CN113726720B - Internet of things equipment communication method, equipment, server and communication system - Google Patents
Internet of things equipment communication method, equipment, server and communication system Download PDFInfo
- Publication number
- CN113726720B CN113726720B CN202010453148.6A CN202010453148A CN113726720B CN 113726720 B CN113726720 B CN 113726720B CN 202010453148 A CN202010453148 A CN 202010453148A CN 113726720 B CN113726720 B CN 113726720B
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- equipment
- authentication information
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The disclosure provides a communication method, equipment, a server and a communication system of equipment of the Internet of things, and relates to the technical field of the Internet of things. The disclosed communication method for Internet of things equipment comprises the following steps: performing encryption operation according to a physical unclonable function PUF key and IP address information of the Internet of things equipment to obtain encryption authentication information, wherein the IP address is a fixed IP address; sending the encrypted authentication information to a server for authentication, wherein the server stores the encrypted authentication information of the Internet of things equipment which has undergone primary authentication; and under the condition that the authentication is passed, the Internet of things equipment sends data. By the method, the Internet of things equipment can generate the encryption authentication information based on the PUF and the fixed IP address of the Internet of things equipment, and can send data after passing the authentication of the server, so that other equipment is prevented from pretending to be current equipment to send data, data tampering is avoided, and the access safety and reliability of the Internet of things equipment are improved.
Description
Technical Field
The disclosure relates to the technical field of internet of things, in particular to a communication method, equipment, a server and a communication system of internet of things equipment.
Background
With the brisk development of the IoT (Internet of Things) industry, ioT devices have become an indispensable part of life, such as health monitoring devices, video monitoring, and intelligent smoke sensing and temperature monitoring in smart homes. IoT enables more than interaction between devices, while also providing an interface for interaction with users. Because the internet of things devices are huge in size, the safety of the devices and data of the internet of things devices is particularly important.
Securing IoT devices is a significant challenge, such as cardiac pacemakers, brakes in smart cars. If the data is randomly tampered, the damage is extremely large, and even the life safety is threatened. Only the data of the temperature sensor in the smart home is modified, which may cause the air conditioner to fail to work normally, thereby having an influence on life.
Disclosure of Invention
One object of this disclosure is to improve the security of thing networking equipment.
According to an aspect of some embodiments of the present disclosure, an internet of things device communication method is provided, including: performing encryption operation according to a Physical Unclonable Function (PUF) key and Internet Protocol (IP) address information of the Internet of things device to obtain encryption authentication information, wherein the IP address is a fixed IP address; sending the encrypted authentication information to a server for authentication, wherein the server stores the encrypted authentication information of the Internet of things equipment which has undergone primary authentication; and under the condition that the authentication is passed, the equipment of the Internet of things sends data.
In some embodiments, the sending data by the internet of things device includes: the Internet of things equipment encrypts data to be sent according to the PUF key; and sending the encrypted data.
In some embodiments, the internet of things device communication method further includes: when the Internet of things equipment is authenticated for the first time, performing encryption operation according to the PUF key and the IP address information of the Internet of things equipment to obtain encryption authentication information; and sending the encrypted authentication information to the server so that the server stores the encrypted authentication information.
In some embodiments, the internet of things device communication method further includes: extracting PUF of an MCU (microcontrollerunit) of the Internet of things equipment; the PUF is encrypted by a first predetermined encryption algorithm to obtain a PUF key.
In some embodiments, performing the cryptographic operation according to the PUF key and the IP address information of the internet of things device includes: and performing encryption operation through a second preset encryption algorithm according to the PUF and the IP address.
In some embodiments, the internet of things device communication method further includes: and in the case of receiving a traffic transmission authentication instruction from the server, performing an operation of generating and transmitting encrypted authentication information to the server.
By the method, the Internet of things equipment can generate the encryption authentication information based on the PUF and the fixed IP address of the Internet of things equipment, and can send data after passing the authentication of the server, so that other equipment is prevented from pretending to be current equipment to send data, data tampering is avoided, and the access safety and reliability of the Internet of things equipment are improved.
