摘要
提出了一种基于零信任安全架构实现的物联网终端认证平台,可提供设备授权、身份鉴权、密钥管理、加密传输、会话管理、数据签名等多种功能,保护物联网设备及数据免受重放攻击、伪造攻击、数据篡改、会话劫持等网络攻击,满足碎片化不同的物联网终端类型的接入安全需求,实现了基于无证书标识密码强安全的快速认证接入能力,并通过国密无证书TLS[1]安全通道实现了与企业后端业务平台无缝集成,保障整个通信链路的安全和数据完整性。
It proposes a trusted IoT terminal authentication platform based on zero trust security architecture,which can provide device authorization,identity authentication,key management,encrypted transmission,session management,data signature and oth-er functions,and protect IoT devices and data from replay attack,forgery attack,data tampering,session hijacking and other network attacks.It meets the access security requirements of different types of fragmented IoT,realizes fast authentication access capability based on strong security of certificateless identification password,and realizes seamless integration with en-terprise back-end business platform through nation secret certificateless TLS security channel,so as to ensure the security and data integrity of the whole communication link.
作者
王首媛
孙宁宁
曹盛
Wang Shouyuan;Sun Ningning;Cao Sheng(China Information Technology Designing&Consulting Institute Co.,Ltd.,Beijing 100048,China;Chengdu Shucheng Communication Technology Co.,Ltd.,Chengdu 646000,China)
出处
《邮电设计技术》
2021年第7期13-18,共6页
Designing Techniques of Posts and Telecommunications
关键词
零信任
无证书标识密码
物联网
密码算法
PKI/CLA
身份认证
Zero trust
Certificateless identity password
IoT
Cryptographic algorithm
PKI/CLA
Identity authentication
