B3. The web server receives the registration information of the client, and if it finds that the ID of the sink node matches the identification number, it recognizes that the sink node is the private sink node of the user, and when the temporary token is generated after the client logs in, the temporary token will be While sending to the client, it is also sent to the user's private sink node;

C3、用户的私人汇聚节点接收到临时令牌,客户端通过临时令牌与私人汇聚节点进行连接。C3. The user's private sink node receives the temporary token, and the client connects to the private sink node through the temporary token.

本发明将传感器节点和汇聚节点自组织成为网络,将汇聚节点连接到基于Restful架构的Web服务器,汇聚节点与Web服务器之间采用挑战响应认证,Web服务器与客户端之间采用SSL认证,客户端与汇聚节点之间采用令牌认证,以上所述三种认证均为双向认证,用户通过客户端访问Web服务器获取无线传感器节点的数据,本发明所述的基于Restful架构的无线传感器网络令牌认证方法,能有效防止恶意攻击者对数据的破坏,保证无线传感器网络中数据的安全。The present invention self-organizes sensor nodes and convergence nodes into a network, connects the convergence nodes to a Web server based on the Restful architecture, adopts challenge response authentication between the convergence node and the Web server, adopts SSL authentication between the Web server and the client, and adopts SSL authentication between the client and the client. Token authentication is adopted between the aggregation node, the above three authentications are two-way authentication, the user accesses the Web server through the client to obtain the data of the wireless sensor node, the wireless sensor network token authentication based on the Restful architecture of the present invention The method can effectively prevent malicious attackers from destroying data and ensure the security of data in wireless sensor networks.

附图说明Description of drawings

图1为本发明基于Restful架构的无线传感器网络拓扑图;Fig. 1 is a wireless sensor network topology diagram based on the Restful architecture of the present invention;

图2为本发明中汇聚节点与Web服务器之间的挑战响应认证流程图;Fig. 2 is the challenge response authentication flow chart between aggregation node and Web server among the present invention;

图3为本发明中客户端与Web服务器之间的身份认证流程图;Fig. 3 is the flow chart of identity authentication between the client and the Web server in the present invention;

图4为本发明中客户端与Web服务器之间的身份注册流程图;Fig. 4 is the flow chart of identity registration between the client and the Web server in the present invention;

图5为本发明中客户端与汇聚节点之间的令牌认证过程。Fig. 5 is the token authentication process between the client and the sink node in the present invention.

具体实施方式Detailed ways

本发明所述的一种基于Restful架构的无线传感器网络令牌认证方法,将传感器节点sensor和汇聚节点sink node自组织成为网络,将汇聚节点sink node连接到基于Restful架构的Web服务器,汇聚节点sink node与Web服务器之间采用挑战响应认证,Web服务器与客户端user之间采用SSL认证,客户端user与汇聚节点sink node之间采用令牌认证,以上所述三种认证均为双向认证,用户通过客户端user访问Web服务器获取无线传感器节点sensor的数据。A kind of wireless sensor network token authentication method based on the Restful architecture described in the present invention, the sensor node sensor and the sink node of the sink node are self-organized into a network, the sink node of the sink node is connected to the Web server based on the Restful architecture, and the sink node of the sink node Challenge response authentication is adopted between the node and the web server, SSL authentication is adopted between the web server and the client user, and token authentication is adopted between the client user and the sink node of the sink node. Access the Web server through the client user to obtain the data of the wireless sensor node sensor.

REST全称是Representational State Transfer,即表述性状态转移,指的是一组架构约束条件和原则,如果一个架构符合REST的约束条件和原则,就称其为Restful架构。目前HTTP是唯一与REST相关的实例。The full name of REST is Representational State Transfer, which refers to a set of architectural constraints and principles. If an architecture conforms to the constraints and principles of REST, it is called a Restful architecture. Currently HTTP is the only REST related instance.