According to an aspect of some embodiments of the present disclosure, an internet of things device communication method is provided, including: receiving encryption authentication information from the Internet of things equipment; matching encryption authentication information from the Internet of things equipment in a dynamic authentication library, wherein the encryption authentication information of the Internet of things equipment subjected to primary authentication is stored in the dynamic authentication library, and the encryption authentication information is generated by executing encryption operation on the Internet of things equipment according to a PUF (physical unclonable function) key and IP (Internet protocol) address information of the Internet of things equipment; and allowing the Internet of things equipment to send data under the condition that the matching is passed.
In some embodiments, the internet of things device communication method further includes: receiving primary authentication information from the Internet of things equipment, wherein the primary authentication information comprises encrypted authentication information of the Internet of things equipment; and updating the encrypted authentication information to a dynamic authentication library.
In some embodiments, the internet of things device communication method further includes: intercepting data sent by the Internet of things equipment; and sending an authentication instruction to the Internet of things equipment, and allowing the Internet of things equipment to send data under the condition that the authentication is passed.
By the method, the server can authenticate the Internet of things equipment which needs to send data, and the information based on authentication is the equipment PUF and the fixed IP address of the equipment PUF, so that data tampering caused by data sending by impersonating the Internet of things equipment is avoided, the access safety and the data safety of the Internet of things equipment are improved, and the reliability of the Internet of things equipment is improved.
According to an aspect of some embodiments of the present disclosure, there is provided an internet of things device communication method, including: any one of the above internet-of-things device communication methods executed by an internet-of-things device; and any one of the above internet of things device communication methods performed by the server.
By the method, the server in the Internet of things authenticates the Internet of things equipment which needs to send data, and the equipment is allowed to send the data under the condition that the authentication is passed, so that the access safety and the data safety of the Internet of things equipment are improved, and the reliability of an Internet of things system is improved.
According to an aspect of some embodiments of the present disclosure, there is provided an internet of things device, including: the authentication information generation unit is configured to execute encryption operation according to the PUF key and the IP address information of the Internet of things device to acquire encryption authentication information, wherein the IP address is a fixed IP address; the authentication information sending unit is configured to send the encrypted authentication information to a server for authentication, wherein the server stores the encrypted authentication information of the Internet of things equipment which is authenticated for the first time; and a data transmission unit configured to transmit the data if the authentication is passed.
According to an aspect of some embodiments of the present disclosure, there is provided an internet of things device, including: a memory; and a processor coupled to the memory, the processor configured to perform any of the above internet of things device communication methods performed by an internet of things device based on instructions stored in the memory.
The Internet of things equipment can generate encryption authentication information based on the PUF and the IP address fixed by the equipment, and can send data after passing the authentication of the server, so that other equipment is prevented from falsely sending data by the current equipment, data tampering is avoided, and the access safety and reliability of the Internet of things equipment are improved.
According to an aspect of some embodiments of the present disclosure, there is provided a server, including: an authentication information receiving unit configured to receive encrypted authentication information from the internet of things device; the matching unit is configured to match the encryption authentication information from the Internet of things equipment in a dynamic authentication library, wherein the encryption authentication information of the Internet of things equipment which is authenticated for the first time is stored in the dynamic authentication library; and the data releasing unit is configured to allow the Internet of things equipment to transmit data under the condition that the matching is passed.
According to an aspect of some embodiments of the present disclosure, there is provided a server, including: a memory; and a processor coupled to the memory, the processor configured to perform any of the above internet of things device communication methods performed by the server based on the instructions stored in the memory.
The server can authenticate the Internet of things equipment which needs to send data, and information based on authentication is the equipment PUF and the fixed IP address of the equipment PUF, so that data tampering caused by data sending by pretending the Internet of things equipment is avoided, the access safety and the data safety of the Internet of things equipment are improved, and the reliability of the Internet of things equipment is improved.
According to an aspect of some embodiments of the present disclosure, a computer-readable storage medium is provided, on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of any of the above internet of things device communication methods.
By executing the instruction on the storage medium, the server in the Internet of things authenticates the Internet of things equipment which needs to send data, and allows the equipment to send data under the condition that the authentication is passed, so that the access safety and the data safety of the Internet of things equipment are improved, and the reliability of the Internet of things system is improved.
According to an aspect of some embodiments of the present disclosure, there is provided an internet of things communication system, including: any of the internet of things devices mentioned hereinabove; and any of the servers mentioned above.
