CN101902463A - Access control method of sensor network applied to mobile user and system thereof - Google Patents
Access control method of sensor network applied to mobile user and system thereof Download PDFInfo
- Publication number
- CN101902463A CN101902463A CN2010101537345A CN201010153734A CN101902463A CN 101902463 A CN101902463 A CN 101902463A CN 2010101537345 A CN2010101537345 A CN 2010101537345A CN 201010153734 A CN201010153734 A CN 201010153734A CN 101902463 A CN101902463 A CN 101902463A
- Authority
- CN
- China
- Prior art keywords
- user
- access
- network
- node
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention relates to an access control method of a sensor network applied to a mobile user and a system thereof thereof. The method mainly comprises the following steps of: 1) an access control server ACS builds an access control list ACL and user identity information and performs protocol initialization before the user accesses the network; 2) when the user accesses the network, all nodes in a single hop communication zone of the user in the network build a temporary access control gateway to authenticate the user, wherein the successful authentication information is spread to a node in the next temporary access control gateway of the user by predicting the position wherein the user reaches after the user is successfully authenticated; and 3) the temporary access control gateway performs the authentication management to the accesses of the user. The control method overcomes the problem that the user needs to be repeatedly authenticated since the movement can not be authenticated or the authentication is successful, and can be used for the sensor net to control the access of various users.
Description
Technical field
The invention belongs to the wireless network secure application in the information security technology, relate in particular to a kind of mobile subscriber's of being applicable to sensor network access control method and system.
Background technology
Wireless sensor network is made of the node that has perception in a large number, from forming net, provides the services such as collection, processing, transmission of data in the ad-hoc mode for the user.Access control mechanisms is used to protect sensor network data, forbids disabled user's visit, and the access rights of control validated user are one of basic security services of sensor network.
The existing sensors method for network access control all only is applicable to user static in the sensor network, can't be applicable to mobile user, and the sensor network user normally moves in network, as the soldier in the battlefield, tank etc.
In addition, for the mobile subscriber in the sensor network, because authentication postpones, and realizes that distributed access control also will face two problems, suppose to constitute the access control of temporary visit control gateway enforcement to the user by the single-hop communication node of user in the sensor network herein.Possibly can't access authentication when mobile for problem one, validated user.User's node in the temporary visit control gateway when initiating authentication request is held its authentication information, but when authentication finishes, owing to move, to there be the part local node not have its authentication information in its current temporary visit control gateway, if the quantity of this part node surpasses the default upper limit, even validated user also can't access authentication.Problem two, moving of user will cause repeating authentication.The user is at certain position access authentication, in its term of validity, when the user moves to another one position and accesses network, because of having part of nodes may not have its authentication information in the current temporary visit control gateway, if the quantity of this part node surpasses the default upper limit, will cause this user's legal identity to continue, want accesses network, the user must regain authentication, will waste a large amount of Internet resources.
Summary of the invention
In order to solve the above-mentioned technical problem that exists in the background technology, the invention provides a kind of sensor network that both had been applicable to mobile subscriber's access control also is applicable to sensor network access control method and system to the access control of stationary user.
Technical solution of the present invention is: the invention provides a kind of mobile subscriber's of being applicable to sensor network access control method, its special character is: the described mobile subscriber's of being applicable to sensor network access control method may further comprise the steps:
1) access control server ACS structure access control list ACL and subscriber identity information, and before customer access network, carry out protocol initializing;
2) during customer access network, constituting the temporary visit control gateway by all nodes in the single-hop communication zone of user in the network authenticates the user, after the authentification of user success, the position that will arrive by predictive user is diffused into the message of authentication success the node in user's the next temporary visit control gateway;
3) temporary visit control gateway is carried out empowerment management to user's visit.
Above-mentioned steps 1) specific implementation is:
1.1) access control server ACS constructs access control list ACL, described access control list ACL comprises U_ID field, ADT field, VP field, AI field, wherein:
U_ID field: user's identify label;
ADT field: the data type that the user is authorized to visit;
The VP field: the user is authorized to the time limit of accesses network;
AI field: the authentication foundation that is used for the authenticated user identity;
After the structure access control list ACL, access control server ACS registers the user, registration process is as follows: ACS determines network data type ADT and the visit time limit VP that this user can visit according to the network user's identify label U_ID, construct this user's proof of identification and be used to authenticate the authentication of this proof of identification according to AI, and U_ID, ADT, VP, AI inserted in the acl list as new entry field, note is ACL
U_ID
1.2) before the user capture sensor network, send the proof of identification solicited message to access control server ACS earlier; After receiving the proof of identification solicited message, if this user is registered, the proof of identification that access control server ACS will construct for this user in advance sends to this user, and with ACL corresponding with this user U_ID, that comprise ADT, VP, AI user capture control information in the access control list ACL tabulation
U_IDMode with authentication sends to the all-network node, and node was preserved these information before user's term of validity VP; If the user is unregistered, access control server ACS directly abandons user's proof of identification solicited message.
Above-mentioned steps 2) specific implementation is:
2.1) during customer access network, constitute the temporary visit control gateway by all nodes in the single-hop communication zone of user in the sensor network user access is controlled, the temporary visit control gateway changes according to moving constantly of user; The user sends oneself proof of identification to the temporary visit control gateway, receive user's proof of identification after, all nodes in the temporary visit control gateway judge whether to preserve the ACL corresponding with this user earlier
U_IDInformation if there is this information, shows that this user is in the term of validity, according to ACL
U_IDIn user AI information user's proof of identification is authenticated, if authentication success, then throw the PASS ticket, and broadcast between all nodes in the temporary visit control gateway, if the PASS poll that the node in the gateway is received equals or exceeds a threshold values P, then represent the authentification of user success, wherein this threshold values P is self-defined by the network ownership; If the user not before the deadline or the user before the deadline but authentication failure or user before the deadline and authentication success but the PASS poll is lower than threshold values P, represent that all authentification failure, network stop this user's visit;
2.2) behind the authentication success, node in the temporary visit control gateway according to user's the direction of motion, movement velocity etc. to carrying out budget in the t position that the user will arrive after the time, and behind time t, the message of authentification of user success is sent to next temporary visit control gateway, the node in the promptly current temporary visit control gateway according to the position budget result; If the user still is in the term of validity VP, then current temporary visit control gateway is still admitted user's legitimacy, and behind elapsed time t, authentication success message is sent to next target area, i.e. in the temporary visit control gateway; In the whole process of customer access network, node in the temporary visit control gateway constantly carries out budget according to user's the direction of motion, movement velocity etc. to the position that the user will arrive, and the message of authentification of user success is diffused into the position that the user will arrive; Authentication success message utilizes escape way default between node to transmit in network.
Above-mentioned steps 3) specific implementation is:
3.1) behind user's access authentication, the user sends to node in temporary visit control gateway together with user's U_ID in the mode of safety with access request Q;
3.2) after node in the temporary visit control gateway receives user's access request Q, at first judge whether access authentication of this user, if access authentication, judge again whether the user is in the term of validity, if be in the term of validity, judge the legitimacy of user access request Q according to ADT information, if it is legal, then access request Q is sent to user's purpose access node in the mode of safety together with user's U_ID, the purpose access node is the arbitrary node in the sensor network, this node will think all the time that the access request Q that is transmitted by the temporary visit control gateway is legal, and will make response according to access request Q, and licensing process finishes; If the user not access authentication, not before the deadline or access request Q illegal, node all will directly abandon user's access request Q, stop this user's visit.