Restful架构遵循无状态通信原则。无状态通信原则指的是客户端user和Web服务器交互的过程中各次请求之间是无状态的。REST要求状态要么被放入资源状态中,要么被保存在客户端user上,即Web服务器不能保持除了单次请求之外的任何与其通信的客户端user的通信状态。此种通信状态使得Web服务器的可用空间具有可伸缩性,如果Web服务器需要保持客户端user状态,那么大量的客户端user交互会严重影响Web服务器的内存可用空间(footprint)。为实现无状态通信,基于Restful架构的认证请求应当不依赖于cookie或session,且每一个请求都应当携带某种类型的认证凭证。Restful architecture follows the principle of stateless communication. The principle of stateless communication refers to the fact that each request is stateless during the interaction process between the client user and the web server. REST requires that the state is either put into the resource state or saved on the client user, that is, the web server cannot maintain any communication state with the client user it communicates with except for a single request. This kind of communication state makes the available space of the web server scalable. If the web server needs to maintain the client user state, a large number of client user interactions will seriously affect the available memory space (footprint) of the web server. To achieve stateless communication, authentication requests based on the Restful architecture should not depend on cookies or sessions, and each request should carry some type of authentication credentials.

图1为基于Restful架构的无线传感器网络拓扑图,一个汇聚节点sink node连接若干传感器节点sensor,传感器节点sensor用于收集测量数据,汇聚节点sink node主要负责操控传感器节点sensor收集数据、接受所有传感器节点sensor的数据以及与外网连接,可看作网关节点。一个Web服务器可接入大量汇聚节点sink node,Web服务器用来存储汇聚节点sink node发送来的测量数据,用户可以通过网页的客户端user登录Web服务器,通过浏览器发送数据操作请求支配节点完成任务或者查看Web服务器中保存的收集数据。若用户拥有私人汇聚节点sink node,则客户端user可直接与汇聚节点sink node建立连接而不需要通过Web服务器来查看或操控数据。Figure 1 is a topology diagram of a wireless sensor network based on the Restful architecture. A sink node of a sink node is connected to several sensor nodes. The data of the sensor and the connection with the external network can be regarded as a gateway node. A Web server can be connected to a large number of sink nodes, and the Web server is used to store the measurement data sent by the sink node. Users can log in to the Web server through the client user of the web page, and send data operation requests through the browser to complete the task. Or view collected data saved in the web server. If the user has a private sink node, the client user can directly establish a connection with the sink node without viewing or manipulating data through the web server.

图2为汇聚节点sink node与Web服务器之间的挑战响应认证流程图,包括以下步骤:Figure 2 is a challenge response authentication flowchart between the sink node and the Web server, including the following steps:

S101:汇聚节点sink node向Web服务器发起身份注册请求;S101: the sink node of the sink node initiates an identity registration request to the web server;

汇聚节点sink node首次接入传感器网络时,向Web服务器发起身份认证请求,即进行身份注册。When the sink node connects to the sensor network for the first time, it initiates an identity authentication request to the Web server, that is, performs identity registration.

S102:Web服务器为汇聚节点sink node分配ID,在本地保存汇聚节点sink node的ID信息及与汇聚节点sink node协商得到的认证密钥,并将此ID发送给汇聚节点sinknode;S102: The web server assigns an ID to the sink node of the sink node, locally saves the ID information of the sink node of the sink node and the authentication key negotiated with the sink node of the sink node, and sends the ID to the sink node of the sink node;

本实施例中,汇聚节点sink node进行身份注册时,Web服务器为汇聚节点sinknode分配ID,并在本地保存汇聚节点sink node的ID信息,同时双方采用DH算法生成认证秘钥,双方各自保存生成的认证秘钥。In this embodiment, when the sink node of the sink node performs identity registration, the Web server assigns an ID to the sink node of the sink node, and saves the ID information of the sink node of the sink node locally. Authentication key.

S103:汇聚节点sink node接收ID信息,向Web服务器发送包含汇聚节点sink node的ID信息的认证请求;S103: The sink node of the sink node receives the ID information, and sends an authentication request including the ID information of the sink node of the sink node to the Web server;

汇聚节点sink node接收ID信息,再次接入时向服务器发起认证请求,认证请求中包含汇聚节点sink node的ID。The sink node of the sink node receives the ID information, and initiates an authentication request to the server when reconnecting, and the authentication request includes the sink node's ID.

S104:Web服务器在本地查询接收到的ID是否存在,若存在,则生成第一随机数并发送给汇聚节点sink node,同时发送给汇聚节点sink node一组函数算法表;若不存在,Web服务器拒绝接收汇聚节点sink node的数据;S104: The Web server inquires locally whether the received ID exists, and if it exists, generates a first random number and sends it to the sink node, and sends a set of function algorithm tables to the sink node at the same time; if it does not exist, the Web server Refuse to receive data from the sink node of the sink node;

本实施例中,Web服务器从本地数据库中查询接收到的汇聚节点sink node的ID是否存在,若存在,则在内部产生一个随机数返回给汇聚节点sink node,同时返回给汇聚节点sink node一组单向Hash函数算法表,单向Hash函数算法表包括MD5、SHA和HMAC等。In this embodiment, the Web server inquires from the local database whether the ID of the sink node received exists, and if it exists, a random number is generated internally to return to the sink node of the sink node, and a group of sink nodes of the sink node is returned at the same time One-way Hash function algorithm table, one-way Hash function algorithm table includes MD5, SHA and HMAC, etc.

S105:汇聚节点sink node采用认证密钥对第一随机数进行加密,并采用函数算法表中的一种算法对加密后的第一随机数再加密,汇聚节点sink node将再加密后的第一随机数以及所选择的加密算法发送给Web服务器;S105: The sink node of the sink node encrypts the first random number with the authentication key, and re-encrypts the encrypted first random number with an algorithm in the function algorithm table, and the sink node of the sink node encrypts the first random number after re-encryption. The random number and the selected encryption algorithm are sent to the Web server;

本实施例中,汇聚节点sink node将接收到的第一随机数与注册时生成的认证密钥进行异或运算,选择单向Hash函数算法表中的一种算法对异或后的字符串处理后生成字符串作为应答,并将该字符串以及所选择的加密算法发送给Web服务器。In this embodiment, the sink node performs an XOR operation on the received first random number and the authentication key generated during registration, and selects an algorithm in the one-way Hash function algorithm table to process the XORed string Then generate a character string as a response, and send the character string and the selected encryption algorithm to the Web server.

S106:Web服务器采用认证密钥对第一随机数进行加密,采用汇聚节点sink node发送的加密算法对加密后的第一随机数再加密,并判断加密结果与汇聚节点sink node发送的再加密后的第一随机数是否一致,若一致,则通过验证;否则,验证不通过,Web服务器拒绝接收汇聚节点sink node的数据;S106: The web server uses the authentication key to encrypt the first random number, uses the encryption algorithm sent by the sink node to re-encrypt the encrypted first random number, and judges that the encrypted result is consistent with the re-encrypted number sent by the sink node. Whether the first random number is consistent, if consistent, the verification is passed; otherwise, the verification fails, and the Web server refuses to receive the data of the sink node;

本实施例中,Web服务器将第一随机数与认证密钥进行异或运算,并采用接收到的汇聚节点sink node返回的单向Hash函数算法进行处理,将计算结果与汇聚节点sink node返回的字符串进行比较,若二者相同,则通过认证;否则,验证不通过,Web服务器拒绝接收汇聚节点sink node的数据。In this embodiment, the Web server performs an XOR operation on the first random number and the authentication key, and uses the received one-way Hash function algorithm returned by the sink node for processing, and compares the calculation result with the one-way Hash function algorithm returned by the sink node of the sink node. Strings are compared, if the two are the same, the authentication is passed; otherwise, the authentication fails, and the Web server refuses to receive the data of the sink node.

S107:Web服务器与汇聚节点sink node协商得到会话密钥;S107: The web server negotiates with the sink node to obtain a session key;

本实施例中,认证通过后Web服务器和汇聚节点sink node采用DH算法生成会话秘钥,后续连接以会话秘钥作为加密秘钥,用以满足数据的机密性安全需求。In this embodiment, after passing the authentication, the Web server and the sink node use the DH algorithm to generate a session key, and the subsequent connection uses the session key as an encryption key to meet data confidentiality security requirements.

所述的客户端user与Web服务器之间的令牌认证,依次包括客户端user与Web服务器之间的身份认证和客户端user与Web服务器之间的身份注册;The token authentication between the client user and the Web server includes the identity authentication between the client user and the Web server and the identity registration between the client user and the Web server;

图3为客户端user与Web服务器之间的认证过程流程图,依次包括以下步骤:Figure 3 is a flowchart of the authentication process between the client user and the Web server, which includes the following steps in turn:

S201:客户端user向Web服务器发起连接请求,并接收Web服务器返回的第一CA证书以及与第一CA证书相关的信息;S201: The client user initiates a connection request to the web server, and receives the first CA certificate and information related to the first CA certificate returned by the web server;

S202:客户端user验证Web服务器身份的合法性,并保存Web服务器的公钥;S202: The client user verifies the legitimacy of the identity of the web server, and saves the public key of the web server;

