CN112702171B - Distributed identity authentication method facing edge gateway - Google Patents
Distributed identity authentication method facing edge gateway Download PDFInfo
- Publication number
- CN112702171B CN112702171B CN202011541338.XA CN202011541338A CN112702171B CN 112702171 B CN112702171 B CN 112702171B CN 202011541338 A CN202011541338 A CN 202011541338A CN 112702171 B CN112702171 B CN 112702171B
- Authority
- CN
- China
- Prior art keywords
- gateway
- dynamic value
- authentication
- verification
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a distributed identity authentication method facing to an edge gateway, which is applied to the technical field of network authentication and comprises the following steps: a first round of static verification and a second round of dynamic verification; and the second round of dynamic verification is carried out when the equipment and the system exchange information, including information uploading, scheduling type information exchange and bridging conversation, and meanwhile, the authentication method is bidirectional authentication. The authentication algorithm is light in weight and quick in calculation; distributed authentication, namely judging an identity result according to the total passing rate; the passwords held by the authentication ends are different and are dynamic passwords; and bidirectional authentication is carried out, and connection to a disguised gateway is avoided.
Description
Technical Field
The invention relates to the technical field of network authentication, in particular to a distributed identity authentication method facing to an edge gateway.
Background
At present, many identity authentication mechanisms exist, and centralized authentication is common, for example, a set of central server is responsible for password generation and authentication of the whole system. Most static identity encryption uses the principle of cryptography for reference, and the calculation is complex, while most dynamic encryption modes need external equipment to ensure the consistency of dynamic passwords, such as magnetic cards, u-shields or mobile phone dynamic passwords. Identity authentication in an edge gateway environment with frequent equipment access needs a set of mechanisms with strong expansibility, light algorithm weight and dynamic distribution.
Therefore, it is an urgent problem to provide a mechanism with strong extensibility, light algorithm weight and dynamic distribution.
Disclosure of Invention
In view of this, the present invention provides a distributed identity authentication method facing an edge gateway.
In order to achieve the purpose, the invention adopts the following technical scheme:
an edge gateway-oriented distributed identity authentication method comprises the following steps: a first round of static verification and a second round of dynamic verification; the second round of dynamic verification is performed when the equipment and the system exchange information, and comprises information uploading, scheduling type information exchange and bridging conversation;
the first round of static verification compares a hash value of a device fixed code with a local form to finish access identity verification;
and after the second round of dynamic verification, calculating a dynamic value and forming a hash table after the first round of static verification, and comparing the hash table with a local dynamic value pair to realize information interactive verification of the equipment.
Preferably, the first round of static verification comprises the following steps:
s101: when the equipment is accessed to the gateway, sending the hash value of the equipment fixed code to a directly connected gateway B1, and assuming that k online B-level gateways exist;
s102: the gateway B1 adds 1 to the authentication times, compares the received hash value with a local form, if the corresponding hash value exists, the gateway B1 sends the hash value to other k/2 peer gateways, and the step S103 is entered, and if the corresponding hash value does not exist, the device connection request is rejected;
s103: adding 1 to the authentication times of the k/2 peer gateways, comparing the received hash value with a local form, if the corresponding hash value exists, sending the hash value to a directly connected superior gateway at a probability of 50%, and entering step S104, otherwise, entering step S105;
s104: the authentication times of the upper level gateway in the step S103 is increased by 1, and the received hash value is compared with the local form, if the corresponding hash value exists, the hash value is sent to the directly connected upper level gateway with a probability of 50%, and if the corresponding hash value does not exist, the step S105 is performed;
s105: and judging whether all gateways are verified, if the verification is completed and the total pass rate of the gateway verification is more than 95%, the equipment passes the connection request, and if not, the equipment connection request is rejected.
Preferably, the gateways with the total passing rate of 95% in step S105 do not include their direct connection gateway B1.