In the communication system of the internet of things, the server authenticates the internet of things equipment which needs to send data, and the equipment is allowed to send the data under the condition that the authentication is passed, so that the access safety and the data safety of the internet of things equipment are improved, and the reliability of the internet of things system is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this disclosure, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure and not to limit the disclosure. In the drawings:
fig. 1 is a flow diagram of some embodiments of an internet of things device communication method of the present disclosure.
Fig. 2 is a flowchart of another embodiment of an internet of things device communication method of the present disclosure.
Fig. 3 is a flowchart of further embodiments of the internet of things device communication method of the present disclosure.
Fig. 4 is a flow chart of still further embodiments of the internet of things device communication method of the present disclosure.
Fig. 5 is a schematic diagram of some embodiments of internet of things devices of the present disclosure.
Fig. 6 is a schematic diagram of some embodiments of a server of the present disclosure.
Fig. 7 is a schematic diagram of some embodiments of an internet of things network element of the present disclosure.
Fig. 8 is a schematic diagram of other embodiments of an internet of things network element of the present disclosure.
Fig. 9 is a schematic diagram of some embodiments of the internet of things system of the present disclosure.
Detailed Description
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
A flow diagram of some embodiments of an internet of things device communication method of the present disclosure is shown in fig. 1.
In step 101, an encryption operation is performed according to the PUF key and the address information of the internet of things device, and encryption authentication information is obtained. The IP address needs to be a fixed IP address. In some embodiments, a fixed IPv6 address may be set for the internet of things device. Because the IPv6 address library has rich resources, the problem of address exhaustion is not needed to be worried about, and one device and one address can be realized. In some embodiments, the fixed IP address of the internet of things device may be set at the factory.
In step 102, the encrypted authentication information is sent to the server for authentication. The server stores encrypted authentication information of the Internet of things equipment which is authenticated for the first time. In some embodiments, the initial authentication may be performed before the internet of things device is taken out of the field, so as to ensure the reliability of the encrypted authentication information provided by the initial authentication. In some embodiments, the server may establish a dynamic authentication library including encrypted authentication information of the legitimate internet of things device, and perform authentication in an information matching manner.
In step 103, in case of passing the authentication, the server allows the internet of things device to transmit data. The internet of things equipment can generate flow within a certain time or before the connection is interrupted. In some embodiments, the internet of things device may encrypt data to be sent according to the PUF key, and then send the encrypted data, so as to further improve reliability of sending the data.
By the method, the Internet of things equipment can generate the encryption authentication information based on the PUF and the fixed IP address of the Internet of things equipment, and can send data after passing the authentication of the server, so that other equipment is prevented from pretending to be current equipment to send data, data tampering is avoided, and the access safety and reliability of the Internet of things equipment are improved.
In the related art, the traffic of the IoT device is monitored by the cellular network and the IP server, and the IP thereof is dynamically allocated, so that it is difficult to identify the IoT device through the IP. The inventor finds that MCU must be used in the Internet of things, each IC device has a unique repeatable root key, and the keys cannot be stolen because the keys are not placed on a chip, so that the information is used as the basis of identity authentication, and the privacy and the reliability of the authentication can be improved; in addition, based on the characteristic of sufficient IPv6 address space, the IPv6 address can be fixed by the Internet of things equipment, the IPv6 address and the MCU information are jointly used for encryption authentication, the reliability of the authentication can be further improved, the condition that the equipment passes the authentication under a new IP address environment when the MCU is independently used as the encryption information can be avoided, and the safety is improved.
In some embodiments, when the internet of things equipment is authenticated for the first time, encryption operation is performed according to the PUF key and the IP address information of the internet of things equipment to obtain encryption authentication information; and sending the encrypted authentication information to a server, and storing the encrypted authentication information by the server.
By the method, the storage of the encrypted authentication information can be realized in the initial authentication process, so that the equipment can be authenticated in an information matching mode, and the authentication efficiency is improved.
In some embodiments, the internet of things device sends the authentication to the server every time when sending the traffic (e.g., every time connecting to the server), and after the authentication is passed, the data sent this time does not need to be authenticated again. In other embodiments, the internet of things device may authenticate with the server at a predetermined time interval or a predetermined traffic interval, and if the authentication passes, the authentication may not be required in a corresponding time period, or a predetermined amount of data may not be required to be transmitted by the authentication, so that the burden of the internet of things device is reduced, and the security of the device can be further improved.
In some embodiments, the PUF key may be generated from a PUF of the MCU. In some embodiments, a PUF of an MCU of the extranet device, the PUF being encrypted by a first predetermined encryption algorithm, obtains a PUF key. In some embodiments, the first predetermined Encryption Algorithm may be one or more of AES (Advanced Encryption Standard), SHA1 (Secure Hash Algorithm 1), SHA2 (Secure Hash Algorithm 2), and the like. The same first predetermined encryption algorithm is used for the initial authentication and the subsequent authentication.
By the method, the PUF based on the MCU of the equipment in the Internet of things can be used as the basis of authentication, on one hand, hardware modification on the equipment is not needed, on the other hand, more sufficient application of hardware characteristics can be realized, and the realization cost is low; on the other hand, the uniqueness and the unpredictability of the PUF are utilized, so that the reliability of verification is guaranteed.
In some embodiments, the manner of performing the encryption operation according to the PUF key and the address information of the internet-of-things device may be to perform the encryption operation through a second predetermined encryption algorithm. The second predetermined encryption algorithm may be an AES algorithm or a national secret encryption algorithm, etc. The same second predetermined encryption algorithm is used for the initial authentication and the subsequent authentication.
By the method, the PUF and the fixed IP address can be combined to serve as authentication information, normal communication cannot be achieved even if the equipment is stolen and the IP address changes due to the fact that the equipment changes the application environment of the equipment, and the safety of communication of the equipment of the Internet of things is further improved.
In some embodiments, when the internet of things device is to send data, the data traffic may be intercepted by the server and authentication enforced. The Internet of things equipment receives the traffic sending authentication instruction from the server, generates encryption authentication information according to the traffic sending authentication instruction, and can send data after authentication is passed.
By the method, the authentication can be carried out in cooperation with the server when the server forcibly carries out the authentication, so that the data can be smoothly transmitted, the cooperation degree with the server is improved, and the communication efficiency is ensured.
Flow diagrams of further embodiments of the internet of things device communication method of the present disclosure are shown in fig. 2.
In step 201, the server receives encrypted authentication information from the internet of things device.
In step 202, the encrypted authentication information from the internet of things device is matched in a dynamic authentication library. The dynamic authentication library stores encrypted authentication information of the Internet of things equipment which is subjected to primary authentication, and the encrypted authentication information is generated by executing encryption operation on the Internet of things equipment according to the PUF key and the Internet protocol IP address information of the Internet of things equipment.
In some embodiments, when the internet of things equipment is accessed to the network for the first time, the server receives first authentication information from the internet of things equipment, wherein the first authentication information comprises encrypted authentication information of the internet of things equipment; and updating the encrypted authentication information to a dynamic authentication library. In some embodiments, the internet of things device may be required to access the network for initial authentication before the internet of things device leaves, so as to ensure reliability of encrypted authentication information provided by the initial authentication.
In step 203, in case of passing the matching, the internet of things device is allowed to transmit data.
By the method, the server can authenticate the IOT equipment to be sent with data, and the information based on authentication is the equipment PUF and the fixed IP address of the equipment PUF, so that data tampering caused by falsely acting the IOT equipment to send the data is avoided, the access safety and the data safety of the IOT equipment are improved, and the reliability of the IOT equipment is improved.
In some embodiments, when receiving data to be sent by the internet of things device, the server temporarily intercepts the data sent by the internet of things device, sends an authentication instruction to the internet of things device, and waits for encrypted authentication information fed back by the internet of things device. And under the condition that the encrypted authentication information is authenticated by using the dynamic authentication library, the equipment of the Internet of things is allowed to send data. After the internet of things equipment is authenticated, the internet of things equipment can be allowed to be free from authentication in the communication process, or the internet of things equipment can be allowed to be free from authentication in a preset time period, or preset amount of data can be sent without authentication, so that the burden of the internet of things equipment is reduced, and the safety of the equipment can be further improved.
By the method, when the Internet of things equipment needs to send data, the Internet of things equipment is forced to authenticate, and when the authentication is passed, the data connected at this time is allowed to be sent, so that the reliability of the Internet of things system is improved.
