CN107302538A - Internet of Things AP receives the subset encryption method and device of data - Google Patents
Internet of Things AP receives the subset encryption method and device of data Download PDFInfo
- Publication number
- CN107302538A CN107302538A CN201710573347.9A CN201710573347A CN107302538A CN 107302538 A CN107302538 A CN 107302538A CN 201710573347 A CN201710573347 A CN 201710573347A CN 107302538 A CN107302538 A CN 107302538A
- Authority
- CN
- China
- Prior art keywords
- repeater
- packet
- internet
- mac address
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This application discloses the subset encryption method and device that a kind of Internet of Things AP receives data, methods described comprises the following steps:The Internet of Things access point receives the packet that repeater is sent;The Internet of Things access point extracts the MAC Address of the repeater of the packet, the sequence number of repeater is obtained to repeater identification according to the MAC Address, the sequence number according to the repeater is in the repeater being pre-configured with the first ciphering unit corresponding with inquiring the repeater in ciphering unit mapping table;The Internet of Things access point calls first ciphering unit that the packet is encrypted;The Internet of Things access point sends the packet after encryption to gateway.The technical scheme that the present invention is provided has safe, the high advantage of user experience.
Description
Technical field
The application is related to the communications field, more particularly to a kind of Internet of Things AP receives the subset encryption method and dress of data
Put.
Background technology
Internet of Things is the important component of generation information technology, is also the important development stage in " informationization " epoch.
Its English name is:“Internet of things(IoT)”.As its name suggests, Internet of Things is exactly the connected internet of thing thing.This
There is two layers of meaning:First, the core of Internet of Things and basis are still internet, it is extension and extension on Internet basic
Network;Second, its user terminal extends and extend between any article and article, enter row information and exchange and communicate, that is,
Thing thing mutually ceases.Internet of Things is widely used in network by the cognition technology that communicates such as Intellisense, identification technology and general fit calculation
In fusion, also therefore it is referred to as the third wave that world information industry develops after computer, internet.Internet of Things is mutual
The application extension of networking, rather than Internet of Things is network, Internet of Things is business and application.Therefore, application innovation is thing
The core of networking development, the innovation 2.0 by core of Consumer's Experience is the soul of Internet of Things development.
What Internet of Things was solved is the data exchange between interconnection and thing thing between thing thing, and existing Internet of Things is in networking
When be based on Internet of Things access point (English:Access point, AP) access internet, during existing Internet of Things AP is received
After the data of device, it is impossible to which the data to repeater carry out separating encryption, so existing security is not high.
The content of the invention
The application provides the subset encryption method that a kind of Internet of Things AP receives data.The peace of Internet of Things data can be improved
Quan Xing, improves Consumer's Experience.
First aspect is there is provided the subset encryption method that a kind of Internet of Things AP receives data, and methods described includes following step
Suddenly:
The Internet of Things access point receives the packet that repeater is sent;
The Internet of Things access point extracts the MAC Address of the repeater of the packet, according to the MAC Address to relaying
Device recognizes the sequence number for obtaining repeater, and the sequence number according to the repeater is in the repeater being pre-configured with and ciphering unit mapping table
In inquire corresponding first ciphering unit of the repeater;
The Internet of Things access point calls first ciphering unit that the packet is encrypted;
The Internet of Things access point sends the packet after encryption to gateway.
Optionally, methods described sends the packet after encryption to before gateway also in the Internet of Things access point
It can include:
Such as the first ciphering unit fails to the packet encryption, then calls the spare cryptographic list of the first ciphering unit
Member is to the packet encryption.
Optionally, the sequence number that repeater is obtained to repeater identification according to the MAC Address is specifically included:
The MAC Address of the repeater in the packet is extracted, by the MAC Address and the MAC Address and repeater of storage
The sequence number for obtaining the corresponding repeater of the MAC Address is compared in mapping table.
Optionally, the Internet of Things access point calls first ciphering unit that tool is encrypted to the packet
Body, including:
The Internet of Things access point extracts setting digit digital as key from the MAC Address of repeater, and described first
Using the secret key pair, the packet is encrypted ciphering unit.
Optionally, the digit that sets is 4,6 or 8.
Second aspect includes there is provided the subset encryption device that a kind of Internet of Things AP receives data, described device:
Receiving unit, the packet for receiving repeater transmission;
Processing unit, the MAC Address of the repeater for extracting the packet, according to the MAC Address to repeater
Identification obtains the sequence number of repeater, and the sequence number according to the repeater is in the repeater and ciphering unit mapping table being pre-configured with
Inquire corresponding first ciphering unit of the repeater;Call first ciphering unit that place is encrypted to the packet
Reason;
Transmitting element, for the packet after encryption to be sent to gateway.
Optionally, the processing unit, is additionally operable to the first ciphering unit such as and the packet encryption is failed, then adjust
With the spare cryptographic unit of the first ciphering unit to the packet encryption.
Optionally, the processing unit, is additionally operable to extract the MAC Address of the repeater in the packet, by the MAC
Location obtains the sequence number of the corresponding repeater of the MAC Address with the MAC Address stored with being compared in repeater mapping table.
Optionally, the processing unit, is additionally operable to extract setting digit digital from the MAC Address of repeater as secret
Key, using the secret key pair, the packet is encrypted first ciphering unit.
Optionally, the digit that sets is 4,6 or 8.
There is provided a kind of computer-readable recording medium for the third aspect, it is characterised in that it is stored for electronic data interchange
Computer program, wherein, the computer program cause computer perform first aspect provide method.
The internet-of-things terminal for the technical scheme that the present invention is provided is sent data packets to after AP, sequences of the AP according to repeater
Data are encrypted by number corresponding with the repeater ciphering unit of selection by the ciphering unit, for Internet of Things, in
After device without being configured to encryption, all encryptions are set in AP, and this mode can effectively reduce the cost of repeater,
And for whole Internet of Things, due to numerous repeaters can be connected below one AP, only AP configurations also may be used
To reduce the cost that Internet of Things is overall, in addition, its ability calculated is typically better than repeater for AP, then operation is added
The delay of data transmission can be reduced during close unit, the time delay of network is reduced, the experience of user is improved.
Brief description of the drawings
In order to illustrate more clearly of the technical scheme of the embodiment of the present application, used required in being described below to embodiment
Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are some embodiments of the present application, for this area
For those of ordinary skill, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of schematic flow sheet of the data routing method based on AP;
Fig. 2 is the transfer process figure that a kind of internet-of-things terminal sends packet to AP;
Fig. 3 is the flow chart for the subset encryption method that Internet of Things AP receives data
Fig. 4 is the technology schematic diagram of a scenario that the embodiment of the application one is provided;
Fig. 5 is the mapping relations schematic diagram of the offer of the embodiment of the application one;
Fig. 6 is the flow signal for the subset encryption method that the Internet of Things AP that another embodiment of the application is provided receives data
Figure;
Fig. 7 is the structural representation for the subset encryption device that a kind of Internet of Things AP that the application is provided receives data;
A kind of hardware architecture diagram for gateway that Fig. 8 provides for the application.
Embodiment
It should be mentioned that some exemplary embodiments are described as before exemplary embodiment is discussed in greater detail
The processing described as flow chart or method.Although operations are described as the processing of order by flow chart, therein to be permitted
Multioperation can be implemented concurrently, concomitantly or simultaneously.In addition, the order of operations can be rearranged.When it
The processing can be terminated when operation is completed, it is also possible to the additional step being not included in accompanying drawing.The processing
It can correspond to method, function, code, subroutine, subprogram etc..
Alleged within a context " computer equipment ", also referred to as " computer ", referring to can be by running preset program or referring to
Make performing the intelligent electronic device of the predetermined process process such as numerical computations and/or logical calculated, its can include processor with
Memory, the survival that is prestored in memory by computing device instructs to perform predetermined process process, or by ASIC,
The hardware such as FPGA, DSP perform predetermined process process, or are realized by said two devices combination.Computer equipment includes but not limited
In server, PC, notebook computer, tablet personal computer, smart mobile phone etc..
Method (some of them are illustrated by flow) discussed hereafter can be by hardware, software, firmware, centre
Part, microcode, hardware description language or its any combination are implemented.Implement when with software, firmware, middleware or microcode
When, to implement, the program code or code segment of necessary task can be stored in machine or computer-readable medium (is such as deposited
Storage media) in.(one or more) processor can implement necessary task.
Concrete structure and function detail disclosed herein are only representational, and are for describing showing for the present invention
The purpose of example property embodiment.But the present invention can be implemented by many alternative forms, and it is not interpreted as
It is limited only by the embodiments set forth herein.
Although it should be appreciated that may have been used term " first ", " second " etc. herein to describe unit,
But these units should not be limited by these terms.It is used for the purpose of using these terms by a unit and another unit
Make a distinction.For example, in the case of the scope without departing substantially from exemplary embodiment, it is single that first module can be referred to as second
Member, and similarly second unit can be referred to as first module.Term "and/or" used herein above include one of them or
Any and all combination of more listed associated items.
Term used herein above is not intended to limit exemplary embodiment just for the sake of description specific embodiment.Unless
Context clearly refers else, and otherwise singulative " one " used herein above, " one " also attempt to include plural number.Should also
When understanding, term " comprising " and/or "comprising" used herein above provide stated feature, integer, step, operation,
The presence of unit and/or component, and do not preclude the presence or addition of other one or more features, integer, step, operation, unit,
Component and/or its combination.
It should further be mentioned that in some replaces realization modes, the function/action being previously mentioned can be according to different from attached
The order indicated in figure occurs.For example, depending on involved function/action, the two width figures shown in succession actually may be used
Substantially simultaneously to perform or can perform in a reverse order sometimes.
The present invention is described in further detail below in conjunction with the accompanying drawings.
According to an aspect of the invention, there is provided a kind of Internet of Things AP method for transmitting uplink data.Wherein, this method
Apply in internet of things as shown in Figure 1, as shown in figure 1, the internet of things includes:Internet-of-things terminal 10, Internet of Things access
Point AP20, gateway 30 and repeater 40, above-mentioned internet-of-things terminal can have the different forms of expression according to different situations,
For example the internet-of-things terminal is specifically as follows:The equipment such as mobile phone, tablet personal computer, computer, it can also be comprising with connection certainly
The other equipment of net function, such as intelligent television, intelligent air condition, the terminal device of intelligent kettle or some Internet of Things, above-mentioned thing
Networked terminals 10 are wirelessly connected with repeater 40, and repeater 40 is connected with AP20, AP20 by another way (i.e.
The connected mode different from wireless mode) internet is accessed with gateway 30, above-mentioned wireless mode includes but is not limited to:Bluetooth,
The modes such as WIFI, above-mentioned another way can be that LTE or wired mode, above-mentioned gateway are specifically as follows, mobile base station, shifting
The equipment such as dynamic relay station, interchanger.It is in a wired fashion example in Fig. 1, represents for convenience, here only with a solid line table
Show.
Above-mentioned gateway 30 can be a PC (English according to the size of Internet of Things:Personal computer,
PC), certainly in actual applications or multiple pc, server or server farm, the specific embodiment of the invention is not
Limit to the specific manifestation form of above-mentioned gateway 30.
Refering to Fig. 2, Fig. 2 is the transfer process figure of Internet of Things AP data receiver, as shown in Fig. 2 the flow includes:
Step S201, internet-of-things terminal 10 wirelessly send the packet for needing to send to repeater 40;
Step S202, repeater send data packets to AP20;
The packet is transmitted to gateway 30 by step S203, AP20;
Step S204, gateway 30 transmit packet to internet.
By above-mentioned Fig. 1 and Fig. 2 expression, in the actual transmissions of packet, if occurred between AP20 and gateway 30
Divulge a secret, then due to no pass through corresponding encryption for the packet of transmission, so easily lead to the leakage of data,
Easily there is safety issue.
Refering to Fig. 3, Fig. 3 receives the subset encryption method of data, this method for a kind of Internet of Things AP that the present invention is provided
Realized under network architecture as shown in Figure 4, can under multiple repeaters, repeater as shown in figure 4, can be connected under an AP20
To connect multiple Internet of Things access terminals, the AP is specifically as follows the mobile phone for opening focus, the PC for providing wireless connection
Or the equipment, this method such as router are as shown in figure 3, comprise the following steps:
Step S301, internet-of-things terminal send packet to repeater, and repeater delivers a packet to AP;
Internet-of-things terminal in above-mentioned steps S301 is specifically as follows:The equipment such as mobile phone, tablet personal computer, computer, certainly
It can also include the other equipment with network savvy, such as intelligent television, intelligent air condition, intelligent kettle, intelligent lamp, intelligence
The smart machine of switch or some Internet of Things.
The mode that internet-of-things terminal sends packet to repeater in above-mentioned steps S301 can be to pass through wireless connection
Mode sends packet, and the wireless mode includes but is not limited to:Bluetooth, Wireless Fidelity (English:Wireless Fidelity,
WIFI) or the wireless mode such as Zigbee, wherein, above-mentioned WIFI needs the standard in accordance with IEEE802.11b.
It should be noted that Internet of Things and repeater here is only just for wireless repeater, because for thing
For networking, the number of devices that it is accessed is numerous, for repeater, if passing through the access of wired connection, first terminal
Quantity can have been limited, and be to imagine for the wiring of domestic consumer with wired connection for family
, this wired cost is also very high in addition, so between the middle internet-of-things terminal and repeater in technical scheme
Connection only limit wireless connection.
Step S302, AP20 receives the packet that repeater is sent, and AP20 is with extracting the MAC of the repeater of the packet
Location, the sequence number of repeater is obtained according to the MAC Address to repeater identification, and the sequence number according to the repeater is being pre-configured with
Repeater the first ciphering unit corresponding with inquiring the repeater in ciphering unit mapping table.
Each producer of the type of internet-of-things terminal in above-mentioned steps S302 can be configured according to situation voluntarily, example
Such as, the internet-of-things terminal can specifically include:Intelligent electric lamp, intelligent television, intelligent cleaning equipment, intelligent sleep equipment, intelligence
Monitoring device etc., its form showed can be varied, such as, for intelligent electric lamp, the intelligent electric lamp includes but do not limited
In:Intelligent desk lamp, intelligent ceiling lamp, the equipment such as intelligent wall lamp, such as intelligent television, it can be Samsung board intelligence
TV, it can also be Sharp's board intelligent television certainly, such as intelligent cleaning equipment, it can be, intelligent floor-sweeping
Robot, it can also be for example next for intelligent sleep equipment including equipment such as intellective dust collector, intelligent garbage processors certainly
Say, it can be:The equipment such as intelligent mattress, intelligent sofa, such as intelligent monitoring device or, it can be, intelligent blood
Pressure meter, intelligent thermometer etc., the present invention is not limited the concrete form and quantity or species of above-mentioned internet-of-things terminal.
Repeater in above-mentioned steps with ciphering unit mapping table as shown in figure 5, above-mentioned mapping can to map one by one, when
Can also be so the modes such as one-to-many mapping.
AP20 configures the relaying of each mapping table in multiple mapping tables between repeater and ciphering unit, multiple mapping tables
Mapping relations between device and ciphering unit are differed, and AP20 receives the more new command that gateway is sent, and the more new command is comprising more
The mark of mapping table after new and renewal time, AP20 is when reaching the renewal time, using the mapping table after renewal.It is optional
, after renewal time reaches, the mapping table that AP20 can be enabled after original mapping table and renewal simultaneously call two plus
Close unit, obtains the first encryption data bag and the second encryption data bag after data are encrypted respectively using two ciphering units
Send to gateway, AP20 receives the response message for the first encryption data bag that gateway is returned, and starts the first encryption data bag
The corresponding mapping relations of the first ciphering unit.
This technical scheme is that mapping relations are updated and safeguarded, can so improve security, because fixed reflects
Possibility that the relation of penetrating is divulged a secret is high, so influences security, and regularly updating maintenance mapping relations, and mappings all in time are closed
System divulges a secret, but renewal and maintenance have gateway to control, so not knowing that the time for starting that mapping relations also can not be right
Corresponding packet decryption, so which raises security.
AP20 configures multiple key tables, and one ciphering unit of each key table correspondence, each key table includes multiple keys,
AP20, which receives to extract in the message that gateway is issued, carries key mark in message, select the corresponding key of the mark using corresponding
Ciphering unit carries out data encryption.
Such as the first key bag includes 10 keys, extracts the key mark carried in the message, the key of such as extraction
For the 5th key, the first encrypting module is used, then data are encrypted using the first encrypting module with the 5th key.Here
To realizing that the selection of multiple keys improves security.
Ciphering unit in above-mentioned steps S302 is specifically as follows the hardware ciphering unit for being arranged on AP, and it is pre- comprising producer
If the AES set, certainly in actual applications, the software cryptography list that above-mentioned ciphering unit can also be for configuration in AP
Member, the present invention is not intended to limit the specific manifestation form of above-mentioned ciphering unit.
Above-mentioned AES includes but is not limited to:The AESs such as 3DES, MD5 or RSA, the present invention does not limit to specific
AES.
Step S303, AP20 calls the first ciphering unit that the packet is encrypted;
Above-mentioned steps S303 implementation method is specifically as follows:
For example, the first ciphering unit is 3DES encryption unit, then AP20 calls 3DES encryption unit to carry out packet
3DES encryption processing.Such as the first ciphering unit is RAS ciphering units, then AP20 calls RAS ciphering units to carry out packet
RAS encryptions.Such as the first ciphering unit is md5 encryption unit, then AP20 calls md5 encryption unit to carry out packet
Md5 encryption is handled.
The concrete mode of above-mentioned encryption may refer to 3DES, RSA and MD5 associated description, repeat no more here.
Above-mentioned steps S303 implementation method is specifically as follows:
AP20 calls the first ciphering unit that the packet is encrypted, and such as encrypts successfully, carries out subsequent step
S304, such as encrypts unsuccessful, then calls the spare cryptographic unit of the first ciphering unit that the packet is encrypted, will adopt
It is added to the packet header extended field of the packet after encryption with spare cryptographic unit marks.
Step S304, AP20 sends the packet after the encryption to gateway.
Above-mentioned steps S304 implementation method can be:
The packet of encryption is sent to gateway by another way, for example, internet-of-things terminal by WIFI with
AP connections, then AP20 can send data packets to gateway by wired mode, and certainly in actual applications, AP20 can also
Pass through Long Term Evolution (English:Long Term Evolution, LTE) packet after encryption is sent to gateway.Certainly
Above-mentioned LTE or restricted manner and internet-of-things terminal are by way of WIFI is connected with AP just to for example, the present invention
The concrete mode of above-mentioned connection is not limited to.
The method provided according to such as Fig. 3, AP selects ciphering unit corresponding with the repeater according to the sequence number of repeater, leads to
Cross the ciphering unit data are encrypted, for Internet of Things, repeater is without configuring encryption, all encryptions
Set in AP, this mode can effectively reduce the cost of repeater, and for whole Internet of Things, due to one
Numerous repeaters can be connected below AP, only AP, which is configured, can also reduce the overall cost of Internet of Things, in addition, for AP
For its calculate ability be typically better than repeater, then to operation ciphering unit when can reduce data transmission delay, subtract
The time delay of few network, improves the experience of user.
Refering to Fig. 6, Fig. 6 receives the subset encryption method of data, this method for a kind of Internet of Things AP that the present invention is provided
Realized under network architecture as shown in Figure 4, can under multiple repeaters, repeater as shown in figure 4, can be connected under an AP20
To connect multiple Internet of Things access terminals, the AP is specifically as follows the mobile phone for opening focus, the PC for providing wireless connection
Or the equipment, this method such as router are as shown in fig. 6, comprise the following steps:
Step S601, internet-of-things terminal send packet to repeater;
Internet-of-things terminal in above-mentioned steps S601 is specifically as follows:The equipment such as mobile phone, tablet personal computer, computer, certainly
It can also include the other equipment with network savvy, such as intelligent television, intelligent air condition, intelligent kettle, intelligent lamp, intelligence
The smart machine of switch or some Internet of Things.
The mode that internet-of-things terminal sends packet to repeater in above-mentioned steps S601 can be to pass through wireless connection
Mode sends packet, and the wireless mode includes but is not limited to:Bluetooth, Wireless Fidelity (English:Wireless Fidelity,
WIFI) or the wireless mode such as Zigbee, wherein, above-mentioned WIFI needs the standard in accordance with IEEE802.11b.
It should be noted that Internet of Things and repeater here is only just for wireless repeater, because for thing
For networking, the number of devices that it is accessed is numerous, for repeater, if passing through the access of wired connection, first terminal
Quantity can have been limited, and be to imagine for the wiring of domestic consumer with wired connection for family
, this wired cost is also very high in addition, so between the middle internet-of-things terminal and repeater in technical scheme
Connection only limit wireless connection.
Step S602, AP20 receives the packet that repeater is sent, and AP20 is with extracting the MAC of the repeater of the packet
Location, the sequence number of repeater is obtained according to the MAC Address to repeater identification, and the sequence number according to the repeater is being pre-configured with
Repeater the first ciphering unit corresponding with inquiring the repeater in ciphering unit mapping table.
Each producer of the type of internet-of-things terminal in above-mentioned steps S602 can be configured according to situation voluntarily, example
Such as, the internet-of-things terminal can specifically include:Intelligent electric lamp, intelligent television, intelligent cleaning equipment, intelligent sleep equipment, intelligence
Monitoring device etc., its form showed can be varied, such as, for intelligent electric lamp, the intelligent electric lamp includes but do not limited
In:Intelligent desk lamp, intelligent ceiling lamp, the equipment such as intelligent wall lamp, such as intelligent television, it can be Samsung board intelligence
TV, it can also be Sharp's board intelligent television certainly, such as intelligent cleaning equipment, it can be, intelligent floor-sweeping
Robot, it can also be for example next for intelligent sleep equipment including equipment such as intellective dust collector, intelligent garbage processors certainly
Say, it can be:The equipment such as intelligent mattress, intelligent sofa, such as intelligent monitoring device or, it can be, intelligent blood
Pressure meter, intelligent thermometer etc., the present invention is not limited the concrete form and quantity or species of above-mentioned internet-of-things terminal.
Repeater in above-mentioned steps with ciphering unit mapping table as shown in figure 5, above-mentioned mapping can to map one by one, when
Can also be so the modes such as one-to-many mapping.
Ciphering unit in above-mentioned steps S602 is specifically as follows the hardware ciphering unit for being arranged on AP, and it is pre- comprising producer
If the AES set, certainly in actual applications, the software cryptography list that above-mentioned ciphering unit can also be for configuration in AP
Member, the present invention is not intended to limit the specific manifestation form of above-mentioned ciphering unit.
Above-mentioned AES includes but is not limited to:The AESs such as 3DES, MD5 or RSA, the present invention does not limit to specific
AES.
Step S603, AP20 calls the first ciphering unit that the packet is encrypted;
Above-mentioned steps S603 implementation method is specifically as follows:
AP20 extracts the MAC Address of the repeater in the packet, by the MAC Address and the MAC Address of storage with
The sequence number of the corresponding repeater of the MAC Address is obtained after comparison in device mapping table, setting position is extracted from the MAC Address of repeater
Number numeral is as key, and using the secret key pair, the packet is encrypted first ciphering unit.
Above-mentioned setting numeral is specifically as follows 4,6 or 8, because for MAC Address, it has 48bit numerical value, i.e.,
By 48, then when taking setting numeral, certain needs times 48 are divided exactly, and the problem of private key digit is inconsistent otherwise occurs.Certainly
In actual applications, it can will will extract setting digit digital and be converted into 10 system numbers, then be used as private key using 10 system numbers.
Certain above-mentioned 10 system number can also be replaced using 16 system numbers.Said extracted setting digit digital can be carried in order
Take, for example, extracting first 8, second of extraction 9-17 for the first time, naturally it is also possible to which across digit extraction uses other digits
Extracting mode, the specific embodiment of the invention does not limit to the specific extracting mode of above-mentioned digit.
Above-mentioned steps S603 implementation method is specifically as follows:
For example, the first ciphering unit is 3DES encryption unit, then AP20 calls 3DES encryption unit to carry out packet
3DES encryption processing.Such as the first ciphering unit is RAS ciphering units, then AP20 calls RAS ciphering units to carry out packet
RAS encryptions.Such as the first ciphering unit is md5 encryption unit, then AP20 calls md5 encryption unit to carry out packet
Md5 encryption is handled.
The concrete mode of above-mentioned encryption may refer to 3DES, RSA and MD5 associated description, repeat no more here.
Above-mentioned steps S603 implementation method is specifically as follows:
AP20 calls the first ciphering unit that the packet is encrypted, and such as encrypts successfully, carries out subsequent step
S304, such as encrypts unsuccessful, then calls the spare cryptographic unit of the first ciphering unit that the packet is encrypted, will adopt
It is added to the packet header extended field of the packet after encryption with spare cryptographic unit marks.
Step S604, AP20 sends the packet after the encryption to gateway.
Above-mentioned steps S604 implementation method can be:
The packet of encryption is sent to gateway by another way, for example, internet-of-things terminal by WIFI with
AP connections, then AP20 can send data packets to gateway by wired mode, and certainly in actual applications, AP20 can also
Pass through Long Term Evolution (English:Long Term Evolution, LTE) packet after encryption is sent to gateway.Certainly
Above-mentioned LTE or restricted manner and internet-of-things terminal are by way of WIFI is connected with AP just to for example, the present invention
The concrete mode of above-mentioned connection is not limited to.
The method provided according to such as Fig. 6, AP selects ciphering unit corresponding with the repeater according to the sequence number of repeater, leads to
Cross the ciphering unit data are encrypted, for Internet of Things, repeater is without configuring encryption, all encryptions
Set in AP, this mode can effectively reduce the cost of repeater, and for whole Internet of Things, due to one
Numerous repeaters can be connected below AP, only AP, which is configured, can also reduce the overall cost of Internet of Things, in addition, for AP
For its calculate ability be typically better than repeater, then to operation ciphering unit when can reduce data transmission delay, subtract
The time delay of few network, improves the experience of user.
Refering to Fig. 7, Fig. 7 is the subset encryption device 700 that a kind of Internet of Things AP receives data, and described device includes:
Receiving unit 701, the packet for receiving repeater transmission;
Processing unit 702, the MAC Address of the repeater for extracting the packet, according to the MAC Address to relaying
Device recognizes the sequence number for obtaining repeater, and the sequence number according to the repeater is in the repeater being pre-configured with and ciphering unit mapping table
In inquire corresponding first ciphering unit of the repeater;Call first ciphering unit that the packet is encrypted
Processing;
Transmitting element 703, for the packet after encryption to be sent to gateway.
Optionally, processing unit 702, are additionally operable to the first ciphering unit such as and the packet encryption are failed, then adjust
With the spare cryptographic unit of the first ciphering unit to the packet encryption.
Optionally, processing unit 702, are additionally operable to extract the MAC Address of the repeater in the packet, by the MAC
Location obtains the sequence number of the corresponding repeater of the MAC Address with the MAC Address stored with being compared in repeater mapping table.
Optionally, processing unit 702, are additionally operable to extract setting digit digital from the MAC Address of repeater as key,
Using the secret key pair, the packet is encrypted first ciphering unit.
Optionally, the digit that sets is 4,6 or 8.
Refering to Fig. 8, a kind of Internet of Things access point 800 that Fig. 8 provides for the present invention, the Internet of Things access point can be deployment
A node in internet system, internet system can also include:Internet-of-things terminal and gateway, the Internet of Things access point
800 include but is not limited to:The equipment such as computer, server, as shown in figure 8, the Internet of Things access point 800 includes:Processor
801st, memory 802, transceiver 803 and bus 804.Transceiver 803 is used for and external equipment (such as other in interacted system
Equipment, includes but is not limited to:Repeater, equipment of the core network etc.) between transceiving data.Processor in Internet of Things access point 800
801 quantity can be one or more.In some embodiments of the present application, processor 801, memory 802 and transceiver 803
It can be connected by bus system or other modes.The implication for the term being related on the present embodiment and citing, may be referred to Fig. 3
Or the corresponding embodiments of Fig. 6, here is omitted.
Wherein, can be with store program codes in memory 802.Processor 801 is used to call the journey stored in memory 802
Sequence code, for performing following operation:
Transceiver 803, the packet for receiving internet-of-things terminal transmission;
Processor 801, the MAC Address of the repeater for extracting the packet, according to the MAC Address to repeater
Identification obtains the sequence number of repeater, and the sequence number according to the repeater is in the repeater and ciphering unit mapping table being pre-configured with
Inquire corresponding first ciphering unit of the repeater;Call first ciphering unit that place is encrypted to the packet
Reason.
Transceiver 803, is additionally operable to send the packet after encryption to gateway.
Optionally, processor 801, transceiver 803, can be also used for performing the step as in Fig. 3 or as shown in Figure 6 embodiments
The refinement scheme and alternative of rapid and step.
It should be noted that processor 801 here can be a treatment element or multiple treatment elements
It is referred to as.For example, the treatment element can be central processing unit (Central Processing Unit, CPU) or spy
Determine integrated circuit (Application Specific Integrated Circuit, ASIC), or be arranged to implement this
Apply for one or more integrated circuits of embodiment, for example:One or more microprocessors (digital singnal
Processor, DSP), or, one or more field programmable gate array (Field Programmable Gate Array,
FPGA)。
Memory 803 can be the general designation of a storage device or multiple memory elements, and for storing and can hold
Parameter, data etc. required for line program code or the operation of application program running gear.And memory 903 can include random storage
Device (RAM), can also include nonvolatile memory (non-volatile memory), such as magnetic disk storage, flash memory
(Flash) etc..
Bus 804 can be that industry standard architecture (Industry Standard Architecture, ISA) is total
Line, external equipment interconnection (Peripheral Component, PCI) bus or extended industry-standard architecture (Extended
Industry Standard Architecture, EISA) bus etc..The bus can be divided into address bus, data/address bus, control
Bus processed etc..For ease of representing, only represented in Fig. 8 with a thick line, it is not intended that only one bus or a type of
Bus.
The user equipment can also include input/output unit, bus 804 is connected to, to pass through bus and processor 801
Etc. other parts connection.The input/output unit can provide an inputting interface for operating personnel, so that operating personnel pass through this
Inputting interface selects item of deploying to ensure effective monitoring and control of illegal activities, and can also be other interfaces, can pass through the external miscellaneous equipment of the interface.
It should be noted that for each foregoing embodiment of the method, in order to be briefly described, therefore it is all expressed as to one it is
The combination of actions of row, but those skilled in the art should know, the application is not limited by described sequence of movement, because
For according to the application, certain some step can be carried out sequentially or simultaneously using other.Secondly, those skilled in the art also should
Know, embodiment described in this description belongs to preferred embodiment, involved action and module not necessarily this Shen
Please be necessary.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and is not described in some embodiment
Part, may refer to the associated description of other embodiment.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
To instruct the hardware of correlation to complete by program, the program can be stored in a computer-readable recording medium, storage
Medium can include:Flash disk, read-only storage (English:Read-Only Memory, referred to as:ROM), random access device (English
Text:Random Access Memory, referred to as:RAM), disk or CD etc..
The content download method and relevant device that are there is provided above the embodiment of the present application, system are described in detail,
Specific case used herein is set forth to the principle and embodiment of the application, and the explanation of above example is to use
Understand the present processes and its core concept in help;Simultaneously for those of ordinary skill in the art, according to the application's
Thought, will change in specific embodiments and applications, in summary, and this specification content should not be construed as
Limitation to the application.
Claims (10)
1. a kind of Internet of Things access point AP receives the subset encryption method of data, it is characterised in that methods described includes as follows
Step:
The Internet of Things access point receives the packet that repeater is sent;
The Internet of Things access point extracts the MAC Address of the repeater of the packet, and repeater is known according to the MAC Address
The sequence number of repeater is not obtained, and the sequence number according to the repeater is in the repeater being pre-configured with being looked into ciphering unit mapping table
Ask out corresponding first ciphering unit of the repeater;
The Internet of Things access point calls first ciphering unit that the packet is encrypted;
The Internet of Things access point sends the packet after encryption to gateway.
2. according to the method described in claim 1, it is characterised in that methods described is in the Internet of Things access point by encryption
Packet afterwards, which is sent to before gateway, to be included:
Such as the first ciphering unit fails to the packet encryption, then calls the spare cryptographic unit pair of the first ciphering unit
The packet encryption.
3. according to the method described in claim 1, it is characterised in that described that repeater identification is obtained according to the MAC Address
The sequence number of repeater is specifically included:
The MAC Address of the repeater in the packet is extracted, the MAC Address and the MAC Address of storage are mapped with repeater
The sequence number for obtaining the corresponding repeater of the MAC Address is compared in table.
4. method according to claim 3, it is characterised in that the Internet of Things access point calls first ciphering unit
The packet is encrypted specifically, including:
The Internet of Things access point extracts setting digit digital as key from the MAC Address of repeater, first encryption
Using the secret key pair, the packet is encrypted unit.
5. method according to claim 4, it is characterised in that the digit that sets is 4,6 or 8.
6. a kind of Internet of Things AP receives the subset encryption device of data, it is characterised in that described device includes:
Receiving unit, the packet for receiving repeater transmission;
Processing unit, the MAC Address of the repeater for extracting the packet, according to the MAC Address to repeater identification
The sequence number of repeater is obtained, the sequence number according to the repeater is in the repeater being pre-configured with being inquired about in ciphering unit mapping table
Go out corresponding first ciphering unit of the repeater;Call first ciphering unit that the packet is encrypted;
Transmitting element, for the packet after encryption to be sent to gateway.
7. device according to claim 6, it is characterised in that the processing unit, is additionally operable to such as the first ciphering unit pair
The packet encryption failure, then call the spare cryptographic unit of the first ciphering unit to the packet encryption.
8. device according to claim 6, it is characterised in that the processing unit, is additionally operable to extract in the packet
Repeater MAC Address, the MAC Address is obtained into the MAC Address with being compared in MAC Address and the repeater mapping table of storage
The sequence number of corresponding repeater.
9. device according to claim 6, it is characterised in that the processing unit, is additionally operable to the MAC Address from repeater
The middle setting digit digital that extracts is as key, and using the secret key pair, place is encrypted in the packet to first ciphering unit
Reason.
10. a kind of computer-readable recording medium, it is characterised in that it stores the computer program for electronic data interchange,
Wherein, the computer program causes computer to perform the method as described in claim any one of 1-5.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710573347.9A CN107302538B (en) | 2017-07-14 | 2017-07-14 | Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things |
PCT/CN2017/100766 WO2019010796A1 (en) | 2017-07-14 | 2017-09-06 | Sub-device encryption method and device for receiving data of internet of things ap |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710573347.9A CN107302538B (en) | 2017-07-14 | 2017-07-14 | Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107302538A true CN107302538A (en) | 2017-10-27 |
CN107302538B CN107302538B (en) | 2020-07-03 |
Family
ID=60133939
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710573347.9A Active CN107302538B (en) | 2017-07-14 | 2017-07-14 | Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107302538B (en) |
WO (1) | WO2019010796A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110839259A (en) * | 2019-09-27 | 2020-02-25 | 许继集团有限公司 | Data transmission method between service terminal and service master station |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050008160A1 (en) * | 2002-05-09 | 2005-01-13 | Niigata Seimitsu Co., Ltd. | Central encryption management system |
CN102694753A (en) * | 2011-03-25 | 2012-09-26 | 国基电子(上海)有限公司 | Gateway equipment capable of carrying out encryption transmission on data, system and method thereof |
CN105307167A (en) * | 2014-06-18 | 2016-02-03 | 松下知识产权经营株式会社 | Wireless relay device and wireless relay method |
CN106604275A (en) * | 2017-01-22 | 2017-04-26 | 武汉慧通云信息科技有限公司 | Information transmission, encryption and decryption method and system based on mobile internet |
-
2017
- 2017-07-14 CN CN201710573347.9A patent/CN107302538B/en active Active
- 2017-09-06 WO PCT/CN2017/100766 patent/WO2019010796A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050008160A1 (en) * | 2002-05-09 | 2005-01-13 | Niigata Seimitsu Co., Ltd. | Central encryption management system |
CN102694753A (en) * | 2011-03-25 | 2012-09-26 | 国基电子(上海)有限公司 | Gateway equipment capable of carrying out encryption transmission on data, system and method thereof |
CN105307167A (en) * | 2014-06-18 | 2016-02-03 | 松下知识产权经营株式会社 | Wireless relay device and wireless relay method |
CN106604275A (en) * | 2017-01-22 | 2017-04-26 | 武汉慧通云信息科技有限公司 | Information transmission, encryption and decryption method and system based on mobile internet |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110839259A (en) * | 2019-09-27 | 2020-02-25 | 许继集团有限公司 | Data transmission method between service terminal and service master station |
CN110839259B (en) * | 2019-09-27 | 2023-06-06 | 许继集团有限公司 | Data transmission method between service terminal and service main station |
Also Published As
Publication number | Publication date |
---|---|
CN107302538B (en) | 2020-07-03 |
WO2019010796A1 (en) | 2019-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103945369B (en) | A kind of length by checking WIFI packets realizes the Internet-surfing configuration method of WIFI equipment | |
CN108762791A (en) | Firmware upgrade method and device | |
US10880079B2 (en) | Private key generation method and system, and device | |
CN104380773A (en) | A virtual card download method, a terminal and intermediate equipment | |
EP3293933A1 (en) | Communication content protection | |
CN107786331A (en) | Data processing method, device, system and computer-readable recording medium | |
CN106845256A (en) | A kind of method and terminal of encryption and decryption data in the application | |
CN107846715A (en) | Access point switching method and device of the Internet of Things based on transmission rate | |
CN107770087A (en) | Router switching method and device of the Internet of Things based on connection quantity | |
JP2011205302A (en) | Wireless lan relay device, wireless communication system, and method for controlling the wireless lan relay device | |
US20150180837A1 (en) | Network system and networking method | |
CN107547516A (en) | The encryption method at times and device of internet-of-things terminal data | |
CN107566336A (en) | The encryption method in order and device of internet-of-things terminal data | |
CN107846683A (en) | Upstream data control extension method and device of the Internet of Things access point based on type | |
CN104244171A (en) | Data transmission system and method on basis of NFC (near field communication) connection | |
CN107483203A (en) | Internet of Things access point receives the encryption method at times and device of data | |
CN107370735A (en) | The encryption method at times and device of a kind of Internet of Things REPEATER DATA | |
CN107302538A (en) | Internet of Things AP receives the subset encryption method and device of data | |
CN107484214A (en) | Internet of Things access point frequency point selecting method and device | |
CN107483201A (en) | A kind of selection encryption method and device based on Internet of Things access point | |
CN107493267A (en) | A kind of random encrypting method and device of internet-of-things terminal data | |
CN107483202A (en) | A kind of selection encryption method and device based on Internet of Things repeater | |
CN107360566A (en) | Upstream data control extension method and device of the internet-of-things terminal based on type | |
CN107493571A (en) | Upstream data control extension method and device of the Internet of Things repeater based on type | |
JP2017022443A (en) | Setting information generator, method, setting terminal and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |