CN107302538A - Internet of Things AP receives the subset encryption method and device of data - Google Patents

Internet of Things AP receives the subset encryption method and device of data Download PDF

Info

Publication number
CN107302538A
CN107302538A CN201710573347.9A CN201710573347A CN107302538A CN 107302538 A CN107302538 A CN 107302538A CN 201710573347 A CN201710573347 A CN 201710573347A CN 107302538 A CN107302538 A CN 107302538A
Authority
CN
China
Prior art keywords
repeater
packet
internet
mac address
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710573347.9A
Other languages
Chinese (zh)
Other versions
CN107302538B (en
Inventor
杜光东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenglu IoT Communication Technology Co Ltd
Original Assignee
Shenzhen Shenglu IoT Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shenglu IoT Communication Technology Co Ltd filed Critical Shenzhen Shenglu IoT Communication Technology Co Ltd
Priority to CN201710573347.9A priority Critical patent/CN107302538B/en
Priority to PCT/CN2017/100766 priority patent/WO2019010796A1/en
Publication of CN107302538A publication Critical patent/CN107302538A/en
Application granted granted Critical
Publication of CN107302538B publication Critical patent/CN107302538B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This application discloses the subset encryption method and device that a kind of Internet of Things AP receives data, methods described comprises the following steps:The Internet of Things access point receives the packet that repeater is sent;The Internet of Things access point extracts the MAC Address of the repeater of the packet, the sequence number of repeater is obtained to repeater identification according to the MAC Address, the sequence number according to the repeater is in the repeater being pre-configured with the first ciphering unit corresponding with inquiring the repeater in ciphering unit mapping table;The Internet of Things access point calls first ciphering unit that the packet is encrypted;The Internet of Things access point sends the packet after encryption to gateway.The technical scheme that the present invention is provided has safe, the high advantage of user experience.

Description

Internet of Things AP receives the subset encryption method and device of data
Technical field
The application is related to the communications field, more particularly to a kind of Internet of Things AP receives the subset encryption method and dress of data Put.
Background technology
Internet of Things is the important component of generation information technology, is also the important development stage in " informationization " epoch. Its English name is:“Internet of things(IoT)”.As its name suggests, Internet of Things is exactly the connected internet of thing thing.This There is two layers of meaning:First, the core of Internet of Things and basis are still internet, it is extension and extension on Internet basic Network;Second, its user terminal extends and extend between any article and article, enter row information and exchange and communicate, that is, Thing thing mutually ceases.Internet of Things is widely used in network by the cognition technology that communicates such as Intellisense, identification technology and general fit calculation In fusion, also therefore it is referred to as the third wave that world information industry develops after computer, internet.Internet of Things is mutual The application extension of networking, rather than Internet of Things is network, Internet of Things is business and application.Therefore, application innovation is thing The core of networking development, the innovation 2.0 by core of Consumer's Experience is the soul of Internet of Things development.
What Internet of Things was solved is the data exchange between interconnection and thing thing between thing thing, and existing Internet of Things is in networking When be based on Internet of Things access point (English:Access point, AP) access internet, during existing Internet of Things AP is received After the data of device, it is impossible to which the data to repeater carry out separating encryption, so existing security is not high.
The content of the invention
The application provides the subset encryption method that a kind of Internet of Things AP receives data.The peace of Internet of Things data can be improved Quan Xing, improves Consumer's Experience.
First aspect is there is provided the subset encryption method that a kind of Internet of Things AP receives data, and methods described includes following step Suddenly:
The Internet of Things access point receives the packet that repeater is sent;
The Internet of Things access point extracts the MAC Address of the repeater of the packet, according to the MAC Address to relaying Device recognizes the sequence number for obtaining repeater, and the sequence number according to the repeater is in the repeater being pre-configured with and ciphering unit mapping table In inquire corresponding first ciphering unit of the repeater;
The Internet of Things access point calls first ciphering unit that the packet is encrypted;
The Internet of Things access point sends the packet after encryption to gateway.
Optionally, methods described sends the packet after encryption to before gateway also in the Internet of Things access point It can include:
Such as the first ciphering unit fails to the packet encryption, then calls the spare cryptographic list of the first ciphering unit Member is to the packet encryption.
Optionally, the sequence number that repeater is obtained to repeater identification according to the MAC Address is specifically included:
The MAC Address of the repeater in the packet is extracted, by the MAC Address and the MAC Address and repeater of storage The sequence number for obtaining the corresponding repeater of the MAC Address is compared in mapping table.
Optionally, the Internet of Things access point calls first ciphering unit that tool is encrypted to the packet Body, including:
The Internet of Things access point extracts setting digit digital as key from the MAC Address of repeater, and described first Using the secret key pair, the packet is encrypted ciphering unit.
Optionally, the digit that sets is 4,6 or 8.
Second aspect includes there is provided the subset encryption device that a kind of Internet of Things AP receives data, described device:
Receiving unit, the packet for receiving repeater transmission;
Processing unit, the MAC Address of the repeater for extracting the packet, according to the MAC Address to repeater Identification obtains the sequence number of repeater, and the sequence number according to the repeater is in the repeater and ciphering unit mapping table being pre-configured with Inquire corresponding first ciphering unit of the repeater;Call first ciphering unit that place is encrypted to the packet Reason;
Transmitting element, for the packet after encryption to be sent to gateway.
Optionally, the processing unit, is additionally operable to the first ciphering unit such as and the packet encryption is failed, then adjust With the spare cryptographic unit of the first ciphering unit to the packet encryption.
Optionally, the processing unit, is additionally operable to extract the MAC Address of the repeater in the packet, by the MAC Location obtains the sequence number of the corresponding repeater of the MAC Address with the MAC Address stored with being compared in repeater mapping table.
Optionally, the processing unit, is additionally operable to extract setting digit digital from the MAC Address of repeater as secret Key, using the secret key pair, the packet is encrypted first ciphering unit.
Optionally, the digit that sets is 4,6 or 8.
There is provided a kind of computer-readable recording medium for the third aspect, it is characterised in that it is stored for electronic data interchange Computer program, wherein, the computer program cause computer perform first aspect provide method.
The internet-of-things terminal for the technical scheme that the present invention is provided is sent data packets to after AP, sequences of the AP according to repeater Data are encrypted by number corresponding with the repeater ciphering unit of selection by the ciphering unit, for Internet of Things, in After device without being configured to encryption, all encryptions are set in AP, and this mode can effectively reduce the cost of repeater, And for whole Internet of Things, due to numerous repeaters can be connected below one AP, only AP configurations also may be used To reduce the cost that Internet of Things is overall, in addition, its ability calculated is typically better than repeater for AP, then operation is added The delay of data transmission can be reduced during close unit, the time delay of network is reduced, the experience of user is improved.
Brief description of the drawings
In order to illustrate more clearly of the technical scheme of the embodiment of the present application, used required in being described below to embodiment Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are some embodiments of the present application, for this area For those of ordinary skill, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of schematic flow sheet of the data routing method based on AP;
Fig. 2 is the transfer process figure that a kind of internet-of-things terminal sends packet to AP;
Fig. 3 is the flow chart for the subset encryption method that Internet of Things AP receives data
Fig. 4 is the technology schematic diagram of a scenario that the embodiment of the application one is provided;
Fig. 5 is the mapping relations schematic diagram of the offer of the embodiment of the application one;
Fig. 6 is the flow signal for the subset encryption method that the Internet of Things AP that another embodiment of the application is provided receives data Figure;
Fig. 7 is the structural representation for the subset encryption device that a kind of Internet of Things AP that the application is provided receives data;
A kind of hardware architecture diagram for gateway that Fig. 8 provides for the application.
Embodiment
It should be mentioned that some exemplary embodiments are described as before exemplary embodiment is discussed in greater detail The processing described as flow chart or method.Although operations are described as the processing of order by flow chart, therein to be permitted Multioperation can be implemented concurrently, concomitantly or simultaneously.In addition, the order of operations can be rearranged.When it The processing can be terminated when operation is completed, it is also possible to the additional step being not included in accompanying drawing.The processing It can correspond to method, function, code, subroutine, subprogram etc..
Alleged within a context " computer equipment ", also referred to as " computer ", referring to can be by running preset program or referring to Make performing the intelligent electronic device of the predetermined process process such as numerical computations and/or logical calculated, its can include processor with Memory, the survival that is prestored in memory by computing device instructs to perform predetermined process process, or by ASIC, The hardware such as FPGA, DSP perform predetermined process process, or are realized by said two devices combination.Computer equipment includes but not limited In server, PC, notebook computer, tablet personal computer, smart mobile phone etc..
Method (some of them are illustrated by flow) discussed hereafter can be by hardware, software, firmware, centre Part, microcode, hardware description language or its any combination are implemented.Implement when with software, firmware, middleware or microcode When, to implement, the program code or code segment of necessary task can be stored in machine or computer-readable medium (is such as deposited Storage media) in.(one or more) processor can implement necessary task.
Concrete structure and function detail disclosed herein are only representational, and are for describing showing for the present invention The purpose of example property embodiment.But the present invention can be implemented by many alternative forms, and it is not interpreted as It is limited only by the embodiments set forth herein.
Although it should be appreciated that may have been used term " first ", " second " etc. herein to describe unit, But these units should not be limited by these terms.It is used for the purpose of using these terms by a unit and another unit Make a distinction.For example, in the case of the scope without departing substantially from exemplary embodiment, it is single that first module can be referred to as second Member, and similarly second unit can be referred to as first module.Term "and/or" used herein above include one of them or Any and all combination of more listed associated items.
Term used herein above is not intended to limit exemplary embodiment just for the sake of description specific embodiment.Unless Context clearly refers else, and otherwise singulative " one " used herein above, " one " also attempt to include plural number.Should also When understanding, term " comprising " and/or "comprising" used herein above provide stated feature, integer, step, operation, The presence of unit and/or component, and do not preclude the presence or addition of other one or more features, integer, step, operation, unit, Component and/or its combination.
It should further be mentioned that in some replaces realization modes, the function/action being previously mentioned can be according to different from attached The order indicated in figure occurs.For example, depending on involved function/action, the two width figures shown in succession actually may be used Substantially simultaneously to perform or can perform in a reverse order sometimes.
The present invention is described in further detail below in conjunction with the accompanying drawings.
According to an aspect of the invention, there is provided a kind of Internet of Things AP method for transmitting uplink data.Wherein, this method Apply in internet of things as shown in Figure 1, as shown in figure 1, the internet of things includes:Internet-of-things terminal 10, Internet of Things access Point AP20, gateway 30 and repeater 40, above-mentioned internet-of-things terminal can have the different forms of expression according to different situations, For example the internet-of-things terminal is specifically as follows:The equipment such as mobile phone, tablet personal computer, computer, it can also be comprising with connection certainly The other equipment of net function, such as intelligent television, intelligent air condition, the terminal device of intelligent kettle or some Internet of Things, above-mentioned thing Networked terminals 10 are wirelessly connected with repeater 40, and repeater 40 is connected with AP20, AP20 by another way (i.e. The connected mode different from wireless mode) internet is accessed with gateway 30, above-mentioned wireless mode includes but is not limited to:Bluetooth, The modes such as WIFI, above-mentioned another way can be that LTE or wired mode, above-mentioned gateway are specifically as follows, mobile base station, shifting The equipment such as dynamic relay station, interchanger.It is in a wired fashion example in Fig. 1, represents for convenience, here only with a solid line table Show.
Above-mentioned gateway 30 can be a PC (English according to the size of Internet of Things:Personal computer, PC), certainly in actual applications or multiple pc, server or server farm, the specific embodiment of the invention is not Limit to the specific manifestation form of above-mentioned gateway 30.
Refering to Fig. 2, Fig. 2 is the transfer process figure of Internet of Things AP data receiver, as shown in Fig. 2 the flow includes:
Step S201, internet-of-things terminal 10 wirelessly send the packet for needing to send to repeater 40;
Step S202, repeater send data packets to AP20;
The packet is transmitted to gateway 30 by step S203, AP20;
Step S204, gateway 30 transmit packet to internet.
By above-mentioned Fig. 1 and Fig. 2 expression, in the actual transmissions of packet, if occurred between AP20 and gateway 30 Divulge a secret, then due to no pass through corresponding encryption for the packet of transmission, so easily lead to the leakage of data, Easily there is safety issue.
Refering to Fig. 3, Fig. 3 receives the subset encryption method of data, this method for a kind of Internet of Things AP that the present invention is provided Realized under network architecture as shown in Figure 4, can under multiple repeaters, repeater as shown in figure 4, can be connected under an AP20 To connect multiple Internet of Things access terminals, the AP is specifically as follows the mobile phone for opening focus, the PC for providing wireless connection Or the equipment, this method such as router are as shown in figure 3, comprise the following steps:
Step S301, internet-of-things terminal send packet to repeater, and repeater delivers a packet to AP;
Internet-of-things terminal in above-mentioned steps S301 is specifically as follows:The equipment such as mobile phone, tablet personal computer, computer, certainly It can also include the other equipment with network savvy, such as intelligent television, intelligent air condition, intelligent kettle, intelligent lamp, intelligence The smart machine of switch or some Internet of Things.
The mode that internet-of-things terminal sends packet to repeater in above-mentioned steps S301 can be to pass through wireless connection Mode sends packet, and the wireless mode includes but is not limited to:Bluetooth, Wireless Fidelity (English:Wireless Fidelity, WIFI) or the wireless mode such as Zigbee, wherein, above-mentioned WIFI needs the standard in accordance with IEEE802.11b.
It should be noted that Internet of Things and repeater here is only just for wireless repeater, because for thing For networking, the number of devices that it is accessed is numerous, for repeater, if passing through the access of wired connection, first terminal Quantity can have been limited, and be to imagine for the wiring of domestic consumer with wired connection for family , this wired cost is also very high in addition, so between the middle internet-of-things terminal and repeater in technical scheme Connection only limit wireless connection.
Step S302, AP20 receives the packet that repeater is sent, and AP20 is with extracting the MAC of the repeater of the packet Location, the sequence number of repeater is obtained according to the MAC Address to repeater identification, and the sequence number according to the repeater is being pre-configured with Repeater the first ciphering unit corresponding with inquiring the repeater in ciphering unit mapping table.
Each producer of the type of internet-of-things terminal in above-mentioned steps S302 can be configured according to situation voluntarily, example Such as, the internet-of-things terminal can specifically include:Intelligent electric lamp, intelligent television, intelligent cleaning equipment, intelligent sleep equipment, intelligence Monitoring device etc., its form showed can be varied, such as, for intelligent electric lamp, the intelligent electric lamp includes but do not limited In:Intelligent desk lamp, intelligent ceiling lamp, the equipment such as intelligent wall lamp, such as intelligent television, it can be Samsung board intelligence TV, it can also be Sharp's board intelligent television certainly, such as intelligent cleaning equipment, it can be, intelligent floor-sweeping Robot, it can also be for example next for intelligent sleep equipment including equipment such as intellective dust collector, intelligent garbage processors certainly Say, it can be:The equipment such as intelligent mattress, intelligent sofa, such as intelligent monitoring device or, it can be, intelligent blood Pressure meter, intelligent thermometer etc., the present invention is not limited the concrete form and quantity or species of above-mentioned internet-of-things terminal.
Repeater in above-mentioned steps with ciphering unit mapping table as shown in figure 5, above-mentioned mapping can to map one by one, when Can also be so the modes such as one-to-many mapping.
AP20 configures the relaying of each mapping table in multiple mapping tables between repeater and ciphering unit, multiple mapping tables Mapping relations between device and ciphering unit are differed, and AP20 receives the more new command that gateway is sent, and the more new command is comprising more The mark of mapping table after new and renewal time, AP20 is when reaching the renewal time, using the mapping table after renewal.It is optional , after renewal time reaches, the mapping table that AP20 can be enabled after original mapping table and renewal simultaneously call two plus Close unit, obtains the first encryption data bag and the second encryption data bag after data are encrypted respectively using two ciphering units Send to gateway, AP20 receives the response message for the first encryption data bag that gateway is returned, and starts the first encryption data bag The corresponding mapping relations of the first ciphering unit.
This technical scheme is that mapping relations are updated and safeguarded, can so improve security, because fixed reflects Possibility that the relation of penetrating is divulged a secret is high, so influences security, and regularly updating maintenance mapping relations, and mappings all in time are closed System divulges a secret, but renewal and maintenance have gateway to control, so not knowing that the time for starting that mapping relations also can not be right Corresponding packet decryption, so which raises security.
AP20 configures multiple key tables, and one ciphering unit of each key table correspondence, each key table includes multiple keys, AP20, which receives to extract in the message that gateway is issued, carries key mark in message, select the corresponding key of the mark using corresponding Ciphering unit carries out data encryption.
Such as the first key bag includes 10 keys, extracts the key mark carried in the message, the key of such as extraction For the 5th key, the first encrypting module is used, then data are encrypted using the first encrypting module with the 5th key.Here To realizing that the selection of multiple keys improves security.
Ciphering unit in above-mentioned steps S302 is specifically as follows the hardware ciphering unit for being arranged on AP, and it is pre- comprising producer If the AES set, certainly in actual applications, the software cryptography list that above-mentioned ciphering unit can also be for configuration in AP Member, the present invention is not intended to limit the specific manifestation form of above-mentioned ciphering unit.
Above-mentioned AES includes but is not limited to:The AESs such as 3DES, MD5 or RSA, the present invention does not limit to specific AES.
Step S303, AP20 calls the first ciphering unit that the packet is encrypted;
Above-mentioned steps S303 implementation method is specifically as follows:
For example, the first ciphering unit is 3DES encryption unit, then AP20 calls 3DES encryption unit to carry out packet 3DES encryption processing.Such as the first ciphering unit is RAS ciphering units, then AP20 calls RAS ciphering units to carry out packet RAS encryptions.Such as the first ciphering unit is md5 encryption unit, then AP20 calls md5 encryption unit to carry out packet Md5 encryption is handled.
The concrete mode of above-mentioned encryption may refer to 3DES, RSA and MD5 associated description, repeat no more here.
Above-mentioned steps S303 implementation method is specifically as follows:
AP20 calls the first ciphering unit that the packet is encrypted, and such as encrypts successfully, carries out subsequent step S304, such as encrypts unsuccessful, then calls the spare cryptographic unit of the first ciphering unit that the packet is encrypted, will adopt It is added to the packet header extended field of the packet after encryption with spare cryptographic unit marks.
Step S304, AP20 sends the packet after the encryption to gateway.
Above-mentioned steps S304 implementation method can be:
The packet of encryption is sent to gateway by another way, for example, internet-of-things terminal by WIFI with AP connections, then AP20 can send data packets to gateway by wired mode, and certainly in actual applications, AP20 can also Pass through Long Term Evolution (English:Long Term Evolution, LTE) packet after encryption is sent to gateway.Certainly Above-mentioned LTE or restricted manner and internet-of-things terminal are by way of WIFI is connected with AP just to for example, the present invention The concrete mode of above-mentioned connection is not limited to.
The method provided according to such as Fig. 3, AP selects ciphering unit corresponding with the repeater according to the sequence number of repeater, leads to Cross the ciphering unit data are encrypted, for Internet of Things, repeater is without configuring encryption, all encryptions Set in AP, this mode can effectively reduce the cost of repeater, and for whole Internet of Things, due to one Numerous repeaters can be connected below AP, only AP, which is configured, can also reduce the overall cost of Internet of Things, in addition, for AP For its calculate ability be typically better than repeater, then to operation ciphering unit when can reduce data transmission delay, subtract The time delay of few network, improves the experience of user.
Refering to Fig. 6, Fig. 6 receives the subset encryption method of data, this method for a kind of Internet of Things AP that the present invention is provided Realized under network architecture as shown in Figure 4, can under multiple repeaters, repeater as shown in figure 4, can be connected under an AP20 To connect multiple Internet of Things access terminals, the AP is specifically as follows the mobile phone for opening focus, the PC for providing wireless connection Or the equipment, this method such as router are as shown in fig. 6, comprise the following steps:
Step S601, internet-of-things terminal send packet to repeater;
Internet-of-things terminal in above-mentioned steps S601 is specifically as follows:The equipment such as mobile phone, tablet personal computer, computer, certainly It can also include the other equipment with network savvy, such as intelligent television, intelligent air condition, intelligent kettle, intelligent lamp, intelligence The smart machine of switch or some Internet of Things.
The mode that internet-of-things terminal sends packet to repeater in above-mentioned steps S601 can be to pass through wireless connection Mode sends packet, and the wireless mode includes but is not limited to:Bluetooth, Wireless Fidelity (English:Wireless Fidelity, WIFI) or the wireless mode such as Zigbee, wherein, above-mentioned WIFI needs the standard in accordance with IEEE802.11b.
It should be noted that Internet of Things and repeater here is only just for wireless repeater, because for thing For networking, the number of devices that it is accessed is numerous, for repeater, if passing through the access of wired connection, first terminal Quantity can have been limited, and be to imagine for the wiring of domestic consumer with wired connection for family , this wired cost is also very high in addition, so between the middle internet-of-things terminal and repeater in technical scheme Connection only limit wireless connection.
Step S602, AP20 receives the packet that repeater is sent, and AP20 is with extracting the MAC of the repeater of the packet Location, the sequence number of repeater is obtained according to the MAC Address to repeater identification, and the sequence number according to the repeater is being pre-configured with Repeater the first ciphering unit corresponding with inquiring the repeater in ciphering unit mapping table.
Each producer of the type of internet-of-things terminal in above-mentioned steps S602 can be configured according to situation voluntarily, example Such as, the internet-of-things terminal can specifically include:Intelligent electric lamp, intelligent television, intelligent cleaning equipment, intelligent sleep equipment, intelligence Monitoring device etc., its form showed can be varied, such as, for intelligent electric lamp, the intelligent electric lamp includes but do not limited In:Intelligent desk lamp, intelligent ceiling lamp, the equipment such as intelligent wall lamp, such as intelligent television, it can be Samsung board intelligence TV, it can also be Sharp's board intelligent television certainly, such as intelligent cleaning equipment, it can be, intelligent floor-sweeping Robot, it can also be for example next for intelligent sleep equipment including equipment such as intellective dust collector, intelligent garbage processors certainly Say, it can be:The equipment such as intelligent mattress, intelligent sofa, such as intelligent monitoring device or, it can be, intelligent blood Pressure meter, intelligent thermometer etc., the present invention is not limited the concrete form and quantity or species of above-mentioned internet-of-things terminal.
Repeater in above-mentioned steps with ciphering unit mapping table as shown in figure 5, above-mentioned mapping can to map one by one, when Can also be so the modes such as one-to-many mapping.
Ciphering unit in above-mentioned steps S602 is specifically as follows the hardware ciphering unit for being arranged on AP, and it is pre- comprising producer If the AES set, certainly in actual applications, the software cryptography list that above-mentioned ciphering unit can also be for configuration in AP Member, the present invention is not intended to limit the specific manifestation form of above-mentioned ciphering unit.
Above-mentioned AES includes but is not limited to:The AESs such as 3DES, MD5 or RSA, the present invention does not limit to specific AES.
Step S603, AP20 calls the first ciphering unit that the packet is encrypted;
Above-mentioned steps S603 implementation method is specifically as follows:
AP20 extracts the MAC Address of the repeater in the packet, by the MAC Address and the MAC Address of storage with The sequence number of the corresponding repeater of the MAC Address is obtained after comparison in device mapping table, setting position is extracted from the MAC Address of repeater Number numeral is as key, and using the secret key pair, the packet is encrypted first ciphering unit.
Above-mentioned setting numeral is specifically as follows 4,6 or 8, because for MAC Address, it has 48bit numerical value, i.e., By 48, then when taking setting numeral, certain needs times 48 are divided exactly, and the problem of private key digit is inconsistent otherwise occurs.Certainly In actual applications, it can will will extract setting digit digital and be converted into 10 system numbers, then be used as private key using 10 system numbers. Certain above-mentioned 10 system number can also be replaced using 16 system numbers.Said extracted setting digit digital can be carried in order Take, for example, extracting first 8, second of extraction 9-17 for the first time, naturally it is also possible to which across digit extraction uses other digits Extracting mode, the specific embodiment of the invention does not limit to the specific extracting mode of above-mentioned digit.
Above-mentioned steps S603 implementation method is specifically as follows:
For example, the first ciphering unit is 3DES encryption unit, then AP20 calls 3DES encryption unit to carry out packet 3DES encryption processing.Such as the first ciphering unit is RAS ciphering units, then AP20 calls RAS ciphering units to carry out packet RAS encryptions.Such as the first ciphering unit is md5 encryption unit, then AP20 calls md5 encryption unit to carry out packet Md5 encryption is handled.
The concrete mode of above-mentioned encryption may refer to 3DES, RSA and MD5 associated description, repeat no more here.
Above-mentioned steps S603 implementation method is specifically as follows:
AP20 calls the first ciphering unit that the packet is encrypted, and such as encrypts successfully, carries out subsequent step S304, such as encrypts unsuccessful, then calls the spare cryptographic unit of the first ciphering unit that the packet is encrypted, will adopt It is added to the packet header extended field of the packet after encryption with spare cryptographic unit marks.
Step S604, AP20 sends the packet after the encryption to gateway.
Above-mentioned steps S604 implementation method can be:
The packet of encryption is sent to gateway by another way, for example, internet-of-things terminal by WIFI with AP connections, then AP20 can send data packets to gateway by wired mode, and certainly in actual applications, AP20 can also Pass through Long Term Evolution (English:Long Term Evolution, LTE) packet after encryption is sent to gateway.Certainly Above-mentioned LTE or restricted manner and internet-of-things terminal are by way of WIFI is connected with AP just to for example, the present invention The concrete mode of above-mentioned connection is not limited to.
The method provided according to such as Fig. 6, AP selects ciphering unit corresponding with the repeater according to the sequence number of repeater, leads to Cross the ciphering unit data are encrypted, for Internet of Things, repeater is without configuring encryption, all encryptions Set in AP, this mode can effectively reduce the cost of repeater, and for whole Internet of Things, due to one Numerous repeaters can be connected below AP, only AP, which is configured, can also reduce the overall cost of Internet of Things, in addition, for AP For its calculate ability be typically better than repeater, then to operation ciphering unit when can reduce data transmission delay, subtract The time delay of few network, improves the experience of user.
Refering to Fig. 7, Fig. 7 is the subset encryption device 700 that a kind of Internet of Things AP receives data, and described device includes:
Receiving unit 701, the packet for receiving repeater transmission;
Processing unit 702, the MAC Address of the repeater for extracting the packet, according to the MAC Address to relaying Device recognizes the sequence number for obtaining repeater, and the sequence number according to the repeater is in the repeater being pre-configured with and ciphering unit mapping table In inquire corresponding first ciphering unit of the repeater;Call first ciphering unit that the packet is encrypted Processing;
Transmitting element 703, for the packet after encryption to be sent to gateway.
Optionally, processing unit 702, are additionally operable to the first ciphering unit such as and the packet encryption are failed, then adjust With the spare cryptographic unit of the first ciphering unit to the packet encryption.
Optionally, processing unit 702, are additionally operable to extract the MAC Address of the repeater in the packet, by the MAC Location obtains the sequence number of the corresponding repeater of the MAC Address with the MAC Address stored with being compared in repeater mapping table.
Optionally, processing unit 702, are additionally operable to extract setting digit digital from the MAC Address of repeater as key, Using the secret key pair, the packet is encrypted first ciphering unit.
Optionally, the digit that sets is 4,6 or 8.
Refering to Fig. 8, a kind of Internet of Things access point 800 that Fig. 8 provides for the present invention, the Internet of Things access point can be deployment A node in internet system, internet system can also include:Internet-of-things terminal and gateway, the Internet of Things access point 800 include but is not limited to:The equipment such as computer, server, as shown in figure 8, the Internet of Things access point 800 includes:Processor 801st, memory 802, transceiver 803 and bus 804.Transceiver 803 is used for and external equipment (such as other in interacted system Equipment, includes but is not limited to:Repeater, equipment of the core network etc.) between transceiving data.Processor in Internet of Things access point 800 801 quantity can be one or more.In some embodiments of the present application, processor 801, memory 802 and transceiver 803 It can be connected by bus system or other modes.The implication for the term being related on the present embodiment and citing, may be referred to Fig. 3 Or the corresponding embodiments of Fig. 6, here is omitted.
Wherein, can be with store program codes in memory 802.Processor 801 is used to call the journey stored in memory 802 Sequence code, for performing following operation:
Transceiver 803, the packet for receiving internet-of-things terminal transmission;
Processor 801, the MAC Address of the repeater for extracting the packet, according to the MAC Address to repeater Identification obtains the sequence number of repeater, and the sequence number according to the repeater is in the repeater and ciphering unit mapping table being pre-configured with Inquire corresponding first ciphering unit of the repeater;Call first ciphering unit that place is encrypted to the packet Reason.
Transceiver 803, is additionally operable to send the packet after encryption to gateway.
Optionally, processor 801, transceiver 803, can be also used for performing the step as in Fig. 3 or as shown in Figure 6 embodiments The refinement scheme and alternative of rapid and step.
It should be noted that processor 801 here can be a treatment element or multiple treatment elements It is referred to as.For example, the treatment element can be central processing unit (Central Processing Unit, CPU) or spy Determine integrated circuit (Application Specific Integrated Circuit, ASIC), or be arranged to implement this Apply for one or more integrated circuits of embodiment, for example:One or more microprocessors (digital singnal Processor, DSP), or, one or more field programmable gate array (Field Programmable Gate Array, FPGA)。
Memory 803 can be the general designation of a storage device or multiple memory elements, and for storing and can hold Parameter, data etc. required for line program code or the operation of application program running gear.And memory 903 can include random storage Device (RAM), can also include nonvolatile memory (non-volatile memory), such as magnetic disk storage, flash memory (Flash) etc..
Bus 804 can be that industry standard architecture (Industry Standard Architecture, ISA) is total Line, external equipment interconnection (Peripheral Component, PCI) bus or extended industry-standard architecture (Extended Industry Standard Architecture, EISA) bus etc..The bus can be divided into address bus, data/address bus, control Bus processed etc..For ease of representing, only represented in Fig. 8 with a thick line, it is not intended that only one bus or a type of Bus.
The user equipment can also include input/output unit, bus 804 is connected to, to pass through bus and processor 801 Etc. other parts connection.The input/output unit can provide an inputting interface for operating personnel, so that operating personnel pass through this Inputting interface selects item of deploying to ensure effective monitoring and control of illegal activities, and can also be other interfaces, can pass through the external miscellaneous equipment of the interface.
It should be noted that for each foregoing embodiment of the method, in order to be briefly described, therefore it is all expressed as to one it is The combination of actions of row, but those skilled in the art should know, the application is not limited by described sequence of movement, because For according to the application, certain some step can be carried out sequentially or simultaneously using other.Secondly, those skilled in the art also should Know, embodiment described in this description belongs to preferred embodiment, involved action and module not necessarily this Shen Please be necessary.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and is not described in some embodiment Part, may refer to the associated description of other embodiment.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can To instruct the hardware of correlation to complete by program, the program can be stored in a computer-readable recording medium, storage Medium can include:Flash disk, read-only storage (English:Read-Only Memory, referred to as:ROM), random access device (English Text:Random Access Memory, referred to as:RAM), disk or CD etc..
The content download method and relevant device that are there is provided above the embodiment of the present application, system are described in detail, Specific case used herein is set forth to the principle and embodiment of the application, and the explanation of above example is to use Understand the present processes and its core concept in help;Simultaneously for those of ordinary skill in the art, according to the application's Thought, will change in specific embodiments and applications, in summary, and this specification content should not be construed as Limitation to the application.

Claims (10)

1. a kind of Internet of Things access point AP receives the subset encryption method of data, it is characterised in that methods described includes as follows Step:
The Internet of Things access point receives the packet that repeater is sent;
The Internet of Things access point extracts the MAC Address of the repeater of the packet, and repeater is known according to the MAC Address The sequence number of repeater is not obtained, and the sequence number according to the repeater is in the repeater being pre-configured with being looked into ciphering unit mapping table Ask out corresponding first ciphering unit of the repeater;
The Internet of Things access point calls first ciphering unit that the packet is encrypted;
The Internet of Things access point sends the packet after encryption to gateway.
2. according to the method described in claim 1, it is characterised in that methods described is in the Internet of Things access point by encryption Packet afterwards, which is sent to before gateway, to be included:
Such as the first ciphering unit fails to the packet encryption, then calls the spare cryptographic unit pair of the first ciphering unit The packet encryption.
3. according to the method described in claim 1, it is characterised in that described that repeater identification is obtained according to the MAC Address The sequence number of repeater is specifically included:
The MAC Address of the repeater in the packet is extracted, the MAC Address and the MAC Address of storage are mapped with repeater The sequence number for obtaining the corresponding repeater of the MAC Address is compared in table.
4. method according to claim 3, it is characterised in that the Internet of Things access point calls first ciphering unit The packet is encrypted specifically, including:
The Internet of Things access point extracts setting digit digital as key from the MAC Address of repeater, first encryption Using the secret key pair, the packet is encrypted unit.
5. method according to claim 4, it is characterised in that the digit that sets is 4,6 or 8.
6. a kind of Internet of Things AP receives the subset encryption device of data, it is characterised in that described device includes:
Receiving unit, the packet for receiving repeater transmission;
Processing unit, the MAC Address of the repeater for extracting the packet, according to the MAC Address to repeater identification The sequence number of repeater is obtained, the sequence number according to the repeater is in the repeater being pre-configured with being inquired about in ciphering unit mapping table Go out corresponding first ciphering unit of the repeater;Call first ciphering unit that the packet is encrypted;
Transmitting element, for the packet after encryption to be sent to gateway.
7. device according to claim 6, it is characterised in that the processing unit, is additionally operable to such as the first ciphering unit pair The packet encryption failure, then call the spare cryptographic unit of the first ciphering unit to the packet encryption.
8. device according to claim 6, it is characterised in that the processing unit, is additionally operable to extract in the packet Repeater MAC Address, the MAC Address is obtained into the MAC Address with being compared in MAC Address and the repeater mapping table of storage The sequence number of corresponding repeater.
9. device according to claim 6, it is characterised in that the processing unit, is additionally operable to the MAC Address from repeater The middle setting digit digital that extracts is as key, and using the secret key pair, place is encrypted in the packet to first ciphering unit Reason.
10. a kind of computer-readable recording medium, it is characterised in that it stores the computer program for electronic data interchange, Wherein, the computer program causes computer to perform the method as described in claim any one of 1-5.
CN201710573347.9A 2017-07-14 2017-07-14 Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things Active CN107302538B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710573347.9A CN107302538B (en) 2017-07-14 2017-07-14 Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things
PCT/CN2017/100766 WO2019010796A1 (en) 2017-07-14 2017-09-06 Sub-device encryption method and device for receiving data of internet of things ap

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710573347.9A CN107302538B (en) 2017-07-14 2017-07-14 Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things

Publications (2)

Publication Number Publication Date
CN107302538A true CN107302538A (en) 2017-10-27
CN107302538B CN107302538B (en) 2020-07-03

Family

ID=60133939

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710573347.9A Active CN107302538B (en) 2017-07-14 2017-07-14 Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things

Country Status (2)

Country Link
CN (1) CN107302538B (en)
WO (1) WO2019010796A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110839259A (en) * 2019-09-27 2020-02-25 许继集团有限公司 Data transmission method between service terminal and service master station

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050008160A1 (en) * 2002-05-09 2005-01-13 Niigata Seimitsu Co., Ltd. Central encryption management system
CN102694753A (en) * 2011-03-25 2012-09-26 国基电子(上海)有限公司 Gateway equipment capable of carrying out encryption transmission on data, system and method thereof
CN105307167A (en) * 2014-06-18 2016-02-03 松下知识产权经营株式会社 Wireless relay device and wireless relay method
CN106604275A (en) * 2017-01-22 2017-04-26 武汉慧通云信息科技有限公司 Information transmission, encryption and decryption method and system based on mobile internet

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050008160A1 (en) * 2002-05-09 2005-01-13 Niigata Seimitsu Co., Ltd. Central encryption management system
CN102694753A (en) * 2011-03-25 2012-09-26 国基电子(上海)有限公司 Gateway equipment capable of carrying out encryption transmission on data, system and method thereof
CN105307167A (en) * 2014-06-18 2016-02-03 松下知识产权经营株式会社 Wireless relay device and wireless relay method
CN106604275A (en) * 2017-01-22 2017-04-26 武汉慧通云信息科技有限公司 Information transmission, encryption and decryption method and system based on mobile internet

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110839259A (en) * 2019-09-27 2020-02-25 许继集团有限公司 Data transmission method between service terminal and service master station
CN110839259B (en) * 2019-09-27 2023-06-06 许继集团有限公司 Data transmission method between service terminal and service main station

Also Published As

Publication number Publication date
CN107302538B (en) 2020-07-03
WO2019010796A1 (en) 2019-01-17

Similar Documents

Publication Publication Date Title
CN103945369B (en) A kind of length by checking WIFI packets realizes the Internet-surfing configuration method of WIFI equipment
CN108762791A (en) Firmware upgrade method and device
US10880079B2 (en) Private key generation method and system, and device
CN104380773A (en) A virtual card download method, a terminal and intermediate equipment
EP3293933A1 (en) Communication content protection
CN107786331A (en) Data processing method, device, system and computer-readable recording medium
CN106845256A (en) A kind of method and terminal of encryption and decryption data in the application
CN107846715A (en) Access point switching method and device of the Internet of Things based on transmission rate
CN107770087A (en) Router switching method and device of the Internet of Things based on connection quantity
JP2011205302A (en) Wireless lan relay device, wireless communication system, and method for controlling the wireless lan relay device
US20150180837A1 (en) Network system and networking method
CN107547516A (en) The encryption method at times and device of internet-of-things terminal data
CN107566336A (en) The encryption method in order and device of internet-of-things terminal data
CN107846683A (en) Upstream data control extension method and device of the Internet of Things access point based on type
CN104244171A (en) Data transmission system and method on basis of NFC (near field communication) connection
CN107483203A (en) Internet of Things access point receives the encryption method at times and device of data
CN107370735A (en) The encryption method at times and device of a kind of Internet of Things REPEATER DATA
CN107302538A (en) Internet of Things AP receives the subset encryption method and device of data
CN107484214A (en) Internet of Things access point frequency point selecting method and device
CN107483201A (en) A kind of selection encryption method and device based on Internet of Things access point
CN107493267A (en) A kind of random encrypting method and device of internet-of-things terminal data
CN107483202A (en) A kind of selection encryption method and device based on Internet of Things repeater
CN107360566A (en) Upstream data control extension method and device of the internet-of-things terminal based on type
CN107493571A (en) Upstream data control extension method and device of the Internet of Things repeater based on type
JP2017022443A (en) Setting information generator, method, setting terminal and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant