CN105516980B - A kind of wireless sensor network token authentication method based on Restful frameworks - Google Patents
A kind of wireless sensor network token authentication method based on Restful frameworks Download PDFInfo
- Publication number
- CN105516980B CN105516980B CN201510947805.1A CN201510947805A CN105516980B CN 105516980 B CN105516980 B CN 105516980B CN 201510947805 A CN201510947805 A CN 201510947805A CN 105516980 B CN105516980 B CN 105516980B
- Authority
- CN
- China
- Prior art keywords
- web server
- client
- aggregation node
- token
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer And Data Communications (AREA)
Abstract
The wireless sensor network token authentication method based on Restful frameworks that the invention discloses a kind of, sensor node and aggregation node are organized themselves into as network, aggregation node is connected to the Web server based on Restful frameworks, challenge responses certification is used between aggregation node and Web server, SSL certifications are used between Web server and client, token authentication is used between client and aggregation node, three kinds of certifications described above are two-way authentication, and user accesses the data that Web server obtains wireless sensor node by client.The present invention can effectively prevent destruction of the malicious attacker to data, ensure the safety of data in wireless sensor network.
Description
Technical field
The present invention relates to technical field of the computer network more particularly to a kind of wireless sensors based on Restful frameworks
Network token authentication method.
Background technology
Wireless sensor network (Wireless Sensor Networks, WSN) be by one group of microsensor node with
The wireless network that Ad hoc mode is constituted, the purpose is to collaboratively perceive, acquire and handle in the covering geographic area of network to perceive
The information of object, and it is distributed to observer.Each sensor in wireless sensor network has one or more nodes, sensing
Device node is typically a miniature embedded system.Each node monitors the sensing range object of oneself, and monitoring is specific
Behavior carrys out gathered data using node, by collected data transmission to nearest aggregation node, subsequently enters the convergence stage,
It is analyzed and is handled from close to the collected data of node institute, then result is sent to base station as needed, base station will most
Termination fruit sends observer to.
Compare since sensor network configuration surroundings are general badly, in addition the fragility of wireless network inherently, thus
It is highly prone to various attacks.To ensure that the safety of information is transmitted, a kind of mechanism is needed to verify communication parties identity
Legitimacy.In traditional cable network, Public Key Infrastructure efficiently solves the problems, such as this, it passes through to digital certificate
Use and manage, to provide comprehensive public key encryption and digital signature service.By Public Key Infrastructure, can by public key with
The identity binding of lawful owner gets up, to establish and safeguard a believable network environment.However, asymmetry sampling
Very high calculating, communication and storage overhead are needed, which dictates that using digital signature and public key on resource-constrained sensor
Certificate mechanism is infeasible.To ensure that the safety of information is transmitted, a kind of mechanism is needed to verify the conjunction of communication parties identity
Method, it is necessary to establish and a set of consider safety, efficiency and performance and carry out rational sensor network identity verification scheme.
Invention content
The object of the present invention is to provide a kind of wireless sensor network token authentication method based on Restful frameworks, energy
It is effectively prevent destruction of the malicious attacker to data, ensures the safety of data in wireless sensor network.
The technical solution adopted by the present invention is:A kind of wireless sensor network token authentication side based on Restful frameworks
Sensor node and aggregation node are organized themselves into as network, aggregation node are connected to the Web based on Restful frameworks by method
Server is used challenge responses certification, is recognized using SSL between Web server and client between aggregation node and Web server
Card uses token authentication between client and aggregation node, three kinds of certifications described above are two-way authentication, and user passes through client
End accesses the data that Web server obtains wireless sensor node.
Challenge responses certification between the aggregation node and Web server, includes the following steps:
A aggregation nodes initiate identity registration request to Web server, enter step B;
B Web servers are that aggregation node distributes ID, are assisted in the id information for locally preserving aggregation node and with aggregation node
The authentication key that quotient obtains, and this ID is sent to aggregation node, enter step C;
C aggregation nodes receive id information, and the certification request for including aggregation node id information is sent to Web server, enter
Step D;
The ID that D Web servers are received in local search whether there is, and if it exists, then generates the first random number and sends
To aggregation node, while it being sent to one group of function algorithm table of aggregation node, enters step E;If being not present, H is entered step;
E aggregation nodes are encrypted using the first random number of authentication key pair, and using a kind of calculation in function algorithm table
Method re-encrypts encrypted first random number, aggregation node will re-encrypt after the first random number and selected encryption calculate
Method is sent to Web server, enters step F;
F Web servers are encrypted using the first random number of authentication key pair, are calculated using the encryption that aggregation node is sent
First after method re-encrypts encrypted first random number, and judge that encrypted result and aggregation node send re-encrypt is random
Whether number is consistent, if unanimously, by verification, entering step G, otherwise, verification does not pass through, and enters step H;
G Web servers are negotiated to obtain session key with aggregation node;
H Web servers reject the data of aggregation node.
In the step B and step G, Web server and aggregation node using DH algorithms generate respectively certification secret key and
Session key.
Function algorithm table in the step D is One-way Hash Function Algorithm table.
Token authentication between the client and Web server includes between client and Web server successively
Identity registration between authentication and client and Web server;
Authentication between client and Web server, includes the following steps successively:
A1, client initiate the connection request to Web server, and receive Web server return the first CA certificate and
With the relevant information of the first CA certificate;
The legitimacy of B1, client validation Web server identity, and preserve the public key of Web server;
C1, client send the second CA certificate to Web server;
The legitimacy of D1, Web server verification client identity, and preserve the public key of client;
The communication symmetric cryptography scheme that itself is supported is sent to Web server by E1, client;
F1, Web server select a kind of cryptography scheme from the communication symmetric cryptography scheme received, and by this password side
Case using client public key encryption after be sent to client;
G1, client decrypt the encrypted cryptography scheme received, obtain the cryptography scheme of Web server selection,
Determine call key, and will converse key using Web server public key encryption after be sent to Web server;
H1, Web server receive encrypted call key, are decrypted, and obtain call key;
Identity registration between client and Web server, includes the following steps successively:
A2, client initiate registration request to Web server, and log-on message is issued Web clothes by SSL safe lanes
Business device;
When B2, client log in for the first time, Web server by user guiding mandate page, User Defined personal data
Access rights, and Web server is issued by SSL safe lanes;
User's authorization conditions are stored in accesses control list by C2, Web server, according to the user name of user, password and are worked as
The preceding time generates interim token, and interim token is sent to client;
D2, client send out data operation request using interim token to Web server;
E2, Web server judge whether interim token fails, if failure requirement client re-starts register and life
The interim token of Cheng Xin is sent to client as voucher;If token does not fail, the request of client is responded.
In the step C2, if user possesses private aggregation node, Web server also sends the interim token of generation
To aggregation node.
During token authentication between client and aggregation node, user obtains in the private aggregation node of purchase
One unique identification number, Web server bind the ID of this aggregation node and this identifier number.
Token authentication process between client and aggregation node, includes the following steps successively:
A3, client initiate registration request to Web server, fill in the ID and identifier number of private aggregation node;
B3, Web server receive the log-on message of client, if finding, the ID of aggregation node is matched with identifier number,
Recognize the private aggregation node of this aggregation node user thus, and when generating interim token after client logs in, will enable temporarily
Board is sent to the private aggregation node of user while being sent to client;
C3, user private aggregation node receive interim token, client passes through interim token and private aggregation node
It is attached.
The present invention organizes themselves into sensor node and aggregation node for network, and aggregation node is connected to and is based on
The Web server of Restful frameworks uses challenge responses certification, Web server and visitor between aggregation node and Web server
SSL certifications are used between the end of family, token authentication are used between client and aggregation node, three kinds of certifications described above are two-way
Certification, user accesses the data that Web server obtains wireless sensor node by client, of the present invention to be based on
The wireless sensor network token authentication method of Restful frameworks, can effectively prevent destruction of the malicious attacker to data, ensure
The safety of data in wireless sensor network.
Description of the drawings
Fig. 1 is that the present invention is based on the wireless sensor network topology figures of Restful frameworks;
Fig. 2 is the challenge responses identifying procedure figure between aggregation node and Web server in the present invention;
Fig. 3 is the flow for authenticating ID figure between client and Web server in the present invention;
Fig. 4 is the identity registration flow chart between client and Web server in the present invention;
Fig. 5 is the token authentication process between client and aggregation node in the present invention.
Specific implementation mode
A kind of wireless sensor network token authentication method based on Restful frameworks of the present invention, by sensor
Node sensor and aggregation node sink node organizes themselves into as network, and aggregation node sink node are connected to and are based on
The Web server of Restful frameworks uses challenge responses certification, Web clothes between aggregation node sink node and Web server
It is engaged in using SSL certifications between device and client user, be recognized using token between client user and aggregation node sink node
Card, three kinds of certifications described above are two-way authentication, and user accesses Web server by client user and obtains wireless sensor
The data of node sensor.
REST full name are Representational State Transfer, i.e., declarative state transfer refers to one group
Framework constraints and principle, if as soon as framework meets the constraints and principle of REST, it is called Restful frameworks.
At present HTTP be uniquely with the relevant examples of REST.
Restful frameworks follow stateless communication principle.Stateless communication principle refers to client user and Web service
Device interact during each time ask between be stateless.Or REST claimed conditions be placed into resource status or by
It is stored on client user, i.e., Web server cannot keep any client communicated with other than single request
The communications status of user.Such communications status makes the free space of Web server have scalability, if Web server
It needs to keep client user states, then the memory that a large amount of client user interactions can seriously affect Web server is available
Space(footprint).To realize stateless communication, the certification request based on Restful frameworks should be independent of cookie
Or session, and each request should carry certain type of Service Ticket.
Fig. 1 is the wireless sensor network topology figure based on Restful frameworks, an aggregation node sink node connection
For collecting measurement data, aggregation node sink node are mainly born by several sensor node sensor, sensor node sensor
Duty manipulation sensor node sensor collects data, receives the data of all the sensors node sensor and connect with outer net,
Gateway node can be regarded as.One Web server can access a large amount of aggregation node sink node, and Web server is used for storing convergence
The measurement data that node sink node are sent, user can log in Web server by the client user of webpage, pass through
Browser transmission data operation requests dominate node and complete task or check the collection data preserved in Web server.If with
Family possesses private aggregation node sink node, then client user can directly be established with aggregation node sink node connection without
It needs that data are checked or manipulated by Web server.
Challenge responses identifying procedure figures of the Fig. 2 between aggregation node sink node and Web server, including following step
Suddenly:
S101:Aggregation node sink node initiate identity registration request to Web server;
When aggregation node sink node access sensor network for the first time, ID authentication request is initiated to Web server, i.e.,
Carry out identity registration.
S102:Web server is that aggregation node sink node distribute ID, is locally preserving aggregation node sink node's
Id information and the authentication key negotiated with aggregation node sink node, and this ID is sent to aggregation node sink
node;
In the present embodiment, when aggregation node sink node carry out identity registration, Web server is aggregation node sink
Node distributes ID, and in the id information for locally preserving aggregation node sink node, while both sides are secret using the generation certification of DH algorithms
Key, both sides respectively preserve the certification secret key of generation.
S103:Aggregation node sink node receive id information, and it includes aggregation node sink node to be sent to Web server
Id information certification request;
Aggregation node sink node receive id information, and certification request is initiated to server when accessing again, in certification request
Include the ID of aggregation node sink node.
S104:The ID that Web server is received in local search whether there is, and if it exists, then generate the first random number simultaneously
Aggregation node sink node are sent to, while being sent to mono- group of function algorithm table of aggregation node sink node;If being not present,
Web server rejects the data of aggregation node sink node;
In the present embodiment, Web server from local data base inquire-receive to the ID of aggregation node sink node be
No presence, and if it exists, then generate a random number in inside and return to aggregation node sink node, while returning to convergence section
Mono- group of One-way Hash Function Algorithm table of point sink node, One-way Hash Function Algorithm table include MD5, SHA and HMAC etc..
S105:Aggregation node sink node are encrypted using the first random number of authentication key pair, and use function algorithm
A kind of algorithm in table re-encrypts encrypted first random number, aggregation node sink node will re-encrypt after first with
Machine number and selected Encryption Algorithm are sent to Web server;
In the present embodiment, aggregation node sink node are close by the first random number received and the certification that generates when registration
Key carries out XOR operation, selects a kind of algorithm in One-way Hash Function Algorithm table to generating word after the string processing after exclusive or
Symbol string is used as response, and the character string and selected Encryption Algorithm are sent to Web server.
S106:Web server is encrypted using the first random number of authentication key pair, using aggregation node sink node
The Encryption Algorithm of transmission re-encrypts encrypted first random number, and judges that encrypted result is sent out with aggregation node sink node
Whether the first random number after that send re-encrypt is consistent, if unanimously, passing through verification;Otherwise, verification does not pass through, Web server
Reject the data of aggregation node sink node;
In the present embodiment, the first random number and authentication key are carried out XOR operation by Web server, and using receiving
The One-way Hash Function Algorithm that aggregation node sink node are returned is handled, by result of calculation and aggregation node sink node
The character string of return is compared, if the two is identical, passes through certification;Otherwise, verification does not pass through, Web server rejection
The data of aggregation node sink node.
S107:Web server is negotiated to obtain session key with aggregation node sink node;
In the present embodiment, certification is secret using the generation session of DH algorithms by rear Web server and aggregation node sink node
Key, follow-up connection is using session secret key as encryption secret key, to meet the confidentiality demand for security of data.
Token authentication between the client user and Web server includes client user and Web service successively
Identity registration between authentication between device and client user and Web server;
Flow diagram of authentication procedures of the Fig. 3 between client user and Web server, includes the following steps successively:
S201:Client user initiates the connection request to Web server, and receives the first CA cards of Web server return
Book and with the relevant information of the first CA certificate;
S202:The legitimacy of client user verification Web server identity, and preserve the public key of Web server;
In the present embodiment, whether the first CA certificate that client user verification Web servers are sent is the CA trusted by oneself
What center was signed and issued.If it is not, client user just gives one alert message of user, warning the first CA certificate of user insincere
Rely, inquires whether the user needs to continue to access.If so, client user compares the message in the first CA certificate, such as domain name
Whether consistent with public key and related news that Web server is sent, if be consistent, client browser approves Web server
Legal identity and preserve the public key of Web server.
S203:Client user sends the second CA certificate to Web server;
S204:Web server verifies the legitimacy of client user identity, and preserves the public key of client user;
If the second CA certificate of Web server verification client user is refused to connect not over verification;If
By verification, Web server obtains the public key of client user.
S205:The communication symmetric cryptography scheme that itself is supported is sent to Web server by client user;
S206:Web server selects a kind of cryptography scheme from the communication symmetric cryptography scheme received, and by this password
Scheme using client user public key encryption after be sent to client user;
S207:Client user decrypts the encrypted cryptography scheme received, obtains the password of Web server selection
Scheme, determine call key, and will converse key using Web server public key encryption after be sent to Web server;
S208:Web server receives encrypted call key, is decrypted, and obtains call key;
Registration process flow charts of the Fig. 4 between client user and Web server, includes the following steps successively:
S301:Client user initiates registration request to Web server, and log-on message is sent out by SSL safe lanes
To Web server;
In the present embodiment, user initiates registration request in client user to Web server, fills in relevant information, such as uses
Name in an account book, password etc.;If user possesses private aggregation node sink node, relevant information need to be filled in, aggregation node is referred here to
Meeting in the verification process of aggregation node sink node and client user is asked in the certification of sink node and client user after
It is described in detail.The information of user issues Web server by SSL safe lanes.Web server preserves user's registration information, note
The user name of user must not repeat when volume.
S302:When client user is logged in for the first time, for Web server by user guiding mandate page, User Defined is personal
The access rights of data, and Web server is issued by SSL safe lanes;
When client user is logged in for the first time, if login password is correct, Web server is by user guiding mandate page, user
The access rights of self-defined personal data, it is such as only personal visible or whole as it can be seen that and the access rights of definition are passed through SSL safety
Channel issues Web server;
S303:Web server by user's authorization conditions be stored in accesses control list, according to the user name of user, password and
The interim token Token that current time generates, and interim token Token is sent to client user, if user possesses individual
Aggregation node sink node, Web server will also generate interim token Token and be sent to aggregation node sink node;
Accesses control list is used exclusively for the list of storage access rights, if user A wants to access the node of data user B
Data then need to send out access application to Web server, and Web server receives access application and first has to check that access control arranges
Table, if user B in accesses control list access rights be set as it is personal as it can be seen that if Web server return to user A and have no right to visit
The message asked, if user B access rights be set as all as it can be seen that if Web server return to the data that user A wants to check.
It if user A haves no right to access the data of user B, can further apply accessing, initiate application from Web server to user B, wait for
The response of user B, if user's B grant access, user A can continue to check the data of user B.Accesses control list structure is such as
Under:
Interim token Token is by user name, and password and current time in system are element, and Web server generates interim enable
The interim token Token of generation is sent to client user by board Token, Web server.
S304:Client user sends out data operation request using interim token Token to Web server;
Client user need not be connected and be carried out register every time, using interim token Token can and Web service
Device carries out data interaction.
S305:Web server judges whether interim token Token fails, if failure requirement client user is re-started
Register simultaneously generates new interim token Token and is sent to client user as voucher;If token does not fail, visitor is responded
The request of family end user.
Web server judges whether user name in interim token Token and password are correct, and gets interim token
Token generated times, with current time according to judging whether interim token Token fails, if failure, it is desirable that client user weights
Newly carry out register and generate new interim token Token to be sent to client user as voucher;If token does not fail,
Respond the request of client user.
Existing token authentication generally use dynamic-password technique.Dynamic-password technique is to traditional static password technology
Improvement, user will possess some vouchers, and such as the interim token Token that system is issued, and the number on interim token Token is
It is continually changing, and be synchronous with the Web server of certification, therefore it is also constantly to become that user, which logs on to the password of system,
Change, i.e., it is so-called " one-time pad ".
There are two types of synchronization schemes for existing dynamic-password technique:Time synchronization, event synchronization.
1. time synchronization refers to that interim token Token uses a seed of the time as dynamic password, Web server
The password generated as the interim token Token of a seed certification by using the time.
2. event synchronization refers to when interim token Token generates dynamic password every time using current counting as one kind
Son is generated every time after completing dynamic password, which can be incremented by automatically, when Web server equally uses number as verification
Seed.
Interim token Token also preserves interim token Token with extraneous not any data communication, Web server
In identical seed, using with identical Encryption Algorithm in interim token Token, obtain identical encryption data, then obtain phase
Same random cipher is verified.The random cipher of interim token Token must can just be judged with the bindings such as the account of client
Whether password matches.When Web server does certification, the same password only allows verification primary.
Token authentication core is algorithm, and use is relatively flexible, memory cipher is not necessarily to, using two-factor authentication machine
System can play the role of dual fail-safe, simple and practicable;Token authentication is the new developing direction of ID authentication mechanism, is provided than tradition
The higher safety of static password is an important identity identifying technology for adapting to current information security development characteristic.
During token authentication between client user and aggregation node sink node, user is in the private convergence of purchase
When node sink node, a unique identification number is obtained, Web server marks the ID of this aggregation node sink node and this
Know number to be bound.
Token authentication processes of the Fig. 5 between client user and aggregation node sink node, includes the following steps:
S401:Client user initiates registration request to Web server, fills in the ID of private aggregation node sink node
With identifier number;
S402:Web server receives the log-on message of client user, if find the ID of aggregation node sink node with
Identifier number matches, then recognizes the private aggregation node sink node of this aggregation node sink node users thus, and in visitor
When family end user generates interim token Token after logging in, while interim token Token is sent to client user, send
To the private aggregation node sink node of user;
S403:The private aggregation node sink node of user receive interim token Token, and client user is by facing
When token Token and individual aggregation node sink node be attached.
So far, the multi-party certification in wireless sensor network finishes, it is ensured that the data of each side in entire communication system
Safety.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (5)
1. a kind of wireless sensor network token authentication method based on Restful frameworks, it is characterised in that:By sensor node
It is organized themselves into as network with aggregation node, aggregation node is connected to the Web server based on Restful frameworks, aggregation node
Challenge responses certification is used between Web server, and SSL certifications, client and convergence are used between Web server and client
It is two-way authentication that token authentication, three of the above certification are used between node, and user accesses Web server by client and obtains
The data of wireless sensor node;
Wherein, the challenge responses certification between the aggregation node and Web server, includes the following steps:
Step A:Aggregation node initiates identity registration request to Web server, enters step B;
The step B:Web server is that aggregation node distributes ID, is saved in the id information for locally preserving aggregation node and with convergence
Point negotiates obtained authentication key, and this ID is sent to aggregation node, enters step C;
The step C:Aggregation node receives id information, and the certification request for including aggregation node id information is sent to Web server,
Enter step D;
The step D:The ID that Web server is received in local search whether there is, and if it exists, then generate the first random number simultaneously
It is sent to aggregation node, while being sent to one group of function algorithm table of aggregation node, enters step E;If being not present, H is entered step;
The step E:Aggregation node is encrypted using the first random number of authentication key pair, and using one in function algorithm table
Kind of algorithm re-encrypts encrypted first random number, aggregation node will re-encrypt after the first random number and it is selected plus
Close algorithm is sent to Web server, enters step F;
The step F:Web server is encrypted using the first random number of authentication key pair, is added using what aggregation node was sent
First after close algorithm re-encrypts encrypted first random number, and judge that encrypted result and aggregation node send re-encrypt
Whether random number is consistent, if unanimously, by verification, entering step G, otherwise, verification does not pass through, and enters step H;
The step G:Web server is negotiated to obtain session key with aggregation node;
The step H:Web server rejects the data of aggregation node;
Wherein, the SSL certifications between the client and Web server include between client and Web server successively
Identity registration between authentication and client and Web server;
Authentication between client and Web server, includes the following steps successively:
A1, client initiate the connection request to Web server, and receive the first CA certificate of Web server return and with the
The relevant information of one CA certificate;
The legitimacy of B1, client validation Web server identity, and preserve the public key of Web server;
C1, client send the second CA certificate to Web server;
The legitimacy of D1, Web server verification client identity, and preserve the public key of client;
The communication symmetric cryptography scheme that itself is supported is sent to Web server by E1, client;
F1, Web server select a kind of cryptography scheme from the communication symmetric cryptography scheme received, and this cryptography scheme are adopted
With being sent to client after the public key encryption of client;
G1, client decrypt the encrypted cryptography scheme received, obtain the cryptography scheme of Web server selection, determine
Converse key, and will converse key using Web server public key encryption after be sent to Web server;
H1, Web server receive encrypted call key, are decrypted, and obtain call key;
Wherein, the identity registration between client and Web server, includes the following steps successively:
A2, client initiate registration request to Web server, and log-on message are issued Web service by SSL safe lanes
Device;
When B2, client log in for the first time, Web server is by user guiding mandate page, the access of User Defined personal data
Permission, and Web server is issued by SSL safe lanes;
C2, Web server by user's authorization conditions be stored in accesses control list, according to the user name of user, password and it is current when
Between generate interim token, and interim token is sent to client;
D2, client send out data operation request using interim token to Web server;
E2, Web server judge whether interim token fails, if failure requirement client re-starts register and generates new
Interim token be sent to client as voucher;If token does not fail, the request of client is responded;
Token authentication process between the client and aggregation node, includes the following steps successively:
A3, client initiate registration request to Web server, fill in the ID and identifier number of private aggregation node;
B3, Web server receive the log-on message of client, if finding, the ID of aggregation node is matched with identifier number, is recognized
The private aggregation node of this aggregation node user thus, and when generating interim token after client logs in, interim token is sent out
The private aggregation node of user is sent to while giving client;
C3, user private aggregation node receive interim token, client passes through interim token and is carried out with private aggregation node
Connection.
2. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist
In:In the step B and step G, Web server generates certification secret key respectively using DH algorithms with aggregation node and session is close
Key.
3. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist
In:Function algorithm table in the step D is One-way Hash Function Algorithm table.
4. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist
In:In the step C2, if user possesses private aggregation node, the interim token of generation is also sent to convergence by Web server
Node.
5. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist
During the token authentication between client and aggregation node, user obtains one uniquely in the private aggregation node of purchase
Identifier number, Web server bind the ID of this aggregation node and this identifier number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510947805.1A CN105516980B (en) | 2015-12-17 | 2015-12-17 | A kind of wireless sensor network token authentication method based on Restful frameworks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510947805.1A CN105516980B (en) | 2015-12-17 | 2015-12-17 | A kind of wireless sensor network token authentication method based on Restful frameworks |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105516980A CN105516980A (en) | 2016-04-20 |
CN105516980B true CN105516980B (en) | 2018-11-13 |
Family
ID=55724545
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510947805.1A Active CN105516980B (en) | 2015-12-17 | 2015-12-17 | A kind of wireless sensor network token authentication method based on Restful frameworks |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105516980B (en) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108347330A (en) * | 2017-01-24 | 2018-07-31 | 北京百度网讯科技有限公司 | A kind of method and apparatus of secure communication |
FR3063365B1 (en) * | 2017-02-27 | 2019-04-05 | Jacques GASCUEL | SEGMENTED KEY AUTHENTICATION SYSTEM |
CN107577504A (en) * | 2017-07-26 | 2018-01-12 | 河南大学 | A kind of wireless sensor network programming method based on Restful frameworks |
US10586033B2 (en) * | 2017-08-29 | 2020-03-10 | International Business Machines Corporation | Automatic upgrade from one step authentication to two step authentication via application programming interface |
CN107888615B (en) * | 2017-12-01 | 2021-07-02 | 郑州云海信息技术有限公司 | Safety authentication method for node registration |
CN108600156B (en) * | 2018-03-07 | 2021-05-07 | 华为技术有限公司 | Server and security authentication method |
JP7262565B2 (en) * | 2018-04-25 | 2023-04-21 | グーグル エルエルシー | Delayed two-factor authentication in networked environments |
EP4354326A2 (en) * | 2018-04-25 | 2024-04-17 | Google LLC | Delayed two-factor authentication in a networked environment |
CN110581829A (en) * | 2018-06-08 | 2019-12-17 | ***通信集团有限公司 | Communication method and device |
CN109462595A (en) * | 2018-11-29 | 2019-03-12 | 甘肃万维信息科技有限责任公司 | Data-interface secure exchange method based on RestFul |
CN109587249A (en) * | 2018-12-07 | 2019-04-05 | 北京金山云网络技术有限公司 | Information sending, receiving method, device, server, client and storage medium |
CN110691358B (en) * | 2019-11-14 | 2022-10-14 | 北京京航计算通讯研究所 | Access control system based on attribute cryptosystem in wireless sensor network |
CN113836553B (en) * | 2021-09-22 | 2023-10-20 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350719A (en) * | 2007-07-18 | 2009-01-21 | 康佳集团股份有限公司 | Novel identification authentication method |
CN101355555A (en) * | 2007-07-27 | 2009-01-28 | 日立软件工程株式会社 | Authentication system and authentication method |
CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9043886B2 (en) * | 2011-09-29 | 2015-05-26 | Oracle International Corporation | Relying party platform/framework for access management infrastructures |
-
2015
- 2015-12-17 CN CN201510947805.1A patent/CN105516980B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350719A (en) * | 2007-07-18 | 2009-01-21 | 康佳集团股份有限公司 | Novel identification authentication method |
CN101355555A (en) * | 2007-07-27 | 2009-01-28 | 日立软件工程株式会社 | Authentication system and authentication method |
CN104486325A (en) * | 2014-12-10 | 2015-04-01 | 上海爱数软件有限公司 | Safe login certification method based on RESTful |
Also Published As
Publication number | Publication date |
---|---|
CN105516980A (en) | 2016-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105516980B (en) | A kind of wireless sensor network token authentication method based on Restful frameworks | |
Khalid et al. | A decentralized lightweight blockchain-based authentication mechanism for IoT systems | |
Dhillon et al. | Secure multi‐factor remote user authentication scheme for Internet of Things environments | |
US10164983B2 (en) | Distributed authentication for internet-of-things resources | |
Razouk et al. | A new security middleware architecture based on fog computing and cloud to support IoT constrained devices | |
Liu et al. | Authentication and access control in the internet of things | |
CN105530253B (en) | Wireless sensor network access authentication method under Restful framework based on CA certificate | |
Jeong et al. | An efficient authentication system of smart device using multi factors in mobile cloud service architecture | |
Puri et al. | Smart contract based policies for the Internet of Things | |
Khalil et al. | A blockchain footprint for authentication of IoT-enabled smart devices in smart cities: state-of-the-art advancements, challenges and future research directions | |
Park et al. | A selective group authentication scheme for IoT-based medical information system | |
Kalra et al. | Advanced password based authentication scheme for wireless sensor networks | |
Santos et al. | FLAT: Federated lightweight authentication for the Internet of Things | |
Zargar et al. | A lightweight authentication protocol for IoT‐based cloud environment | |
CN108400962A (en) | A kind of Authentication and Key Agreement method under multiserver framework | |
Srikanth et al. | An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems | |
Saqib et al. | A systematic security assessment and review of Internet of things in the context of authentication | |
Weng et al. | A lightweight anonymous authentication and secure communication scheme for fog computing services | |
Whaiduzzaman et al. | AUASF: An anonymous users authentication scheme for fog-IoT environment | |
Al‐Balasmeh et al. | Framework of data privacy preservation and location obfuscation in vehicular cloud networks | |
Huszti et al. | Scalable, password-based and threshold authentication for smart homes | |
Badar et al. | Secure authentication protocol for home area network in smart grid-based smart cities | |
Zhang et al. | Is Today's End-to-End Communication Security Enough for 5G and Its Beyond? | |
Sureshkumar et al. | An enhanced mutually authenticated security protocol with key establishment for cloud enabled smart vehicle to grid network | |
Monir | A Lightweight Attribute-Based Access Control System for IoT. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |