WO2019015038A1 - Encryption control method and device for type-based uplink data of internet of things repeater - Google Patents

Encryption control method and device for type-based uplink data of internet of things repeater Download PDF

Info

Publication number
WO2019015038A1
WO2019015038A1 PCT/CN2017/100751 CN2017100751W WO2019015038A1 WO 2019015038 A1 WO2019015038 A1 WO 2019015038A1 CN 2017100751 W CN2017100751 W CN 2017100751W WO 2019015038 A1 WO2019015038 A1 WO 2019015038A1
Authority
WO
WIPO (PCT)
Prior art keywords
internet
things
type
data packet
encryption
Prior art date
Application number
PCT/CN2017/100751
Other languages
French (fr)
Chinese (zh)
Inventor
杜光东
Original Assignee
深圳市盛路物联通讯技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市盛路物联通讯技术有限公司 filed Critical 深圳市盛路物联通讯技术有限公司
Publication of WO2019015038A1 publication Critical patent/WO2019015038A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Definitions

  • the present invention claims the prior application priority of the application No. 201710593623.8, entitled “IoT Repeater Type-Based Uplink Data Encryption Control Method and Apparatus", filed on July 20, 2017, the content of the above-mentioned prior application is introduced The way is incorporated into this text.
  • the present application relates to the field of communications, and in particular, to an IoT repeater type-based uplink data encryption control method and apparatus.
  • the Internet of Things is an important part of the new generation of information technology, and an important stage of development in the era of "informatization.” Its English name is: “Internet of things (IoT)". As the name suggests, the Internet of Things is the Internet that connects things. This has two meanings: First, the core and foundation of the Internet of Things is still the Internet, which is an extended and extended network based on the Internet; Second, its client extends and extends to any item and item for information. Exchange and communication, that is, things and things. The Internet of Things is widely used in the convergence of networks through communication-aware technologies such as intelligent sensing, identification technology and pervasive computing. It is also called the third wave of the development of the world information industry after computers and the Internet.
  • the Internet of Things is the application expansion of the Internet. It is not so much that the Internet of Things is a network, but the Internet of Things is a business and application. Therefore, application innovation is the core of the development of the Internet of Things. Innovation 2.0 with user experience as the core is the soul of the development of the Internet of Things.
  • the Internet of Things solves the interconnection between objects and the exchange of data between objects.
  • the existing Internet of Things is based on IoT repeaters to send data to the IoT point of interest when it is connected to the Internet (English: access point, AP) to access the Internet, the data security of the Internet of Things is low, so the user experience is low.
  • the application provides an IoT repeater type-based uplink data encryption control method. It can improve the security of IoT data and improve the user experience.
  • an uplink type data encryption control method for an Internet of Things repeater includes the following steps:
  • the Internet of Things relay receives a data packet sent by the Internet of Things terminal
  • the IoT repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type;
  • the Internet of Things repeater invokes the first encryption unit to perform encryption processing on the data packet
  • the IoT repeater sends the encrypted data packet to an IoT access point.
  • the IoT repeater identifies the type of the Internet of Things terminal, including:
  • the Internet of Things repeater identifies the type of the Internet of Things terminal by the identifier of the Internet of Things terminal; the type includes: a smart light, a smart TV, a smart cleaning device, a smart sleep device, or an intelligent monitoring device.
  • the IoT repeater identifies the type of the Internet of Things terminal, including:
  • the Internet of Things repeater sends an IoT terminal type table to the Internet of Things terminal,
  • the Internet of Things relay receives the type of the Internet of Things terminal that is matched by the Internet of Things terminal type table according to the Internet of Things terminal type.
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, the subsequent steps are performed. If the encryption is unsuccessful, the IoT repeater calls the standby of the first encryption unit. The encryption unit encrypts the data packet, and adds the alternate encryption unit identifier to the header extension field of the encrypted data packet.
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
  • the IoT repeater parses the data packet to obtain a signal modulation mode of the data packet as quadrature phase shift keying QPSK, the phase number with energy in the QPSK is obtained, and the phase number is sequentially sorted.
  • the value is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
  • the method further includes:
  • the IoT repeater generates a key pair, the key pair includes: a public key and a private key, and the IoT repeater encrypts the data packet by using the public key through the first encryption unit, and encrypts the data packet After The data packet is sent through the first path, and the private key is sent through the second path.
  • an IoT repeater type-based uplink data encryption control apparatus comprising:
  • a receiving unit configured to receive a data packet sent by the Internet of Things terminal
  • An identification unit configured to identify a type of the Internet of Things terminal
  • a searching unit configured to query, according to the type, a first encryption unit corresponding to the type in a pre-configured type and an encryption unit mapping table;
  • An encryption unit configured to invoke the first encryption unit to perform encryption processing on the data packet
  • the sending unit is configured to send the encrypted data packet to the Internet of Things access point.
  • the identifying unit is specifically configured to identify, by using an identifier of the Internet of Things terminal, a type of the Internet of Things terminal, where the type includes: a smart light, a smart television, a smart cleaning device, a smart sleep device, or an intelligent monitoring device. .
  • the identifying unit is configured to send an IoT terminal type table to the Internet of Things terminal, and receive, by the IoT terminal, the IoT terminal type that matches the IoT terminal type table according to the IoT terminal type table.
  • the encryption unit is configured to invoke the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, perform subsequent steps. If the encryption is unsuccessful, the backup encryption unit of the first encryption unit is invoked. The data packet is encrypted, and the alternate encryption unit identifier is added to the header extension field of the encrypted data packet.
  • the cryptographic unit is configured to: if the signal modulation mode of the data packet is obtained by parsing the data packet into a quadrature phase shift keying QPSK, obtain a phase number with energy in the QPSK, The value obtained by sequentially sorting the phase numbers is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
  • the encryption unit is specifically configured to generate a key pair, where the key pair includes: a public key and a private key, and the data packet is encrypted by the first encryption unit by using a public key, where the sending unit is configured to: The method is configured to send the encrypted data packet through the first path, and send the private key through the second path.
  • a computer storage medium may store a program, where the program is executed, including any one of the Internet of Things repeater type-based uplink data encryption control methods described in the first aspect. Some or all of the steps.
  • an access point device comprising: one or more processors, a memory, a bus system, a transceiver, and one or more programs, the processor, the memory, and The transceiver is coupled by the bus system; wherein the one or more programs are stored in the memory, the one or more programs including instructions that, when executed by an access point, cause an access point to perform the In one aspect and in the first aspect, it is entirely possible to design any of the methods provided.
  • the Internet of Things repeater After the Internet of Things terminal of the technical solution provided by the present invention sends the data packet to the Internet of Things repeater, the Internet of Things repeater queries the corresponding encryption unit according to the type of the Internet of Things terminal, and encrypts the data through the encryption unit.
  • the IoT terminal does not need to configure encryption. All encryption settings are in the IoT repeater. This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, because of its An IoT repeater can connect to a large number of IoT terminals.
  • the IoT repeater configuration can also reduce the overall cost of the Internet of Things.
  • the computing power is generally stronger than that of the IoT repeater.
  • the networked terminal can reduce the delay of data transmission when running the encryption unit, reduce the delay of the network, and improve the user experience.
  • 1 is a schematic flow chart of a repeater-based data routing method
  • FIG. 2 is a flow chart of transmission of a packet sent by an Internet of Things terminal to a gateway
  • Figure 3 is a transmission flow chart of the gateway transmitting the data packet to the Internet of Things terminal
  • FIG. 4 is a schematic flowchart of a repeater-based data automatic routing method according to an embodiment of the present application.
  • FIG. 5 is a schematic diagram of an implementation scenario of an embodiment of the present application.
  • FIG. 6 is a schematic flowchart of a repeater-based data automatic routing method according to another embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a repeater-based data automatic routing apparatus provided by the present application.
  • FIG. 8 is a schematic structural diagram of an Internet of Things repeater device provided by the present application.
  • FIG. 9 is a schematic structural diagram of hardware of an Internet of Things repeater provided by the present application.
  • Computer device also referred to as “computer” in the context, is meant an intelligent electronic device that can perform predetermined processing, such as numerical calculations and/or logical calculations, by running a predetermined program or instruction, which can include a processor and The memory is executed by the processor to execute a predetermined process pre-stored in the memory to execute a predetermined process, or is executed by hardware such as an ASIC, an FPGA, a DSP, or the like, or a combination of the two.
  • Computer devices include, but are not limited to, servers, personal computers, notebook computers, tablets, smart phones, and the like.
  • an uplink data transmission method of an Internet of Things AP is provided.
  • the method is applied to the object network shown in FIG. 1.
  • the object network includes: the Internet of Things terminal 10, the Internet of Things access point AP20, the Internet of Things repeater 40, and the wireless connection.
  • the above-mentioned Internet of Things terminal may have different expressions according to different situations.
  • the Internet of Things terminal may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions.
  • the IoT terminal 10 is connected to the AP 20 in a wireless manner, and the AP 20 accesses the Internet through the gateway 12 by using another method (that is, a connection mode different from the wireless mode).
  • the wireless mode includes but is not limited to: Bluetooth, WIFI, and the like.
  • the other way of the above may be LTE or wired.
  • the wired mode is taken as an example, and for convenience of representation, only one solid line is shown here.
  • the above-mentioned wireless access controller 30 may be a personal computer (PC) according to the size of the Internet of Things. Of course, in practical applications, it may also be multiple PCs or servers.
  • PC personal computer
  • the specific embodiment of the present invention is not limited. The specific manifestation of the above wireless access controller.
  • FIG. 2 is a transmission flow chart of uplink data transmission of an Internet of Things repeater. As shown in FIG. 2, the process includes:
  • Step S201 the Internet of Things terminal 10 wirelessly transmits the data packet to be sent to the Internet of Things repeater;
  • Step S202 the Internet of Things repeater sends the data packet to the AP20;
  • Step S203 The AP20 forwards the data packet to the radio access controller 30.
  • FIG. 3 is a schematic diagram of a type-based uplink data encryption control method for an Internet of Things repeater according to the present invention.
  • the method is implemented in a network architecture as shown in FIG. 4, as shown in FIG.
  • Multiple IoT terminals can be connected.
  • the AP can be a relay station.
  • it can also be a router or other network device with wireless connection and data forwarding function, such as a mobile phone that provides hotspots and a personal computer that provides wireless connection.
  • Such equipment includes the following steps:
  • Step S301 The Internet of Things terminal sends a data packet to the Internet of Things relay.
  • the object-to-network terminal in the above step S301 may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions, such as a smart TV, a smart air conditioner, a smart water bottle, a smart light, a smart switch, or Some IoT smart devices.
  • the manner in which the Internet of Things terminal sends a data packet to the Internet of Things relay may be a method of transmitting a data packet by using a wireless connection, including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
  • a wireless connection including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
  • the Internet of Things and IoT repeaters here are only for wireless IoT repeaters, because for the Internet of Things, the number of devices it accesses is large, for IoT repeaters, if With wired connections, the number of IoT repeaters will be limited first, and for the home, wired connections are unimaginable for home users' wiring, and the cost of this cable is also very high. Therefore, the connection between the Internet of Things terminal and the Internet of Things relay in the technical solution of the present invention is limited to a wireless connection.
  • Step S302 The Internet of Things repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type.
  • the types of the Internet of Things terminals in the above step S302 can be set according to the situation of the device.
  • the types of the Internet of Things terminals can include: smart lights, smart TVs, smart cleaning devices, smart sleep devices, intelligent monitoring devices, etc.
  • the form of performance can be varied.
  • the smart electric light includes, but is not limited to, a smart table lamp, a smart ceiling lamp, a smart wall lamp, etc.
  • a smart TV it can be a Samsung smart TV.
  • it can also be a Sharp smart TV.
  • a smart cleaning device it can be a smart sweeping robot.
  • a smart vacuum cleaner for example, for a smart sleep device
  • It can be: a smart mattress, a smart sofa, etc., for example, for an intelligent monitoring device, or it can be an intelligent blood pressure meter, a smart thermometer, etc., the specific types and types of the above-mentioned Internet of Things terminals of the present invention. Not limited.
  • the type and encryption unit mapping table in the above steps are as shown in FIG. 5, and the foregoing mapping may be a one-to-one mapping, and may of course be a one-to-many mapping.
  • the encryption unit in the above step S302 may specifically be a hardware encryption set in the Internet of Things repeater.
  • the unit includes an encryption algorithm preset by the manufacturer.
  • the encryption unit may also be a software encryption unit configured in the Internet of Things repeater, and the present invention does not limit the specific expression of the encryption unit.
  • the foregoing encryption algorithms include, but are not limited to, triple data encryption algorithm block cipher (English: riple Data Encryption Algorithm, 3DES), message digest algorithm (English: Message Digest Algorithm, MD5) or RSA (Rivest, Shamir, Adleman) and other encryption algorithms.
  • the invention is not limited to specific encryption algorithms.
  • 3DES is a generic term for triple-data encryption algorithm block ciphers. It is equivalent to applying three DES encryption algorithms to each data block. Due to the increased computing power of the computer, the key length of the original DES password becomes vulnerable to brute force; 3DES is designed to provide a relatively simple method to avoid similar attacks by increasing the key length of DES.
  • Step S303 The Internet of Things repeater invokes the first encryption unit to perform encryption processing on the data packet.
  • the implementation method of the foregoing step S303 may specifically be:
  • the first encryption unit is a 3DES encryption unit, and the Internet of Things relay invokes the 3DES encryption unit to perform 3DES encryption processing on the data packet.
  • the first encryption unit is a RAS encryption unit, and the Internet of Things relay invokes the RAS encryption unit to perform RAS encryption processing on the data packet.
  • the Internet of Things relay invokes the MD5 encryption unit to perform MD5 encryption processing on the data packet.
  • the implementation method of the foregoing step S303 may specifically be:
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, the subsequent step S304 is performed. If the encryption is unsuccessful, the standby encryption unit of the first encryption unit is called to encrypt the data packet. The alternate encryption unit identifier is added to the header extension field of the encrypted packet.
  • Step S304 The Internet of Things relay sends the encrypted data packet to the wireless access controller.
  • the implementation method of the above step S304 can be:
  • the encrypted data packet is sent to the wireless access controller in another manner.
  • the AP 20 can send the data packet to the wired device to The radio access controller, of course, in practical applications, the AP 20 can also send the encrypted data packet to the radio access controller through Long Term Evolution (LTE).
  • LTE Long Term Evolution
  • the foregoing LTE or limited mode and the manner in which the Internet of Things terminal is connected to the AP through the WIFI are merely for illustrative purposes, and the present invention does not limit the specific manner of the foregoing connection.
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
  • the IoT repeater parses the data packet to obtain a signal modulation mode of the data packet, which is Quadrature Phase Shift Keying (QPSK), obtain a phase number with energy in the QPSK, and The value obtained by sequentially sorting the phase numbers is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
  • QPSK Quadrature Phase Shift Keying
  • the phase number with energy refers to the energy of the QPSK subcarrier, that is, the subcarrier transmits the number 1, and the corresponding phase number may specifically be the phase number of the phase, for example, the first phase row number is 1, the second The phase number is 2, and the 15th phase has a row number of 15. In this way, it is difficult to obtain a secret key to be decrypted, and the security is further improved.
  • the IoT repeater queries the corresponding encryption unit according to the type of the Internet of Things terminal, and performs data on the data through the encryption unit. Encryption, for the Internet of Things, the IoT terminal does not need to configure encryption. All encryption settings are in the IoT repeater.
  • This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, One of the IoT repeaters can connect to many IoT terminals.
  • the IoT repeater configuration can also reduce the overall cost of the Internet of Things.
  • the computing power is generally stronger than that of IoT repeaters.
  • the Internet of Things terminal can reduce the delay of data transmission when running the encryption unit, reduce the delay of the network, and improve the user experience.
  • FIG. 6 is a method for controlling uplink type data encryption of an Internet of Things repeater according to the present invention.
  • the method is implemented in a network architecture as shown in FIG. 4, as shown in FIG.
  • Multiple IoT terminals can be connected under the repeater.
  • the IoT repeater can be a relay station. Of course, in practical applications, it can also be a router or other network device with wireless connection and data forwarding function, for example, hotspots are opened.
  • Step S601 The Internet of Things terminal sends a data packet to the Internet of Things relay.
  • the IoT terminal in the above step S601 may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions, such as a smart TV, a smart air conditioner, a smart water bottle, a smart light, a smart switch, or Some IoT smart devices.
  • the manner in which the Internet of Things terminal sends a data packet to the Internet of Things relay may be a method of sending a data packet by using a wireless connection, including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
  • a wireless connection including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
  • the Internet of Things and IoT repeaters here are only for wireless APs, because for the Internet of Things, the number of devices connected to them is large. For IoT repeaters, if they are connected by wire, First, the number of accesses of the Internet of Things repeater is limited, and for the home, wired connections are unimaginable for the wiring of the home users, and the cost of the cable is also very high, so the present invention
  • the connection between the Internet of Things terminal and the Internet of Things repeater in the technical solution is limited to wireless connection.
  • Step S602 the Internet of Things repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type;
  • the types of the Internet of Things terminals in the above step S602 can be set according to the situation of the device.
  • the types of the Internet of Things terminals can include: smart lights, smart TVs, smart cleaning devices, smart sleep devices, intelligent monitoring devices, etc.
  • the form of performance can be varied.
  • the smart electric light includes, but is not limited to, a smart table lamp, a smart ceiling lamp, a smart wall lamp, etc.
  • a smart TV it can be a Samsung smart TV.
  • it can also be a Sharp smart TV.
  • a smart cleaning device it can be a smart sweeping robot.
  • a smart vacuum cleaner for example, for a smart sleep device
  • It can be: a smart mattress, a smart sofa, etc., for example, for an intelligent monitoring device, or it can be an intelligent blood pressure meter, a smart thermometer, etc., the specific types and types of the above-mentioned Internet of Things terminals of the present invention. Not limited.
  • the specific implementation method for identifying the type of the Internet of Things terminal by the Internet of Things repeater in the above step S602 Can be:
  • the Internet of Things repeater identifies the type of the Internet of Things terminal through the identification of the Internet of Things terminal, including but not limited to: the media access address (English: Media Access Control, MAC) of the Internet of Things terminal, the IP address, or the Internet of Things terminal. Name and so on, of course, in practical applications, the AP20 and the Internet of Things terminal can also determine the type of the above-mentioned Internet of Things terminal through information interaction. As shown in FIG. 7, the flow of the information interaction may specifically be:
  • Step S701 The Internet of Things terminal sends a connection request to the Internet of Things repeater.
