Embodiments of the present disclosure provide a method and a device for cross-domain strong logically isolation and secure access control in the Internet of Things (IoT). The method includes the following. When one IoT gateway receives the identity authentication request, the IoT gateway sends the identity authentication request to all IoT gateways in the domain excluding that IoT gateway. When all IoT gateways in the domain receive the identity authentication request, all IoT gateways verify separately whether the identity authentication request is legal. After a certain IoT gateway obtains the identity authentication result, a distributed consensus procedure is initiated. The IoT gateways in the domain reach a consensus on the identity authentication result through a distributed consensus mechanism, and the identity authentication result is written and stored to a block of a blockchain.

A method is disclosed for implementing trust Internet of Things (IoT) services in an IoT device and a user device. The IoT device receives from the user device an authentication request comprising a hash value, first encrypted information and second encrypted information, where the IoT device determines whether the user device is successfully authenticated based on determining the user device public key and confirming that the user device public key exists in a list of access permitted user devices of the IoT device.

A method is disclosed for implementing trust Internet of Things (IoT) services in an IoT device and a user device. The IoT device receives from the user device an authentication request comprising a hash value, first encrypted information and second encrypted information, where the IoT device determines whether the user device is successfully authenticated based on determining the user device public key and confirming that the user device public key exists in a list of access permitted user devices of the IoT device.

An authentication method performed by an authentication system that is equipped with a communication apparatus to which an authentication information storage apparatus for recording authentication information is connected, and an information apparatus that communicates with the communication apparatus includes executing first authentication processing for authenticating the information apparatus, executing any one of second authentication processing for authenticating, by the information apparatus, the communication apparatus and relaying communication of second authentication processing for authenticating, by the information apparatus, the authentication information storage apparatus, and performing specific information processing when authentication is performed in both the first authentication processing and the second authentication processing.

An authentication method performed by an authentication system that is equipped with a communication apparatus to which an authentication information storage apparatus for recording authentication information is connected, and an information apparatus that communicates with the communication apparatus includes executing first authentication processing for authenticating the information apparatus, executing any one of second authentication processing for authenticating, by the information apparatus, the communication apparatus and relaying communication of second authentication processing for authenticating, by the information apparatus, the authentication information storage apparatus, and performing specific information processing when authentication is performed in both the first authentication processing and the second authentication processing.

An apparatus for generating a digital value, and a method therefor are proposed. The apparatus for generating the digital value includes: a data generation part configured to randomly generate a first digital value; a data preservation part configured to store the first digital value; and a data concealment part configured to generate a final digital value by synthesizing the first digital value and a second digital value outputted from a volatile element. Accordingly, there is an effect that randomness of the final digital value is confirmable, and the final digital value is not leaked to outside.

Example implementations relate to connecting an IoT device to a wireless network using Device Provisioning Protocol (DPP). An authentication server receives a DPP network access authorization request including a connector identifier from an Access Point (AP) in communication with the IoT device. The connector identifier is a hash of the public network access key of the IoT device. If the connector identifier is valid, the authentication server determines a configurable policy from a set of configurable policies that is applicable to the IoT device. The authentication server transmits network permissions defined in the configurable policy to the AR The IoT device is connected to the wireless network by the AP based on the network permissions.

The present disclosure relates to a transmitting device and a transmitting method, and a receiving device and a receiving method which are capable of improving confidentiality and communication resistance in low power wide area (LPWA) communication. The transmitting device generates a key stream on the basis of GPS time information, encrypts transmitted data on the basis of the key stream to generate encrypted data, and transmits the encrypted data to the receiving device. The receiving device generates a key stream on the basis of GPS time information and decodes the encrypted data into the transmitted data on the basis of the key stream. The present disclosure can be applied to an LPWA communication system.

The present disclosure relates to a transmitting device and a transmitting method, and a receiving device and a receiving method which are capable of improving confidentiality and communication resistance in low power wide area (LPWA) communication. The transmitting device generates a key stream on the basis of GPS time information, encrypts transmitted data on the basis of the key stream to generate encrypted data, and transmits the encrypted data to the receiving device. The receiving device generates a key stream on the basis of GPS time information and decodes the encrypted data into the transmitted data on the basis of the key stream. The present disclosure can be applied to an LPWA communication system.

A service layer (SL) function may be used for managing a user profile that is associated with a SL user and using this profile to automatically configure different types of devices connected to an IoT service provider's platform. A SL function may be used to support user data privacy and security when data is imported and exported between gateways or servers temporarily.