A kind of sensor network access control system that is applicable to the mobile subscriber, its special character is: the described mobile subscriber's of being applicable to sensor network access control system comprises access controller AC S and node; Described access control server ACS structure access control list ACL and subscriber identity information, and before customer access network, carry out protocol initializing; When customer access network, constituting the temporary visit control gateway by all nodes in the single-hop communication zone of user in the network authenticates the user, after the authentification of user success, the position that will reach by predictive user is diffused into the message of authentication success the node in user's the next temporary visit control gateway; The temporary visit control gateway is carried out empowerment management to user's visit.
Advantage of the present invention is: the present invention proposes a kind of sensor network access control method, all can carry out the authentication and authorization management to static and mobile subscriber.After the authentification of user success, target location in the periodic predictive user moving process, and the message of authentication success is diffused into this zone, target location simultaneously, avoid the user because move can't access authentication, or behind authentication success, need the problem that authenticates again, can be used in the access control of sensor network to all types of user.
Embodiment
The invention provides a kind of mobile subscriber's of being applicable to sensor network access control method, according to a preferred embodiment of the invention, its concrete grammar is as follows:
1) access control server structure Access Control List (ACL) and subscriber identity information, and before customer access network, carry out protocol initializing;
2) during customer access network, constitute the temporary visit control gateway by all nodes in the single-hop communication zone of user in the network user is authenticated.After authentification of user success, the position that will arrive by predictive user is diffused into the message of authentication success the node in user's the next temporary visit control gateway;
3) temporary visit control gateway is carried out empowerment management to user's visit.
Above-mentioned steps 1) embodiment is:
1.1) access control server ACS (Access Control Server) constructs access control list ACL (Access Control List), comprising U_ID field, ADT field, VP field, AI field.
| U_ID | ADT | VP | AI |
U_ID field: user's identify label;
ADT field: the data type that the user is authorized to visit;
The VP field: the user is authorized to the time limit of accesses network;
AI field: the authentication foundation that is used for the authenticated user identity.
After the structure access control list ACL, access control server ACS registers the user, registration process is as follows: ACS determines network data type ADT and the visit time limit VP that this user can visit according to the network user's identify label U_ID, construct this user's proof of identification and be used to authenticate the authentication of this proof of identification according to AI, and U_ID, ADT, VP, AI inserted in the acl list as new entry field, note is ACL
U_ID
1.2) before the user capture sensor network, send the proof of identification solicited message to ACS earlier.After receiving the proof of identification solicited message, if this user is registered, the proof of identification that ACS will construct for this user in advance sends to this user, and with ACL corresponding with this user U_ID, that comprise user capture control informations such as ADT, VP, AI in the acl list
U_IDMode with authentication sends to the all-network node, and node was preserved these information before user's term of validity VP.If the user is unregistered, ACS directly abandons user's proof of identification solicited message.
Above-mentioned steps 2) embodiment is:
2.1) during customer access network, constitute the temporary visit control gateway by all nodes in the single-hop communication zone of user in the sensor network user access is controlled, the temporary visit control gateway changes according to moving constantly of user.At first, the user sends the proof of identification of oneself to the temporary visit control gateway.After receiving user's proof of identification, all nodes in the temporary visit control gateway judge whether to preserve the ACL corresponding with this user earlier
U_IDInformation if there is this information, shows that this user is in the term of validity, again according to ACL
U_IDIn user AI information user's proof of identification is authenticated, if authentication success, then throw the PASS ticket, and broadcast between all nodes in the temporary visit control gateway, if the PASS poll that the node in the gateway is received equals or exceeds a threshold values P (this threshold values can be self-defined by the network ownership), then represent the authentification of user success.If above-mentioned user not before the deadline or the user before the deadline but authentication failure or user before the deadline and authentication success but the PASS poll is lower than threshold values P, represent that all authentification failure, network stop this user's visit.
2.2) behind the authentication success, node in the temporary visit control gateway according to user's the direction of motion, movement velocity etc. to carrying out budget in the t position that the user will arrive after the time, and behind time t, the message of authentification of user success is sent to next temporary visit control gateway, the node in the promptly current temporary visit control gateway according to the position budget result.At this moment, if the user still is in the term of validity VP, then current temporary visit control gateway is still admitted user's legitimacy, and behind elapsed time t, with same method authentication success message is sent to next target area, i.e. in the temporary visit control gateway.In the whole process of customer access network, node in the temporary visit control gateway constantly carries out budget according to user's the direction of motion, movement velocity etc. to the position that the user will arrive, and the message of authentification of user success is diffused into the position that the user will arrive.Authentication success message utilizes escape way default between node to transmit in network.
Above-mentioned steps 3) embodiment is:
3.1) behind user's access authentication, the user sends to node in temporary visit control gateway together with oneself U_ID in the mode of safety with access request Q.At this moment, the temporary visit control gateway only need be examined subscriber identity information, does not need it is authenticated again.
3.2) after node in the temporary visit control gateway at first receives user's access request Q, at first judge whether access authentication of this user, if access authentication, judge again whether the user is in the term of validity, if be in the term of validity, judge the legitimacy of user access request Q again according to ADT information, if it is legal, then access request Q is sent to user's purpose access node in the mode of safety together with user's U_ID, the purpose access node can be the arbitrary node in the sensor network, this node will think all the time that the access request Q that is transmitted by the temporary visit control gateway is legal, and will make response according to access request Q.So far, licensing process finishes.If above-mentioned user not access authentication, not before the deadline or access request Q illegal, node all will directly abandon user's access request Q, stop this user's visit.
The present invention also provides a kind of mobile subscriber's of being applicable to sensor network access control system when a kind of mobile subscriber's of being applicable to sensor network access control method is provided, this system comprises access controller AC S and node; Access control server ACS structure access control list ACL and subscriber identity information, and before customer access network, carry out protocol initializing; When customer access network, constituting the temporary visit control gateway by all nodes in the single-hop communication zone of user in the network authenticates the user, after the authentification of user success, the position that will reach by predictive user is diffused into the message of authentication success the node in user's the next temporary visit control gateway; The temporary visit control gateway is carried out empowerment management to user's visit.
Claims (5)
1. sensor network access control method that is applicable to the mobile subscriber, it is characterized in that: the described mobile subscriber's of being applicable to sensor network access control method may further comprise the steps:
1) access control server ACS structure access control list ACL and subscriber identity information, and before customer access network, carry out protocol initializing;
2) during customer access network, constituting the temporary visit control gateway by all nodes in the single-hop communication zone of user in the network authenticates the user, after the authentification of user success, the position that will reach by predictive user is diffused into the message of authentication success the node in user's the next temporary visit control gateway;
3) temporary visit control gateway is carried out empowerment management to user's visit.
2. the sensor network access control method that is applicable to the mobile subscriber according to claim 1 is characterized in that: the specific implementation of described step 1) is:
1.1) access control server ACS constructs access control list ACL, described access control list ACL comprises U_ID field, ADT field, VP field, AI field, wherein:
U_ID field: user's identify label;
ADT field: the data type that the user is authorized to visit;
The VP field: the user is authorized to the time limit of accesses network;
AI field: the authentication foundation that is used for the authenticated user identity;
After the structure access control list ACL, access control server ACS registers the user, registration process is as follows: ACS determines network data type ADT and the visit time limit VP that this user can visit according to the network user's identify label U_ID, construct this user's proof of identification and be used to authenticate the authentication of this proof of identification according to AI, and U_ID, ADT, VP, AI inserted in the acl list as new entry field, note is ACL
U_ID
1.2) before the user capture sensor network, send the proof of identification solicited message to access control server ACS earlier; After receiving the proof of identification solicited message, if this user is registered, the proof of identification that access control server ACS will construct for this user in advance sends to this user, and with ACL corresponding with this user U_ID, that comprise ADT, VP, AI user capture control information in the access control list ACL tabulation
U_IDMode with authentication sends to the all-network node, and node was preserved these information before user's term of validity VP; If the user is unregistered, access control server ACS directly abandons user's proof of identification solicited message.
3. the sensor network access control method that is applicable to the mobile subscriber according to claim 2 is characterized in that: specific implementation described step 2) is:
2.1) during customer access network, constitute the temporary visit control gateway by all nodes in the single-hop communication zone of user in the sensor network user access is controlled, the temporary visit control gateway changes according to moving constantly of user; The user sends oneself proof of identification to the temporary visit control gateway, receive user's proof of identification after, all nodes in the temporary visit control gateway judge whether to preserve the ACL corresponding with this user earlier
U_IDInformation if there is this information, shows that this user is in the term of validity, according to ACL
U_IDIn user AI information user's proof of identification is authenticated, if authentication success, then throw the PASS ticket, and broadcast between all nodes in the temporary visit control gateway, if the PASS poll that the node in the gateway is received equals or exceeds a threshold values P, then represent the authentification of user success, wherein threshold values P is self-defined by the network ownership; If the user not before the deadline or the user before the deadline but authentication failure or user before the deadline and authentication success but the PASS poll is lower than threshold values P, represent that all authentification failure, network stop this user's visit;
2.2) behind the authentication success, node in the temporary visit control gateway carries out budget according to user's the direction of motion, movement velocity etc. to the position that user behind the time t will arrive, and behind time t, the message of authentification of user success is sent to next temporary visit control gateway, the node in the promptly current temporary visit control gateway according to the position budget result; If the user still is in the term of validity VP, then current temporary visit control gateway is still admitted user's legitimacy, and behind elapsed time t, authentication success message is sent to next target area, i.e. in the temporary visit control gateway; In the whole process of customer access network, node in the temporary visit control gateway constantly carries out budget according to user's the direction of motion, movement velocity etc. to the position that the user will arrive, and the message of authentification of user success is diffused into the position that the user will arrive; Authentication success message utilizes escape way default between node to transmit in network.
4. the sensor network access control method that is applicable to the mobile subscriber according to claim 3 is characterized in that: the specific implementation of described step 3) is:
3.1) behind user's access authentication, the user sends to node in temporary visit control gateway together with user's U_ID in the mode of safety with access request Q;
3.2) after node in the temporary visit control gateway receives user's access request Q, at first judge whether access authentication of this user, if access authentication, judge again whether the user is in the term of validity, if be in the term of validity, judge the legitimacy of user access request Q according to ADT information, if it is legal, then access request Q is sent to user's purpose access node in the mode of safety together with user's U_ID, the purpose access node is the arbitrary node in the sensor network, this node will think all the time that the access request Q that is transmitted by the temporary visit control gateway is legal, and will make response according to access request Q, and licensing process finishes; If the user not access authentication, not before the deadline or access request Q illegal, node all will directly abandon user's access request Q, stop this user's visit.
5. sensor network access control system that is applicable to the mobile subscriber, it is characterized in that: the described mobile subscriber's of being applicable to sensor network access control system comprises access controller AC S and node; Described access control server ACS structure access control list ACL and subscriber identity information, and before customer access network, carry out protocol initializing; When customer access network, constituting the temporary visit control gateway by all nodes in the single-hop communication zone of user in the network authenticates the user, after the authentification of user success, the position that will reach by predictive user is diffused into the message of authentication success the node in user's the next temporary visit control gateway; The temporary visit control gateway is carried out empowerment management to user's visit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010153734 CN101902463B (en) | 2010-04-22 | 2010-04-22 | Access control method of sensor network applied to mobile user and system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010153734 CN101902463B (en) | 2010-04-22 | 2010-04-22 | Access control method of sensor network applied to mobile user and system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101902463A true CN101902463A (en) | 2010-12-01 |
| CN101902463B CN101902463B (en) | 2013-01-16 |
Family
ID=43227665
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010153734 Active CN101902463B (en) | 2010-04-22 | 2010-04-22 | Access control method of sensor network applied to mobile user and system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101902463B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013067724A1 (en) * | 2011-11-08 | 2013-05-16 | 北京捷通华声语音技术有限公司 | Cloud end user mapping system and method |
| CN111654485A (en) * | 2020-05-26 | 2020-09-11 | 新华三信息安全技术有限公司 | Client authentication method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050122231A1 (en) * | 2003-12-08 | 2005-06-09 | The Regents Of The University Of California | Power efficient wireless system for sensor network |
| CN1741527A (en) * | 2005-09-23 | 2006-03-01 | 北京交通大学 | Method for applying cooperative enhancement mechanism to adhoc network |
| CN101159748A (en) * | 2007-11-14 | 2008-04-09 | 北京科技大学 | Entity authentication method in wireless sensor network |
-
2010
- 2010-04-22 CN CN 201010153734 patent/CN101902463B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050122231A1 (en) * | 2003-12-08 | 2005-06-09 | The Regents Of The University Of California | Power efficient wireless system for sensor network |
| CN1741527A (en) * | 2005-09-23 | 2006-03-01 | 北京交通大学 | Method for applying cooperative enhancement mechanism to adhoc network |
| CN101159748A (en) * | 2007-11-14 | 2008-04-09 | 北京科技大学 | Entity authentication method in wireless sensor network |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013067724A1 (en) * | 2011-11-08 | 2013-05-16 | 北京捷通华声语音技术有限公司 | Cloud end user mapping system and method |
| CN111654485A (en) * | 2020-05-26 | 2020-09-11 | 新华三信息安全技术有限公司 | Client authentication method and device |
| CN111654485B (en) * | 2020-05-26 | 2023-04-07 | 新华三信息安全技术有限公司 | Client authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101902463B (en) | 2013-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10089810B1 (en) | Rolling code based proximity verification for entry access | |
| Memon et al. | Pseudonym changing strategy with multiple mix zones for trajectory privacy protection in road networks | |
| CN100539501C (en) | Unified Identity sign and authentication method based on domain name | |
| CN100477578C (en) | Combined common safety mechanism using network and physical interface | |
| Li et al. | Swing & swap: user-centric approaches towards maximizing location privacy | |
| KR101314445B1 (en) | Unified network and physical premises access control server | |
| Wu et al. | Security and trust management in opportunistic networks: a survey | |
| US8112065B2 (en) | Mobile authentication through strengthened mutual authentication and handover security | |
| CN100591013C (en) | Implementing authentication method and system | |
| Sharma et al. | Security challenges in Internet of Vehicles (IoV) environment | |
| CN104539598B (en) | A kind of improvement Tor secure anonymous network communicating system and method | |
| US20120038454A1 (en) | Gate Control System and Method of Remote Unlocking by Validated Users | |
| CN101277308A (en) | Method for insulating inside and outside networks, authentication server and access switch | |
| JP2008053808A (en) | Authentication system and authenticating method of authenticating wireless terminal | |
| CN103329091A (en) | Cross access login controller | |
| US9161217B2 (en) | Method and system for authenticating in a communication system | |
| CN105792206A (en) | Portal authentication method, Portal authentication device and Portal authentication system based on signal strength | |
| JP2012144899A (en) | Electronic key management device, locking/unlocking system, electronic key management method and program | |
| Huang et al. | Key-free authentication protocol against subverted indoor smart devices for smart home | |
| CN101697550A (en) | Method and system for controlling access authority of double-protocol-stack network | |
| CN101902463B (en) | Access control method of sensor network applied to mobile user and system thereof | |
| CN101902462B (en) | Sensor network access control method and system with low expenditure | |
| CN202940842U (en) | Access control system | |
| CN103873427A (en) | Authority management method and authority management system | |
| Liu et al. | A robust authentication scheme with continuously updated information for vehicular sensor networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |