中文摘要：

针对物联网（IoT）中终端设备接入网络服务器的安全性问题,提出了一种基于椭圆曲线加密（ECC）和cookie信息的物联网终端安全认证协议。协议首先将用户身份信息、服务器私钥、随机数和cookie有效期信息组成一个cookie文件,然后利用椭圆曲线加密体制对其进行加密,并将之存储在智能终端。在认证阶段,通过比对由cookie信息计算的安全参数来实现相互身份认证。性能分析表明,该协议在具有较低计算和通信成本的同时,能够有效抵抗多种攻击,提供了较高的安全性,非常适合应用于物联网中资源有限的终端设备。

英文摘要：

For the security problem of terminal devices accessing to the network server in internet of things （IoT）, anidentity authentication protocol was presented based on elliptic curve cryptography （ECC） and cookie information forinternet of things terminal. Firstly, the protocol used user identity information, server private key, random numberand expiration time of cookie to form a cookie file. Then, it was encrypted with ECC and stored in the smartterminal. In authentication phase, the mutual authentication was achieved by comparing the security parameterscalculated by cookie information. Performance analysis shows that it can resist many kinds of attacks and providehigh security, low computation and low communication cost, which was suitable for the terminal devices of limitedresources in internet of things.