本实施例中,客户端user验证Web服务器送的第一CA证书是否是由自己信赖的 CA中心所签发的。如果不是,客户端user就给用户一个警告消息,警告用户第一CA证书不可信赖,询问用户是否需要继续访问。如果是,客户端user比较第一CA证书里的消息,例如域名和公钥与Web服务器发送的相关消息是否一致,如果是一致的,客户浏览器认可Web服务器的合法身份并保存Web服务器的公钥。In this embodiment, the client user verifies whether the first CA certificate sent by the web server is issued by a trusted CA center. If not, the client user will give the user a warning message, warning the user that the first CA certificate is untrustworthy, and asking the user whether to continue accessing. If so, the client user compares the information in the first CA certificate, such as whether the domain name and public key are consistent with the relevant information sent by the web server. If they are consistent, the client browser recognizes the legal identity of the web server and saves the public key of the web server. key.

S203:客户端user向Web服务器发送第二CA证书;S203: the client user sends the second CA certificate to the web server;

S204:Web服务器验证客户端user身份的合法性,并保存客户端user的公钥;S204: The web server verifies the legitimacy of the identity of the client user, and saves the public key of the client user;

Web服务器验证客户端user的第二CA证书,如果没有通过验证,则拒绝连接;如果通过验证,Web服务器获得客户端user的的公钥。The web server verifies the second CA certificate of the client user, and rejects the connection if it fails the verification; if it passes the verification, the web server obtains the public key of the client user.

S205:客户端user将自身支持的通讯对称密码方案发送给Web服务器;S205: the client user sends the communication symmetric encryption scheme supported by itself to the web server;

S206:Web服务器从接收到的通讯对称密码方案中选择一种密码方案,并将此密码方案采用客户端user的公钥加密后发送给客户端user;S206: The web server selects a cryptographic scheme from the received communication symmetric cryptographic schemes, encrypts the cryptographic scheme with the public key of the client user, and sends it to the client user;

S207:客户端user对接收到的加密后的密码方案解密,获得Web服务器选择的密码方案,确定通话密钥,并将通话密钥采用Web服务器的公钥加密后发送给Web服务器;S207: The client user decrypts the received encrypted password scheme, obtains the password scheme selected by the Web server, determines the call key, and encrypts the call key with the public key of the Web server before sending it to the Web server;

S208:Web服务器接收加密后的通话密钥,进行解密,获得通话密钥;S208: The web server receives the encrypted call key, decrypts it, and obtains the call key;

图4为客户端user与Web服务器之间的注册过程流程图,依次包括以下步骤:Figure 4 is a flow chart of the registration process between the client user and the Web server, which includes the following steps in turn:

S301:客户端user向Web服务器发起注册请求,并将注册信息通过SSL安全信道发给Web服务器;S301: the client user initiates a registration request to the web server, and sends the registration information to the web server through the SSL secure channel;

本实施例中,用户在客户端user向Web服务器发起注册请求,填写相关信息,如用户名、密码等;若用户拥有私人汇聚节点sink node,需填写相关信息,这里涉及到汇聚节点sink node与客户端user的认证,在后问汇聚节点sink node与客户端user的认证过程中会详细说明。用户的信息通过SSL安全信道发给Web服务器。Web服务器保存用户注册信息,注册时用户的用户名不得重复。In this embodiment, the user initiates a registration request to the Web server at the client user, and fills in relevant information, such as user name, password, etc.; if the user has a private sink node, the relevant information needs to be filled in, which involves the sink node and The authentication of the client user will be explained in detail later in the authentication process between the sink node and the client user. The user's information is sent to the Web server through the SSL secure channel. The web server saves user registration information, and the user name of the user must not be repeated during registration.

S302:客户端user第一次登录时,Web服务器将用户导向授权页,用户自定义个人数据的访问权限,并通过SSL安全信道发给Web服务器;S302: When the client user logs in for the first time, the web server directs the user to an authorization page, and the user defines the access rights of personal data, and sends it to the web server through the SSL secure channel;

客户端user第一次登录时,若登录密码正确,Web服务器将用户导向授权页,用户自定义个人数据的访问权限,如仅个人可见或全部可见,并将定义的访问权限通过SSL安全信道发给Web服务器;When the client user logs in for the first time, if the login password is correct, the web server will direct the user to the authorization page, and the user can customize the access rights of personal data, such as only the individual can see or all can be seen, and the defined access rights will be sent through the SSL secure channel. to the web server;

S303:Web服务器将用户授权情况存入访问控制列表,根据用户的用户名、密码和当前时间生成的临时令牌Token,并将临时令牌Token发送给客户端user,若用户拥有私人汇聚节点sink node,Web服务器也将生成临时令牌Token发送给汇聚节点sink node;S303: The web server stores the user authorization status in the access control list, generates a temporary token token based on the user name, password, and current time, and sends the temporary token token to the client user. If the user has a private sink node node, the web server will also generate a temporary token Token and send it to the sink node;

访问控制列表是专门用于存储访问权限的列表,若用户A想访问数据用户B的节点数据,则需要向Web服务器发出访问申请,Web服务器收到访问申请首先要查看访问控制列表,若访问控制列表中用户B的访问权限设置为个人可见,则Web服务器返回给用户A无权访问的消息,若用户B的访问权限设置为全部可见,则Web服务器返回给用户A想查看的数据。若用户A无权访问用户B的数据,可以进一步申请访问,由Web服务器向用户B发起申请,等待用户B的回应,若用户B同意访问,用户A可以继续查看用户B的数据。访问控制列表结构如下:The access control list is a list specially used to store access rights. If user A wants to access the node data of data user B, he needs to send an access application to the web server. After receiving the access application, the web server first checks the access control list. If the access permission of user B in the list is set to personal visibility, the web server returns a message that user A has no access permission; if the access permission of user B is set to all visibility, the web server returns the data that user A wants to view. If user A does not have the right to access user B's data, he can further apply for access. The web server initiates an application to user B and waits for user B's response. If user B agrees to access, user A can continue to view user B's data. The access control list structure is as follows:

临时令牌Token由用户名,密码以及系统当前时间为元素,Web服务器生成临时令牌Token,Web服务器将生成的临时令牌Token发送给客户端user。The temporary token Token consists of user name, password and the current system time as elements, the web server generates the temporary token Token, and the web server sends the generated temporary token Token to the client user.

S304:客户端user使用临时令牌Token向Web服务器发出数据操作请求;S304: the client user uses the temporary token Token to send a data operation request to the web server;

客户端user不需要每次连接都进行登录操作,采用临时令牌Token可以和Web服务器进行数据交互。The client user does not need to log in every time the connection is made, and the temporary token Token can be used for data interaction with the Web server.

S305:Web服务器判断临时令牌Token是否失效,若失效要求客户端user重新进行登录操作并生成新的临时令牌Token发送给客户端user作为凭证;若令牌未失效,则回应客户端user的请求。S305: The web server judges whether the temporary token Token is invalid. If it is invalid, the client user is required to log in again and generate a new temporary token Token and send it to the client user as a credential; if the token is not invalid, respond to the client user's request ask.

Web服务器判断临时令牌Token中的用户名与密码是否正确,并获取到临时令牌Token生成时间,与当前时间比照判断临时令牌Token是否失效,若失效,要求客户端user重新进行登录操作并生成新的临时令牌Token发送给客户端user作为凭证;若令牌未失效,则回应客户端user的请求。The web server judges whether the user name and password in the temporary token Token are correct, and obtains the generation time of the temporary token Token, and compares it with the current time to determine whether the temporary token Token is invalid. If it is invalid, the client user is required to log in again and Generate a new temporary token Token and send it to the client user as a credential; if the token is not invalid, respond to the request of the client user.

现有的令牌认证通常采用动态口令技术。动态口令技术是对传统的静态口令技术的改进,用户要拥有一些凭证,如系统颁发的临时令牌Token,且临时令牌Token上的数字是不断变化的,而且与认证的Web服务器是同步的,因此用户登录到系统的口令也是不断地变化的,即所谓的“一次一密”。Existing token authentication usually adopts dynamic password technology. The dynamic password technology is an improvement to the traditional static password technology. The user needs to have some credentials, such as the temporary token Token issued by the system, and the number on the temporary token Token is constantly changing, and it is synchronized with the authenticated Web server , so the password for the user to log in to the system is also constantly changing, which is the so-called "one-time pad".

现有的动态口令技术有两种同步方案:时间同步、事件同步。There are two synchronization schemes in the existing dynamic password technology: time synchronization and event synchronization.

1. 时间同步,是指临时令牌Token采用时间作为动态口令的一个种子,Web服务器通过采用时间作为一个种子验证临时令牌Token产生的口令。1. Time synchronization means that the temporary token Token uses time as a seed of the dynamic password, and the Web server verifies the password generated by the temporary token Token by using the time as a seed.

2. 事件同步,是指临时令牌Token每次产生动态口令时以当前的计数作为一个种子,每次产生完成动态口令后,该计数会自动递增,Web服务器同样采用次数作为验证时的种子。2. Event synchronization means that the current count is used as a seed each time a dynamic password is generated by the temporary token Token. After each generation of a dynamic password is completed, the count is automatically incremented, and the web server also uses the count as a seed for verification.

临时令牌Token与外界没有任何的数据通讯,Web服务器也保存有临时令牌Token中相同的种子,采用与临时令牌Token中相同的加密算法,得出相同的加密数据,再取得相同的随机密码进行校验。临时令牌Token的随机密码必须和客户的账号等绑定,才能判断出密码是否匹配。Web服务器做认证时,同一个密码只允许校验一次。The temporary token Token does not have any data communication with the outside world, and the web server also saves the same seed in the temporary token Token, adopts the same encryption algorithm as in the temporary token Token, obtains the same encrypted data, and then obtains the same random The password is verified. The random password of the temporary token Token must be bound with the customer's account to determine whether the password matches. When the web server performs authentication, the same password can only be verified once.

令牌认证核心在于算法,其使用相对比较灵活,无需记忆密码,采用双因素认证机制可起到双保险的作用,简单易行;令牌认证是身份认证机制新的发展方向,提供了比传统静态口令更高的安全性,是适应当前信息安全发展特点的一项重要的身份认证技术。The core of token authentication lies in the algorithm, which is relatively flexible to use and does not need to memorize passwords. The two-factor authentication mechanism can play the role of double insurance, which is simple and easy; token authentication is a new development direction of identity authentication mechanism, which provides The higher security of static passwords is an important identity authentication technology that adapts to the characteristics of current information security development.

客户端user与汇聚节点sink node之间的令牌认证过程中,用户在购买私人汇聚节点sink node时,获取一个唯一标识编号,Web服务器将此汇聚节点sink node的ID与此标识编号进行绑定。During the token authentication process between the client user and the sink node, the user obtains a unique identification number when purchasing a private sink node, and the web server binds the sink node ID with this identification number .

图5为客户端user与汇聚节点sink node之间的令牌认证过程,包括以下步骤:Figure 5 shows the token authentication process between the client user and the sink node, including the following steps:

S401:客户端user向Web服务器发起注册请求,填写私人汇聚节点sink node的ID与标识编号;S401: The client user initiates a registration request to the web server, and fills in the ID and identification number of the private sink node;

S402:Web服务器接收客户端user的注册信息,若发现汇聚节点sink node的ID与标识编号匹配,则承认此汇聚节点sink node为此用户的私人汇聚节点sink node,并在客户端user登陆后生成临时令牌Token时,将临时令牌Token发送给客户端user的同时,发送给用户的私人汇聚节点sink node;S402: The web server receives the registration information of the client user, and if it finds that the ID of the sink node matches the identification number, it recognizes that the sink node is the private sink node of the user, and generates it after the client user logs in. When sending the temporary token Token, while sending the temporary token Token to the client user, it is also sent to the user’s private sink node;

S403:用户的私人汇聚节点sink node接收到临时令牌Token,客户端user通过临时令牌Token与私人汇聚节点sink node进行连接。S403: The private sink node of the user receives the temporary token Token, and the client user connects with the private sink node through the temporary token Token.

至此,无线传感器网络中的多方认证完毕,可以保证整个通信系统中各方的数据安全。So far, the multi-party authentication in the wireless sensor network is completed, which can ensure the data security of all parties in the entire communication system.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies thereof, the present invention also intends to include these modifications and variations.

Claims (5)

1. a kind of wireless sensor network token authentication method based on Restful frameworks, it is characterised in that:By sensor node It is organized themselves into as network with aggregation node, aggregation node is connected to the Web server based on Restful frameworks, aggregation node Challenge responses certification is used between Web server, and SSL certifications, client and convergence are used between Web server and client It is two-way authentication that token authentication, three of the above certification are used between node, and user accesses Web server by client and obtains The data of wireless sensor node;
Wherein, the challenge responses certification between the aggregation node and Web server, includes the following steps:
Step A:Aggregation node initiates identity registration request to Web server, enters step B;
The step B:Web server is that aggregation node distributes ID, is saved in the id information for locally preserving aggregation node and with convergence Point negotiates obtained authentication key, and this ID is sent to aggregation node, enters step C;
The step C:Aggregation node receives id information, and the certification request for including aggregation node id information is sent to Web server, Enter step D;
The step D:The ID that Web server is received in local search whether there is, and if it exists, then generate the first random number simultaneously It is sent to aggregation node, while being sent to one group of function algorithm table of aggregation node, enters step E;If being not present, H is entered step;
The step E:Aggregation node is encrypted using the first random number of authentication key pair, and using one in function algorithm table Kind of algorithm re-encrypts encrypted first random number, aggregation node will re-encrypt after the first random number and it is selected plus Close algorithm is sent to Web server, enters step F;
The step F:Web server is encrypted using the first random number of authentication key pair, is added using what aggregation node was sent First after close algorithm re-encrypts encrypted first random number, and judge that encrypted result and aggregation node send re-encrypt Whether random number is consistent, if unanimously, by verification, entering step G, otherwise, verification does not pass through, and enters step H;
The step G:Web server is negotiated to obtain session key with aggregation node;
The step H:Web server rejects the data of aggregation node;
Wherein, the SSL certifications between the client and Web server include between client and Web server successively Identity registration between authentication and client and Web server;
Authentication between client and Web server, includes the following steps successively:
A1, client initiate the connection request to Web server, and receive the first CA certificate of Web server return and with the The relevant information of one CA certificate;
The legitimacy of B1, client validation Web server identity, and preserve the public key of Web server;
C1, client send the second CA certificate to Web server;
The legitimacy of D1, Web server verification client identity, and preserve the public key of client;
The communication symmetric cryptography scheme that itself is supported is sent to Web server by E1, client;
F1, Web server select a kind of cryptography scheme from the communication symmetric cryptography scheme received, and this cryptography scheme are adopted With being sent to client after the public key encryption of client;
G1, client decrypt the encrypted cryptography scheme received, obtain the cryptography scheme of Web server selection, determine Converse key, and will converse key using Web server public key encryption after be sent to Web server;
H1, Web server receive encrypted call key, are decrypted, and obtain call key;
Wherein, the identity registration between client and Web server, includes the following steps successively:
A2, client initiate registration request to Web server, and log-on message are issued Web service by SSL safe lanes Device;
When B2, client log in for the first time, Web server is by user guiding mandate page, the access of User Defined personal data Permission, and Web server is issued by SSL safe lanes;
C2, Web server by user's authorization conditions be stored in accesses control list, according to the user name of user, password and it is current when Between generate interim token, and interim token is sent to client;
D2, client send out data operation request using interim token to Web server;
E2, Web server judge whether interim token fails, if failure requirement client re-starts register and generates new Interim token be sent to client as voucher;If token does not fail, the request of client is responded;
Token authentication process between the client and aggregation node, includes the following steps successively:
A3, client initiate registration request to Web server, fill in the ID and identifier number of private aggregation node;
B3, Web server receive the log-on message of client, if finding, the ID of aggregation node is matched with identifier number, is recognized The private aggregation node of this aggregation node user thus, and when generating interim token after client logs in, interim token is sent out The private aggregation node of user is sent to while giving client;
C3, user private aggregation node receive interim token, client passes through interim token and is carried out with private aggregation node Connection.
2. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist In:In the step B and step G, Web server generates certification secret key respectively using DH algorithms with aggregation node and session is close Key.
3. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist In:Function algorithm table in the step D is One-way Hash Function Algorithm table.
4. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist In:In the step C2, if user possesses private aggregation node, the interim token of generation is also sent to convergence by Web server Node.
5. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist During the token authentication between client and aggregation node, user obtains one uniquely in the private aggregation node of purchase Identifier number, Web server bind the ID of this aggregation node and this identifier number.
CN201510947805.1A 2015-12-17 2015-12-17 A kind of wireless sensor network token authentication method based on Restful frameworks Active CN105516980B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510947805.1A CN105516980B (en) 2015-12-17 2015-12-17 A kind of wireless sensor network token authentication method based on Restful frameworks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510947805.1A CN105516980B (en) 2015-12-17 2015-12-17 A kind of wireless sensor network token authentication method based on Restful frameworks

Publications (2)

Publication Number Publication Date
CN105516980A CN105516980A (en) 2016-04-20
CN105516980B true CN105516980B (en) 2018-11-13

Family

ID=55724545

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510947805.1A Active CN105516980B (en) 2015-12-17 2015-12-17 A kind of wireless sensor network token authentication method based on Restful frameworks

Country Status (1)

Country Link
CN (1) CN105516980B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108347330A (en) * 2017-01-24 2018-07-31 北京百度网讯科技有限公司 A kind of method and apparatus of secure communication
FR3063365B1 (en) * 2017-02-27 2019-04-05 Jacques GASCUEL SEGMENTED KEY AUTHENTICATION SYSTEM
CN107577504A (en) * 2017-07-26 2018-01-12 河南大学 A kind of wireless sensor network programming method based on Restful frameworks
US10586033B2 (en) * 2017-08-29 2020-03-10 International Business Machines Corporation Automatic upgrade from one step authentication to two step authentication via application programming interface
CN107888615B (en) * 2017-12-01 2021-07-02 郑州云海信息技术有限公司 A security authentication method for node registration
CN108600156B (en) * 2018-03-07 2021-05-07 华为技术有限公司 Server and security authentication method
US11288351B2 (en) * 2018-04-25 2022-03-29 Google Llc Delayed two-factor authentication in a networked environment
JP7262565B2 (en) * 2018-04-25 2023-04-21 グーグル エルエルシー Delayed two-factor authentication in networked environments
CN110581829A (en) * 2018-06-08 2019-12-17 中国移动通信集团有限公司 Communication method and device
CN109462595A (en) * 2018-11-29 2019-03-12 甘肃万维信息科技有限责任公司 Data-interface secure exchange method based on RestFul
CN109587249A (en) * 2018-12-07 2019-04-05 北京金山云网络技术有限公司 Information sending, receiving method, device, server, client and storage medium
CN110691358B (en) * 2019-11-14 2022-10-14 北京京航计算通讯研究所 Access control system based on attribute cryptosystem in wireless sensor network
CN113836553B (en) * 2021-09-22 2023-10-20 北京计算机技术及应用研究所 Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350719A (en) * 2007-07-18 2009-01-21 康佳集团股份有限公司 A new method of identity authentication
CN101355555A (en) * 2007-07-27 2009-01-28 日立软件工程株式会社 Authentication system and authentication method
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9043886B2 (en) * 2011-09-29 2015-05-26 Oracle International Corporation Relying party platform/framework for access management infrastructures

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350719A (en) * 2007-07-18 2009-01-21 康佳集团股份有限公司 A new method of identity authentication
CN101355555A (en) * 2007-07-27 2009-01-28 日立软件工程株式会社 Authentication system and authentication method
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful

Also Published As

Publication number Publication date
CN105516980A (en) 2016-04-20

Similar Documents

Publication Publication Date Title
CN105516980B (en) A kind of wireless sensor network token authentication method based on Restful frameworks
US11038682B2 (en) Communication method, apparatus and system, electronic device, and computer readable storage medium
CN101453476B (en) Cross domain authentication method and system
EP2984782B1 (en) Method and system for accessing device by a user
JP5619019B2 (en) Method, system, and computer program for authentication (secondary communication channel token-based client-server authentication with a primary authenticated communication channel)
CN103427998B (en) The authentication of a kind of Internet data distribution and data ciphering method
CN108848111B (en) Decentralized virtual private network building method based on block chain technology
KR20180095873A (en) Wireless network access method and apparatus, and storage medium
JP2016082597A (en) Computer-based system and computer-based method for establishing a secure session and exchanging encrypted data
EP2820794A1 (en) Authentication and secured information exchange system, and method therefor
TW200810488A (en) Policy driven, credential delegation for single sign on and secure access to network resources
EP1999567A2 (en) Proactive credential distribution
JP2011523520A (en) Station distributed identification method in network
CN112073182A (en) Quantum key management method and system based on block chain
JP2024500526A (en) Identity authentication method, authentication access controller and requesting device, storage medium, program, and program product
Zhang et al. Is today's end-to-end communication security enough for 5g and its beyond?
Athena et al. An identity attribute–based encryption using elliptic curve digital signature for patient health record maintenance
Ali et al. A comparative study of authentication methods for wi-fi networks
CN111526130B (en) A lightweight certificateless industrial IoT access control method and system
US12418406B2 (en) Authentication using a decentralized and/or hybrid decentralized secure cryptographic key storage method
KR101572598B1 (en) Secure User Authentication Scheme against Credential Replay Attack
CN110581829A (en) Communication method and device
Hwang et al. A new efficient authentication protocol for mobile networks
Dey et al. An efficient dynamic key based eap authentication framework for future ieee 802.1 x wireless lans
CN116233843A (en) B5G/6G network slice authentication method for industrial Internet

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant