CN110071911A - The method and device of information transferring method and device, certificate update - Google Patents
The method and device of information transferring method and device, certificate update Download PDFInfo
- Publication number
- CN110071911A CN110071911A CN201910214077.1A CN201910214077A CN110071911A CN 110071911 A CN110071911 A CN 110071911A CN 201910214077 A CN201910214077 A CN 201910214077A CN 110071911 A CN110071911 A CN 110071911A
- Authority
- CN
- China
- Prior art keywords
- plc
- certificate
- server
- communication connection
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Programmable Controllers (AREA)
Abstract
This application provides a kind of information transferring method and devices, the method and device of certificate update, wherein, the information transferring method includes: the First Certificate that PLC receives cloud server transmission, then safety verification is carried out to First Certificate, in the case where being verified, determine the server legitimacy, then the message being verified to server feedback, PLC and server can establish communication connection row information of going forward side by side and transmit, using the above scheme, unidirectional authentication by PLC client to server, take full advantage of the characteristics of supporting the server of TLS function not require authenticated client, on the basis of ensuring communication safety, the time for establishing communication is greatly reduced, save resource, solve the problems, such as that the secure communication in the related technology between PLC and cloud server is complex.
Description
Technical field
This application involves but be not limited to the communications field, more in particular to a kind of information transferring method and device, certificate
New method and device.
Background technique
In the related art, programmable logic controller (PLC) (Programmable Logic Controller, referred to as
PLC) encipherment scheme: for without for being connected to the PLC of public network, common encipherment scheme is divided into two kinds: hardware encryption, i.e., plus
Close chip: it by password or enciphering and deciphering algorithm write-in encryption chip, is matched with the encryption information carried in PLC.It is this to add
Close scheme can protect entire PLC program.Software cryptography was such as encrypted for some kernel software module, when software generation
Code be cracked or decompiling after, it is ensured that the safety of kernel software module, to protect property right to the greatest extent.For being not necessarily to
For the PLC of the public network of connection, just do not account for the safety issue in communication process at all, thus its hardware encryption for using and
Software cryptography mode cannot be guaranteed the safety of network communication.When that need to be connected to cloud, original encipherment scheme can still be protected
Continue to employ to protect software property right.
PLC and cloud communication encryption scheme: as Internet of Things is quickly grown, various field equipment has realized upload data
Certain services are obtained to cloud or from cloud.Field device is just already connected to public network at this time, and be bound to field device and cloud to be considered
Hold the safety issue of communication.Now commonly used TLS (Transport Layer Security, secure transport layer protocol) adds
Close agreement guarantees Network Communicate Security and data integrity.The tls protocol that Internet of Things Network Communication uses is in order to guarantee network communication
Safety and data integrity generally use the strategy of two-way authentication.Exactly when client attempts to establish safe connect by server
When connecing, client needs to verify the legitimacy of server, while server needs to verify the legitimacy of client.This process ratio
More complex, time-consuming.Work as unstable networks, in order to effectively manage this connection, both sides need frequently cut off connection, establish connection
When, mutual authentication process time-consuming will can not ignore.And industry spot is complicated, environment is more severe, unstable networks situation Shi Youfa
It is existing.And server and client are both needed to safeguard a set of certificate, and certificate maintenance upgrade work is also cumbersome.
For the complex problem of the secure communication in the related technology between PLC and cloud server, there is presently no
Effective solution scheme.
Summary of the invention
The embodiment of the present application provides the method and device of a kind of information transferring method and device, certificate update, at least
Solving the problems, such as that the secure communication in the related technology between PLC and cloud server is complex causes to realize that difficulty is big.
According to one embodiment of the application, a kind of information transferring method is provided, comprising: programmable logic controller (PLC)
PLC receives the First Certificate that server is sent;In the case where the First Certificate passes through safety verification, the PLC is to described
Server feedback first message, wherein the first message is for notifying the First Certificate to pass through safety verification;The PLC
Establish with the communication connection of the server, and carry out information transmission using the communication connection, wherein the communication connection is
Secure transport layer protocol TLS link.
According to another embodiment of the application, a kind of information transferring method is additionally provided, comprising: server is sent out to PLC
Send First Certificate;Whether receive PLC feedback is used to indicate the First Certificate by the first message of safety verification;?
In the case that the First Certificate passes through the safety verification, the server establishes the communication connection with the PLC, and uses
The communication connection carries out information transmission, wherein the communication connection is that secure transport layer protocol TLS is linked.
According to another embodiment of the application, a kind of information transmission system is additionally provided, comprising: server is sent out to PLC
Send First Certificate;The PLC receives the First Certificate, and in the case where the First Certificate passes through safety verification, to institute
State server feedback first message, wherein the first message is for notifying the First Certificate to pass through safety verification;It is described
Communication connection is established between PLC and the server, and carries out information transmission using the communication connection, wherein the communication
It is connected as secure transport layer protocol TLS link.
According to another embodiment of the application, a kind of information carrying means is additionally provided, is used for Programmable logical controller
Device PLC, comprising: the first receiving module, for receiving the First Certificate of server transmission;First feedback module, for described
In the case that First Certificate passes through safety verification, Xiang Suoshu server feedback first message, wherein the first message is for leading to
Know that the First Certificate passes through safety verification;First transmission module, for establish with the communication connection of the server, and use
The communication connection carries out information transmission, wherein the communication connection is that secure transport layer protocol TLS is linked.
According to another embodiment of the application, a kind of information carrying means is additionally provided, is used for server, comprising: the
Two sending modules, for sending First Certificate to PLC;Second receiving module is used to indicate institute for receive PLC feedback
First Certificate is stated whether by the first message of safety verification;Second transmission module, it is described for passing through in the First Certificate
In the case where safety verification, the communication connection with the PLC is established, and carry out information transmission using the communication connection, wherein
The communication connection is that secure transport layer protocol TLS is linked.
According to another embodiment of the application, a kind of method of certificate update is additionally provided, comprising: programmable logic control
It is communicated between device PLC and server processed by first, wherein first communication is preparatory according to the first card
What book was established;The PLC receives the certificate update request message that the server is sent, and more to the server feedback certificate
New confirmation message;Receive the second certificate that the server is sent, and to the server feedback certificate validation message;Disconnect institute
The first communication connection is stated, and re-establishes the second communication connection according to second certificate;Receive the upper of the server transmission
The request message of First Certificate is passed, and uploads the First Certificate, the PLC and the server pass through second communication link
Tap into row information transmission.
According to another embodiment of the application, a kind of certificate update method is additionally provided, the method also includes: service
It is communicated between device and PLC by first, wherein first communication is preparatory according to First Certificate foundation
's;Certificate update request message is sent to the PLC, and receives the certificate update confirmation message of the PLC feedback;To described
PLC sends the second certificate, and receives the certificate validation message of the PLC feedback;First communication connection is disconnected, and according to institute
It states the second certificate and re-establishes the second communication connection;First Certificate upload request message is sent to the PLC, and described in reception
The First Certificate of PLC transmission, the server and the PLC carry out information transmission by second communication connection.
According to another embodiment of the application, a kind of device of certificate update is additionally provided, is used for programmable logic control
Device PLC processed, comprising: first communication module is communicated, wherein described for passing through first between server
First communication is that preparatory foundation First Certificate is established;First receiving module, for receiving the certificate of the server transmission more
New request message, and to the server feedback certificate update confirmation message;Second receiving module, for receiving the server
The second certificate sent, and to the server feedback certificate validation message;First re-establishes module, for disconnecting described
One communication connection, and the second communication connection is re-established according to second certificate;Second communication module, for receiving the clothes
It is engaged in the request message of upload First Certificate that device is sent, and uploads the First Certificate, and pass through described the with the server
Two communication connections carry out information transmission.
According to another embodiment of the application, a kind of certificate update device is additionally provided, is used for server, described device
Further include: third communication module first is communicated for passing through between PLC, wherein described first communicates and be
It is established in advance according to First Certificate;First sending module for sending certificate update request message to the PLC, and receives
The certificate update confirmation message of the PLC feedback;Second sending module for sending the second certificate to the PLC, and receives institute
State the certificate validation message of PLC feedback;Second re-establishes module, for disconnecting first communication connection, and according to described
Second certificate re-establishes the second communication connection;Fourth communication module disappears for sending First Certificate upload request to the PLC
Breath, and receive the First Certificate of PLC transmission, the server and the PLC by described second communicate to connect into
Row information transmission.
According to another embodiment of the application, a kind of storage medium is additionally provided, meter is stored in the storage medium
Calculation machine program, wherein the computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
According to another embodiment of the application, a kind of electronic device, including memory and processor are additionally provided, it is described
Computer program is stored in memory, the processor is arranged to run the computer program to execute any of the above-described
Step in embodiment of the method.
By the application, PLC receives the First Certificate of cloud server transmission, then carries out safety to First Certificate and tests
Card, in the case where being verified, determines the server legitimacy, the message being then verified to server feedback, PLC and clothes
Business device can establish communication connection row information of going forward side by side and transmit, using the above scheme, by PLC client to the list of server
To verifying, the characteristics of supporting the server of TLS function not require authenticated client is taken full advantage of, on the basis to ensure communication safety
On, the time for establishing communication is greatly reduced, saves resource, solves in the related technology between PLC and cloud server
The complex problem of secure communication.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen
Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 is the flow chart according to the information transferring method of the embodiment of the present application;
Fig. 2 is the flow diagram according to the information transferring method of the embodiment of the present application;
Fig. 3 is the schematic diagram that TLS connection is established between client and server according to another embodiment of the application;
Fig. 4 is the flow diagram according to the TLS certificate update of the application another embodiment.
Specific embodiment
The application is described in detail below with reference to attached drawing and in conjunction with the embodiments.It should be noted that not conflicting
In the case of, the features in the embodiments and the embodiments of the present application can be combined with each other.
It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.
Embodiment one
A kind of information transferring method for running on PLC client is provided in the present embodiment, and Fig. 1 is according to the application reality
The flow chart of the information transferring method of example is applied, as shown in Figure 1, the process includes the following steps:
Step S102, programmable logic controller (PLC) PLC receive the First Certificate that server is sent;
The PLC can be micro PLC PLC (Programmable Logic Controller, abbreviation
For PLC).
Optionally, the server end of the program uses mosquitto, it is that a message that realizes pushes in the related technology
The open source message broker software of agreement MQTT V1.3, supports TLS V1.2, and deployment is simple.Certificate, public key, private key are customized
Registration generates, and for ensuring communication safety property, the specific information of server end, such as the address ip, Hostname specific information are made
For a part of certificate.It can be considered for different clients and generate different certificate and public, private key pair.That is First Certificate
It can be server oneself generation, rather than authenticate Shen to client authorization (Certificate Authority, referred to as CA)
Please.
First Certificate herein is equivalent to the original certificate in subsequent embodiment, and the second certificate herein is equivalent to subsequent reality
Apply the new authentication to be updated in example.
The side PLC is also referred to as client in present specification.Program client side TLS protocol is using ARM company
Mbedtls is the realization of tls protocol and has corresponding Encryption Algorithm and support code, is to aim at low profile edge
Equipment design.Mbedtls supports a variety of encrypted components, and common 10 kinds, including DHE_RSA_3DES_ are used in this programme
CBC_SHA, ECDH_ECDSA_WITH_AES_128_CBC_SHA etc..Simultaneously in order to establish TLS connection, what server end was supported
Encrypted component must support at least one of encrypted component comprising client.
Step S104, in the case where the First Certificate passes through safety verification, the PLC is to the server feedback the
One message, wherein the first message is for notifying the First Certificate to pass through safety verification;
Optionally, first message can notify server, and the parameter negotiation between PLC and server is completed, and can also take
With the wildcard crossed using public key encryption.
Step S106, the PLC establishes the communication connection with the server, and carries out information using the communication connection
Transmission, wherein the communication connection is that secure transport layer protocol TLS is linked.
In the related art, the server of TLS function is supported not require authenticated client, it ensure that using above-mentioned unidirectional
It is communicated after proof scheme still safe.
Through the above steps, PLC receives the First Certificate of cloud server transmission, then carries out safety to First Certificate
Verifying, in the case where being verified, determine the server legitimacy, the message being then verified to server feedback, PLC with
Server can establish communication connection row information of going forward side by side and transmit, using the above scheme, by PLC client to server
Unidirectional authentication takes full advantage of the characteristics of supporting the server of TLS function not require authenticated client, in the base to ensure communication safety
On plinth, the time for establishing communication is greatly reduced, saves resource, solves in the related technology between PLC and cloud server
The complex problem of secure communication.
Optionally, information transmission is carried out using the communication connection, comprising: first key is used in the communication connection
Encrypted transmission is carried out to information to be transmitted, wherein the first key PLC is generated in the following manner: the PLC
Generate the first key according to the first random number, the second random number and wildcard Pre Key, wherein described first with
Machine number is that the PLC is generated, and second random number is that the server is sent, and the Pre Key is with the service
What the public key encryption that device is sent was crossed.Using the above scheme, first key is generated in such a way that above-mentioned both sides appoint, uses
One key carries out coded communication, ensure that the safety of information transmission.
Optionally, before programmable logic controller (PLC) PLC receives the First Certificate that server is sent, the PLC sends the
One random number and the first encrypted component collection are bonded to the server, wherein the first encrypted component set includes what the PLC was supported
Encrypted component type;Receive the second random number and the second encrypted component of the server feedback, wherein second random number
It being generated at random by the server, second encrypted component is one of the first encrypted component set encrypted component,
Second encrypted component is a kind of encrypted component that the server is supported, calls second encrypted component to described first
Key and the information to be transmitted carry out encrypted transmission.In order to execute the technical solution in present specification, server needs full
Sufficient the following conditions: at least one of encrypted component must be supported comprising PLC in the encrypted component that server is supported.
Optionally, programmable logic controller (PLC) PLC receives the First Certificate that server is sent, comprising: receives the service
The First Certificate and public key that device is sent.First Certificate and public key issue when can be different, or allow not in same information
In issue.
Optionally, the PLC is to the server feedback first message, wherein the first message is described for notifying
First Certificate passes through safety verification, comprising: the PLC uses the public key encryption wildcard Pre Key;The PLC will
The encrypted Pre Key is sent to the server, and the server is notified to be used to indicate disappearing for parameter negotiation completion
Breath.
Optionally, the PLC establishes the communication connection with the server, comprising: the PLC sends first and finally shakes hands
Finish Handshake message gives the server;The 2nd Finish Handshake for receiving the server feedback disappears
Breath, and establish the communication connection.
Optionally, the PLC establishes the communication connection with the server, and carries out information biography using the communication connection
After defeated, receive the First Certificate that server is sent and update request message, and updated really to the server feedback First Certificate
Recognize message;Receive the second certificate that the server is sent, and to the second certificate validation of server feedback message;Disconnect institute
Communication connection is stated, and re-establishes the second communication connection according to second certificate;Receive upload that the server is sent the
The request message of one certificate, and upload the First Certificate, the PLC and the server by described second communicate to connect into
Row information transmission.Using the above scheme, certificate update process can be completed in the interaction that PLC and server carry out above-mentioned steps, protects
The safe and effective of communication connection is demonstrate,proved.
Optionally, the second certificate that the server is sent is received, and is disappeared to second certificate validation of server feedback
After breath, receives the public key that the server is sent and update request message, and update confirmation to the server feedback public key and disappear
Breath;Receive the new public key that the server is sent, and to the new public key confirmation message of the server feedback.
According to another embodiment of the application, Fig. 2 is shown according to the process of the information transferring method of the embodiment of the present application
It is intended to, as shown in Figure 2, comprising the following steps:
S202, server send First Certificate to PLC;
S204, whether receive PLC feedback is used to indicate the First Certificate by the first message of safety verification;
S206, in the case where the First Certificate passes through the safety verification, the server is established with the PLC's
Communication connection, and information transmission is carried out using the communication connection, wherein the communication connection is secure transport layer protocol TLS
Link.
Using the above scheme, the unidirectional authentication by PLC client to server takes full advantage of and supports TLS function
Server does not require the characteristics of authenticated client, and on the basis of ensuring communication safety, the time for establishing communication, section is greatly reduced
Resource has been saved, has solved the problems, such as that the secure communication in the related technology between PLC and cloud server is complex.
Optionally, before server sends First Certificate to PLC, the server is generated according at least one following information
The First Certificate: the IP address of the server, the Hostname of the server;Wherein, the server is for difference
PLC generate different First Certificates.Using the above scheme, the customized registration of certificate that server end provides generates, Er Feixiang
Ca authentication (Certificate Authority) application, reduces cost, and timeliness and later period upgrade maintenance are convenient.
Optionally, information transmission is carried out using the communication connection, comprising: first key is used in the communication connection
Encrypted transmission is carried out to information to be transmitted, wherein the first key is that the server is generated by under type: the clothes
Device of being engaged according to the first random number, the second random number and wildcard Pre Key generates the first key, wherein described the
One random number is that the PLC is sent, and second random number is that the server generates, and the Pre Key is the PLC
It sends.
Optionally, before server sends First Certificate to PLC, the first random number and first that the PLC is sent is received
Encrypted component collection is bonded to the server, wherein the first encrypted component set includes the encrypted component class that the PLC is supported
Type;The second random number and the second encrypted component are sent to the PLC, wherein second random number is random by the server
It generates, second encrypted component is one of the first encrypted component set encrypted component, second encrypted component
For the component that the server is supported, second encrypted component is used to carry out the first key and the information to be transmitted
Encrypted transmission.
Optionally, server sends First Certificate to PLC, comprising: Xiang Suoshu PLC sends the First Certificate and public key.
Optionally, being used to indicate the First Certificate and whether passing through the first of safety verification and disappear for PLC feedback is received
Breath, including at least one of: receiving the wildcard Pre Key that the PLC is sent, wherein the Pre Key is described
PLC is crossed using the public key encryption;Receive the message for being used to indicate parameter negotiation completion that the PLC is sent.
Optionally, the server establishes the communication connection of the PLC, comprising: it is final to receive the PLC is sent first
Handshake information;The second final handshake information is fed back to the PLC, and establishes the communication connection, wherein the communication connection is
Secure transport layer protocol TLS link.
Optionally, the server establishes the communication connection with the PLC, and carries out information biography using the communication connection
After defeated, Xiang Suoshu PLC sends First Certificate and updates request message, and the First Certificate for receiving the PLC feedback updates confirmation
Message;The second certificate is sent to the PLC, and receives the second certificate validation message of the PLC feedback;Disconnect the communication link
It connects, and re-establishes the second communication connection according to second certificate;First Certificate upload request message is sent to the PLC,
And it receives the First Certificate of the PLC transmission, the server and the PLC and letter is carried out by second communication connection
Breath transmission.Using the above scheme, after more new authentication, PLC is also required to upload original certificate, i.e. First Certificate, by this
Mode detects whether PLC is legitimate user, such as PLC fails to upload First Certificate, or uploads mistake, then show currently logical
There is exception in letter connection, should interrupt in time.
Optionally, in multiple steps of above-described embodiment, if PLC fails to show to work as to server feedback information
Preceding unsuitable progress certificate update process, therefore certificate update process can be suspended, it is subsequent to trigger again.The touching of certificate update process
Hair opportunity is independently determined by server.
Optionally, Xiang Suoshu PLC sends First Certificate upload request message, and receives described the first of the PLC transmission
Certificate, the server and the PLC carry out information transmission by second communication connection, comprising: within a preset time not
The First Certificate of the PLC feedback is received, alternatively, the First Certificate of PLC feedback has mistake
Under, at least one described following operation of server execution: disconnecting second communication connection, and disabling second certificate is established logical
Letter connection, executes alarm operation.
Optionally, Xiang Suoshu PLC sends the second certificate, and after receiving the second certificate validation message of PLC feedback,
Public key is sent to the PLC and updates request message, and the public key for receiving feedback updates confirmation message;New public key is sent to the PLC,
And receive the new public key confirmation message of feedback.Using the program, it is updated after completing certificate update process also to complete public key
Journey.
According to another embodiment of the application, a kind of method of certificate update is additionally provided, comprising the following steps:
Step 1 is communicated between programmable logic controller (PLC) PLC and server by first, wherein
First communication is that preparatory foundation First Certificate is established;
Step 2, the PLC receive the certificate update request message that the server is sent, and to the server feedback
Certificate update confirmation message;
Step 3, receives the second certificate that the server is sent, and to the server feedback certificate validation message;
Step 4 disconnects first communication connection, and re-establishes the second communication connection according to second certificate;
Step 5, receives the request message for the upload First Certificate that the server is sent, and uploads the First Certificate,
The PLC and the server pass through the second communication connection progress information transmission.
Using the above scheme, after more new authentication, PLC is also required to upload original certificate, i.e. First Certificate, by this
Mode detects whether PLC is legitimate user, such as PLC fails to upload First Certificate, or uploads mistake, then show currently logical
There is exception in letter connection, should interrupt in time.
Optionally, receive the second certificate that the server is sent, and to the server feedback certificate validation message it
Afterwards, it receives the public key that the server is sent and updates request message, and update confirmation message to the server feedback public key;It connects
Receive the new public key that the server is sent, and to the new public key confirmation message of the server feedback.Using the program, complete to demonstrate,prove
Also public key renewal process is completed after book renewal process.
According to another embodiment of the application, a kind of certificate update method is additionally provided, the method includes following steps
It is rapid:
Step 1 is communicated between server and PLC by first, wherein first communication is pre-
First established according to First Certificate;
Step 2, Xiang Suoshu PLC send certificate update request message, and receive the certificate update confirmation of the PLC feedback
Message;
Step 3, Xiang Suoshu PLC send the second certificate, and receive the certificate validation message of the PLC feedback;
Step 4 disconnects first communication connection, and re-establishes the second communication connection according to second certificate;
Step 5, Xiang Suoshu PLC send First Certificate upload request message, and receive described the first of the PLC transmission
Certificate, the server and the PLC carry out information transmission by second communication connection.
Using the above scheme, after more new authentication, PLC is also required to upload original certificate, i.e. First Certificate, by this
Mode detects whether PLC is legitimate user, such as PLC fails to upload First Certificate, or uploads mistake, then show currently logical
There is exception in letter connection, should interrupt in time.
Optionally, it after Xiang Suoshu PLC sends First Certificate upload request message, does not receive within a preset time described
The First Certificate of PLC feedback, alternatively, the First Certificate of PLC feedback is deposited in the case of an error, the service
Device executes at least one following operation: disconnecting second communication connection, disables second certificate and establish communication connection, execute
Alarm operation.
Optionally, Xiang Suoshu PLC sends the second certificate, and after receiving the certificate validation message of PLC feedback, to institute
It states PLC and sends public key update request message, the public key for receiving feedback updates confirmation message;New public key is sent to the PLC, and is connect
Receive the new public key confirmation message of feedback.
Below with reference to the application, another embodiment is illustrated.
Another embodiment of the application solves micro PLC PLC (Programmable Logic
Controller, referred to as PLC) when being communicated with cloud the technical issues of data encryption.Programmable logic controller (PLC) PLC is as visitor
Family end, cloud is as server end.Multiple PLC can access cloud simultaneously, and connection and communication process are established in each PLC and cloud
All refer to the encipherment scheme.
Time-consuming in order to reduce entire ciphering process, the program uses TLS unidirectional authentication, i.e. only client validation service
The legitimacy at device end is exactly the certificate legitimacy of authentication server.There is the server of TLS function not require client to recognize because most of
It demonstrate,proves (Client Authentication), this is present solution provides bases.
Simultaneously in order to reduce the cost, timeliness and later period upgrade maintenance are convenient, the customized note of certificate that server end provides
Volume generates, rather than applies to ca authentication (client authorization, Certificate Authority).Server end generates valid certificate
Certificate and public key are handed down to by client using secured fashion afterwards, private key takes care of oneself.Client by the valid certificate and
Public key saves.
Before PLC and server communication, server needs to meet following configuration: the server end of the program is used
Mosquitto, it is a open source message broker software for realizing message push protocol MQTT V1.3, supports TLS V1.2,
It disposes simple.The customized registration of certificate, public key, private key generates, for ensuring communication safety property, by the specific letter of server end
Breath, such as a part of the address ip, Hostname specific information as certificate.Generation can be considered not for different clients
Same certificate and public, private key pair.
Before PLC and server communication, client needs to meet following configuration: program client side TLS protocol is used
The mbedtls of ARM (Advanced Reduced Instruction Set processor Advanced RISC Machines, referred to as ARM) company is
The realization of tls protocol and have corresponding Encryption Algorithm and support code, aims at the design of low profile edge equipment.
Mbedtls supports a variety of encrypted components, and common 10 kinds, including DHE_RSA_3DES_ are used in this programme
CBC_SHA, ECDH_ECDSA_WITH_AES_128_CBC_SHA, ECDH_RSA_WITH_3DES_EDE_CBC_SHA etc..Simultaneously
In order to establish TLS connection, the encrypted component that server end is supported must support at least one of encrypted component comprising client.
Fig. 3 is the schematic diagram that TLS connection is established between client and server according to another embodiment of the application, such as
Shown in Fig. 3, demonstrate client and server is how to establish TLS to connect, substantially process description is as follows:
S301, client send Client Hello message to server end first, random comprising one in this message
The encrypted component that number random_c and client are supported.
S302 after server end receives Client Hello message, replys Server Hello message, this message includes
The encrypted component that the client that one random number random_s and server end are selected is supported.
The certificate Server Certificate of oneself is issued client, recognized for client by S303, subsequent server end
Card.
S304 after the client certificate legitimacy of server end, with the public key encryption pre_key of server end, and leads to
It crosses Client key exchange and issues server end.
S305, and client notification server end parameter negotiation completes Change ciper spec.At this point, client
And server end uses three random number (random_c, random_s, wildcard pre_key) mono- key of Lai Shengcheng,
This key is used to encrypt subsequent communications data.
S306, subsequent client send Finish Handshake message of finally shaking hands to server end,
S307, server end also reply the Finish Handshake message.
S308, the TLS connection of client and server is it has been established that subsequent can carry out safe data interaction at this time
?.
Fig. 4 is according to the flow diagram of the TLS certificate update of the application another embodiment, as shown in figure 4, PLC makees
For client, cloud is as server end.In PLC and cloud communication process, it is related to the replacement problem of TLS certificate.Certificate
Update cycle is determined by cloud.
S401, server end select suitable opportunity to start certificate update process, and server end sends certificate update and asks
It asks message to client, and waits the certificate update confirmation message of client.
If not receiving confirmation message at the appointed time, some stipulated time is waited to send certificate update request again
Message.Up to the confirmation message for not receiving client still three times, then this renewal process is abandoned, finds next opportunity and open again
Dynamic renewal process.
S402 receives the certificate update confirmation message of client at the appointed time;
New authentication is then sent to client by S403, server, and waits the new authentication confirmation message of client.
If not receiving confirmation message at the appointed time, some stipulated time is waited to send new authentication again.Up to three
The secondary confirmation message for not receiving client still, then abandon this renewal process.
S404, receives new authentication confirmation message at the appointed time and certificate update completes message, and server end thinks visitor
New authentication is successfully kept in family end.
S405, customer side just need to properly save new authentication after replying certificate update to server end and completing message, and main
Dynamic circuit breaker is opened and the established connection of server end.
S406, subsequent client and server carry out TLS handshake process using new authentication, and communication process is as schemed
Operation in 3 descriptions.
S407, after client and server establishes secure connection, server end needs to verify the legitimacy of client.
Server end, which is sent, uploads original certificate request message to client.
If client does not upload original certificate at the appointed time, or the original certificate uploaded is wrong, then server end
It will be considered that certificate update process is monitored or cracks or this client is spoofed.Then server end can actively disconnect this company
It connects, and disables new authentication, provide warning note.In case of such case, Cert sync work need to be carried out manually.
S408, client need to upload original certificate in the stipulated time.
S409, if client uploads correct original certificate at the appointed time, server-side certificate is this time demonstrate,proved
Book renewal process is successfully completed, subsequent, and client and server carries out data communication.
When server end decision is also updated public key, the new authentication confirmation message of customer side can be received in S404
After send corresponding public key and update request.If server end decision is not updated public key, no need to send.
Using the above scheme, while guaranteeing data encryption feature, by the time-consuming shortening of encryption, encryption efficiency is promoted, is reached
To function in conjunction with the advantage of efficiency.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much
In the case of the former be more preferably embodiment.Based on this understanding, the technical solution of the application is substantially in other words to existing
The part that technology contributes can be embodied in the form of software products, which is stored in a storage
In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate
Machine, server or network equipment etc.) execute method described in each embodiment of the application.
Embodiment two
A kind of information carrying means is additionally provided in the present embodiment, and the device is real for realizing above-described embodiment and preferably
Mode is applied, the descriptions that have already been made will not be repeated.As used below, the soft of predetermined function may be implemented in term " module "
The combination of part and/or hardware.Although device described in following embodiment is preferably realized with software, hardware, or
The realization of the combination of software and hardware is also that may and be contemplated.
According to another embodiment of the application, a kind of information carrying means is additionally provided, is used for Programmable logical controller
Device PLC, comprising:
First receiving module, for receiving the First Certificate of server transmission;
First feedback module is used in the case where the First Certificate passes through safety verification, Xiang Suoshu server feedback
First message, wherein the first message is for notifying the First Certificate to pass through safety verification;
First transmission module, for establish with the communication connection of the server, and carry out letter using the communication connection
Breath transmission, wherein the communication connection is that secure transport layer protocol TLS is linked.
Using the above scheme, the unidirectional authentication by PLC client to server takes full advantage of and supports TLS function
Server does not require the characteristics of authenticated client, and on the basis of ensuring communication safety, the time for establishing communication, section is greatly reduced
Resource has been saved, has solved the problems, such as that the secure communication in the related technology between PLC and cloud server is complex.
According to another embodiment of the application, a kind of information carrying means is additionally provided, is used for server, comprising:
Second sending module, for sending First Certificate to PLC;
Second receiving module, for receiving being used to indicate the First Certificate and whether passing through safety and test for PLC feedback
The first message of card;
Second transmission module, for establishing and the PLC in the case where the First Certificate passes through the safety verification
Communication connection, and using the communication connection carry out information transmission, wherein it is described communication connection be secure transport layer protocol
TLS link.
Using the above scheme, the unidirectional authentication by PLC client to server takes full advantage of and supports TLS function
Server does not require the characteristics of authenticated client, and on the basis of ensuring communication safety, the time for establishing communication, section is greatly reduced
Resource has been saved, has solved the problems, such as that the secure communication in the related technology between PLC and cloud server is complex.
According to another embodiment of the application, a kind of device of certificate update is additionally provided, is used for programmable logic control
Device PLC processed, comprising:
First communication module is communicated for passing through first between server, wherein described first is logical
Letter is preparatory according to First Certificate foundation;
First receiving module, the certificate update request message sent for receiving the server, and to the server
Feed back certificate update confirmation message;
Second receiving module, the second certificate sent for receiving the server, and to the server feedback certificate
Confirmation message;
First re-establishes module, for disconnecting first communication connection, and re-establishes according to second certificate
Second communication connection;
Second communication module for receiving the request message for the upload First Certificate that the server is sent, and uploads institute
First Certificate is stated, and information transmission is carried out by second communication connection with the server.
According to another embodiment of the application, a kind of certificate update device is additionally provided, is used for server, described device
Further include:
Third communication module is communicated for passing through first between PLC, wherein first communication
It is that preparatory foundation First Certificate is established;
First sending module for sending certificate update request message to the PLC, and receives the card of the PLC feedback
Book updates confirmation message;
Second sending module, for sending the second certificate to the PLC, and the certificate validation for receiving the PLC feedback disappears
Breath;
Second re-establishes module, for disconnecting first communication connection, and re-establishes according to second certificate
Second communication connection;
Fourth communication module for sending First Certificate upload request message to the PLC, and receives the PLC transmission
The First Certificate, the server and the PLC pass through the second communication connection progress information transmission.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong
Following manner realization is crossed, but not limited to this: above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any
Combined form is located in different processors.
Embodiment three
According to another embodiment of the application, a kind of information transmission system is additionally provided, comprising:
Server sends First Certificate to PLC;
The PLC receives the First Certificate, and in the case where the First Certificate passes through safety verification, to the clothes
Business device feeds back first message, wherein the first message is for notifying the First Certificate to pass through safety verification;
Communication connection is established between the PLC and the server, and carries out information transmission using the communication connection,
In, the communication connection is that secure transport layer protocol TLS is linked.
Using the above scheme, the unidirectional authentication by PLC client to server takes full advantage of and supports TLS function
Server does not require the characteristics of authenticated client, and on the basis of ensuring communication safety, the time for establishing communication, section is greatly reduced
Resource has been saved, has solved the problems, such as that the secure communication in the related technology between PLC and cloud server is complex.
Optionally, information transmission is carried out using the communication connection, comprising: first key is used in the communication connection
Encrypted transmission is carried out to information, wherein the first key is that the server and the PLC are generated in the following manner:
Generate the first key according to the first random number, the second random number and wildcard Pre Key, wherein described first with
Machine number is that the PLC is sent, and second random number is that the server generates, and the Pre Key is that the PLC is sent
's.
Example IV
Embodiments herein additionally provides a kind of storage medium.Optionally, in the present embodiment, above-mentioned storage medium can
To be arranged to store the program code for executing following steps:
S1, programmable logic controller (PLC) PLC receive the First Certificate that server is sent;
S2, in the case where the First Certificate passes through safety verification, the PLC disappears to the server feedback first
Breath, wherein the first message is for notifying the First Certificate to pass through safety verification;
S3, the PLC establish the communication connection with the server, and carry out information transmission using the communication connection,
Wherein, the communication connection is that secure transport layer protocol TLS is linked.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or
The various media that can store program code such as CD.
Embodiments herein additionally provides a kind of electronic device, including memory and processor, stores in the memory
There is computer program, which is arranged to run computer program to execute the step in any of the above-described embodiment of the method
Suddenly.
Optionally, above-mentioned electronic device can also include transmitting device and input-output equipment, wherein the transmitting device
It is connected with above-mentioned processor, which connects with above-mentioned processor.
Optionally, in the present embodiment, above-mentioned processor can be set to execute following steps by computer program:
S1, programmable logic controller (PLC) PLC receive the First Certificate that server is sent;
S2, in the case where the First Certificate passes through safety verification, the PLC disappears to the server feedback first
Breath, wherein the first message is for notifying the First Certificate to pass through safety verification;
S3, the PLC establish the communication connection with the server, and carry out information transmission using the communication connection,
Wherein, the communication connection is that secure transport layer protocol TLS is linked.
Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment
Example, details are not described herein for the present embodiment.
Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment
Example, details are not described herein for the present embodiment.
Obviously, those skilled in the art should be understood that each module of above-mentioned the application or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
It is performed by computing device in the storage device, and in some cases, it can be to be different from shown in sequence execution herein
Out or description the step of, perhaps they are fabricated to each integrated circuit modules or by them multiple modules or
Step is fabricated to single integrated circuit module to realize.It is combined in this way, the application is not limited to any specific hardware and software.
The foregoing is merely preferred embodiment of the present application, are not intended to limit this application, for the skill of this field
For art personnel, various changes and changes are possible in this application.Within the spirit and principles of this application, made any to repair
Change, equivalent replacement, improvement etc., should be included within the scope of protection of this application.
Claims (31)
1. a kind of information transferring method characterized by comprising
Programmable logic controller (PLC) PLC receives the First Certificate that server is sent;
In the case where the First Certificate passes through safety verification, the PLC is to the server feedback first message, wherein
The first message is for notifying the First Certificate to pass through safety verification;
The PLC establishes the communication connection with the server, and carries out information transmission using the communication connection, wherein institute
Stating communication connection is that secure transport layer protocol TLS is linked.
2. the method according to claim 1, wherein carrying out information transmission using the communication connection, comprising:
Encrypted transmission is carried out to information to be transmitted using first key in the communication connection, wherein the first key is
What the PLC was generated in the following manner:
The PLC generates the first key according to the first random number, the second random number and wildcard Pre Key, wherein
First random number is that the PLC is generated, and second random number is that the server is sent, and the Pre Key is
It is crossed with the public key encryption that the server is sent.
3. according to the method described in claim 2, it is characterized in that, programmable logic controller (PLC) PLC receives what server was sent
Before First Certificate, the method also includes:
The PLC sends the first random number and the first encrypted component collection is bonded to the server, wherein the first encrypted component set
The encrypted component type supported including the PLC;
Receive the second random number and the second encrypted component of the server feedback, wherein second random number is by the clothes
Business device generates at random, and second encrypted component is one of the first encrypted component set encrypted component, and described second
Encrypted component is a kind of encrypted component that the server is supported, calls second encrypted component to the first key and institute
It states information to be transmitted and carries out encrypted transmission.
4. the method according to claim 1, wherein programmable logic controller (PLC) PLC receives what server was sent
First Certificate, comprising:
Receive the First Certificate and public key that the server is sent.
5. according to the method described in claim 4, it is characterized in that, the PLC to the server feedback first message,
In, the first message is for notifying the First Certificate to pass through safety verification, comprising:
The PLC uses the public key encryption wildcard Pre Key;
The encrypted Pre Key is sent to the server by the PLC, and the server is notified to be used to indicate parameter
Negotiate the message completed.
6. the method according to claim 1, wherein the PLC establishes the communication connection with the server, packet
It includes:
The PLC sends first and finally shakes hands Finish Handshake message to the server;
The 2nd Finish Handshake message of the server feedback is received, and establishes the communication connection.
7. the method according to claim 1, wherein the PLC establish with the communication connection of the server, and
After carrying out information transmission using the communication connection, the method also includes:
It receives the First Certificate that server is sent and updates request message, and update confirmation to the server feedback First Certificate and disappear
Breath;
Receive the second certificate that the server is sent, and to the second certificate validation of server feedback message;
The communication connection is disconnected, and re-establishes the second communication connection according to second certificate;
The request message for the upload First Certificate that the server is sent is received, and uploads the First Certificate, the PLC and institute
It states server and information transmission is carried out by second communication connection.
8. the method according to the description of claim 7 is characterized in that receive the second certificate that the server is sent, and to institute
After stating server feedback the second certificate validation message, which comprises
It receives the public key that the server is sent and updates request message, and update confirmation message to the server feedback public key;
Receive the new public key that the server is sent, and to the new public key confirmation message of the server feedback.
9. a kind of information transferring method characterized by comprising
Server sends First Certificate to PLC;
Whether receive PLC feedback is used to indicate the First Certificate by the first message of safety verification;
In the case where the First Certificate passes through the safety verification, the server establishes the communication connection with the PLC,
And information transmission is carried out using the communication connection, wherein the communication connection is that secure transport layer protocol TLS is linked.
10. according to the method described in claim 9, it is characterized in that, server to PLC send First Certificate before, comprising:
The server generates the First Certificate: the IP address of the server, the clothes according at least one following information
The Hostname of business device;
Wherein, the server generates different First Certificates for different PLC.
11. according to the method described in claim 9, it is characterized in that, carrying out information transmission using the communication connection, comprising:
Encrypted transmission is carried out to information to be transmitted using first key in the communication connection, wherein the first key is
The server is generated by under type:
The server generates the first key according to the first random number, the second random number and wildcard Pre Key,
In, first random number is that the PLC is sent, and second random number is that the server generates, the Pre Key
It is that the PLC is sent.
12. according to the method for claim 11, which is characterized in that before server sends First Certificate to PLC, the side
Method further include:
The first random number and the first encrypted component collection for receiving the PLC transmission are bonded to the server, wherein described first adds
Seal assembly set includes the encrypted component type that the PLC is supported;
The second random number and the second encrypted component are sent to the PLC, wherein second random number is random by the server
It generates, second encrypted component is one of the first encrypted component set encrypted component, second encrypted component
For the component that the server is supported, second encrypted component is used to carry out the first key and the information to be transmitted
Encrypted transmission.
13. according to the method described in claim 9, it is characterized in that, server sends First Certificate to PLC, comprising:
The First Certificate and public key are sent to the PLC.
14. according to the method for claim 13, which is characterized in that receive the PLC feedback is used to indicate described first
Whether certificate passes through the first message of safety verification, including at least one of:
Receive the wildcard Pre Key that the PLC is sent, wherein the Pre Key is that the PLC uses the public key
Encrypted;
Receive the message for being used to indicate parameter negotiation completion that the PLC is sent.
15. according to the method described in claim 9, it is characterized in that, the server establishes the communication connection of the PLC, packet
It includes:
Receive the first final handshake information that the PLC is sent;
The second final handshake information is fed back to the PLC, and establishes the communication connection, wherein the communication connection is safety
Transport layer protocol TLS link.
16. according to the method described in claim 9, it is characterized in that, the server establish with the communication connection of the PLC,
And after using the communication connection to carry out information transmission, the method also includes:
The First Certificate for sending First Certificate to the PLC and updating request message, and receive the PLC feedback updates confirmation and disappears
Breath;
The second certificate is sent to the PLC, and receives the second certificate validation message of the PLC feedback;
The communication connection is disconnected, and re-establishes the second communication connection according to second certificate;
First Certificate upload request message is sent to the PLC, and receives the First Certificate of the PLC transmission, the clothes
Business device and the PLC pass through second communication connection and carry out information transmission.
17. according to the method for claim 16, which is characterized in that Xiang Suoshu PLC sends First Certificate upload request message,
And it receives the First Certificate of the PLC transmission, the server and the PLC and letter is carried out by second communication connection
Breath transmission, comprising:
The First Certificate of the PLC feedback is not received within a preset time, alternatively, described the first of PLC feedback
Certificate is deposited in the case of an error, and the server executes at least one following operation:
Second communication connection is disconnected, second certificate is disabled and establishes communication connection, execute alarm operation.
18. according to the method for claim 16, which is characterized in that Xiang Suoshu PLC sends the second certificate, and described in reception
After second certificate validation message of PLC feedback, which comprises
Public key is sent to the PLC and updates request message, and the public key for receiving feedback updates confirmation message;
New public key is sent to the PLC, and receives the new public key confirmation message of feedback.
19. a kind of method of certificate update characterized by comprising
It is communicated between programmable logic controller (PLC) PLC and server by first, wherein first communication
It is that preparatory foundation First Certificate is established;
The PLC receives the certificate update request message that the server is sent, and true to the server feedback certificate update
Recognize message;
Receive the second certificate that the server is sent, and to the server feedback certificate validation message;
First communication connection is disconnected, and re-establishes the second communication connection according to second certificate;
The request message for the upload First Certificate that the server is sent is received, and uploads the First Certificate, the PLC and institute
It states server and information transmission is carried out by second communication connection.
20. according to the method for claim 19, which is characterized in that receive the second certificate that the server is sent, and to
After the server feedback certificate validation message, which comprises
It receives the public key that the server is sent and updates request message, and update confirmation message to the server feedback public key;
Receive the new public key that the server is sent, and to the new public key confirmation message of the server feedback.
21. a kind of certificate update method, which is characterized in that the method also includes:
It is communicated between server and PLC by first, wherein first communication is preparatory according to the first card
What book was established;
Certificate update request message is sent to the PLC, and receives the certificate update confirmation message of the PLC feedback;
The second certificate is sent to the PLC, and receives the certificate validation message of the PLC feedback;
First communication connection is disconnected, and re-establishes the second communication connection according to second certificate;
First Certificate upload request message is sent to the PLC, and receives the First Certificate of the PLC transmission, the clothes
Business device and the PLC pass through second communication connection and carry out information transmission.
22. according to the method for claim 21, which is characterized in that Xiang Suoshu PLC sends First Certificate upload request message
Later, the method also includes:
The First Certificate of the PLC feedback is not received within a preset time, alternatively, described the first of PLC feedback
Certificate is deposited in the case of an error, and the server executes at least one following operation:
Second communication connection is disconnected, second certificate is disabled and establishes communication connection, execute alarm operation.
23. according to the method for claim 21, which is characterized in that Xiang Suoshu PLC sends the second certificate, and described in reception
After the certificate validation message of PLC feedback, which comprises
Public key is sent to the PLC and updates request message, and the public key for receiving feedback updates confirmation message;
New public key is sent to the PLC, and receives the new public key confirmation message of feedback.
24. a kind of information carrying means, which is characterized in that be used for programmable logic controller (PLC) PLC, comprising:
First receiving module, for receiving the First Certificate of server transmission;
First feedback module is used in the case where the First Certificate passes through safety verification, Xiang Suoshu server feedback first
Message, wherein the first message is for notifying the First Certificate to pass through safety verification;
First transmission module, for establish with the communication connection of the server, and using the communication connection carry out information biography
It is defeated, wherein the communication connection is that secure transport layer protocol TLS is linked.
25. a kind of information carrying means, which is characterized in that be used for server, comprising:
Second sending module, for sending First Certificate to PLC;
Second receiving module is used to indicate whether the First Certificate passes through safety verification for receive PLC feedback
First message;
Second transmission module, it is logical with the PLC for establishing in the case where the First Certificate passes through the safety verification
Letter connection, and information transmission is carried out using the communication connection, wherein the communication connection is secure transport layer protocol TLS chain
It connects.
26. a kind of device of certificate update, which is characterized in that be used for programmable logic controller (PLC) PLC, comprising:
First communication module first is communicated for passing through between server, wherein described first communicates and be
It is established in advance according to First Certificate;
First receiving module, the certificate update request message sent for receiving the server, and to the server feedback
Certificate update confirmation message;
Second receiving module, the second certificate sent for receiving the server, and to the server feedback certificate validation
Message;
First re-establishes module, for disconnecting first communication connection, and re-establishes second according to second certificate
Communication connection;
Second communication module for receiving the request message for the upload First Certificate that the server is sent, and uploads described the
One certificate, and information transmission is carried out by second communication connection with the server.
27. a kind of certificate update device, which is characterized in that be used for server, described device further include:
Third communication module is communicated for passing through first between PLC, wherein first communication is pre-
First established according to First Certificate;
First sending module for sending certificate update request message to the PLC, and receives the certificate of the PLC feedback more
New confirmation message;
Second sending module for sending the second certificate to the PLC, and receives the certificate validation message of the PLC feedback;
Second re-establishes module, for disconnecting first communication connection, and re-establishes second according to second certificate
Communication connection;
Fourth communication module for sending First Certificate upload request message to the PLC, and receives the institute of the PLC transmission
It states First Certificate, the server and the PLC and information transmission is carried out by second communication connection.
28. a kind of information transmission system characterized by comprising
Server sends First Certificate to PLC;
The PLC receives the First Certificate, and in the case where the First Certificate passes through safety verification, Xiang Suoshu server
Feed back first message, wherein the first message is for notifying the First Certificate to pass through safety verification;
Communication connection is established between the PLC and the server, and carries out information transmission using the communication connection, wherein
The communication connection is that secure transport layer protocol TLS is linked.
29. system according to claim 28, which is characterized in that carry out information transmission using the communication connection, comprising:
Encrypted transmission is carried out to information using first key in the communication connection, wherein the first key is the clothes
What business device and the PLC were generated in the following manner:
The first key is generated according to the first random number, the second random number and wildcard Pre Key, wherein described the
One random number is that the PLC is sent, and second random number is that the server generates, and the Pre Key is the PLC
It sends.
30. a kind of storage medium, which is characterized in that be stored with computer program in the storage medium, wherein the computer
Program is arranged to execute method described in any one of claim 1 to 23 when operation.
31. a kind of electronic device, including memory and processor, which is characterized in that be stored with computer journey in the memory
Sequence, the processor are arranged to run the computer program to execute described in any one of claim 1 to 23
Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910214077.1A CN110071911A (en) | 2019-03-20 | 2019-03-20 | The method and device of information transferring method and device, certificate update |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910214077.1A CN110071911A (en) | 2019-03-20 | 2019-03-20 | The method and device of information transferring method and device, certificate update |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110071911A true CN110071911A (en) | 2019-07-30 |
Family
ID=67366445
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910214077.1A Pending CN110071911A (en) | 2019-03-20 | 2019-03-20 | The method and device of information transferring method and device, certificate update |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110071911A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112787979A (en) * | 2019-11-07 | 2021-05-11 | 北京地平线机器人技术研发有限公司 | Internet of things equipment access control method and internet of things equipment access control device |
CN113535553A (en) * | 2021-06-30 | 2021-10-22 | 上海联影医疗科技股份有限公司 | Parameter checking method, computer device and storage medium |
CN113765899A (en) * | 2021-08-20 | 2021-12-07 | 济南浪潮数据技术有限公司 | Certificate replacement method, system and device for node agent |
CN114282237A (en) * | 2021-12-21 | 2022-04-05 | 北京百度网讯科技有限公司 | Communication method, device, equipment and storage medium |
WO2024002143A1 (en) * | 2022-07-01 | 2024-01-04 | 阿里云计算有限公司 | Root certificate updating method and apparatus |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581167A (en) * | 2013-07-29 | 2014-02-12 | 华为技术有限公司 | Security authentication method, equipment and system based on transport layer security protocol |
CN103888422A (en) * | 2012-12-21 | 2014-06-25 | 华为技术有限公司 | Security certificate updating method, client and server |
US20160119374A1 (en) * | 2014-10-28 | 2016-04-28 | International Business Machines Corporation | Intercepting, decrypting and inspecting traffic over an encrypted channel |
CN105578457A (en) * | 2015-05-06 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Terminal authentication method, management terminal and application terminal |
CN106161449A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | Transmission method without key authentication and system |
CN107147611A (en) * | 2016-03-01 | 2017-09-08 | 华为技术有限公司 | Method, user equipment, server and the system of Transport Layer Security TLS link setups |
CN109347809A (en) * | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
-
2019
- 2019-03-20 CN CN201910214077.1A patent/CN110071911A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103888422A (en) * | 2012-12-21 | 2014-06-25 | 华为技术有限公司 | Security certificate updating method, client and server |
CN103581167A (en) * | 2013-07-29 | 2014-02-12 | 华为技术有限公司 | Security authentication method, equipment and system based on transport layer security protocol |
US20160119374A1 (en) * | 2014-10-28 | 2016-04-28 | International Business Machines Corporation | Intercepting, decrypting and inspecting traffic over an encrypted channel |
CN105578457A (en) * | 2015-05-06 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Terminal authentication method, management terminal and application terminal |
CN107147611A (en) * | 2016-03-01 | 2017-09-08 | 华为技术有限公司 | Method, user equipment, server and the system of Transport Layer Security TLS link setups |
CN106161449A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | Transmission method without key authentication and system |
CN109347809A (en) * | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112787979A (en) * | 2019-11-07 | 2021-05-11 | 北京地平线机器人技术研发有限公司 | Internet of things equipment access control method and internet of things equipment access control device |
CN113535553A (en) * | 2021-06-30 | 2021-10-22 | 上海联影医疗科技股份有限公司 | Parameter checking method, computer device and storage medium |
CN113535553B (en) * | 2021-06-30 | 2023-02-28 | 上海联影医疗科技股份有限公司 | Parameter checking method, computer device and storage medium |
CN113765899A (en) * | 2021-08-20 | 2021-12-07 | 济南浪潮数据技术有限公司 | Certificate replacement method, system and device for node agent |
CN114282237A (en) * | 2021-12-21 | 2022-04-05 | 北京百度网讯科技有限公司 | Communication method, device, equipment and storage medium |
WO2024002143A1 (en) * | 2022-07-01 | 2024-01-04 | 阿里云计算有限公司 | Root certificate updating method and apparatus |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110071911A (en) | The method and device of information transferring method and device, certificate update | |
CN104506534B (en) | Secure communication key agreement interaction schemes | |
CN107317674B (en) | Key distribution and authentication method, device and system | |
CN106788989B (en) | Method and equipment for establishing secure encrypted channel | |
CN102595404B (en) | For storing and executing the method and device of access control clients | |
EP3641266A1 (en) | Data processing method and apparatus, terminal, and access point computer | |
US9398049B2 (en) | Method and device for securely transmitting data | |
CN107306214B (en) | Method, system and related equipment for connecting terminal with virtual private network | |
CN105007577B (en) | A kind of virtual SIM card parameter management method, mobile terminal and server | |
CN104683359B (en) | A kind of safe channel establishing method and its data guard method and escape way key update method | |
CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
EP3700124B1 (en) | Security authentication method, configuration method, and related device | |
CN105337740B (en) | A kind of auth method, client, trunking and server | |
CN109756447A (en) | A kind of safety certifying method and relevant device | |
CN103828414A (en) | Security gateway communication | |
CN102957584B (en) | Home network equipment management method, control equipment and home network equipment | |
CN101371550A (en) | Method and system for automatically and freely providing user of mobile communication terminal with service access warrant of on-line service | |
CN104145465A (en) | Group based bootstrapping in machine type communication | |
CN108809645A (en) | The method, apparatus and electrical power distribution automatization system of key agreement | |
AU2020396746B2 (en) | Provisioning method and terminal device | |
CN111783068A (en) | Device authentication method, system, electronic device and storage medium | |
CN103999496A (en) | Method of transferring the control of a security module from a first entity to a second entity | |
CN102811225A (en) | Method and switch for security socket layer (SSL) intermediate agent to access web resource | |
Matos et al. | Secure hotspot authentication through a near field communication side-channel | |
WO2017091987A1 (en) | Method and apparatus for secure interaction between terminals |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190730 |
|
RJ01 | Rejection of invention patent application after publication |