Preferably, after the device completes the first round of static verification and realizes the access identity authentication, the specific steps of the device and the system for information uploading or scheduling information interaction in the second round of dynamic verification are as follows:
s201: the device calculates all dynamic values according to local authentication records to form a hash table, and sends the hash table to a directly connected gateway B1, and it is assumed that k online B-level gateways exist;
s202: the gateway B1 receives the dynamic value pair, calculates a local dynamic value pair, compares the received dynamic value pair with the local dynamic value pair, if the received dynamic value pair is the same as the local dynamic value pair, the dynamic value authentication is passed, and the step S203 is entered, and if the received dynamic value pair is not the same as the local dynamic value pair, the interaction request of the equipment and the system is rejected;
s203: the gateway B1 sends the hash table to other k/2 peer gateways, the peer gateways extract the dynamic value pairs of the devices corresponding to the local dynamic value pairs from the hash table for verification, if the verification is passed, the hash table is sent to the directly connected superior gateway with a probability of 50%, and the step S204 is entered, otherwise, the step S205 is entered;
s204: the superior gateway verifies the dynamic value pair of the equipment corresponding to the extracted local dynamic value pair in the hash table, if the verification is passed, the hash table is sent to the superior gateway directly connected with the superior gateway at a probability of 50%, otherwise, the step S205 is executed;
s205: and judging whether all gateways are verified, if the verification is completed and the total pass rate of the gateway verification is more than 95%, the equipment passes the interactive request, otherwise, the equipment rejects the interactive request.
Preferably, the gateways with the total passing rate of 95% in step S205 do not include their direct connection gateway B1.
Preferably, after the device completes the first round of static verification and realizes the access identity authentication, in the second round of dynamic verification, the specific steps of the device and the system performing the bridging session are as follows:
s301: the equipment calculates all dynamic value pairs according to the local authentication records and sends the dynamic value pairs to a direct connection gateway B1, and it is assumed that k online B-level gateways exist;
s302: the gateway B1 receives the dynamic value pair, compares the dynamic value pair with a local dynamic value pair, if the Rui is the same, the step S303 is executed, otherwise, the equipment interaction request is rejected;
s303: extracting one gateway from the rest gateways at the B level at fixed time intervals, extracting k/2 gateways in total, and sending the dynamic value pair of the equipment to the extraction gateway; the extracted gateway receives the dynamic value and compares the dynamic value with a local dynamic value, if the dynamic value is the same as the local dynamic value, the step S304 is executed, otherwise, the step S306 is executed;
s304: after k/2 seconds, the extracted gateway judges whether a superior gateway is required to participate in authentication or not with a probability of 50%, if the superior gateway is required to carry out verification, the step S305 is carried out, otherwise, the interaction between the equipment and the system is recovered or maintained under the condition that the verification passing rate is greater than 95%;
s305: the superior gateway receives the dynamic value pair, compares the dynamic value pair with a local dynamic value pair, if the dynamic value pair is the same and the passing rate is more than 95%, the interaction between the equipment and the system is recovered or kept, otherwise, the step S306 is advanced;
s306: interrupting the interaction of the device with the system.
Preferably, after the gateway passes the forward authentication of the device, the dynamic value of the gateway to the device is calculated according to the coded hash value and the authentication times of the gateway, and the dynamic value is sent to the device in a reverse direction.
Preferably, the device receives the hash value transmitted reversely by the gateway to verify, and if the total passing rate is more than 90%, the reverse authentication is successful, and the gateway authentication times are updated.
Compared with the prior art, the edge gateway-oriented distributed identity authentication method provided by the invention has the following beneficial effects:
1. the authentication algorithm is light and fast
(1) The access gateway has more equipment and strong expansibility;
(2) the identity authentication is spread, and the total times are more;
(3) data is frequently interacted. Authentication is required for each interaction, so that intermittent theft is avoided (connection exceeding common frequency is automatically blocked, and manual verification and unlocking are required);
2. distributed authentication, determining the result of identity authentication according to the total pass rate
(1) The centralized authentication technology is complex and the cost is large;
(2) once the single authentication end is broken, the whole authentication system is paralyzed;
(3) after distribution, the possibility of single-end failure is considered, and judgment is carried out according to the passing rate;
3. the passwords held by the authentication terminals are different and are dynamic passwords
(1) Interception type camouflage is avoided;
(2) non-repetitive authentication;
(3) external equipment is not needed;
4. two-way authentication
(1) When the equipment is connected, the access disguised gateway is prevented from being implanted and cracked;
(2) when the equipment is called, the possibility that the equipment is subjected to external control is reduced;
drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a first round of static verification method according to the present invention;
FIG. 2 is a flowchart of an information uploading and scheduling information interaction method for a second round of dynamic verification according to the present invention;
FIG. 3 is a flowchart of a second round of dynamic verification bridge session method according to the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The invention discloses a distributed identity authentication method facing an edge gateway, which comprises the following steps: a first round of static verification and a second round of dynamic verification; and the second round of dynamic verification is performed when the equipment and the system exchange information, and comprises information uploading, scheduling information exchange and bridging conversation. The first round of static verification compares a hash value of a fixed code of the equipment with a local form to finish access identity verification; and the second round of dynamic verification is that after the first round of static verification, the dynamic value is calculated to form a hash table, and the hash table is compared with the local dynamic value pair to realize the information interactive verification of the equipment.
Referring to the attached figure 1, a first round of static verification method flow is disclosed, and the specific steps are as follows:
s101: when the equipment is accessed to the gateway, sending the hash value of the equipment fixed code to a directly connected gateway B1, and assuming that k online B-level gateways exist;
s102: adding 1 to the authentication times of the gateway B1, comparing the received hash value with a local form, if the corresponding hash value exists, sending the hash value to other k/2 peer gateways by the gateway B1, entering the step S103, and if the corresponding hash value does not exist, rejecting the device connection request;
s103: adding 1 to the authentication times of k/2 peer gateways, simultaneously comparing the received hash value with a local form, if the corresponding hash value exists, sending the hash value to a directly connected superior gateway at a probability of 50%, and entering step S104, and if the corresponding hash value does not exist, entering step S105;
s104: adding 1 to the authentication times of the upper level gateway in the step S103, comparing the received hash value with a local form, if the corresponding hash value exists, sending the hash value to the directly connected upper level gateway with a probability of 50%, and if the corresponding hash value does not exist, entering a step S105;
s105: and judging whether all gateways are verified, if the verification is completed and the total pass rate of the gateway verification is more than 95%, the equipment passes the connection request, and if not, the equipment connection request is rejected.
In step S105, the gateways with the total passing rate of 95% do not include the direct connection gateway B1.
Referring to fig. 2 and 3, a flow chart of a second round of dynamic verification method is disclosed, where fig. 2 is a flow chart of an information uploading or scheduling information interaction method in the second round of dynamic verification, and the specific steps are as follows:
s201: the device calculates all dynamic values according to the local authentication records to form a hash table, and sends the hash table to a directly connected gateway B1, and it is assumed that k online B-level gateways exist;
s202: the gateway B1 receives the dynamic value pair, calculates a local dynamic value pair, compares the received dynamic value pair with the local dynamic value pair, if the received dynamic value pair is the same as the local dynamic value pair, the dynamic value authentication is passed, and the step S203 is entered, and if the received dynamic value pair is not the same as the local dynamic value pair, the interactive request of the equipment and the system is rejected;
s203: the gateway B1 sends the hash table to other k/2 peer gateways, the peer gateways extract the dynamic value pairs of the devices corresponding to the local dynamic value pairs from the hash table for verification, if the verification is passed, the hash table is sent to the directly connected superior gateway with a probability of 50%, and the step S204 is entered, otherwise, the step S205 is entered;
s204: the superior gateway verifies the dynamic value pair of the equipment corresponding to the extracted and local dynamic value pair in the hash table, if the verification is passed, the hash table is sent to the superior gateway directly connected with the superior gateway with the probability of 50%, otherwise, the step S205 is executed;
s205: and judging whether all gateways are verified, if the verification is completed and the total pass rate of the gateway verification is more than 95%, the equipment passes the interactive request, and if not, the equipment interactive request is rejected.
Specifically, the gateways with the total passing rate of 95% in step S205 do not include their direct connection gateway B1.
Referring to fig. 3, a flowchart of a bridging session method in the second round of dynamic verification is shown, which includes the following specific steps:
s301: the equipment calculates all dynamic value pairs according to the local authentication records and sends the dynamic value pairs to the direct connection gateway B1, and it is assumed that k online B-level gateways exist;
s302: the gateway B1 receives the dynamic value pair, compares the dynamic value pair with a local dynamic value pair, if the two are the same, then step S303 is performed, otherwise, the device interaction request is rejected;
s303: extracting one gateway from the rest gateways at the B level at fixed time intervals, extracting k/2 gateways in total, and sending the dynamic value pair of the equipment to the extraction gateway; the extracted gateway receives the dynamic value and compares the local dynamic value pair, if the local dynamic value pair is the same, the step S304 is executed, otherwise, the step S306 is executed;
s304: after k/2 second, the extracted gateway judges whether the superior gateway is required to participate in authentication or not with a probability of 50%, if the superior gateway is required to perform verification, the step S305 is executed, otherwise, the interaction between the equipment and the system is recovered or maintained under the condition that the verification passing rate is greater than 95%;
s305: the superior gateway receives the dynamic value pair, compares the dynamic value pair with a local dynamic value pair, if the dynamic value pair is the same and the passing rate is more than 95%, the interaction between the equipment and the system is recovered or kept, otherwise, the step S306 is advanced;
s306: interrupting the interaction of the device with the system.
It should be noted that, after the access authentication is completed, all gateways and devices participating in the authentication will add one to the recorded authentication times locally. Because the authentication object has certain randomness, the authentication times recorded by each gateway to the equipment are possibly different, and the richness of the password is ensured.
When the device needs to perform the second round of dynamic verification, assume that the authentication times of each gateway recorded by the device are pB1、pB2… from the end of the hash value encoded by the local deviceB1And the bit characters are dynamic values corresponding to the B1 gateway, hash value calculation is carried out on the dynamic values, and the values and the hash values coded by the B1 gateway equipment form dynamic value pairs. In this kind ofAnd deducing the dynamic value pairs of the authentication of all the recorded devices to form a hash table. And the device sends an access application to the B1 gateway directly connected with the device, and submits the dynamic hash table.
Meanwhile, the authentication method is bidirectional authentication, and can avoid equipment from accessing a forged gateway system. After the gateway passes the forward authentication of the equipment, calculating a dynamic value of the gateway to the equipment according to the coded hash value and the authentication times of the gateway, and reversely sending the dynamic value to the equipment; and the equipment receives the hash value transmitted reversely by the gateway for verification, if the total passing rate is more than 90%, the reverse authentication is successful, and the gateway authentication times are updated.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (7)
1. A distributed identity authentication method facing to an edge gateway is characterized in that,
the method comprises the following steps: a first round of static verification and a second round of dynamic verification; the second round of dynamic verification is performed when the equipment and the system exchange information, and comprises information uploading, scheduling type information exchange and bridging conversation;
the first round of static verification compares a hash value of a device fixed code with a local form to finish access identity verification;
after the first round of static verification, calculating a dynamic value and forming a hash table, and comparing the hash table with a local dynamic value pair to realize information interactive verification of the equipment;
the first round of static verification comprises the following steps:
s101: when the equipment is accessed to the gateway, sending the hash value of the equipment fixed code to a directly connected gateway B1, and assuming that k online B-level gateways exist;
s102: the gateway B1 adds 1 to the authentication times, compares the received hash value with a local form, if the corresponding hash value exists, the gateway B1 sends the hash value to other k/2 peer gateways, and the step S103 is entered, and if the corresponding hash value does not exist, the device connection request is rejected;
s103: adding 1 to the authentication times of the k/2 peer gateways, comparing the received hash value with a local form, if the corresponding hash value exists, sending the hash value to a directly connected superior gateway at a probability of 50%, and entering step S104, otherwise, entering step S105;
s104: in the step S103, the number of authentication times of the upper level gateway is increased by 1, and the received hash value is compared with a local form, if a corresponding hash value exists, the hash value is sent to the directly connected upper level gateway at a probability of 50%, and if no corresponding hash value exists, the step S105 is performed;
s105: and judging whether all gateways are verified, if the verification is completed and the total pass rate of the gateway verification is more than 95%, the equipment passes the connection request, and if not, the equipment connection request is rejected.
2. The distributed identity authentication method for the edge gateway according to claim 1, wherein the gateway with the total passing rate of 95% in the step S105 does not include its directly connected gateway B1.
3. The edge gateway-oriented distributed identity authentication method as claimed in claim 1, wherein the specific steps of the device performing a first round of static authentication, implementing access identity authentication, and performing information uploading or scheduling information interaction with the system in a second round of dynamic authentication are as follows:
s201: the device calculates all dynamic values according to local authentication records to form a hash table, and sends the hash table to a directly connected gateway B1, and it is assumed that k online B-level gateways exist;
s202: the gateway B1 receives the dynamic value pair, calculates a local dynamic value pair, compares the received dynamic value pair with the local dynamic value pair, if the received dynamic value pair is the same as the local dynamic value pair, the dynamic value authentication is passed, and the step S203 is entered, and if the received dynamic value pair is not the same as the local dynamic value pair, the interaction request of the equipment and the system is rejected;
s203: the gateway B1 sends the hash table to other k/2 peer gateways, the peer gateways extract the dynamic value pairs of the devices corresponding to the local dynamic value pairs from the hash table for verification, if the verification is passed, the hash table is sent to the directly connected superior gateway with a probability of 50%, and the step S204 is entered, otherwise, the step S205 is entered;
s204: the superior gateway verifies the dynamic value pair of the equipment corresponding to the extracted local dynamic value pair in the hash table, if the verification is passed, the hash table is sent to the superior gateway directly connected with the superior gateway at a probability of 50%, otherwise, the step S205 is executed;
s205: and judging whether all gateways are verified, if the verification is completed and the total pass rate of the gateway verification is more than 95%, the equipment passes the interactive request, otherwise, the equipment rejects the interactive request.
4. An edge gateway-oriented distributed identity authentication method according to claim 3,
the gateways with the total passing rate of 95% in the step S205 do not include the direct connection gateway B1.
5. The edge gateway-oriented distributed identity authentication method of claim 1, wherein the specific steps of the device performing a bridging session with the system in the second round of dynamic authentication after the device completes the first round of static authentication and realizes the access identity authentication are as follows:
s301: the equipment calculates all dynamic value pairs according to the local authentication records and sends the dynamic value pairs to a direct connection gateway B1, and it is assumed that k online B-level gateways exist;
s302: the gateway B1 receives the dynamic value pair, compares the dynamic value pair with a local dynamic value pair, if the dynamic value pair is the same as the local dynamic value pair, the step S303 is executed, otherwise, the interaction request of the equipment is rejected;
s303: extracting one gateway from the rest gateways at the B level at fixed time intervals, extracting k/2 gateways in total, and sending the dynamic value pair of the equipment to the extraction gateway; the extraction gateway receives the dynamic value and compares the dynamic value with a local dynamic value, if the dynamic value is the same as the local dynamic value, the step S304 is executed, otherwise, the step S306 is executed;
s304: after k/2 second, the extraction gateway judges whether a superior gateway is required to participate in authentication or not with a probability of 50%, if the superior gateway is required to perform verification, the step S305 is executed, otherwise, the interaction between the equipment and the system is recovered or maintained under the condition that the verification passing rate is greater than 95%;
s305: the superior gateway receives the dynamic value pair, compares the dynamic value pair with a local dynamic value pair, if the dynamic value pair is the same and the passing rate is more than 95%, the interaction between the equipment and the system is recovered or kept, otherwise, the step S306 is advanced;
s306: interrupting the interaction of the device with the system.
6. An edge gateway oriented distributed identity authentication method according to any one of claims 1-5,
and after the gateway passes the forward authentication of the equipment, calculating a dynamic value of the gateway to the equipment according to the coded hash value and the authentication times of the gateway, and reversely sending the dynamic value to the equipment.
7. An edge gateway-oriented distributed identity authentication method according to claim 6,
and the equipment receives the hash value transmitted reversely by the gateway for verification, if the total passing rate is more than 90%, the reverse authentication is successful, and the gateway authentication times are updated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011541338.XA CN112702171B (en) | 2020-12-23 | 2020-12-23 | Distributed identity authentication method facing edge gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011541338.XA CN112702171B (en) | 2020-12-23 | 2020-12-23 | Distributed identity authentication method facing edge gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112702171A CN112702171A (en) | 2021-04-23 |
| CN112702171B true CN112702171B (en) | 2021-10-15 |
Family
ID=75509453
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011541338.XA Active CN112702171B (en) | 2020-12-23 | 2020-12-23 | Distributed identity authentication method facing edge gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702171B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109583181A (en) * | 2018-11-29 | 2019-04-05 | 新华三技术有限公司 | A kind of authentication method, device and machine readable storage medium |
| CN110933118A (en) * | 2020-02-20 | 2020-03-27 | 深圳市城市交通规划设计研究中心股份有限公司 | Edge computing gateway secure communication method, system, terminal equipment and server |
| CN110995432A (en) * | 2020-03-05 | 2020-04-10 | 杭州字节物联安全技术有限公司 | Internet of things sensing node authentication method based on edge gateway |
| CN111371730A (en) * | 2018-12-26 | 2020-07-03 | 中国科学院沈阳自动化研究所 | Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene |
| CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601602B (en) * | 2015-02-26 | 2017-08-25 | 北京成众志科技有限公司 | A kind of terminal device network security enhancing access and authentication method |
| EP3577878B1 (en) * | 2017-02-06 | 2021-07-07 | PCMS Holdings, Inc. | Securing communication of devices in the internet of things |
| CN109873815B (en) * | 2019-01-28 | 2021-07-02 | 西安电子科技大学 | Heterogeneous Internet of things authentication method based on edge computing and Internet of things security platform |
| CN111147472B (en) * | 2019-12-23 | 2023-02-28 | 全球能源互联网研究院有限公司 | Lightweight authentication method and system for intelligent electric meter under edge computing scene |
-
2020
- 2020-12-23 CN CN202011541338.XA patent/CN112702171B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109583181A (en) * | 2018-11-29 | 2019-04-05 | 新华三技术有限公司 | A kind of authentication method, device and machine readable storage medium |
| CN111371730A (en) * | 2018-12-26 | 2020-07-03 | 中国科学院沈阳自动化研究所 | Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene |
| CN110933118A (en) * | 2020-02-20 | 2020-03-27 | 深圳市城市交通规划设计研究中心股份有限公司 | Edge computing gateway secure communication method, system, terminal equipment and server |
| CN110995432A (en) * | 2020-03-05 | 2020-04-10 | 杭州字节物联安全技术有限公司 | Internet of things sensing node authentication method based on edge gateway |
| CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
Non-Patent Citations (2)
| Title |
|---|
| A Light Authentication and Inter-Cloud Payment protocol for Edge Computing;Mohamed Seifelnasr ET AL;《2020 IEEE 9th International Conference on Cloud Networking》;20201111;全文 * |
| 基于边缘计算网关的金融支付受理技术研究;祖立军等;《电脑知识与技术》;20201125;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112702171A (en) | 2021-04-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107528856A (en) | Internet of Things mist end equipment based on block chain platform access authentication method beyond the clouds | |
| CN107103473A (en) | A kind of intelligent contract implementation method based on block chain | |
| CN106470190A (en) | A kind of Web real-time communication platform authentication cut-in method and device | |
| CN113746858B (en) | Cross-chain communication method based on verifiable random function | |
| WO2019004480A1 (en) | Consensus-forming method in network, and node for configuring network | |
| CN111698451B (en) | Video conference-based electronic contract signing method, platform and system | |
| CN112737770B (en) | Network bidirectional authentication and key agreement method and device based on PUF | |
| CN113609508A (en) | Block chain-based federal learning method, device, equipment and storage medium | |
| CN109587126A (en) | User anthority identifying method and system | |
| CN113225736A (en) | Unmanned aerial vehicle cluster node authentication method and device, storage medium and processor | |
| CN112702171B (en) | Distributed identity authentication method facing edge gateway | |
| CN111327602B (en) | Equipment access processing method, equipment and storage medium | |
| CN111198895A (en) | Block chain updating method | |
| CN108183906B (en) | Time bank management method, server, terminal, storage medium and electronic device | |
| CN111243137A (en) | Intelligent door lock safety management system based on open architecture | |
| CN114022150B (en) | Resource transfer method, device, electronic equipment and storage medium | |
| CN113839768B (en) | Cross-link communication method based on satellite link relay | |
| CN114936853A (en) | Chain transaction protocol and transaction authentication method based on trusted execution environment | |
| KR102258064B1 (en) | System and method for providing hybrid blockchain based aircraft control service | |
| Ogiela et al. | Security of visual codes in service management in the cloud | |
| CN113014540A (en) | Data processing method, device, equipment and storage medium | |
| CN104519073A (en) | AAA multi-factor security-enhanced authentication method | |
| CN114050905B (en) | Asynchronous firmware authentication method for Internet of things group | |
| CN112989398B (en) | Data processing method and device for block chain network, computer equipment and medium | |
| Wang et al. | Defense against sybil attack in blockchain based on improved consensus algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |