REVOCABLE LIGHTWEIGHT GROUP AUTHENTICATION METHOD AND SYSTEM FOR EDGE CONTROLLER, AND MEDIUM

Abstract

A revocable lightweight group authentication method and system for an edge controller is described here. When the edge controller needs to be registered, an edge server generates a private key of the edge controller and sends the private key to the edge controller, and meanwhile adds the edge controller to a group list of the edge server; the edge server updates a certificate of the edge controller, adds the certificate to a certificate list of the edge server and sends the certificate to the edge controller so that the edge controller updates the private key according to the updated certificate; and then the edge controller generates a signature according to the updated private key, and sends the signature to the edge server so that the edge server authenticates the edge controller after determining that the signature meets preset requirements.

Claims

1. A revocable lightweight group authentication method for an edge controller, comprising: building a preset system of an edge server, and generating a group public key and a first private key of the edge server according to system parameters of the preset system; after determining that a registration request sent to the edge server by the edge controller is received, generating, by the edge server, a second private key of the edge controller and sending the second private key to the edge controller via a secure channel, and meanwhile adding the edge controller to a group list of the edge server; after determining that the edge controller is added to the group list of the edge server, updating, by the edge server, a certificate of the edge controller, adding the updated certificate to a certificate list of the edge server and sending the certificate to the edge controller; updating, by the edge controller, the second private key according to the updated certificate; and after determining that the second private key is updated by the edge controller, generating, by the edge controller, a signature according to the updated second private key, and sending the signature to the edge server; and determining, by the edge server, that the signature meets preset requirements, and authenticating the edge controller.

2. The revocable lightweight group authentication method for the edge controller of claim 1, the method further comprising: when determining that the edge server needs to check a real identity of the edge controller, tracing, by the edge server, the edge controller via the signature, and checking the real identity of the edge controller; and when determining that the edge server needs to revoke the edge controller, not sending the updated certificate to the edge controller by the edge server.

3. The revocable lightweight group authentication method for the edge controller of claim 2, wherein the step of building the preset system of the edge server comprises: determining, for the edge server, a first multiplicative cyclic group, a second multiplicative cyclic group and a third multiplicative cyclic group with a selection order of a big prime, and determining a first generator of the first multiplicative cyclic group and a second generator of the second multiplicative cyclic group; determining an isomorphic mapping of the first multiplicative cyclic group and the second multiplicative cyclic group, and determining first functions of the first generator and the second generator according to the isomorphic mapping; determining bilinear pairings of the first multiplicative cyclic group, the second multiplicative cyclic group and the third multiplicative cyclic group; obtaining a first hash function and a second hash function, wherein the second hash function is correlative to the first multiplicative cyclic group; extracting a first element of a first set and a second element of the first multiplicative cyclic group, wherein the first set is correlative to the first hash function, and a first exponent of the second element with respect to the first element is equal to a preset value; extracting a third element of the first set, and determining a second exponent of the second generator with respect to the third element; obtaining a first time period, calculating a second hash function value of the first time period, and calculating a product of the second hash function value and the first generator; and generating a group public key according to the product, the second generator, the second element, the preset value and the second exponent; and generating a private key of the edge server according to the first element.

4. The revocable lightweight group authentication method for the edge controller of claim 3, wherein the step of generating, by the edge server, the second private key of the edge controller and sending the second private key to the edge controller via the secure channel, and meanwhile adding the edge controller to the group list of the edge server comprises: extracting a fourth element of the first set, and calculating a third exponent of the first generator with respect to the third element and the fourth element; and generating a second private key of the edge controller according to the fourth element and the third exponent, sending the second private key to the edge controller via the secure channel, and meanwhile adding the edge controller to the group list of the edge server.

5. The revocable lightweight group authentication method for the edge controller of claim 4, wherein the step of updating, by the edge server, the certificate of the edge controller, and adding the updated certificate to the certificate list of the edge server comprises: calculating a fourth exponent of the second hash function value with respect to the third element and the fourth element, and updating the certificate of the edge controller according to the fourth exponent; and adding the updated certificate to the certificate list of the edge server.

6. The revocable lightweight group authentication method for the edge controller of claim 5, wherein the step of generating, by the edge controller, the signature according to the updated second private key, and sending the signature to the edge server; and determining, by the edge server, that the signature meets preset requirements, and authenticating the edge controller comprises: determining, by the edge controller, a first message according to the updated second private key, calculating a first challenge value according to the first message, outputting a signature of the first message, and sending the signature to the edge server; and calculating, by the edge server, a second challenge value, determining that the first challenge value is equal to the second challenge value, receiving the signature, and authenticating the edge controller.

7. The revocable lightweight group authentication method for the edge controller of claim 6, wherein the step of tracing, by the edge server, the edge controller via the signature and checking the real identity of the edge controller comprises: determining, by the edge server, the signature as a valid signature for the first message, calculating the second private key of the signature corresponding to the edge controller; and checking information about the edge controller in the certificate list and the group list according to the second private key.

8. The revocable lightweight group authentication method for the edge controller of claim 2, the method further comprising: when determining that the edge server needs to revoke the edge controller, deleting all information about the edge controller from the certificate list and the group list.

9. (canceled)

10. (canceled)

Description

BRIEF DESCRIPTION OF DRAWINGS

[0042] The present invention will be further depicted with reference to the accompanying drawings and embodiments, wherein:

[0043] FIG. 1 is a flow chart of a revocable lightweight group authentication method for an edge controller according to an embodiment of the present invention.

DETAILED DESCRIPTION OF EMBODIMENTS

[0044] The embodiments of the present invention will be described in details in the following paragraphs. Examples of the embodiments are shown in the accompanying drawings, in which like or similar numbers refer to like or similar elements or elements with like or similar functions throughout. The embodiments depicted with reference to the accompanying drawings below are exemplary, and are merely intended for the purpose of explanation, but are not to be construed as limiting of the present invention.

[0045] In the description of the present invention, “a number of” means more than one, “a plurality of” means more than two, “greater than”, “smaller than”, “over” and so on are constructed as not including the original number, and “above”, “below” and “within” and the like are constructed as including the original number. “First” and “second” (if any) are merely for distinguishing the technical features, but are not to be construed as indicating or implying the relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence relationship of technical features indicated.

[0046] In the description of the present invention, the words such as “provide” should be understood in a broad sense, and those skilled in the art may reasonably determine the specific meanings of the foregoing words in the present invention with reference to the details of the technical solution, unless otherwise expressly defined.

[0047] In the description of the present invention, the reference terms “one embodiment”, “some embodiments”, “exemplary embodiments”, “examples”, “specific examples”, or “some examples” refer to that the specific features or characteristics described with reference to such embodiment or example are included into at least one embodiment or example of the present invention. In the specification, indicative expressions of the above terms do not necessarily refer to the same embodiments or examples. Moreover, the described specific features or characteristics may be combined in any one or more embodiments or examples in a proper manner.

[0048] The edge controllers are numerous and diverse, and software and hardware resources of a plurality of equipment are limited, and moreover the current security and credibility operation mechanism is not applicable to the operation process of the edge controller and the edge server. Therefore, the embodiment provides the revocable lightweight group authentication method and system for the edge controller, and the medium, which support that the edge server may trace the real identity of the edge controller, and meanwhile ensure a third party cannot know the identity privacy of the edge controller except the edge server. According to the embodiment, based on an updating mechanism for the private key and the certificate, the edge controller is revocable efficiently, and the revoked edge controller cannot access or upload data to the edge server, protect important data and sensitive information in industrial Internet scenarios.

[0049] Particularly, by referring to FIG. 1, an embodiment of the present invention provides a revocable lightweight group authentication method for an edge controller, including the steps of:

[0050] S11. building a preset system of an edge server, and generating a group public key and a first private key of the edge server according to system parameters of the preset system.

[0051] In the embodiment, the system parameters of the preset system are generated by the edge server, and the group public key and the private key of the edge server are generated according to the system parameter, wherein the private key of the edge server is taken as the first private key. Particularly, the preset system building process may be implemented by the following steps:

[0052] determining, for the edge server, a first multiplicative cyclic group G.sub.1, a second multiplicative cyclic group G.sub.2 and a third multiplicative cyclic group G.sub.T with a selection order of a big prime p, and determining a first generator g.sub.1 of the first multiplicative cyclic group G.sub.1 and a second generator g.sub.2 of the second multiplicative cyclic group G.sub.2; determining an isomorphic mapping ψ:G.sub.2.fwdarw.G.sub.1 of the first multiplicative cyclic group G.sub.1 and the second multiplicative cyclic group G.sub.2, and determining a first function g.sub.1=ψ(g.sub.2) of the first generator g.sub.1 and the second generator g.sub.2 based on the isomorphic mapping ψ:G.sub.2.fwdarw.G.sub.1, and determining a bilinear pairing e:G.sub.1×G.sub.2.fwdarw.G.sub.T of the first multiplicative cyclic group G.sub.1, the second multiplicative cyclic group G.sub.2 and the third multiplicative cyclic group G.sub.T; obtaining two safe and collision-resistant hash functions, wherein a first hash function is H.sub.1: {0,1}*÷Z.sub.p*, and a second hash function is H.sub.2: {0,1}*.fwdarw.G.sub.1;

[0053] and then extracting first elements ξ.sub.1 and ξ.sub.2 of a first set Z.sub.p* and second elements u and v of the first multiplicative cyclic group G.sub.1, wherein the first set Z.sub.p* is correlative to the first hash function, and a first exponent of the second element with respect to the first element is equal to a preset value h, for example, randomly selecting h∈G.sub.1\{1.sub.G1}, and selecting tξ.sub.1,ξ.sub.2∈Z.sub.p* and u,v∈G.sub.1 so that u.sup.ξ1=v.sup.ξ2=h; and meanwhile extracting a third element γ of the first set Z.sub.p*, and determining a second exponent w of the second generator with respect to the third element γ, for example, randomly selecting γεZ.sub.p*, and making w=g.sub.2.sup.γ. wherein it should be noted that the edge server is only allowed to know γ in the embodiment;

[0054] obtaining a first time period, calculating a second hash function value of the first time period, and calculating a product of the second hash function value and the first generator, for example, selecting the time period T.sub.j (j=1, 2, 3 . . . ) as the first time period, and calculating R.sub.j=H.sub.2(T.sub.j) as the second hash function value, and calculating g.sub.1′=g.sub.1.Math.R.sub.j as a product of the second hash function value and the first generator; and then generating a group public key according to the product g.sub.1′, the second generator g.sub.2, the second elements u and v, the preset value h and the second exponent w; and generating the private key of the edge server according to the first elements ξ.sub.1 and ξ.sub.2, for example, obtaining the group public key by virtue of the calculation of gpk=(g.sub.1′,g.sub.2,u,v,h,w), and obtaining the private key of the edge server by virtue of the calculation of gmsk=(ξ.sub.1,ξ.sub.2).

[0055] S12. after determining that a registration request sent to the edge server by the edge controller is received, generating, by the edge server, a second private key of the edge controller and sending the second private key to the edge controller via a secure channel, and meanwhile adding the edge controller to a group list of the edge server.

[0056] In the embodiment, when the edge controller with an ID identifier of ID.sub.i(i=1, 2, 3 . . . ) is expectedly added into group members of the edge server, the edge controller sends the registration request to the edge server, and then the edge server generates the private key of the edge controller after receiving the registration request, and returns the private key to the edge controller, and meanwhile adds the edge controller to the group list of the edge server. In the step, the private key of the edge controller is taken as the second private key. Particularly, the step of generating the second private key of the edge controller by the edge server, and adding the edge controller to the group list of the edge server may be implemented by the following methods:

[0057] extracting a fourth element x.sub.i of the first set Z.sub.p*, wherein x∈Z.sub.p*, and calculating a third exponent A.sub.i of the first generator g.sub.1 with respect to the third element γ and the fourth element x.sub.i, where

[00001] $A_{i} = g_{1} ? \in G_{1};$ $? indicates text missing or illegible when filed$

and then generating the private key gsk[i]=(Ai,xi) of the edge controller as the second private key according to the fourth element x.sub.i and the third exponent A.sub.i, sending the second private key to the edge controller with the ID identifier as ID.sub.i, via the secure channel, and meanwhile adding the edge controller with the ID identifier as ID.sub.i, into the group list of the edge server.

[0058] S13. after determining that the edge controller is added to the group list of the edge server, updating, by the edge server, a certificate of the edge controller, adding the updated certificate to a certificate list of the edge server and sending the certificate to the edge controller; updating, by the edge controller, the second private key according to the updated certificate.

[0059] In the embodiment, the step of updating and adding the certificate of the edge controller to the certificate list may be implemented by the following methods:

[0060] calculating a fourth exponent rcert.sub.j of the second hash function value R.sub.j with respect to the third element γ and the fourth element x.sub.i, where,

[00002] ${rcert}_{j} = R_{j}^{\frac{1}{γ + x_{i}}},$

updating the certificate of the edge controller according to the fourth exponent rcert.sub.j, and adding the updated certificate (A.sub.i′,T.sub.j,rcert.sub.j) to the certificate list of the edge server, where, A.sub.i′=A.sub.i.Math.rcert.sub.j,

[0061] for example, in the time period T.sub.j, the edge controller i obtains the updated private key thereof, and then the edge server calculates the updated certificate

[00003] ${rcert}_{j} = R_{j}^{\frac{1}{γ + x_{i}}},$

and adds (A.sub.i′,T.sub.j,rcert.sub.j) to the certificate list C-list;

[0062] and then the edge server sends the updated certificate rcert.sub.j to the edge controller i, the edge controller i calculates R.sub.j=H.sub.2(T.sub.j), and verifies whether an equation e(rcert.sub.j,w.Math.g.sub.2.sup.x.sup.i)=e(R.sub.j,g.sub.2) is established; if the equation is established, the edge controller i updates the private key thereof as gsk[i]′=(A.sub.i′,x.sub.i), where A.sub.i′=A.sub.i.Math.rcert.sub.i; and if the equation is not established, the edge controller i cannot update the private key thereof.

[0063] S14. after determining that the second private key is updated by the edge controller, generating, by the edge controller, a signature according to the updated second private key, and sending the signature to the edge server; and determining, by the edge server, that the signature meets preset requirements, and authenticating the edge controller.

[0064] In the embodiment, the edge controller determines the first message M∈{0,1}* according to the updated second private key, calculates a first challenge value c=H.sub.1(M,T.sub.1,T.sub.2,T.sub.3,R.sub.1,R.sub.2,R.sub.3) according to the first message M∈{0,1}*, outputs a signature of the first message σ=(T.sub.1,T.sub.2,T.sub.3,c,s.sub.αβ,s.sub.xi,s.sub.β1,s.sub.δ2), and sends the signature σ=(T.sub.1,T.sub.2,T.sub.3,c,s.sub.αβ,s.sub.xi,s.sub.δ1,s.sub.δ2) to the edge server; and then the edge server calculates a second challenge value c′=H.sub.1(M,T.sub.1,T.sub.2,T.sub.3,R.sub.1′,R.sub.2′,R.sub.3′), determines that the first challenge value c=H.sub.1(M,T.sub.1,T.sub.2,T.sub.3,R.sub.1,R.sub.2,R.sub.3) is equal to the second challenge value c′=H.sub.1(M,T.sub.1,T.sub.2,T.sub.3,R.sub.1′R.sub.2′,R.sub.3′), receives the signature, and authenticates the edge controller.

[0065] Particularly, in the time period T.sub.j, for the edge controller with the group member private key as gsk[i]′=(A.sub.i′,x.sub.i), a signature algorithm performs the following steps:

[0066] selecting the message M∈{0,1}*;

[0067] randomly selecting α,β∈Z.sub.p*, and calculating δ.sub.1=x.sub.jα, δ.sub.2=x.sub.jβ, T.sub.1=u.sup.α, T.sub.2=v.sup.β, T.sub.3=A.sub.j′h.sup.α+β;

[0068] randomly selecting a blinding factor r.sub.α,r.sub.β,r.sub.x.sub.i,r.sub.δ.sub.1,r.sub.δ.sub.2∈Z.sub.p*, and calculating R.sub.1=e(T text missing or illegible when filed ,g)*e(h,w)*e(h,g), R.sub.2=T.sub.1*u and R.sub.3=T.sub.2*v;

[0069] and then calculating the challenge value c=H.sub.1(M,T.sub.1,T.sub.2,T.sub.3,R.sub.1,R.sub.2,R.sub.3);

[0070] calculating: s.sub.αβ=r text missing or illegible when filed +r.sub.β+e(αββ), s=r+cs,s=r+cδ.sub.1,s=r+cδ.sub.k; and

[0071] finally outputting the message M as σ=(T.sub.1,T.sub.2,T.sub.3,c,s.sub.αβ,s.sub.x.sub.i,s.sub.δ.sub.1,s.sub.δ.sub.i), and sending the signature σ to the edge server.

[0072] In the time period T.sub.j, the process of verifying, by the edge server, the signature σ=(T.sub.1,T.sub.2,T.sub.3,c,s.sub.αβ,s.sub.x.sub.i,s.sub.δ.sub.1,s.sub.δ.sub.2) of the message M is as follows: calculating R.sub.1′, R.sub.2′ and R.sub.3′, where R text missing or illegible when filed =(T,g.sub.2)*e(h,w)*e(h,g)*[e(T,w)/e(g′,g)], R′=T* and R′=T*v; and

[0073] determining whether c′=H.sub.1(M,T.sub.1,T.sub.2,T.sub.3,R.sub.1′,R.sub.2′,R.sub.3′) is equal to c; if yes, receiving the signature and passing the authentication; and otherwise, rejecting the signature and the access.

[0074] In some embodiments, the edge server may also check and revoke the information about the edge controller after authenticating and accessing the edge controller.

[0075] Particularly, the edge server traces the edge controller by virtue of tracing the signature and checks the real identity of the edge controller when determining that the edge server needs to check the real identity of the edge controller. It will be appreciated that the edge server determines the signature as the valid signature for the first message, calculates the second private key of the signature corresponding to the edge controller; and checks the information about the edge controller in the certificate list and the group list according to the second private key.

[0076] When determining that the edge server needs to revoke the edge controller, the edge server does not send the updated certificate to the edge controller, and meanwhile deletes all information about the edge controller in the certificate list and the group list, thus efficiently revoking the group members.

[0077] For example, when supposing that the message M sent by a certain edge controller gives errors frequently or detecting that a certain edge controller is invaded maliciously, the edge server may trace the edge controller by virtue of opening the signature, thus revoking the edge controller.

[0078] Particularly, the step of opening, by the edge server, the signature σ=(T.sub.1,T.sub.2,T.sub.3,c,s.sub.αβ,s.sub.xi,s.sub.δ1,s.sub.δ2) of the message M by virtue of the private key gmsk=(ξ.sub.1,ξ.sub.2) includes the following processes:

[0079] verifying whether the signature a is the valid signature of the message M; if yes, performing a next step; and otherwise, terminating;

[0080] calculating text missing or illegible when filed , for the valid edge controller i in the time period T.sub.j, checking rcert.sub.j in the certificate list C-list, and then calculating

[00004] $A_{i} = \frac{A_{i}^{'}}{{rcert}_{j}};$

and

[0081] looking for A.sub.i in the member list M-list, and checking the ID identifier ID.sub.i of the edge controller to know the real identity of the edge controller.

[0082] In order to revoke the edge controller i with the ID identifier ID.sub.i, the edge server no longer provides the updated certificate rcert.sub.j, and deletes all information about the edge controller from the certificate list C-list and the member list M-list, thus effectively revoking the group members.

[0083] In conclusion, the embodiment has an efficient authentication efficiency, supports the edge server to trace the real identity of the edge controller, and meanwhile ensures that the identity privacy of the edge controller cannot be known by any third party other than the edge server. Meanwhile, based on an updating mechanism for the private key and the certificate in which the edge controller is revocable efficiently, the revoked edge controller cannot access or upload data to the edge server, thus protecting important data and sensitive information in industrial Internet scenarios.

[0084] An embodiment of the present invention provides a revocable lightweight group authentication system for an edge controller, including:

[0085] at least one memory, configured to store a program; and

[0086] at least one processor, configured to load the program to execute the revocable lightweight group authentication method for the edge controller as shown in FIG. 1.

[0087] The method embodiment according to the present invention is applicable to the system embodiment, the system embodiment particularly implements the same functions as the foregoing method embodiment, and reaches the same beneficial effects as the foregoing method.

[0088] An embodiment of the present invention provides a storage medium having a program executable by a computer stored thereon, wherein when being executed by the processor, the program executable by the computer is configured to implement the revocable lightweight group authentication method for the edge controller as shown in FIG. 1. In addition, an embodiment of the present invention further provides a computer program product or a computer program, wherein the computer program product or the computer programs includes a computer instruction which is stored in a computer readable medium. The processor of computer equipment may read the computer instruction from the computer readable medium, and the processor executes the computer instruction so that the computer equipment executes the revocable lightweight group authentication method for the edge controller as shown in FIG. 1.

[0089] As mentioned above, the embodiments of the present invention are elaborated with reference to the accompanying drawings, but the present invention is not limited to the foregoing embodiments, and may be varied without deviating from the spirit of the present invention within the knowledge of those of ordinary skill in the art. In addition, the embodiments according to the present invention and the features therein can be combined at will so long as there is no conflict.

REVOCABLE LIGHTWEIGHT GROUP AUTHENTICATION METHOD AND SYSTEM FOR EDGE CONTROLLER, AND MEDIUM

Inventors

Cpc classification

Classification Explorer

H04L63/062

ELECTRICITY

Classification Explorer

H04L63/065

ELECTRICITY

Classification Explorer

H04L63/104

ELECTRICITY

Classification Explorer

H04L63/0823

ELECTRICITY

International classification

Classification Explorer

H04L9/40

ELECTRICITY

Abstract

Claims

Description