A flowchart of still further embodiments of the internet of things device communication method of the present disclosure is shown in fig. 3. The left part in fig. 3 is a method performed by the internet of things device, and the right part is a method performed by the server.
In step 311, in the primary authentication process, the internet of things device performs an encryption operation according to its own PUF key and fixed IP address information, and obtains encryption authentication information.
In step 312, the encrypted authentication information is sent to the server.
In step 321, the server receives the encrypted authentication information.
In step 322, since this time is the primary authentication, it is regarded as reliable information. And storing the encrypted authentication information into a dynamic authentication library of the mobile terminal.
In step 313, when the internet of things device needs to send data in the using process, encryption operation is performed according to the PUF key and the fixed IP address information of the internet of things device, and encryption authentication information is obtained.
In step 314, the encrypted authentication information is sent to the server.
In step 323, the server matches the received encrypted authentication information in a dynamic authentication library.
In step 324, a determination is made as to whether the match passed. If the match is passed, go to step 315; if not, step 325 is performed.
In step 315, the internet of things device encrypts data to be transmitted using the PUF key.
In step 316, the encrypted data is transmitted.
In step 325, the server organizes the internet of things devices to send data.
By the method, the Internet of things equipment and the server can complete the input of the authentication information in a matching manner, and a dynamic authentication library is generated. When the Internet of things equipment needs to start sending data, the server authenticates the data, so that the intruder is prevented from counterfeiting the equipment and hijacking the flow.
A flow chart of still further embodiments of the internet of things device communication method of the present disclosure is shown in fig. 4.
In the primary authentication process 401, the internet-of-things device 41 stores encrypted authentication information generated by its PUF key and a fixed IP address (IPv 6), and sends the encrypted authentication information to the dynamic authentication library 46 for storage.
Before data needs to be sent, the internet of things device 41 acquires VIA (through-hole) PUF information 42 of its own MCU, generates a PUF Key 43 through a first predetermined encryption 403, performs a second encryption operation process on the PUF Key 43 and the IPv6 44 (shown in fig. 404 and 405), generates encryption authentication information, and sends the encryption authentication information to the dynamic authentication library 46. The dynamic authentication library 46 performs authentication and determines whether the authentication is passed.
If the authentication is passed 407 is performed allowing the data 47 to be sent, including passing the intercepted data through. In some embodiments, the server may feed back the permission information to the internet of things device 41, and the internet of things device performs 408, acquires the data to be transmitted 45, and performs 409 to acquire the PUF Key, and performs data transmission by using an encryption operation 410 (for example, AES or national cryptographic algorithm, etc.).
If the dynamic authentication library 46 determines that the authentication is not passed, a feedback process in 406 is performed to request the internet of things device 41 to resend the encrypted authentication information.
By the method, the server in the Internet of things system authenticates the Internet of things equipment which needs to send data, and the equipment is allowed to send the data only when the authentication is passed, so that the access safety and the data safety of the Internet of things equipment are improved, and the reliability of the Internet of things system is improved.
A schematic diagram of some embodiments of the internet of things device of the present disclosure is shown in fig. 5.
The authentication information generation unit 501 can perform encryption operation according to the PUF key and the address information of the internet of things device, and acquire encrypted authentication information. The IP address needs to be a fixed IP address. In some embodiments, a fixed IPv6 address may be set for the internet of things device. Because the IPv6 address library has rich resources, the problem of address exhaustion is not needed to be worried about, and one device and one address can be realized. In some embodiments, the fixed IP address of the internet of things device may be set at the factory.
The authentication information transmission unit 502 can transmit the encrypted authentication information to the server for authentication. The server stores encrypted authentication information of the Internet of things equipment which is authenticated for the first time. In some embodiments, the initial authentication may be performed before the internet of things device is taken out of the field, so as to ensure the reliability of the encrypted authentication information provided by the initial authentication. In some embodiments, the server may establish a dynamic authentication library, and perform authentication by means of matching.
The data transmission unit 503 can transmit data when authentication is passed. The data sending unit 503 may send traffic within a certain time or before the connection is interrupted. In some embodiments, the data sending unit 503 may encrypt the data to be sent according to the PUF key, and then send the encrypted data, so as to further improve the reliability of sending the data.
The Internet of things equipment can generate encryption authentication information based on the PUF and the IP address fixed by the equipment, and can send data after passing the authentication of the server, so that other equipment is prevented from falsely sending data by the current equipment, data tampering is avoided, and the access safety and reliability of the Internet of things equipment are improved.
A schematic diagram of some embodiments of a server of the present disclosure is shown in fig. 6.
The authentication information receiving unit 601 can receive encrypted authentication information from the internet of things device.
The matching unit 602 can match the encrypted authentication information from the internet of things device in the dynamic authentication library. The dynamic authentication library stores encrypted authentication information of the Internet of things equipment which has undergone primary authentication, and the encrypted authentication information is generated by executing encryption operation on the Internet of things equipment according to the PUF key and the Internet protocol IP address information of the Internet of things equipment.
In some embodiments, when the internet of things device initially accesses the network, the matching unit 602 is further capable of receiving initial authentication information from the internet of things device, where the initial authentication information includes encrypted authentication information of the internet of things device; and updating the encrypted authentication information to a dynamic authentication library. In some embodiments, the internet of things device may be required to access the network for initial authentication before the internet of things device leaves, so as to ensure reliability of encrypted authentication information provided by the initial authentication.
The data releasing unit 603 can allow the internet of things device to transmit data if the matching is passed.
The server can authenticate the Internet of things equipment which needs to send data, and information based on authentication is the equipment PUF and the fixed IP address of the equipment PUF, so that data tampering caused by data sending by pretending the Internet of things equipment is avoided, the access safety and the data safety of the Internet of things equipment are improved, and the reliability of the Internet of things equipment is improved.
A schematic structural diagram of an embodiment of an internet of things network element of the present disclosure is shown in fig. 7. The network element of the internet of things can be equipment of the internet of things and can also be a server of the internet of things. The internet of things network element comprises a memory 701 and a processor 702. Wherein: the memory 701 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is for storing instructions in corresponding embodiments of the internet of things device communication method above. Coupled to memory 701 is a processor 702, which may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 702 is configured to execute the instructions stored in the memory, so that access security and data security of the internet of things device can be improved, and reliability of the internet of things system can be improved.
In one embodiment, as also shown in fig. 8, an internet of things network element 800 includes a memory 801 and a processor 802. The processor 802 is coupled to the memory 801 by a BUS 803. The internet of things network element 800 may also be connected to an external storage device 805 through a storage interface 804 to call external data, and may also be connected to a network or another computer system (not shown) through a network interface 806. And will not be described in detail herein.
In the embodiment, the data instruction is stored in the memory, and the instruction is processed by the processor, so that the access safety and the data safety of the equipment of the internet of things can be improved, and the reliability of the system of the internet of things is improved.
In another embodiment, a computer-readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the corresponding embodiment of the internet of things device communication method. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
Some embodiments of the system of the present disclosure are schematically illustrated in fig. 9. One or more of the internet of things devices 911-91n mentioned above can be included in the internet of things system, and n is a positive integer. The internet of things system may also include any of the servers 92 mentioned above.
In the communication system of the Internet of things, the server authenticates the equipment of the Internet of things which needs to send data, and the equipment is allowed to send the data under the condition that the authentication is passed, so that the access safety and the data safety of the equipment of the Internet of things are improved, and the reliability of the system of the Internet of things is improved.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Finally, it should be noted that: the above examples are intended only to illustrate the technical solutions of the present disclosure and not to limit them; although the present disclosure has been described in detail with reference to preferred embodiments, those of ordinary skill in the art will understand that: modifications to the specific embodiments of the disclosure or equivalent substitutions for parts of the technical features may still be made; all such modifications are intended to be included within the scope of the claims of this disclosure without departing from the spirit thereof.
Claims (15)
1. An Internet of things equipment communication method comprises the following steps:
extracting a physical unclonable function PUF of a micro control unit MCU of the Internet of things equipment;
encrypting the PUF through a first preset encryption algorithm to obtain a PUF secret key;
performing encryption operation according to the PUF key and Internet protocol IP address information of the Internet of things equipment to obtain encryption authentication information, wherein the IP address is a fixed IP address;
sending the encrypted authentication information to a server for authentication, wherein the server stores the encrypted authentication information of the Internet of things equipment which is subjected to primary authentication;
and under the condition that the authentication is passed, the Internet of things equipment sends data.
2. The method of claim 1, wherein the sending data by the internet of things device comprises:
the Internet of things equipment encrypts data to be sent according to the PUF secret key;
and sending the encrypted data.
3. The method of claim 1, further comprising:
when the Internet of things equipment is authenticated for the first time, performing encryption operation according to the PUF key and the IP address information of the Internet of things equipment to obtain encryption authentication information;
and sending the encryption authentication information to the server so that the server stores the encryption authentication information.
4. The method of claim 1, wherein the performing the cryptographic operation according to the Physical Unclonable Function (PUF) key and the Internet Protocol (IP) address information of the Internet of things device comprises:
and carrying out encryption operation through a second preset encryption algorithm according to the PUF and the IP address.
5. The method of claim 1, further comprising:
and in the case of receiving a traffic transmission authentication instruction from the server, performing an operation of generating and transmitting encrypted authentication information to the server.
6. An Internet of things equipment communication method comprises the following steps:
receiving encryption authentication information from equipment of the Internet of things, wherein the encryption authentication information is generated by the equipment of the Internet of things executing encryption operation according to a Physical Unclonable Function (PUF) key and Internet Protocol (IP) address information of the equipment of the Internet of things, the PUF key is a PUF extracted from a Micro Control Unit (MCU) by the equipment of the Internet of things and is generated after the PUF is encrypted through a first preset encryption algorithm, and the IP address is a fixed IP address;
matching encryption authentication information from the Internet of things equipment in a dynamic authentication library, wherein the encryption authentication information of the Internet of things equipment which is subjected to primary authentication is stored in the dynamic authentication library;
and allowing the Internet of things equipment to send data under the condition that the matching is passed.
7. The method of claim 6, further comprising:
receiving primary authentication information from the Internet of things equipment, wherein the primary authentication information comprises encrypted authentication information of the Internet of things equipment;
and updating the encrypted authentication information to a dynamic authentication library.
8. The method of claim 6, further comprising:
intercepting data sent by the Internet of things equipment;
and sending an authentication instruction to the Internet of things equipment, and allowing the Internet of things equipment to send data under the condition that the authentication is passed.
9. An Internet of things equipment communication method comprises the following steps:
the Internet of things device communication method of any one of claims 1 to 5, performed by an Internet of things device; and
the internet of things device communication method of any one of claims 6 to 8, performed by a server.
10. An internet of things device, comprising:
the authentication information generation unit is configured to execute encryption operation according to a Physical Unclonable Function (PUF) key and Internet Protocol (IP) address information of the Internet of things device to acquire encryption authentication information, wherein the IP address is a fixed IP address, the PUF key is a PUF extracted from a Micro Control Unit (MCU) of the Internet of things device, and the PUF is generated after being encrypted through a first preset encryption algorithm;
the authentication information sending unit is configured to send the encrypted authentication information to a server for authentication, wherein the server stores the encrypted authentication information of the Internet of things equipment which is authenticated for the first time;
and a data transmission unit configured to transmit the data if the authentication is passed.
11. An internet of things device, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 1-5 based on instructions stored in the memory.
12. A server, comprising:
the authentication information receiving unit is configured to receive encrypted authentication information from the internet of things device, wherein the encrypted authentication information is generated by the internet of things device executing encryption operation according to a Physical Unclonable Function (PUF) key and Internet Protocol (IP) address information of the internet of things device, the PUF key is generated by the internet of things device by extracting a PUF of a Micro Control Unit (MCU), and encrypting the PUF through a first preset encryption algorithm, and the IP address is a fixed IP address;
the matching unit is configured to match the encryption authentication information from the Internet of things equipment in a dynamic authentication library, wherein the encryption authentication information of the Internet of things equipment which is authenticated for the first time is stored in the dynamic authentication library;
and the data releasing unit is configured to allow the Internet of things equipment to transmit data under the condition that the matching is passed.
13. A server, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 6 to 8 based on instructions stored in the memory.
14. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any one of claims 1 to 8.
15. An internet of things communication system, comprising:
the internet of things device of claim 10 or 11; and
the server of claim 12 or 13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010453148.6A CN113726720B (en) | 2020-05-26 | 2020-05-26 | Internet of things equipment communication method, equipment, server and communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010453148.6A CN113726720B (en) | 2020-05-26 | 2020-05-26 | Internet of things equipment communication method, equipment, server and communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113726720A CN113726720A (en) | 2021-11-30 |
| CN113726720B true CN113726720B (en) | 2023-03-24 |
Family
ID=78671905
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010453148.6A Active CN113726720B (en) | 2020-05-26 | 2020-05-26 | Internet of things equipment communication method, equipment, server and communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113726720B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768660A (en) * | 2018-05-28 | 2018-11-06 | 北京航空航天大学 | Internet of things equipment identity identifying method based on physics unclonable function |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10454691B2 (en) * | 2016-05-24 | 2019-10-22 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Systems implementing hierarchical levels of security |
| CN107547565B (en) * | 2017-09-28 | 2020-08-14 | 新华三技术有限公司 | Network access authentication method and device |
| US10790995B2 (en) * | 2018-06-28 | 2020-09-29 | Intel Corporation | Oracle authentication using multiple memory PUFs |
| CN109040067B (en) * | 2018-08-02 | 2020-12-11 | 广东工业大学 | Physical unclonable technology PUF-based user authentication device and authentication method |
| CN110971410A (en) * | 2018-09-30 | 2020-04-07 | 上海复旦微电子集团股份有限公司 | User information verification method, intelligent terminal and computer readable storage medium |
| CN110049002B (en) * | 2019-03-01 | 2021-07-27 | 中国电子科技集团公司第三十研究所 | IPSec authentication method based on PUF |
| CN110636464B (en) * | 2019-09-29 | 2021-05-18 | 广西东信易联科技有限公司 | Communication system for communication between Internet of things equipment and communication system with enterprise intranet |
| CN111162914B (en) * | 2020-02-11 | 2023-06-16 | 河海大学常州校区 | IPv4 identity authentication method and system of Internet of things based on PUF |
-
2020
- 2020-05-26 CN CN202010453148.6A patent/CN113726720B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768660A (en) * | 2018-05-28 | 2018-11-06 | 北京航空航天大学 | Internet of things equipment identity identifying method based on physics unclonable function |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113726720A (en) | 2021-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103136463B (en) | System and method for for the temporary transient safety opening terminal flow process of electronic installation | |
| CN108111497B (en) | Mutual authentication method and device for camera and server | |
| US20180219688A1 (en) | Information Transmission Method and Mobile Device | |
| CN111107073B (en) | Application automatic login method and device, computer equipment and storage medium | |
| US11159329B2 (en) | Collaborative operating system | |
| CN109413010B (en) | Terminal authentication method, device and system | |
| US11303453B2 (en) | Method for securing communication without management of states | |
| CN109145628B (en) | Data acquisition method and system based on trusted execution environment | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN110708164B (en) | Control method and device for Internet of things equipment, storage medium and electronic device | |
| CN111181723B (en) | Method and device for offline security authentication between Internet of things devices | |
| CN113114668B (en) | Information transmission method, mobile terminal, storage medium and electronic equipment | |
| CN110213247B (en) | Method and system for improving safety of pushed information | |
| US20170353315A1 (en) | Secure electronic entity, electronic apparatus and method for verifying the integrity of data stored in such a secure electronic entity | |
| CN109729000B (en) | Instant messaging method and device | |
| WO2016176424A1 (en) | System, method, and apparatus for secure identity authentication | |
| CN115859267A (en) | Method for safely starting application program, storage control chip and electronic equipment | |
| CN107872315B (en) | Data processing method and intelligent terminal | |
| CN109451504B (en) | Internet of things module authentication method and system | |
| CN112437046B (en) | Communication method, system, electronic device and storage medium for preventing replay attack | |
| CN112487380A (en) | Data interaction method, device, equipment and medium | |
| KR101745482B1 (en) | Communication method and apparatus in smart-home system | |
| CN111740995A (en) | Authorization authentication method and related device | |
| US20210067961A1 (en) | Secure simultaneous authentication of equals anti-clogging mechanism | |
| KR101912403B1 (en) | Method for security authentication between equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |