CN105516980B - A kind of wireless sensor network token authentication method based on Restful frameworks - Google Patents

A kind of wireless sensor network token authentication method based on Restful frameworks Download PDF

Info

Publication number
CN105516980B
CN105516980B CN201510947805.1A CN201510947805A CN105516980B CN 105516980 B CN105516980 B CN 105516980B CN 201510947805 A CN201510947805 A CN 201510947805A CN 105516980 B CN105516980 B CN 105516980B
Authority
CN
China
Prior art keywords
web server
client
aggregation node
token
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510947805.1A
Other languages
Chinese (zh)
Other versions
CN105516980A (en
Inventor
韩志杰
张勇
吕新宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan University
Original Assignee
Henan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan University filed Critical Henan University
Priority to CN201510947805.1A priority Critical patent/CN105516980B/en
Publication of CN105516980A publication Critical patent/CN105516980A/en
Application granted granted Critical
Publication of CN105516980B publication Critical patent/CN105516980B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)

Abstract

The wireless sensor network token authentication method based on Restful frameworks that the invention discloses a kind of, sensor node and aggregation node are organized themselves into as network, aggregation node is connected to the Web server based on Restful frameworks, challenge responses certification is used between aggregation node and Web server, SSL certifications are used between Web server and client, token authentication is used between client and aggregation node, three kinds of certifications described above are two-way authentication, and user accesses the data that Web server obtains wireless sensor node by client.The present invention can effectively prevent destruction of the malicious attacker to data, ensure the safety of data in wireless sensor network.

Description

A kind of wireless sensor network token authentication method based on Restful frameworks
Technical field
The present invention relates to technical field of the computer network more particularly to a kind of wireless sensors based on Restful frameworks Network token authentication method.
Background technology
Wireless sensor network (Wireless Sensor Networks, WSN) be by one group of microsensor node with The wireless network that Ad hoc mode is constituted, the purpose is to collaboratively perceive, acquire and handle in the covering geographic area of network to perceive The information of object, and it is distributed to observer.Each sensor in wireless sensor network has one or more nodes, sensing Device node is typically a miniature embedded system.Each node monitors the sensing range object of oneself, and monitoring is specific Behavior carrys out gathered data using node, by collected data transmission to nearest aggregation node, subsequently enters the convergence stage, It is analyzed and is handled from close to the collected data of node institute, then result is sent to base station as needed, base station will most Termination fruit sends observer to.
Compare since sensor network configuration surroundings are general badly, in addition the fragility of wireless network inherently, thus It is highly prone to various attacks.To ensure that the safety of information is transmitted, a kind of mechanism is needed to verify communication parties identity Legitimacy.In traditional cable network, Public Key Infrastructure efficiently solves the problems, such as this, it passes through to digital certificate Use and manage, to provide comprehensive public key encryption and digital signature service.By Public Key Infrastructure, can by public key with The identity binding of lawful owner gets up, to establish and safeguard a believable network environment.However, asymmetry sampling Very high calculating, communication and storage overhead are needed, which dictates that using digital signature and public key on resource-constrained sensor Certificate mechanism is infeasible.To ensure that the safety of information is transmitted, a kind of mechanism is needed to verify the conjunction of communication parties identity Method, it is necessary to establish and a set of consider safety, efficiency and performance and carry out rational sensor network identity verification scheme.
Invention content
The object of the present invention is to provide a kind of wireless sensor network token authentication method based on Restful frameworks, energy It is effectively prevent destruction of the malicious attacker to data, ensures the safety of data in wireless sensor network.
The technical solution adopted by the present invention is:A kind of wireless sensor network token authentication side based on Restful frameworks Sensor node and aggregation node are organized themselves into as network, aggregation node are connected to the Web based on Restful frameworks by method Server is used challenge responses certification, is recognized using SSL between Web server and client between aggregation node and Web server Card uses token authentication between client and aggregation node, three kinds of certifications described above are two-way authentication, and user passes through client End accesses the data that Web server obtains wireless sensor node.
Challenge responses certification between the aggregation node and Web server, includes the following steps:
A aggregation nodes initiate identity registration request to Web server, enter step B;
B Web servers are that aggregation node distributes ID, are assisted in the id information for locally preserving aggregation node and with aggregation node The authentication key that quotient obtains, and this ID is sent to aggregation node, enter step C;
C aggregation nodes receive id information, and the certification request for including aggregation node id information is sent to Web server, enter Step D;
The ID that D Web servers are received in local search whether there is, and if it exists, then generates the first random number and sends To aggregation node, while it being sent to one group of function algorithm table of aggregation node, enters step E;If being not present, H is entered step;
E aggregation nodes are encrypted using the first random number of authentication key pair, and using a kind of calculation in function algorithm table Method re-encrypts encrypted first random number, aggregation node will re-encrypt after the first random number and selected encryption calculate Method is sent to Web server, enters step F;
F Web servers are encrypted using the first random number of authentication key pair, are calculated using the encryption that aggregation node is sent First after method re-encrypts encrypted first random number, and judge that encrypted result and aggregation node send re-encrypt is random Whether number is consistent, if unanimously, by verification, entering step G, otherwise, verification does not pass through, and enters step H;
G Web servers are negotiated to obtain session key with aggregation node;
H Web servers reject the data of aggregation node.
In the step B and step G, Web server and aggregation node using DH algorithms generate respectively certification secret key and Session key.
Function algorithm table in the step D is One-way Hash Function Algorithm table.
Token authentication between the client and Web server includes between client and Web server successively Identity registration between authentication and client and Web server;
Authentication between client and Web server, includes the following steps successively:
A1, client initiate the connection request to Web server, and receive Web server return the first CA certificate and With the relevant information of the first CA certificate;
The legitimacy of B1, client validation Web server identity, and preserve the public key of Web server;
C1, client send the second CA certificate to Web server;
The legitimacy of D1, Web server verification client identity, and preserve the public key of client;
The communication symmetric cryptography scheme that itself is supported is sent to Web server by E1, client;
F1, Web server select a kind of cryptography scheme from the communication symmetric cryptography scheme received, and by this password side Case using client public key encryption after be sent to client;
G1, client decrypt the encrypted cryptography scheme received, obtain the cryptography scheme of Web server selection, Determine call key, and will converse key using Web server public key encryption after be sent to Web server;
H1, Web server receive encrypted call key, are decrypted, and obtain call key;
Identity registration between client and Web server, includes the following steps successively:
A2, client initiate registration request to Web server, and log-on message is issued Web clothes by SSL safe lanes Business device;
When B2, client log in for the first time, Web server by user guiding mandate page, User Defined personal data Access rights, and Web server is issued by SSL safe lanes;
User's authorization conditions are stored in accesses control list by C2, Web server, according to the user name of user, password and are worked as The preceding time generates interim token, and interim token is sent to client;
D2, client send out data operation request using interim token to Web server;
E2, Web server judge whether interim token fails, if failure requirement client re-starts register and life The interim token of Cheng Xin is sent to client as voucher;If token does not fail, the request of client is responded.
In the step C2, if user possesses private aggregation node, Web server also sends the interim token of generation To aggregation node.
During token authentication between client and aggregation node, user obtains in the private aggregation node of purchase One unique identification number, Web server bind the ID of this aggregation node and this identifier number.
Token authentication process between client and aggregation node, includes the following steps successively:
A3, client initiate registration request to Web server, fill in the ID and identifier number of private aggregation node;
B3, Web server receive the log-on message of client, if finding, the ID of aggregation node is matched with identifier number, Recognize the private aggregation node of this aggregation node user thus, and when generating interim token after client logs in, will enable temporarily Board is sent to the private aggregation node of user while being sent to client;
C3, user private aggregation node receive interim token, client passes through interim token and private aggregation node It is attached.
The present invention organizes themselves into sensor node and aggregation node for network, and aggregation node is connected to and is based on The Web server of Restful frameworks uses challenge responses certification, Web server and visitor between aggregation node and Web server SSL certifications are used between the end of family, token authentication are used between client and aggregation node, three kinds of certifications described above are two-way Certification, user accesses the data that Web server obtains wireless sensor node by client, of the present invention to be based on The wireless sensor network token authentication method of Restful frameworks, can effectively prevent destruction of the malicious attacker to data, ensure The safety of data in wireless sensor network.
Description of the drawings
Fig. 1 is that the present invention is based on the wireless sensor network topology figures of Restful frameworks;
Fig. 2 is the challenge responses identifying procedure figure between aggregation node and Web server in the present invention;
Fig. 3 is the flow for authenticating ID figure between client and Web server in the present invention;
Fig. 4 is the identity registration flow chart between client and Web server in the present invention;
Fig. 5 is the token authentication process between client and aggregation node in the present invention.
Specific implementation mode
A kind of wireless sensor network token authentication method based on Restful frameworks of the present invention, by sensor Node sensor and aggregation node sink node organizes themselves into as network, and aggregation node sink node are connected to and are based on The Web server of Restful frameworks uses challenge responses certification, Web clothes between aggregation node sink node and Web server It is engaged in using SSL certifications between device and client user, be recognized using token between client user and aggregation node sink node Card, three kinds of certifications described above are two-way authentication, and user accesses Web server by client user and obtains wireless sensor The data of node sensor.
REST full name are Representational State Transfer, i.e., declarative state transfer refers to one group Framework constraints and principle, if as soon as framework meets the constraints and principle of REST, it is called Restful frameworks. At present HTTP be uniquely with the relevant examples of REST.
Restful frameworks follow stateless communication principle.Stateless communication principle refers to client user and Web service Device interact during each time ask between be stateless.Or REST claimed conditions be placed into resource status or by It is stored on client user, i.e., Web server cannot keep any client communicated with other than single request The communications status of user.Such communications status makes the free space of Web server have scalability, if Web server It needs to keep client user states, then the memory that a large amount of client user interactions can seriously affect Web server is available Space(footprint).To realize stateless communication, the certification request based on Restful frameworks should be independent of cookie Or session, and each request should carry certain type of Service Ticket.
Fig. 1 is the wireless sensor network topology figure based on Restful frameworks, an aggregation node sink node connection For collecting measurement data, aggregation node sink node are mainly born by several sensor node sensor, sensor node sensor Duty manipulation sensor node sensor collects data, receives the data of all the sensors node sensor and connect with outer net, Gateway node can be regarded as.One Web server can access a large amount of aggregation node sink node, and Web server is used for storing convergence The measurement data that node sink node are sent, user can log in Web server by the client user of webpage, pass through Browser transmission data operation requests dominate node and complete task or check the collection data preserved in Web server.If with Family possesses private aggregation node sink node, then client user can directly be established with aggregation node sink node connection without It needs that data are checked or manipulated by Web server.
Challenge responses identifying procedure figures of the Fig. 2 between aggregation node sink node and Web server, including following step Suddenly:
S101:Aggregation node sink node initiate identity registration request to Web server;
When aggregation node sink node access sensor network for the first time, ID authentication request is initiated to Web server, i.e., Carry out identity registration.
S102:Web server is that aggregation node sink node distribute ID, is locally preserving aggregation node sink node's Id information and the authentication key negotiated with aggregation node sink node, and this ID is sent to aggregation node sink node;
In the present embodiment, when aggregation node sink node carry out identity registration, Web server is aggregation node sink Node distributes ID, and in the id information for locally preserving aggregation node sink node, while both sides are secret using the generation certification of DH algorithms Key, both sides respectively preserve the certification secret key of generation.
S103:Aggregation node sink node receive id information, and it includes aggregation node sink node to be sent to Web server Id information certification request;
Aggregation node sink node receive id information, and certification request is initiated to server when accessing again, in certification request Include the ID of aggregation node sink node.
S104:The ID that Web server is received in local search whether there is, and if it exists, then generate the first random number simultaneously Aggregation node sink node are sent to, while being sent to mono- group of function algorithm table of aggregation node sink node;If being not present, Web server rejects the data of aggregation node sink node;
In the present embodiment, Web server from local data base inquire-receive to the ID of aggregation node sink node be No presence, and if it exists, then generate a random number in inside and return to aggregation node sink node, while returning to convergence section Mono- group of One-way Hash Function Algorithm table of point sink node, One-way Hash Function Algorithm table include MD5, SHA and HMAC etc..
S105:Aggregation node sink node are encrypted using the first random number of authentication key pair, and use function algorithm A kind of algorithm in table re-encrypts encrypted first random number, aggregation node sink node will re-encrypt after first with Machine number and selected Encryption Algorithm are sent to Web server;
In the present embodiment, aggregation node sink node are close by the first random number received and the certification that generates when registration Key carries out XOR operation, selects a kind of algorithm in One-way Hash Function Algorithm table to generating word after the string processing after exclusive or Symbol string is used as response, and the character string and selected Encryption Algorithm are sent to Web server.
S106:Web server is encrypted using the first random number of authentication key pair, using aggregation node sink node The Encryption Algorithm of transmission re-encrypts encrypted first random number, and judges that encrypted result is sent out with aggregation node sink node Whether the first random number after that send re-encrypt is consistent, if unanimously, passing through verification;Otherwise, verification does not pass through, Web server Reject the data of aggregation node sink node;
In the present embodiment, the first random number and authentication key are carried out XOR operation by Web server, and using receiving The One-way Hash Function Algorithm that aggregation node sink node are returned is handled, by result of calculation and aggregation node sink node The character string of return is compared, if the two is identical, passes through certification;Otherwise, verification does not pass through, Web server rejection The data of aggregation node sink node.
S107:Web server is negotiated to obtain session key with aggregation node sink node;
In the present embodiment, certification is secret using the generation session of DH algorithms by rear Web server and aggregation node sink node Key, follow-up connection is using session secret key as encryption secret key, to meet the confidentiality demand for security of data.
Token authentication between the client user and Web server includes client user and Web service successively Identity registration between authentication between device and client user and Web server;
Flow diagram of authentication procedures of the Fig. 3 between client user and Web server, includes the following steps successively:
S201:Client user initiates the connection request to Web server, and receives the first CA cards of Web server return Book and with the relevant information of the first CA certificate;
S202:The legitimacy of client user verification Web server identity, and preserve the public key of Web server;
In the present embodiment, whether the first CA certificate that client user verification Web servers are sent is the CA trusted by oneself What center was signed and issued.If it is not, client user just gives one alert message of user, warning the first CA certificate of user insincere Rely, inquires whether the user needs to continue to access.If so, client user compares the message in the first CA certificate, such as domain name Whether consistent with public key and related news that Web server is sent, if be consistent, client browser approves Web server Legal identity and preserve the public key of Web server.
S203:Client user sends the second CA certificate to Web server;
S204:Web server verifies the legitimacy of client user identity, and preserves the public key of client user;
If the second CA certificate of Web server verification client user is refused to connect not over verification;If By verification, Web server obtains the public key of client user.
S205:The communication symmetric cryptography scheme that itself is supported is sent to Web server by client user;
S206:Web server selects a kind of cryptography scheme from the communication symmetric cryptography scheme received, and by this password Scheme using client user public key encryption after be sent to client user;
S207:Client user decrypts the encrypted cryptography scheme received, obtains the password of Web server selection Scheme, determine call key, and will converse key using Web server public key encryption after be sent to Web server;
S208:Web server receives encrypted call key, is decrypted, and obtains call key;
Registration process flow charts of the Fig. 4 between client user and Web server, includes the following steps successively:
S301:Client user initiates registration request to Web server, and log-on message is sent out by SSL safe lanes To Web server;
In the present embodiment, user initiates registration request in client user to Web server, fills in relevant information, such as uses Name in an account book, password etc.;If user possesses private aggregation node sink node, relevant information need to be filled in, aggregation node is referred here to Meeting in the verification process of aggregation node sink node and client user is asked in the certification of sink node and client user after It is described in detail.The information of user issues Web server by SSL safe lanes.Web server preserves user's registration information, note The user name of user must not repeat when volume.
S302:When client user is logged in for the first time, for Web server by user guiding mandate page, User Defined is personal The access rights of data, and Web server is issued by SSL safe lanes;
When client user is logged in for the first time, if login password is correct, Web server is by user guiding mandate page, user The access rights of self-defined personal data, it is such as only personal visible or whole as it can be seen that and the access rights of definition are passed through SSL safety Channel issues Web server;
S303:Web server by user's authorization conditions be stored in accesses control list, according to the user name of user, password and The interim token Token that current time generates, and interim token Token is sent to client user, if user possesses individual Aggregation node sink node, Web server will also generate interim token Token and be sent to aggregation node sink node;
Accesses control list is used exclusively for the list of storage access rights, if user A wants to access the node of data user B Data then need to send out access application to Web server, and Web server receives access application and first has to check that access control arranges Table, if user B in accesses control list access rights be set as it is personal as it can be seen that if Web server return to user A and have no right to visit The message asked, if user B access rights be set as all as it can be seen that if Web server return to the data that user A wants to check. It if user A haves no right to access the data of user B, can further apply accessing, initiate application from Web server to user B, wait for The response of user B, if user's B grant access, user A can continue to check the data of user B.Accesses control list structure is such as Under:
Interim token Token is by user name, and password and current time in system are element, and Web server generates interim enable The interim token Token of generation is sent to client user by board Token, Web server.
S304:Client user sends out data operation request using interim token Token to Web server;
Client user need not be connected and be carried out register every time, using interim token Token can and Web service Device carries out data interaction.
S305:Web server judges whether interim token Token fails, if failure requirement client user is re-started Register simultaneously generates new interim token Token and is sent to client user as voucher;If token does not fail, visitor is responded The request of family end user.
Web server judges whether user name in interim token Token and password are correct, and gets interim token Token generated times, with current time according to judging whether interim token Token fails, if failure, it is desirable that client user weights Newly carry out register and generate new interim token Token to be sent to client user as voucher;If token does not fail, Respond the request of client user.
Existing token authentication generally use dynamic-password technique.Dynamic-password technique is to traditional static password technology Improvement, user will possess some vouchers, and such as the interim token Token that system is issued, and the number on interim token Token is It is continually changing, and be synchronous with the Web server of certification, therefore it is also constantly to become that user, which logs on to the password of system, Change, i.e., it is so-called " one-time pad ".
There are two types of synchronization schemes for existing dynamic-password technique:Time synchronization, event synchronization.
1. time synchronization refers to that interim token Token uses a seed of the time as dynamic password, Web server The password generated as the interim token Token of a seed certification by using the time.
2. event synchronization refers to when interim token Token generates dynamic password every time using current counting as one kind Son is generated every time after completing dynamic password, which can be incremented by automatically, when Web server equally uses number as verification Seed.
Interim token Token also preserves interim token Token with extraneous not any data communication, Web server In identical seed, using with identical Encryption Algorithm in interim token Token, obtain identical encryption data, then obtain phase Same random cipher is verified.The random cipher of interim token Token must can just be judged with the bindings such as the account of client Whether password matches.When Web server does certification, the same password only allows verification primary.
Token authentication core is algorithm, and use is relatively flexible, memory cipher is not necessarily to, using two-factor authentication machine System can play the role of dual fail-safe, simple and practicable;Token authentication is the new developing direction of ID authentication mechanism, is provided than tradition The higher safety of static password is an important identity identifying technology for adapting to current information security development characteristic.
During token authentication between client user and aggregation node sink node, user is in the private convergence of purchase When node sink node, a unique identification number is obtained, Web server marks the ID of this aggregation node sink node and this Know number to be bound.
Token authentication processes of the Fig. 5 between client user and aggregation node sink node, includes the following steps:
S401:Client user initiates registration request to Web server, fills in the ID of private aggregation node sink node With identifier number;
S402:Web server receives the log-on message of client user, if find the ID of aggregation node sink node with Identifier number matches, then recognizes the private aggregation node sink node of this aggregation node sink node users thus, and in visitor When family end user generates interim token Token after logging in, while interim token Token is sent to client user, send To the private aggregation node sink node of user;
S403:The private aggregation node sink node of user receive interim token Token, and client user is by facing When token Token and individual aggregation node sink node be attached.
So far, the multi-party certification in wireless sensor network finishes, it is ensured that the data of each side in entire communication system Safety.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (5)

1. a kind of wireless sensor network token authentication method based on Restful frameworks, it is characterised in that:By sensor node It is organized themselves into as network with aggregation node, aggregation node is connected to the Web server based on Restful frameworks, aggregation node Challenge responses certification is used between Web server, and SSL certifications, client and convergence are used between Web server and client It is two-way authentication that token authentication, three of the above certification are used between node, and user accesses Web server by client and obtains The data of wireless sensor node;
Wherein, the challenge responses certification between the aggregation node and Web server, includes the following steps:
Step A:Aggregation node initiates identity registration request to Web server, enters step B;
The step B:Web server is that aggregation node distributes ID, is saved in the id information for locally preserving aggregation node and with convergence Point negotiates obtained authentication key, and this ID is sent to aggregation node, enters step C;
The step C:Aggregation node receives id information, and the certification request for including aggregation node id information is sent to Web server, Enter step D;
The step D:The ID that Web server is received in local search whether there is, and if it exists, then generate the first random number simultaneously It is sent to aggregation node, while being sent to one group of function algorithm table of aggregation node, enters step E;If being not present, H is entered step;
The step E:Aggregation node is encrypted using the first random number of authentication key pair, and using one in function algorithm table Kind of algorithm re-encrypts encrypted first random number, aggregation node will re-encrypt after the first random number and it is selected plus Close algorithm is sent to Web server, enters step F;
The step F:Web server is encrypted using the first random number of authentication key pair, is added using what aggregation node was sent First after close algorithm re-encrypts encrypted first random number, and judge that encrypted result and aggregation node send re-encrypt Whether random number is consistent, if unanimously, by verification, entering step G, otherwise, verification does not pass through, and enters step H;
The step G:Web server is negotiated to obtain session key with aggregation node;
The step H:Web server rejects the data of aggregation node;
Wherein, the SSL certifications between the client and Web server include between client and Web server successively Identity registration between authentication and client and Web server;
Authentication between client and Web server, includes the following steps successively:
A1, client initiate the connection request to Web server, and receive the first CA certificate of Web server return and with the The relevant information of one CA certificate;
The legitimacy of B1, client validation Web server identity, and preserve the public key of Web server;
C1, client send the second CA certificate to Web server;
The legitimacy of D1, Web server verification client identity, and preserve the public key of client;
The communication symmetric cryptography scheme that itself is supported is sent to Web server by E1, client;
F1, Web server select a kind of cryptography scheme from the communication symmetric cryptography scheme received, and this cryptography scheme are adopted With being sent to client after the public key encryption of client;
G1, client decrypt the encrypted cryptography scheme received, obtain the cryptography scheme of Web server selection, determine Converse key, and will converse key using Web server public key encryption after be sent to Web server;
H1, Web server receive encrypted call key, are decrypted, and obtain call key;
Wherein, the identity registration between client and Web server, includes the following steps successively:
A2, client initiate registration request to Web server, and log-on message are issued Web service by SSL safe lanes Device;
When B2, client log in for the first time, Web server is by user guiding mandate page, the access of User Defined personal data Permission, and Web server is issued by SSL safe lanes;
C2, Web server by user's authorization conditions be stored in accesses control list, according to the user name of user, password and it is current when Between generate interim token, and interim token is sent to client;
D2, client send out data operation request using interim token to Web server;
E2, Web server judge whether interim token fails, if failure requirement client re-starts register and generates new Interim token be sent to client as voucher;If token does not fail, the request of client is responded;
Token authentication process between the client and aggregation node, includes the following steps successively:
A3, client initiate registration request to Web server, fill in the ID and identifier number of private aggregation node;
B3, Web server receive the log-on message of client, if finding, the ID of aggregation node is matched with identifier number, is recognized The private aggregation node of this aggregation node user thus, and when generating interim token after client logs in, interim token is sent out The private aggregation node of user is sent to while giving client;
C3, user private aggregation node receive interim token, client passes through interim token and is carried out with private aggregation node Connection.
2. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist In:In the step B and step G, Web server generates certification secret key respectively using DH algorithms with aggregation node and session is close Key.
3. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist In:Function algorithm table in the step D is One-way Hash Function Algorithm table.
4. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist In:In the step C2, if user possesses private aggregation node, the interim token of generation is also sent to convergence by Web server Node.
5. the wireless sensor network token authentication method according to claim 1 based on Restful frameworks, feature exist During the token authentication between client and aggregation node, user obtains one uniquely in the private aggregation node of purchase Identifier number, Web server bind the ID of this aggregation node and this identifier number.
CN201510947805.1A 2015-12-17 2015-12-17 A kind of wireless sensor network token authentication method based on Restful frameworks Active CN105516980B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510947805.1A CN105516980B (en) 2015-12-17 2015-12-17 A kind of wireless sensor network token authentication method based on Restful frameworks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510947805.1A CN105516980B (en) 2015-12-17 2015-12-17 A kind of wireless sensor network token authentication method based on Restful frameworks

Publications (2)

Publication Number Publication Date
CN105516980A CN105516980A (en) 2016-04-20
CN105516980B true CN105516980B (en) 2018-11-13

Family

ID=55724545

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510947805.1A Active CN105516980B (en) 2015-12-17 2015-12-17 A kind of wireless sensor network token authentication method based on Restful frameworks

Country Status (1)

Country Link
CN (1) CN105516980B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108347330A (en) * 2017-01-24 2018-07-31 北京百度网讯科技有限公司 A kind of method and apparatus of secure communication
FR3063365B1 (en) * 2017-02-27 2019-04-05 Jacques GASCUEL SEGMENTED KEY AUTHENTICATION SYSTEM
CN107577504A (en) * 2017-07-26 2018-01-12 河南大学 A kind of wireless sensor network programming method based on Restful frameworks
US10586033B2 (en) * 2017-08-29 2020-03-10 International Business Machines Corporation Automatic upgrade from one step authentication to two step authentication via application programming interface
CN107888615B (en) * 2017-12-01 2021-07-02 郑州云海信息技术有限公司 Safety authentication method for node registration
CN108600156B (en) * 2018-03-07 2021-05-07 华为技术有限公司 Server and security authentication method
JP7262565B2 (en) * 2018-04-25 2023-04-21 グーグル エルエルシー Delayed two-factor authentication in networked environments
EP4354326A2 (en) * 2018-04-25 2024-04-17 Google LLC Delayed two-factor authentication in a networked environment
CN110581829A (en) * 2018-06-08 2019-12-17 ***通信集团有限公司 Communication method and device
CN109462595A (en) * 2018-11-29 2019-03-12 甘肃万维信息科技有限责任公司 Data-interface secure exchange method based on RestFul
CN109587249A (en) * 2018-12-07 2019-04-05 北京金山云网络技术有限公司 Information sending, receiving method, device, server, client and storage medium
CN110691358B (en) * 2019-11-14 2022-10-14 北京京航计算通讯研究所 Access control system based on attribute cryptosystem in wireless sensor network
CN113836553B (en) * 2021-09-22 2023-10-20 北京计算机技术及应用研究所 Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350719A (en) * 2007-07-18 2009-01-21 康佳集团股份有限公司 Novel identification authentication method
CN101355555A (en) * 2007-07-27 2009-01-28 日立软件工程株式会社 Authentication system and authentication method
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9043886B2 (en) * 2011-09-29 2015-05-26 Oracle International Corporation Relying party platform/framework for access management infrastructures

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350719A (en) * 2007-07-18 2009-01-21 康佳集团股份有限公司 Novel identification authentication method
CN101355555A (en) * 2007-07-27 2009-01-28 日立软件工程株式会社 Authentication system and authentication method
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful

Also Published As

Publication number Publication date
CN105516980A (en) 2016-04-20

Similar Documents

Publication Publication Date Title
CN105516980B (en) A kind of wireless sensor network token authentication method based on Restful frameworks
Khalid et al. A decentralized lightweight blockchain-based authentication mechanism for IoT systems
Dhillon et al. Secure multi‐factor remote user authentication scheme for Internet of Things environments
US10164983B2 (en) Distributed authentication for internet-of-things resources
Razouk et al. A new security middleware architecture based on fog computing and cloud to support IoT constrained devices
Liu et al. Authentication and access control in the internet of things
CN105530253B (en) Wireless sensor network access authentication method under Restful framework based on CA certificate
Jeong et al. An efficient authentication system of smart device using multi factors in mobile cloud service architecture
Puri et al. Smart contract based policies for the Internet of Things
Khalil et al. A blockchain footprint for authentication of IoT-enabled smart devices in smart cities: state-of-the-art advancements, challenges and future research directions
Park et al. A selective group authentication scheme for IoT-based medical information system
Kalra et al. Advanced password based authentication scheme for wireless sensor networks
Santos et al. FLAT: Federated lightweight authentication for the Internet of Things
Zargar et al. A lightweight authentication protocol for IoT‐based cloud environment
CN108400962A (en) A kind of Authentication and Key Agreement method under multiserver framework
Srikanth et al. An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems
Saqib et al. A systematic security assessment and review of Internet of things in the context of authentication
Weng et al. A lightweight anonymous authentication and secure communication scheme for fog computing services
Whaiduzzaman et al. AUASF: An anonymous users authentication scheme for fog-IoT environment
Al‐Balasmeh et al. Framework of data privacy preservation and location obfuscation in vehicular cloud networks
Huszti et al. Scalable, password-based and threshold authentication for smart homes
Badar et al. Secure authentication protocol for home area network in smart grid-based smart cities
Zhang et al. Is Today's End-to-End Communication Security Enough for 5G and Its Beyond?
Sureshkumar et al. An enhanced mutually authenticated security protocol with key establishment for cloud enabled smart vehicle to grid network
Monir A Lightweight Attribute-Based Access Control System for IoT.

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant