CN104270383A - Cross-subnet access control method of electric power mobile terminal - Google Patents

Cross-subnet access control method of electric power mobile terminal Download PDF

Info

Publication number
CN104270383A
CN104270383A CN201410554376.7A CN201410554376A CN104270383A CN 104270383 A CN104270383 A CN 104270383A CN 201410554376 A CN201410554376 A CN 201410554376A CN 104270383 A CN104270383 A CN 104270383A
Authority
CN
China
Prior art keywords
terminal
subnet
gateway
access
mobile terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410554376.7A
Other languages
Chinese (zh)
Other versions
CN104270383B (en
Inventor
陈璐
张涛
马媛媛
何高峰
管小娟
黄秀丽
华晔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
State Grid Jiangsu Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Smart Grid Research Institute of SGCC
Original Assignee
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, China Electric Power Research Institute Co Ltd CEPRI filed Critical State Grid Corp of China SGCC
Priority to CN201410554376.7A priority Critical patent/CN104270383B/en
Publication of CN104270383A publication Critical patent/CN104270383A/en
Application granted granted Critical
Publication of CN104270383B publication Critical patent/CN104270383B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention relates to a cross-subnet access control method of an electric power mobile terminal. The method includes the steps that (1), system initialization is performed; (2), an access request is put forward by the mobile terminal, registration is performed at a gateway of subnets, and the validity of an attribute certificate is verified to obtain an access right; (3), the attribute certificate is broadcast into the subnets, and according to a threshold structure, nodes inside the subnets verify the attribute certificate of the terminal and judge whether the access request of the terminal is responded or not; (4), ciphertext is calculated and transmitted to the terminal, and responding data are calculated according to the ciphertex and a decryption secrete key. Anonymous access of the mobile terminal and switching among the multiple subnets are flexibly achieved, corresponding access rights are set flexibly for the terminal according to the attribute of the terminal, and different threshold values can be set for the different subnets so as to meet respective access requirements.

Description

A kind of electric power mobile terminal is across subnetwork access control method
Technical field
The present invention relates to a kind of control method, specifically relate to a kind of electric power mobile terminal across subnetwork access control method.
Background technology
Electric power Internet of Things is the application of Internet of Things in intelligent grid, it is the result that ICT (information and communication technology) develops into certain phase, it will effectively integrate communications infrastructure resource and electric power system infrastructure resources, improve electric power information level, improve the existing infrastructure utilization ratio of electric power system, for electrical network send out, defeated, become, join, the link such as electricity consumption provides important technology to support.The electric power Internet of Things of smart grid-oriented application is mainly divided into sensing layer, network layer and application layer, and wherein sensing layer is in information gathering foremost in Internet of Things system, plays basic effect to the realization of Internet of Things.
Under electric power environment of internet of things, sensing layer number of nodes is huge, calculate, storage capacity is limited, information resources only allow the characteristics such as user " reads " usually, to go forward side by side collected by a large amount of personal information and the perceived layer of environmental data row relax, wherein can comprise some private datas, the data access authority therefore how defining user becomes a significant challenge of Internet of Things safety.For the sensor network of electric power thing network sensing layer important component part, propose a large amount of security mechanisms at present.Traditional access control model mainly contains self contained navigation model, Mandatory Access Control Model and Role-based access control model etc. and is applied in Access Model in centralized safety control system, wherein, Role-based access control model is current most widely used access control scheme.David Ferraiolo and Rick Kuhn first proposed RBAC (Role-Based Access Control in 1992, access control based roles) model, define a Ferraio-Kuhn92 model, it is a single relational model.Authorization under RBAC mechanism is based on user role, and by setting up the flexible division that different roles realizes system access right for the user of different level of security, but it is not suitable for Internet of Things distributed network context.ABAC (Attribute-Based Access Control, beam-based alignment) the access control problem solved under distributed environment grows up, and the realization of its access control mechanisms can be divided into based on symmetric key mechanisms and the two large classes based on public-key mechanism.Symmetric key is widely used in the access control of sensor network because expense is less.The people such as Banerjee S give completely based on the access control machine of symmetric key, and the people such as Maccari L give a kind of thresholding formula certificate scheme using symmetric key.Because public key calculation resource consumption is comparatively large, it is generally acknowledged and be not suitable for sensor network.But the technology of using public-key has good extensibility, so still have part public-key method for sensor network.The method that Benenson Z PKI and symmetric key combine achieves the user authentication of sensor network, and its basic thought uses symmetric key between sensor node, and user uses public-key, the node communicated with in scope communicates.Watro R gives a kind of access control mechanisms of the method that uses public-key completely, point out the RSA Algorithm that can use little index in sensor network, be encrypted the operation with little operands such as signature verifications by node, and be decrypted by user and signature etc. compares the operation of consumption of natural resource.
At present about sensor network access control for be all single closed network.And thing network sensing layer will exist multiple sensor sub network, mobile terminal will switch continually between each sensor sub network, and original access control mechanisms mostly can not adapt to the architecture of this complexity.In addition traditional access control mechanisms is generally the coarseness access control of identity-based or based role, authorization terminal management underaction.And mobile terminal quantity under electric power environment of internet of things and requirements for access are by considerably beyond the single sensor network of tradition, need access control mechanisms more flexibly.
Summary of the invention
For the deficiencies in the prior art, the invention provides a kind of electric power mobile terminal based on attribute across subnetwork access control method, first mobile terminal proposes access request, register at subnet gateway place and verify the legitimacy gain access of Attribute certificate, when mobile terminal cross subnetwork access, need to carry out broadcast by subnet selective system and select gateway, resource place gateway is terminal computation attribute decruption key; Attribute certificate also, after having attribute decruption key, is broadcast in subnet net by endpoint registration success, and the node in subnet is tested according to the Attribute certificate of threshold structure to terminal, and whether judgement responds the access request of this terminal; Finally, after the node determination reply data satisfied condition, calculate ciphertext and send to terminal, terminal calculates reply data according to decruption key and Lagrange interpolation formula.The invention provides a kind of electric power mobile terminal based on attribute across subnetwork access control method, whether node responds the access request of this terminal according to attribute and threshold structure judgement, achieves the anonymous access of mobile terminal and the switching between multiple sensor sub network neatly; Can according to terminal attribute neatly for it arrange corresponding access rights, different subnet net can arrange different threshold values to meet respective requirements for access; Meanwhile, consider that node security is low and resource-constrained, process provides the DEA of a secure lightweight level, taken into account confidentiality requirements and the computing cost of node in encryption process of data.
The object of the invention is to adopt following technical proposals to realize:
A kind of electric power mobile terminal is across subnetwork access control method, and its improvements are, described method comprises
(1) system initialization;
(2) mobile terminal proposes access request, registers and verify the legitimacy gain access of Attribute certificate at subnet gateway place;
(3) be broadcast in subnet net by Attribute certificate, the node in subnet is according to the Attribute certificate of threshold structure inspection terminal, and whether judgement responds the access request of this terminal;
(4) calculate ciphertext and send to terminal, according to ciphertext and decruption key, calculate reply data.
Preferably, described step (1) comprises
(1.1) sensing layer system initialization;
(1.2) sensor sub network initialization, stochastic generation subnet system private key and attribute private key;
(1.3) node initializing, gateway generates node private key and nodal community encryption key set for it.
Further, described step (1.1) comprises sensing layer system initialization, and PKI is P k, private key is S k; Wherein PKI P kto the gateway of sensor sub network and mobile terminal open, Attribute certificate server saved system private key S k, be used for signing to the Attribute certificate of mobile terminal, with the legitimacy of authentication certificate.
Preferably, described step (2) comprises when mobile terminal cross subnetwork access, and need to carry out broadcast by subnet selective system and select gateway, resource place gateway is terminal computation attribute decruption key.
Preferably, described step (2) comprises
(2.1) after mobile terminal networks, to Attribute certificate server application Attribute certificate;
(2.2) mobile terminal proposes access request, sends request log-on message to affiliated subnet gateway;
(2.3) submit Attribute certificate to, whether identity verification is legal;
(2.4) subnet gateway searches related resource in this subnet;
(2.5) judge whether to find related resource;
(2.6) gateway is terminal computation attribute decruption key, and sends to terminal.
Further, described step (2.1) comprises
(2.1.1) terminal enters sensor sub network, and to Attribute certificate server application Attribute certificate CU, this certificate is S by system private key kafter generating terminal attribute collection AU signature, at place, subnet gateway authentication property certificate legitimacy obtains data access authority;
(2.1.2) Attribute certificate obtained is downloaded in the local disk of client and preserves by terminal;
(2.1.3) when terminal is across subnetwork access, to new gateway again authentication property, safe communication link between terminal and gateway, is set up.
Further, described step (2.3) comprises gateway system PKI P kverification terminal Attribute certificate, certificate is legal, continues, otherwise refuses the access request of this terminal, this terminal is classified as blacklist simultaneously.
Further, described step (2.5) comprises
(2.5.1) judge whether to find related resource; Do not find resource requirement, carry out step (2.5.2), find, carry out step (2.6);
(2.5.2) access request of this terminal is sent to the subnet selective system of network access server;
(2.5.3) subnet selective system finds by the mode of broadcast the resource subnet that terminal will access, and access request is sent to this subnet gateway;
(2.5.4) terminal submits Attribute certificate to new subnet gateway, verifies its legitimacy;
(2.5.5) new gateway system PKI P kverification terminal Attribute certificate, certificate is legal, continues, otherwise refuses the access request of this terminal, this terminal is classified as blacklist simultaneously;
Preferably, described step (3) comprises
(3.1) access request and Attribute certificate are broadcasted to this sensor sub network by mobile terminal;
(3.2) verify according to terminal attribute certificate after subnet interior nodes receives terminal request;
(3.3) judge whether to meet the threshold value preset.
Further, arbitrary sensor node that described step (3.3) comprises in subnet receives terminal access request, test according to the Attribute certificate of threshold structure to terminal, check that whether this terminal is the access terminal colony of this node data, do not meet, then do not respond this terminal access request, satisfied then continue.
Preferably, described step (4) comprises
(4.1) node determination reply data, calculates ciphertext and sends to terminal;
(4.2), after terminal receives and calculates ciphertext, reply data is calculated according to decruption key and Lagrange interpolation formula.
Compared with the prior art, beneficial effect of the present invention is:
This method is different from the access control method of traditional identity-based, do not need to carry out authentication during terminal request access node data, whether node mutually should terminal request according to terminal attribute and threshold structure judgement, achieves the anonymous access of mobile terminal and the switching between multiple sensor sub network neatly; Can according to terminal attribute neatly for it arrange corresponding access rights, different subnet net can arrange different threshold values to meet respective requirements for access; Meanwhile, consider that node security is low and resource-constrained, process provides the DEA of a secure lightweight level, taken into account confidentiality requirements and the computing cost of node in encryption process of data.
Accompanying drawing explanation
Fig. 1 is that a kind of electric power mobile terminal provided by the invention is across subnetwork access control method flow chart.
Fig. 2 is the building-block of logic of electric power Internet of Things provided by the invention.
Fig. 3 is that electric power mobile terminal provided by the invention is across subnetwork access illustraton of model.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in further detail.
The invention provides a kind of electric power mobile terminal based on attribute across subnetwork access control method, solve the multiple terminal access control problem under electric power environment of internet of things.This method, for mobile terminal accessing demand for control, arranges access rights neatly according to its attribute, meets the demand of terminal across subnetwork access simultaneously.
As shown in Figure 2, be the logical construction of electric power Internet of Things of the present invention, wherein sensing layer is divided into multiple sensor sub network, and the present invention is applicable to the access control demand of thing network sensing layer.Comprising:
Sensor node: in network, the position of sensor node is fixing, performs the task of monitoring of environmental data and regularly transmits data to gateway.Node battery resource and computing capability are all limited, likely suffer physical attacks be destroyed or captured by opponent.Data are forwarded to gateway with the form of multi-hop by node periodic collection environmental information, then by gateway forwards to network layer.
Mobile terminal: mobile terminal is the mobile access person of sensing layer, can switch between multiple subnet.Use attribute certificate is needed in the gateway registration of this subnet to obtain access authorization during mobile terminal accessing sensor sub network.Can the data of direct access sensors node through the terminal of authorizing, because node resource is limited, terminal can only receive the node data in certain communication range.
Gateway: sub-network data is connected to network layer via gateway, gateway is the manager of sensor sub network, the person that simultaneously also act as data retransmission.The computing capability of gateway and communication capacity are enough strong, can bear complicated public key calculation and a large amount of data communication, suppose that gateway is perfectly safe simultaneously.
Access control server: the core being this access control method, mainly comprises Attribute certificate server and subnet selective system.
Attribute certificate server: for mobile terminal issues Attribute certificate, needs use attribute certificate in the gateway registration of this subnet to obtain access rights during terminal access sensor sub network.The content of certificate comprises the attribute description of mobile terminal, meanwhile, and the renewal of Attribute certificate network in charge Attribute certificate.In order to realize electric power Internet of Things across subnetwork access, Attribute certificate server is that the node in each subnet is issued general Attribute certificate and then set up unified attribute definition storehouse, for the access control rule in unified each network domains, there is identical semanteme, to safeguard the trust chain relation between each network domains, the circulation for data provides conveniently.Terminal through authorizing directly can obtain the data, services of sensor node.
Subnet selective system: be the key realizing mobile terminal cross subnetwork access, when the occurring across subnetwork access request of terminal, namely when an access request can not find accessed resource in this subnet, this request can be sent to access control server, by the subnet selective system in NS software server to this request of other Web broadcasts in whole network, after finding respective resources place subnet, judgement can be conducted interviews to determine whether to give the authority of its access resources according to the Attribute certificate of terminal.
A kind of electric power mobile terminal based on attribute of the present invention is across subnetwork access control method, and concrete steps are:
1, system initialization;
(1) sensing layer system initialization: PKI is P k, private key is S k.Wherein PKI P kto the gateway of all the sensors subnet and mobile terminal all open, Attribute certificate server saved system private key S k, be used for signing to the Attribute certificate of mobile terminal, with the legitimacy of authentication certificate.Suppose that the attribute that electric power thing network sensing layer likely relates to has N number of, be designated as ATTR={A 1, A 2... A n, each terminal has a property set this property set is used for the feature of marking terminal self, and is dynamic change.Node also each own property set of transducer typical gate limit structure according to access structure defines, and what in fact the property set AN of sensor node implied defines the population of terminals can accessing this node data.Systemic presupposition threshold structure is (t, N), and this just defines terminal and at least has t the attribute identical with sensor node and could access this node data.
(2) sensor sub network initialization: subnet gateway W represents, W is the sensor sub network generation system subnet private key E randomly at its place k, for each attribute generates attribute private key randomly these private keys are stored in this subnet gateway, and are periodic replacements, to ensure its fail safe.For the arbitrary node in subnet, gateway W generates node private key N according to subnet system private key and attribute private key for it sk, and nodal community encryption key P 1, P 2... P n.At sensor node initial phase, node is pre-loaded into N skand P 1, P 2... P n.
2, mobile terminal proposes access request, registers and verify the legitimacy gain access of Attribute certificate at subnet gateway place;
Step 1: after terminal enters sensor sub network, first to Attribute certificate server application Attribute certificate CU, this certificate is S by system private key kcarry out signature to terminal attribute collection AU to generate, be used for place subnet gateway authentication property certificate legitimacy to obtain data access authority.After obtaining Attribute certificate, terminal is downloaded in the local disk of client and is preserved.When terminal is across subnetwork access, need, to the attribute of new gateway again certification oneself, between terminal and gateway, safe communication link can be set up;
Step 2: terminal proposes access request to place gateway, and sends request registration information and Attribute certificate CU;
Step 3: gateway W system PKI is P kterminal attribute certificate is verified, as certificate is legal, continues, otherwise refuse the access request of this terminal, this terminal is classified as blacklist simultaneously;
Step 4: gateway W searches terminal access resource in this subnet, as do not found resource requirement, carry out step 5, otherwise directly carry out step 9;
Step 5: the subnet selective system access request of this terminal being sent to network access server;
Step 6: subnet selective system finds by the mode of broadcast the resource subnet that terminal will access, and access request is sent to this subnet gateway;
Step 7: terminal submits Attribute certificate to new subnet gateway, verifies its legitimacy;
Step 8: new gateway system PKI is P kterminal attribute certificate is verified, as certificate is legal, continues, otherwise refuse the access request of this terminal, this terminal is classified as blacklist simultaneously;
Step 9: gateway utilizes nodal community encryption key for terminal computation attribute decruption key, sends to terminal simultaneously.
3, be broadcast in subnet net by Attribute certificate, the node in subnet is tested according to the Attribute certificate of threshold structure to terminal, and whether judgement responds the access request of this terminal;
Step 1: access request and the Attribute certificate of oneself are broadcast in subnet net by terminal;
Step 2: after the arbitrary sensor node in subnet receives terminal access request, testing according to the Attribute certificate of threshold structure to terminal, checking that whether this terminal is the access terminal colony of this node data, if do not met, then do not respond this terminal access request, otherwise continue;
4, calculate ciphertext and send to terminal, according to ciphertext and decruption key, calculate reply data
Step 1: node according to access request determination reply data M, and calculates ciphertext and sends to terminal simultaneously;
Step 2: after terminal receives ciphertext, calculates reply data M according to attribute decruption key and Lagrange interpolation formula.
Embodiment 1
1. the initialization of sensor sub network
Gateway W represents, first chooses the Bilinear Groups G on p rank 1with corresponding group G 2, represent G with g 1generator, it is bilinear map.W stochastic generation subnet private key E k, for each attribute generates attribute private key I randomly i, i=A 1, A 2... A n.For any sensor node in subnet, gateway W is first for it generates node private key and generate nodal community encryption key according to the property set of this node data of granted access for it at sensor node initial phase, node is pre-loaded into N sk{ P i.
2. the endpoint registration stage
Terminal U enters in the network range at gateway W place, needs to register the node data could accessed in this network at gateway W place, and registration algorithm step is as follows:
Step 1: terminal U proposes access request to gateway W, sends log-on message and submits oneself Attribute certificate CU to, by <register, CU=S k(AU) > sends to terminal.
Step 2: whether gateway W checks Attribute certificate legal, and whether satisfy condition P k(CU)=P k(S k(AU))=AU, if condition meets, continues, otherwise refuses this access request, and this terminal piped off.
Step 3: gateway W to satisfy condition q (0)=E for this terminal random selecting d-1 order polynomial q (x) kbe terminal computation attribute decruption key according to this multinomial and attribute private key:
3. terminal access data phase
Terminal successful registration also, after having attribute decruption key, can access the sensor node data in this subnet net, and concrete access algorithm step is as follows:
Step 1: access request and the Attribute certificate CU of oneself are broadcast in this subnet net by terminal, broadcast<register, CU=S k(AU) >.
Step 2: after the arbitrary sensor node in subnet receives terminal access request, test according to the Attribute certificate of threshold structure to terminal, | AU ∩ AN| >=t, if satisfy condition, adjudicates the population of terminals that this terminal meets this node data of access, responds this access request.Otherwise, then do not respond.
Step 3: node, according to terminal access request determination reply data M, is selected disposable random number s, chosen set and R meets minimum threshold.Calculate and { E i = P i s = g I A i &prime; s , i &Element; R } By ciphertext < W , E 0 , { E i , i &Element; R } > Send to terminal U.It is noted that the encryption of this method interior joint does not need to use all properties in prepackage property set AN, but select set R, its operand will be far smaller than the scheme that forefathers provide.
Step 4: after terminal receives the data from node, for each i ∈ R, calculates then calculate: last by M=E 0/ N sk sobtain the reply data M of this node.Wherein, according to Lagrange interpolation formula:
Embodiment 2
Certain power information acquisition system is by electric power internet of things networking, according to residential quarter layout, according to units such as building, unit, floors, network is divided into different subnets, node in subnet is responsible for the data acquisition in certain region, acquisition node is due to power limited, usually the information collected is delivered to subnet gateway, unified by uploading to electric power system power information acquisition platform after subnet gateway process.After mobile terminal enters power information acquisition system, as needed access node data message, then need to register, terminal successful registration also after having decruption key, is tested to attribute according to threshold structure, can access node information.By based on attribute across subnetwork access control method, achieve neatly terminal anonymity and across subnetwork access, fine-grained access authorization management has been accomplished to mobile terminal in power information acquisition system.
Its specific embodiment is:
First after mobile terminal enters power information acquisition system network, as the data message of acquisition node need be accessed, register to subnet gateway place and verify the legitimacy gain access of Attribute certificate, terminal carries out gateway selection across also needing during subnetwork access by subnet selective system, and place resource gateway is its computation attribute decruption key.
After entering the data access stage, terminal is to place subnet broadcast node data access request, after any acquisition node in subnet receives access request, test according to the Attribute certificate of threshold structure to terminal, check that whether this terminal is the access terminal colony of this node data, to determine whether respond this request.Qualified acquisition node root determination reply data M, calculate ciphertext and send to terminal simultaneously, terminal receives and calculates reply data M according to attribute decruption key and Lagrange interpolation formula afterwards.
Finally should be noted that: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit; those of ordinary skill in the field still can modify to the specific embodiment of the present invention with reference to above-described embodiment or equivalent replacement; these do not depart from any amendment of spirit and scope of the invention or equivalent replacement, are all applying within the claims of the present invention awaited the reply.

Claims (11)

1. electric power mobile terminal is across a subnetwork access control method, it is characterized in that, described method comprises
(1) system initialization;
(2) mobile terminal proposes access request, registers and verify the legitimacy gain access of Attribute certificate at subnet gateway place;
(3) be broadcast in subnet net by Attribute certificate, the node in subnet is according to the Attribute certificate of threshold structure inspection terminal, and whether judgement responds the access request of this terminal;
(4) calculate ciphertext and send to terminal, according to ciphertext and decruption key, calculate reply data.
2. a kind of electric power mobile terminal as claimed in claim 1 is across subnetwork access control method, it is characterized in that, described step (1) comprises
(1.1) sensing layer system initialization;
(1.2) sensor sub network initialization, stochastic generation subnet system private key and attribute private key;
(1.3) node initializing, gateway generates node private key and nodal community encryption key set for it.
3. a kind of electric power mobile terminal as claimed in claim 2 is across subnetwork access control method, it is characterized in that, described step (1.1) comprises sensing layer system initialization, and PKI is P k, private key is S k; Wherein PKI P kto the gateway of sensor sub network and mobile terminal open, Attribute certificate server saved system private key S k, be used for signing to the Attribute certificate of mobile terminal, with the legitimacy of authentication certificate.
4. a kind of electric power mobile terminal as claimed in claim 1 is across subnetwork access control method, it is characterized in that, described step (2) comprises when mobile terminal cross subnetwork access, need to carry out broadcast by subnet selective system and select gateway, resource place gateway is terminal computation attribute decruption key.
5. a kind of electric power mobile terminal as claimed in claim 1 is across subnetwork access control method, it is characterized in that, described step (2) comprises
(2.1) after mobile terminal networks, to Attribute certificate server application Attribute certificate;
(2.2) mobile terminal proposes access request, sends request log-on message to affiliated subnet gateway;
(2.3) submit Attribute certificate to, whether identity verification is legal;
(2.4) subnet gateway searches related resource in this subnet;
(2.5) judge whether to find related resource;
(2.6) gateway is terminal computation attribute decruption key, and sends to terminal.
6. a kind of electric power mobile terminal as claimed in claim 5 is across subnetwork access control method, it is characterized in that, described step (2.1) comprises
(2.1.1) terminal enters sensor sub network, and to Attribute certificate server application Attribute certificate CU, this certificate is S by system private key kafter generating terminal attribute collection AU signature, at place, subnet gateway authentication property certificate legitimacy obtains data access authority;
(2.1.2) Attribute certificate obtained is downloaded in the local disk of client and preserves by terminal;
(2.1.3) when terminal is across subnetwork access, to new gateway again authentication property, safe communication link between terminal and gateway, is set up.
7. a kind of electric power mobile terminal as claimed in claim 5 is across subnetwork access control method, it is characterized in that, described step (2.3) comprises gateway system PKI P kverification terminal Attribute certificate, certificate is legal, continues, otherwise refuses the access request of this terminal, this terminal is classified as blacklist simultaneously.
8. a kind of electric power mobile terminal as claimed in claim 5 is across subnetwork access control method, it is characterized in that, described step (2.5) comprises
(2.5.1) judge whether to find related resource; Do not find resource requirement, carry out step (2.5.2), find, carry out step (2.6);
(2.5.2) access request of this terminal is sent to the subnet selective system of network access server;
(2.5.3) subnet selective system finds by the mode of broadcast the resource subnet that terminal will access, and access request is sent to this subnet gateway;
(2.5.4) terminal submits Attribute certificate to new subnet gateway, verifies its legitimacy;
(2.5.5) new gateway system PKI P kverification terminal Attribute certificate, certificate is legal, continues, otherwise refuses the access request of this terminal, this terminal is classified as blacklist simultaneously.
9. a kind of electric power mobile terminal as claimed in claim 1 is across subnetwork access control method, it is characterized in that, described step (3) comprises
(3.1) access request and Attribute certificate are broadcasted to this sensor sub network by mobile terminal;
(3.2) verify according to terminal attribute certificate after subnet interior nodes receives terminal request;
(3.3) judge whether to meet the threshold value preset.
10. a kind of electric power mobile terminal as claimed in claim 9 is across subnetwork access control method, it is characterized in that, arbitrary sensor node that described step (3.3) comprises in subnet receives terminal access request, test according to the Attribute certificate of threshold structure to terminal, check that whether this terminal is the access terminal colony of this node data, do not meet, then do not respond this terminal access request, satisfied then continue.
11. a kind of electric power mobile terminals as claimed in claim 1 are across subnetwork access control method, and it is characterized in that, described step (4) comprises
(4.1) node determination reply data, calculates ciphertext and sends to terminal;
(4.2), after terminal receives and calculates ciphertext, reply data is calculated according to decruption key and Lagrange interpolation formula.
CN201410554376.7A 2014-10-17 2014-10-17 A kind of across subnetwork access control method of electric power mobile terminal Active CN104270383B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410554376.7A CN104270383B (en) 2014-10-17 2014-10-17 A kind of across subnetwork access control method of electric power mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410554376.7A CN104270383B (en) 2014-10-17 2014-10-17 A kind of across subnetwork access control method of electric power mobile terminal

Publications (2)

Publication Number Publication Date
CN104270383A true CN104270383A (en) 2015-01-07
CN104270383B CN104270383B (en) 2018-10-26

Family

ID=52161873

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410554376.7A Active CN104270383B (en) 2014-10-17 2014-10-17 A kind of across subnetwork access control method of electric power mobile terminal

Country Status (1)

Country Link
CN (1) CN104270383B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107959686A (en) * 2017-12-13 2018-04-24 恒宝股份有限公司 A kind of Internet of Things security certification system and authentication method
CN108366117A (en) * 2018-02-09 2018-08-03 北京先见智控科技有限公司 A kind of Internet of things system for supporting real-time task to handle
CN108833583A (en) * 2018-07-03 2018-11-16 山西京能吕临发电有限公司 A kind of plant information management system and method based on mobile terminal
CN109150528A (en) * 2018-11-07 2019-01-04 杭州海兴电力科技股份有限公司 A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing
CN109479063A (en) * 2016-07-22 2019-03-15 三星电子株式会社 Use the authorization control of the embedded system of End-to-End Security element communication
CN109981649A (en) * 2019-03-27 2019-07-05 山东超越数控电子股份有限公司 A kind of cloud storage safety access method based on Security Certificate gateway, system, terminal and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997876A (en) * 2010-11-05 2011-03-30 重庆大学 Attribute-based access control model and cross domain access method thereof
CN102404726A (en) * 2011-11-18 2012-04-04 重庆邮电大学 Distributed control method for information of accessing internet of things by user
CN103152350A (en) * 2013-03-14 2013-06-12 中国科学院软件研究所 Credible network access method and system for protecting terminal configuration privacy

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997876A (en) * 2010-11-05 2011-03-30 重庆大学 Attribute-based access control model and cross domain access method thereof
CN102404726A (en) * 2011-11-18 2012-04-04 重庆邮电大学 Distributed control method for information of accessing internet of things by user
CN103152350A (en) * 2013-03-14 2013-06-12 中国科学院软件研究所 Credible network access method and system for protecting terminal configuration privacy

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109479063A (en) * 2016-07-22 2019-03-15 三星电子株式会社 Use the authorization control of the embedded system of End-to-End Security element communication
CN107959686A (en) * 2017-12-13 2018-04-24 恒宝股份有限公司 A kind of Internet of Things security certification system and authentication method
CN107959686B (en) * 2017-12-13 2019-06-07 恒宝股份有限公司 A kind of Internet of Things security certification system and authentication method
CN108366117A (en) * 2018-02-09 2018-08-03 北京先见智控科技有限公司 A kind of Internet of things system for supporting real-time task to handle
CN108833583A (en) * 2018-07-03 2018-11-16 山西京能吕临发电有限公司 A kind of plant information management system and method based on mobile terminal
CN108833583B (en) * 2018-07-03 2021-09-17 山西京能吕临发电有限公司 Power plant information management system and method based on mobile terminal
CN109150528A (en) * 2018-11-07 2019-01-04 杭州海兴电力科技股份有限公司 A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing
CN109981649A (en) * 2019-03-27 2019-07-05 山东超越数控电子股份有限公司 A kind of cloud storage safety access method based on Security Certificate gateway, system, terminal and storage medium

Also Published As

Publication number Publication date
CN104270383B (en) 2018-10-26

Similar Documents

Publication Publication Date Title
Zhang et al. Privacy-preserving communication and power injection over vehicle networks and 5G smart grid slice
Kumar et al. ECCAuth: A secure authentication protocol for demand response management in a smart grid system
Chaudhary et al. SDN-enabled multi-attribute-based secure communication for smart grid in IIoT environment
Pu et al. An efficient blockchain-based privacy preserving scheme for vehicular social networks
Alcaide et al. Anonymous authentication for privacy-preserving IoT target-driven applications
Won et al. Certificateless cryptographic protocols for efficient drone-based smart city applications
Roman et al. Pairing-based authentication protocol for V2G networks in smart grid
Yang et al. $ P^{2} $: Privacy-preserving communication and precise reward architecture for V2G networks in smart grid
Cao et al. GBAAM: group‐based access authentication for MTC in LTE networks
CN104270383A (en) Cross-subnet access control method of electric power mobile terminal
Mahmoud et al. Privacy-preserving power injection over a hybrid AMI/LTE smart grid network
CN101977380A (en) Wireless Mesh network identification method
Nicanfar et al. Security and privacy of electric vehicles in the smart grid context: problem and solution
Safkhani et al. An authentication and key agreement scheme for smart grid
Gao et al. Anonymous authentication scheme based on identity-based proxy group signature for wireless mesh network
Grover et al. Cryptanalysis and improvement of a three-factor user authentication scheme for smart grid environment
Badar et al. Secure authentication protocol for home area network in smart grid-based smart cities
Ren et al. Fast and Universal Inter‐Slice Handover Authentication with Privacy Protection in 5G Network
Khan et al. A secure and energy efficient key agreement framework for vehicle-grid system
Itoo et al. A robust ECC-based authentication framework for energy internet (EI)-based vehicle to grid communication system
Parameswarath et al. A privacy-preserving authenticated key exchange protocol for V2G communications using SSI
Alohali et al. A survey on cryptography key management schemes for smart grid
Gervasi et al. Unknown knowns: Tacit knowledge in requirements engineering
Tian et al. Hierarchical authority based weighted attribute encryption scheme
Di Crescenzo et al. Improved topology assumptions for threshold cryptography in mobile ad hoc networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: CHINA ELECTRIC POWER RESEARCH INSTITUTE JIANGSU EL

Free format text: FORMER OWNER: CHINA ELECTRIC POWER RESEARCH INSTITUTE

Effective date: 20150430

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20150430

Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing

Applicant after: State Grid Corporation of China

Applicant after: China Electric Power Research Institute

Applicant after: Jiangsu Electric Power Company

Applicant after: Information & Telecommunication Branch of State Grid Jiangsu Electric Power Company

Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing

Applicant before: State Grid Corporation of China

Applicant before: China Electric Power Research Institute

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20160406

Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing

Applicant after: State Grid Corporation of China

Applicant after: China Electric Power Research Institute

Applicant after: State Grid Smart Grid Institute

Applicant after: Jiangsu Electric Power Company

Applicant after: Information & Telecommunication Branch of State Grid Jiangsu Electric Power Company

Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing

Applicant before: State Grid Corporation of China

Applicant before: China Electric Power Research Institute

Applicant before: Jiangsu Electric Power Company

Applicant before: Information & Telecommunication Branch of State Grid Jiangsu Electric Power Company

CB02 Change of applicant information

Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing

Applicant after: State Grid Corporation of China

Applicant after: China Electric Power Research Institute

Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE

Applicant after: Jiangsu Electric Power Company

Applicant after: Information & Telecommunication Branch of State Grid Jiangsu Electric Power Company

Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing

Applicant before: State Grid Corporation of China

Applicant before: China Electric Power Research Institute

Applicant before: State Grid Smart Grid Institute

Applicant before: Jiangsu Electric Power Company

Applicant before: Information & Telecommunication Branch of State Grid Jiangsu Electric Power Company

COR Change of bibliographic data
GR01 Patent grant
GR01 Patent grant