  • Step S702 the Internet of Things repeater returns a connection response to the Internet of Things terminal, and establishes a wireless connection with the Internet of Things terminal;
  • Step S703 the Internet of Things repeater sends the IoT terminal type table in the Internet of Things relay to the Internet of Things terminal through the wireless connection;
  • Step S704 The Internet of Things terminal searches for the type of the Internet of Things terminal that matches the self of the Internet of Things terminal type table;
  • Step S705 The Internet of Things terminal reports the type of the Internet of Things terminal to the Internet of Things repeater.
  • the type and encryption unit mapping table in the above steps are as shown in FIG. 5, and the foregoing mapping may be a one-to-one mapping, and may of course be a one-to-many mapping.
  • the cryptographic unit in the above step S602 may specifically be a hardware cryptographic unit disposed in the Internet of Things repeater, and includes an encryption algorithm preset by the manufacturer.
  • the cryptographic unit may also be configured in the Internet of Things relay.
  • the software encryption unit in the device does not limit the specific expression of the above encryption unit.
  • the foregoing encryption algorithm includes, but is not limited to, an encryption algorithm such as 3DES, MD5 or RSA, and the present invention is not limited to a specific encryption algorithm.
  • Step S603 the Internet of Things repeater generates a key pair, the secret key pair includes a private key and a public key, and the Internet of Things repeater uses a public key to encrypt the data packet according to the first encryption unit;
  • the implementation method of the foregoing step S603 may specifically be:
  • the first encryption unit is a 3DES encryption unit
  • the Internet of Things relay invokes the 3DES encryption unit to perform 3DES encryption processing on the data packet.
  • the AP 20 invokes the RAS encryption unit to perform RAS encryption processing on the data packet.
  • the Internet of Things repeater calls the MD5 encryption unit to perform MD5 encryption on the data packet. deal with.
  • Step S604 The Internet of Things relay sends the encrypted data packet to the wireless access controller through the first path, and the Internet of Things relay sends the private key to the wireless access controller through the second path.
  • the implementation method of the above step S604 can be:
  • the encrypted data packet is sent to the wireless access controller in another manner.
  • the Internet of Things terminal is connected to the AP through the WIFI, and then the AP20 can send the data packet to the wireless access controller by wire, of course, in practice.
  • the AP20 can also send the encrypted data packet to the radio access controller through Long Term Evolution (LTE).
  • LTE Long Term Evolution
  • the foregoing LTE or limited mode and the manner in which the Internet of Things terminal is connected to the AP through the WIFI are merely for illustrative purposes, and the present invention does not limit the specific manner of the foregoing connection.
  • the first path and the second path are different paths, and the first path may be calculated by using a different path algorithm, including but not limited to: a shortest path first algorithm or a shortest time delay first algorithm, of course, the first path And the second path may also be calculated by using different path algorithms.
  • the first path may be calculated by using a shortest path first algorithm
  • the second path may be calculated by a shortest delay first algorithm.
  • the IoT repeater queries the corresponding encryption unit according to the type of the Internet of Things terminal, and performs data on the data through the encryption unit. Encryption, for the Internet of Things, the IoT terminal does not need to configure encryption. All encryption settings are in the IoT repeater.
  • This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, One AP can connect to many IoT terminals, and the IoT repeater configuration can also reduce the overall cost of the Internet of Things.
  • the computing power is generally stronger than the IoT terminal.
  • the delay of data transmission can be reduced, the delay of the network can be reduced, and the user experience can be improved.
  • the method shown in FIG. 6 uses different paths when transmitting encrypted data packets and private keys, which increases the difficulty of information interception, which can further improve data security.
  • the present invention also provides a computer storage medium, wherein the computer storage medium can store a program, the program including any type of Internet of Things repeater described in the first aspect, based on type Some or all of the steps of the uplink data encryption control method.
  • FIG. 8 is an IoT repeater device 800 according to the present invention.
  • the device includes:
  • the receiving unit 801 is configured to receive a data packet sent by the Internet of Things terminal;
  • the identifying unit 802 is configured to identify a type of the Internet of Things terminal
  • the searching unit 803 is configured to query, according to the type, the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table;
  • the encryption unit 804 is configured to invoke the first encryption unit to perform encryption processing on the data packet.
  • the sending unit 805 is configured to send the encrypted data packet to the radio access controller.
  • the identifying unit 802 is specifically configured to identify, by using the identifier of the Internet of Things terminal, a type of the Internet of Things terminal.
  • the identifying unit 805 is specifically configured to send the IoT terminal type table to the Internet of Things terminal, and receive the IoT terminal type that is matched by the IoT terminal according to the IoT terminal type table.
  • the encryption unit 804 is specifically configured to invoke the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, perform subsequent steps. If the encryption is unsuccessful, the standby encryption unit pair of the first encryption unit is invoked. The data packet is subjected to an encryption process, and the alternate encryption unit identifier is added to the header extension field of the encrypted data packet.
  • the encryption unit 804 is specifically configured to: if the signal modulation mode of the data packet is obtained by parsing the data packet into a quadrature phase shift keying QPSK, obtain a phase number with energy in the QPSK, and obtain the phase
  • the value obtained by sequentially sorting the numbers is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
  • the encryption unit 804 is specifically configured to generate a key pair, where the key pair includes: a public key and a private key, and the data packet is encrypted by the first encryption unit by using a public key, where the sending unit uses The encrypted data packet is sent through the first path, and the private key is sent through the second path.
  • FIG. 9 is an Internet of Things repeater 900 provided by the present invention.
  • the Internet of Things relay can be a node deployed in an Internet system, and the Internet system can further include: an Internet of Things terminal and wireless access.
  • the controller, the Internet of Things repeater 900 includes but is not limited to: a computer, a server, etc., as shown in FIG. 9, the Internet of Things repeater 900 includes: a processor 901, a memory 902, and a transceiver 903 and bus 904.
  • the transceiver 903 is configured to transmit and receive data with an external device (eg, other devices in the interconnection system, including but not limited to: a repeater, a core network device, etc.).
  • the number of processors 901 in the Internet of Things repeater 900 may be one or more.
  • processor 901, memory 902, and transceiver 903 may be connected by a bus system or other means.
  • bus system or other means.
  • the program code can be stored in the memory 902.
  • the processor 901 is configured to call the program code stored in the memory 902, and is configured to perform the following operations:
  • the transceiver 903 is configured to receive a data packet sent by the Internet of Things terminal;
  • the processor 901 is configured to identify the type of the Internet of Things terminal, query the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type, and invoke the first encryption unit pair.
  • the data packet is encrypted.
  • the transceiver 903 is further configured to send the encrypted data packet to the wireless access controller.
  • processor 901 and the transceiver 903 can also be used to perform the refinement and the steps of the steps and steps in the embodiment shown in FIG. 3 or FIG. 6.
  • the processor 901 herein may be a processing component or a general term of multiple processing components.
  • the processing component may be a central processing unit (CPU), an application specific integrated circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present application.
  • CPU central processing unit
  • ASIC application specific integrated circuit
  • DSPs digital singal processors
  • FPGAs Field Programmable Gate Arrays
  • the memory 903 may be a storage device or a collective name of a plurality of storage elements, and is used to store executable program code or parameters, data, and the like required for the application running device to operate. And the memory 903 may include random access memory (RAM), and may also include non-volatile memory such as a magnetic disk memory, a flash memory, or the like.
  • RAM random access memory
  • non-volatile memory such as a magnetic disk memory, a flash memory, or the like.
  • the bus 904 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus.
  • ISA Industry Standard Architecture
  • PCI Peripheral Component
  • EISA Extended Industry Standard Architecture
  • the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 9. But it does not mean that there is only one bus or one type of bus.
  • the user equipment may also include input and output means coupled to bus 904 for connection to other portions, such as processor 901, via a bus.
  • the input/output device can provide an input interface for the operator, so that the operator can select the control item through the input interface, and can also be other interfaces through which other devices can be externally connected.
  • the program may be stored in a computer readable storage medium, and the storage medium may include: Flash disk, read-only memory (English: Read-Only Memory, referred to as: ROM), random accessor (English: Random Access Memory, referred to as: RAM), disk or optical disk.
  • ROM Read-Only Memory
  • RAM Random Access Memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

Disclosed in the present application is an encryption control method for type-based uplink data of an Internet of Things repeater, the method comprising the following steps: the Internet of Things repeater receiving a data packet sent by an Internet of Things terminal; the Internet of Things repeater identifying the type of the Internet of Things terminal, and querying, according to the type, a first encryption unit corresponding to the type from a preconfigured mapping table between types and encryption units; the Internet of Things repeater invoking the first encryption unit to encrypt the data packet; and the Internet of Things repeater sending the encrypted data packet to an Internet of Things access point. The present invention has the advantage of good user experience.

Description

物联网中继器基于类型的上行数据加密控制方法及装置Type-based uplink data encryption control method and device for internet of things repeater
本发明要求2017年7月20日递交的发明名称为“物联网中继器基于类型的上行数据加密控制方法及装置”的申请号201710593623.8的在先申请优先权,上述在先申请的内容以引入的方式并入本文本中。The present invention claims the prior application priority of the application No. 201710593623.8, entitled "IoT Repeater Type-Based Uplink Data Encryption Control Method and Apparatus", filed on July 20, 2017, the content of the above-mentioned prior application is introduced The way is incorporated into this text.
技术领域Technical field
本申请涉及通信领域,尤其涉及一种物联网中继器基于类型的上行数据加密控制方法及装置。The present application relates to the field of communications, and in particular, to an IoT repeater type-based uplink data encryption control method and apparatus.
背景技术Background technique
物联网是新一代信息技术的重要组成部分,也是“信息化”时代的重要发展阶段。其英文名称是:“Internet of things(IoT)”。顾名思义,物联网就是物物相连的互联网。这有两层意思:其一,物联网的核心和基础仍然是互联网,是在互联网基础上的延伸和扩展的网络;其二,其用户端延伸和扩展到了任何物品与物品之间,进行信息交换和通信,也就是物物相息。物联网通过智能感知、识别技术与普适计算等通信感知技术,广泛应用于网络的融合中,也因此被称为继计算机、互联网之后世界信息产业发展的第三次浪潮。物联网是互联网的应用拓展,与其说物联网是网络,不如说物联网是业务和应用。因此,应用创新是物联网发展的核心,以用户体验为核心的创新2.0是物联网发展的灵魂。The Internet of Things is an important part of the new generation of information technology, and an important stage of development in the era of "informatization." Its English name is: "Internet of things (IoT)". As the name suggests, the Internet of Things is the Internet that connects things. This has two meanings: First, the core and foundation of the Internet of Things is still the Internet, which is an extended and extended network based on the Internet; Second, its client extends and extends to any item and item for information. Exchange and communication, that is, things and things. The Internet of Things is widely used in the convergence of networks through communication-aware technologies such as intelligent sensing, identification technology and pervasive computing. It is also called the third wave of the development of the world information industry after computers and the Internet. The Internet of Things is the application expansion of the Internet. It is not so much that the Internet of Things is a network, but the Internet of Things is a business and application. Therefore, application innovation is the core of the development of the Internet of Things. Innovation 2.0 with user experience as the core is the soul of the development of the Internet of Things.
物联网解决的是物物之间的互联以及物物之间的数据交换,现有的物联网在联网时均基于物联网中继器将数据发送至物联网计入点(英文:access point,AP)来接入互联网,物联网的数据安全性较低,所以用户体验度低。The Internet of Things solves the interconnection between objects and the exchange of data between objects. The existing Internet of Things is based on IoT repeaters to send data to the IoT point of interest when it is connected to the Internet (English: access point, AP) to access the Internet, the data security of the Internet of Things is low, so the user experience is low.
发明内容Summary of the invention
本申请提供一种物联网中继器基于类型的上行数据加密控制方法。可以提高物联网数据的安全性,提高用户体验。The application provides an IoT repeater type-based uplink data encryption control method. It can improve the security of IoT data and improve the user experience.
第一方面,提供一种物联网中继器基于类型的上行数据加密控制方法,所 述方法包括如下步骤:In a first aspect, an uplink type data encryption control method for an Internet of Things repeater is provided. The method includes the following steps:
所述物联网中继器接收物联网终端发送的数据包;The Internet of Things relay receives a data packet sent by the Internet of Things terminal;
所述物联网中继器识别所述物联网终端的类型,依据所述类型在预先配置的类型与加密单元映射表中查询出所述类型对应的第一加密单元;The IoT repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type;
所述物联网中继器调用所述第一加密单元对所述数据包进行加密处理;The Internet of Things repeater invokes the first encryption unit to perform encryption processing on the data packet;
所述物联网中继器将加密处理后的数据包向物联网接入点发送。The IoT repeater sends the encrypted data packet to an IoT access point.
可选的,所述物联网中继器识别所述物联网终端的类型具体,包括:Optionally, the IoT repeater identifies the type of the Internet of Things terminal, including:
所述物联网中继器通过所述物联网终端的标识来识别物联网终端的类型;所述类型包括:智能电灯、智能电视、智能清扫设备、智能睡眠设备或智能监控设备。The Internet of Things repeater identifies the type of the Internet of Things terminal by the identifier of the Internet of Things terminal; the type includes: a smart light, a smart TV, a smart cleaning device, a smart sleep device, or an intelligent monitoring device.
可选的,所述物联网中继器识别所述物联网终端的类型具体,包括:Optionally, the IoT repeater identifies the type of the Internet of Things terminal, including:
所述物联网中继器向物联网终端发送物联网终端类型表,The Internet of Things repeater sends an IoT terminal type table to the Internet of Things terminal,
所述物联网中继器接收物联网终端发送的依据所述物联网终端类型表查找出与自身匹配的物联网终端类型。The Internet of Things relay receives the type of the Internet of Things terminal that is matched by the Internet of Things terminal type table according to the Internet of Things terminal type.
可选的,所述物联网中继器调用所述第一加密单元对所述数据包进行加密处理具体,包括:Optionally, the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
所述物联网中继器调用所述第一加密单元对所述数据包进行加密处理,如加密成功,进行后续步骤,如加密不成功,所述物联网中继器调用第一加密单元的备用加密单元对所述数据包进行加密处理,将采用备用加密单元标识添加到加密处理后的数据包的包头扩展字段。The IoT repeater invokes the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, the subsequent steps are performed. If the encryption is unsuccessful, the IoT repeater calls the standby of the first encryption unit. The encryption unit encrypts the data packet, and adds the alternate encryption unit identifier to the header extension field of the encrypted data packet.
可选的,所述物联网中继器调用所述第一加密单元对所述数据包进行加密处理具体,包括:Optionally, the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
如物联网中继器解析所述数据包得到所述数据包的信号调制方式为正交相移键控QPSK,则获取所述QPSK中具有能量的相位编号,将该相位编号按顺序排序得到的值作为秘钥,采用所述秘钥调用所述加密单元对所述数据包进行加密处理。If the IoT repeater parses the data packet to obtain a signal modulation mode of the data packet as quadrature phase shift keying QPSK, the phase number with energy in the QPSK is obtained, and the phase number is sequentially sorted. The value is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
可选的,所述方法还包括:Optionally, the method further includes:
所述物联网中继器生成密钥对,所述密钥对包括:公钥和私钥,所述物联网中继器采用公钥通过第一加密单元对数据包进行加密处理,将加密处理后的 数据包通过第一路径发送,将私钥通过第二路径发送。The IoT repeater generates a key pair, the key pair includes: a public key and a private key, and the IoT repeater encrypts the data packet by using the public key through the first encryption unit, and encrypts the data packet After The data packet is sent through the first path, and the private key is sent through the second path.
第二方面,提供一种物联网中继器基于类型的上行数据加密控制装置,所述装置包括:In a second aspect, an IoT repeater type-based uplink data encryption control apparatus is provided, the apparatus comprising:
接收单元,用于接收物联网终端发送的数据包;a receiving unit, configured to receive a data packet sent by the Internet of Things terminal;
识别单元,用于识别所述物联网终端的类型;An identification unit, configured to identify a type of the Internet of Things terminal;
查找单元,用于依据所述类型在预先配置的类型与加密单元映射表中查询出所述类型对应的第一加密单元;a searching unit, configured to query, according to the type, a first encryption unit corresponding to the type in a pre-configured type and an encryption unit mapping table;
加密单元,用于调用所述第一加密单元对所述数据包进行加密处理;An encryption unit, configured to invoke the first encryption unit to perform encryption processing on the data packet;
发送单元,用于将加密处理后的数据包向物联网接入点发送。The sending unit is configured to send the encrypted data packet to the Internet of Things access point.
可选的,所述识别单元具体,用于通过所述物联网终端的标识来识别物联网终端的类型;所述类型包括:智能电灯、智能电视、智能清扫设备、智能睡眠设备或智能监控设备。Optionally, the identifying unit is specifically configured to identify, by using an identifier of the Internet of Things terminal, a type of the Internet of Things terminal, where the type includes: a smart light, a smart television, a smart cleaning device, a smart sleep device, or an intelligent monitoring device. .
可选的,所述识别单元具体,用于向物联网终端发送物联网终端类型表,接收物联网终端发送的依据所述物联网终端类型表查找出与自身匹配的物联网终端类型。Optionally, the identifying unit is configured to send an IoT terminal type table to the Internet of Things terminal, and receive, by the IoT terminal, the IoT terminal type that matches the IoT terminal type table according to the IoT terminal type table.
可选的,所述加密单元具体,用于调用所述第一加密单元对所述数据包进行加密处理,如加密成功,进行后续步骤,如加密不成功,调用第一加密单元的备用加密单元对所述数据包进行加密处理,将采用备用加密单元标识添加到加密处理后的数据包的包头扩展字段。Optionally, the encryption unit is configured to invoke the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, perform subsequent steps. If the encryption is unsuccessful, the backup encryption unit of the first encryption unit is invoked. The data packet is encrypted, and the alternate encryption unit identifier is added to the header extension field of the encrypted data packet.
可选的,所述加密单元具体,用于如解析所述数据包得到所述数据包的信号调制方式为正交相移键控QPSK,则获取所述QPSK中具有能量的相位编号,将该相位编号按顺序排序得到的值作为秘钥,采用所述秘钥调用所述加密单元对所述数据包进行加密处理。Optionally, the cryptographic unit is configured to: if the signal modulation mode of the data packet is obtained by parsing the data packet into a quadrature phase shift keying QPSK, obtain a phase number with energy in the QPSK, The value obtained by sequentially sorting the phase numbers is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
可选的,所述加密单元具体,用于生成密钥对,所述密钥对包括:公钥和私钥,采用公钥通过第一加密单元对数据包进行加密处理,所述发送单元,用于将加密处理后的数据包通过第一路径发送,将私钥通过第二路径发送。Optionally, the encryption unit is specifically configured to generate a key pair, where the key pair includes: a public key and a private key, and the data packet is encrypted by the first encryption unit by using a public key, where the sending unit is configured to: The method is configured to send the encrypted data packet through the first path, and send the private key through the second path.
第三方面,提供一种计算机存储介质,其中,该计算机存储介质可存储有程序,该程序执行时包括上述第一方面记载的任何一种物联网中继器基于类型的上行数据加密控制方法的部分或全部步骤。 According to a third aspect, a computer storage medium is provided, wherein the computer storage medium may store a program, where the program is executed, including any one of the Internet of Things repeater type-based uplink data encryption control methods described in the first aspect. Some or all of the steps.
第四方面,提供一种接入点设备,所述接入点设备包括:一个或多个处理器、存储器、总线系统、收发器以及一个或多个程序,所述处理器、所述存储器和所述收发器通过所述总线系统相连;其中所述一个或多个程序被存储在所述存储器中,一个或多个程序包括指令,指令当被接入点执行时使接入点执行上述第一方面及第一方面全部可能设计提供的方法中的任意一种。In a fourth aspect, an access point device is provided, the access point device comprising: one or more processors, a memory, a bus system, a transceiver, and one or more programs, the processor, the memory, and The transceiver is coupled by the bus system; wherein the one or more programs are stored in the memory, the one or more programs including instructions that, when executed by an access point, cause an access point to perform the In one aspect and in the first aspect, it is entirely possible to design any of the methods provided.
本发明提供的技术方案的物联网终端将数据包发送至物联网中继器以后,物联网中继器依据物联网终端的类型查询出该类型对应的加密单元,通过该加密单元对数据进行加密,对于物联网来说,物联网终端无需对加密进行配置,所有的加密设置均在物联网中继器,此方式能够有效的降低物联网终端的成本,并且对于整个物联网来说,由于其一个物联网中继器下面可以连接众多的物联网终端,仅仅对物联网中继器配置也可以降低物联网整体的成本,另外,对于物联网中继器来说其计算的能力一般强于物联网终端,因此对运行加密单元时能够减少数据发送的延时,减少网络的时延,提高用户的体验。After the Internet of Things terminal of the technical solution provided by the present invention sends the data packet to the Internet of Things repeater, the Internet of Things repeater queries the corresponding encryption unit according to the type of the Internet of Things terminal, and encrypts the data through the encryption unit. For the Internet of Things, the IoT terminal does not need to configure encryption. All encryption settings are in the IoT repeater. This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, because of its An IoT repeater can connect to a large number of IoT terminals. The IoT repeater configuration can also reduce the overall cost of the Internet of Things. In addition, for IoT repeaters, the computing power is generally stronger than that of the IoT repeater. The networked terminal can reduce the delay of data transmission when running the encryption unit, reduce the delay of the network, and improve the user experience.
附图说明DRAWINGS
为了更清楚地说明本申请实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are some embodiments of the present application, Those skilled in the art can also obtain other drawings based on these drawings without paying any creative work.
图1是一种基于中继器的数据路由方法的流程示意图;1 is a schematic flow chart of a repeater-based data routing method;
图2是一种物联网终端向网关发送数据包的传输流程图;2 is a flow chart of transmission of a packet sent by an Internet of Things terminal to a gateway;
图3为网关将数据包发送至物联网终端的传输流程图Figure 3 is a transmission flow chart of the gateway transmitting the data packet to the Internet of Things terminal
图4是本申请一实施例提供的基于中继器的数据自动路由方法的流程示意图;4 is a schematic flowchart of a repeater-based data automatic routing method according to an embodiment of the present application;
图5是本申请一实施例的实现场景示意图;FIG. 5 is a schematic diagram of an implementation scenario of an embodiment of the present application; FIG.
图6是本申请另一实施例提供的基于中继器的数据自动路由方法的流程示意图;6 is a schematic flowchart of a repeater-based data automatic routing method according to another embodiment of the present application;
图7是本申请提供的一种基于中继器的数据自动路由装置的结构示意图;7 is a schematic structural diagram of a repeater-based data automatic routing apparatus provided by the present application;
图8是本申请提供的一种物联网中继器装置的结构示意图; 8 is a schematic structural diagram of an Internet of Things repeater device provided by the present application;
图9为本申请提供的一种物联网中继器的硬件结构示意图。FIG. 9 is a schematic structural diagram of hardware of an Internet of Things repeater provided by the present application.
具体实施方式Detailed ways
在更加详细地讨论示例性实施例之前应当提到的是,一些示例性实施例被描述成作为流程图描绘的处理或方法。虽然流程图将各项操作描述成顺序的处理,但是其中的许多操作可以被并行地、并发地或者同时实施。此外,各项操作的顺序可以被重新安排。当其操作完成时所述处理可以被终止,但是还可以具有未包括在附图中的附加步骤。所述处理可以对应于方法、函数、规程、子例程、子程序等等。Before discussing the exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as a process or method depicted as a flowchart. Although the flowcharts describe various operations as a sequential process, many of the operations can be implemented in parallel, concurrently or concurrently. In addition, the order of operations can be rearranged. The process may be terminated when its operation is completed, but may also have additional steps not included in the figures. The processing may correspond to methods, functions, procedures, subroutines, subroutines, and the like.
在上下文中所称“计算机设备”,也称为“电脑”,是指可以通过运行预定程序或指令来执行数值计算和/或逻辑计算等预定处理过程的智能电子设备,其可以包括处理器与存储器,由处理器执行在存储器中预存的存续指令来执行预定处理过程,或是由ASIC、FPGA、DSP等硬件执行预定处理过程,或是由上述二者组合来实现。计算机设备包括但不限于服务器、个人电脑、笔记本电脑、平板电脑、智能手机等。By "computer device", also referred to as "computer" in the context, is meant an intelligent electronic device that can perform predetermined processing, such as numerical calculations and/or logical calculations, by running a predetermined program or instruction, which can include a processor and The memory is executed by the processor to execute a predetermined process pre-stored in the memory to execute a predetermined process, or is executed by hardware such as an ASIC, an FPGA, a DSP, or the like, or a combination of the two. Computer devices include, but are not limited to, servers, personal computers, notebook computers, tablets, smart phones, and the like.
后面所讨论的方法(其中一些通过流程图示出)可以通过硬件、软件、固件、中间件、微代码、硬件描述语言或者其任意组合来实施。当用软件、固件、中间件或微代码来实施时,用以实施必要任务的程序代码或代码段可以被存储在机器或计算机可读介质(比如存储介质)中。(一个或多个)处理器可以实施必要的任务。The methods discussed below, some of which are illustrated by flowcharts, can be implemented in hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware or microcode, the program code or code segments to carry out the necessary tasks can be stored in a machine or computer readable medium, such as a storage medium. The processor(s) can perform the necessary tasks.
这里所公开的具体结构和功能细节仅仅是代表性的,并且是用于描述本发明的示例性实施例的目的。但是本发明可以通过许多替换形式来具体实现,并且不应当被解释成仅仅受限于这里所阐述的实施例。 The specific structural and functional details disclosed are merely representative and are for the purpose of describing exemplary embodiments of the invention. The present invention may, however, be embodied in many alternative forms and should not be construed as being limited only to the embodiments set forth herein.
应当理解的是,虽然在这里可能使用了术语“第一”、“第二”等等来描述各个单元,但是这些单元不应当受这些术语限制。使用这些术语仅仅是为了将一个单元与另一个单元进行区分。举例来说,在不背离示例性实施例的范围的情况下,第一单元可以被称为第二单元,并且类似地第二单元可以被称为第一单元。这里所使用的术语“和/或”包括其中一个或更多所列出的相关联项目的任意和所有组合。It should be understood that although the terms "first," "second," etc. may be used herein to describe the various elements, these elements should not be limited by these terms. These terms are used only to distinguish one unit from another. For example, a first unit could be termed a second unit, and similarly a second unit could be termed a first unit, without departing from the scope of the exemplary embodiments. The term "and/or" used herein includes any and all combinations of one or more of the associated listed items.
这里所使用的术语仅仅是为了描述具体实施例而不意图限制示例性实施例。除非上下文明确地另有所指,否则这里所使用的单数形式“一个”、“一项”还意图包括复数。还应当理解的是,这里所使用的术语“包括”和/或“包含”规定所陈述的特征、整数、步骤、操作、单元和/或组件的存在,而不排除存在或添加一个或更多其他特征、整数、步骤、操作、单元、组件和/或其组合。The terminology used herein is for the purpose of describing the particular embodiments, The singular forms "a", "an", It is also to be understood that the terms "comprising" and """ Other features, integers, steps, operations, units, components, and/or combinations thereof.
还应当提到的是,在一些替换实现方式中,所提到的功能/动作可以按照不同于附图中标示的顺序发生。举例来说,取决于所涉及的功能/动作,相继示出的两幅图实际上可以基本上同时执行或者有时可以按照相反的顺序来执行。It should also be noted that in some alternative implementations, the functions/acts noted may occur in a different order than that illustrated in the drawings. For example, two figures shown in succession may in fact be executed substantially concurrently or sometimes in the reverse order, depending on the function/acts involved.
下面结合附图对本发明作进一步详细描述。The invention is further described in detail below with reference to the accompanying drawings.
根据本发明的一个方面,提供了一种物联网AP的上行数据发送方法。其中,该方法应用在如图1所示的物联网络中,如图1所示,该物联网络包括:物联网终端10、物联网接入点AP20、物联网中继器40以及无线接入控制器30,上述物联网终端根据不同的情况可以具有不同的表现形式,例如该物联网终端具体可以为:手机、平板电脑、计算机等设备,当然其也可以包含带有联网功能的其他设备,例如智能电视、智能空调、智能水壶或一些物联网的智能 设备,上述物联网终端10通过无线方式与AP20连接,AP20通过另一种方式(即与无线方式不同的连接方式)与网关12接入互联网,上述无线方式包括但不限于:蓝牙、WIFI等方式,上述另一种方式可以为,LTE或有线方式。图1中以有线方式为示例,为了方便表示,这里仅以一根实线表示。According to an aspect of the present invention, an uplink data transmission method of an Internet of Things AP is provided. The method is applied to the object network shown in FIG. 1. As shown in FIG. 1, the object network includes: the Internet of Things terminal 10, the Internet of Things access point AP20, the Internet of Things repeater 40, and the wireless connection. In the controller 30, the above-mentioned Internet of Things terminal may have different expressions according to different situations. For example, the Internet of Things terminal may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions. Such as smart TV, smart air conditioner, smart water bottle or some intelligence of the Internet of Things The device, the IoT terminal 10 is connected to the AP 20 in a wireless manner, and the AP 20 accesses the Internet through the gateway 12 by using another method (that is, a connection mode different from the wireless mode). The wireless mode includes but is not limited to: Bluetooth, WIFI, and the like. The other way of the above may be LTE or wired. In Fig. 1, the wired mode is taken as an example, and for convenience of representation, only one solid line is shown here.
上述无线接入控制器30根据物联网的大小可以是一台个人电脑(英文:Personal computer,PC),当然在实际应用中,也可以是多台PC或服务器,本发明具体实施方式并不局限上述无线接入控制器的具体表现形式。The above-mentioned wireless access controller 30 may be a personal computer (PC) according to the size of the Internet of Things. Of course, in practical applications, it may also be multiple PCs or servers. The specific embodiment of the present invention is not limited. The specific manifestation of the above wireless access controller.
参阅图2,图2为物联网中继器的上行数据发送的传输流程图,如图2所示,该流程包括:Referring to FIG. 2, FIG. 2 is a transmission flow chart of uplink data transmission of an Internet of Things repeater. As shown in FIG. 2, the process includes:
步骤S201、物联网终端10将需要发送的数据包通过无线方式发送至物联网中继器;Step S201, the Internet of Things terminal 10 wirelessly transmits the data packet to be sent to the Internet of Things repeater;
步骤S202、物联网中继器将数据包发送至AP20;Step S202, the Internet of Things repeater sends the data packet to the AP20;
步骤S203、AP20将该数据包转发给无线接入控制器30。Step S203: The AP20 forwards the data packet to the radio access controller 30.
通过上述图1和图2的表示,在数据包的实际传输中,如果物联网中继器与无线接入控制器30之间出现泄密,那么对于发送的数据包由于没有经过相应的加密处理,所以很容易导致数据的泄漏,容易出现安全性问题。Through the above-mentioned representations of FIG. 1 and FIG. 2, in the actual transmission of the data packet, if there is a leak between the Internet of Things repeater and the wireless access controller 30, then the transmitted data packet is not subjected to corresponding encryption processing. Therefore, it is easy to cause data leakage and it is prone to security problems.
参阅图3,图3为本发明提供的一种物联网中继器基于类型的上行数据加密控制方法,该方法在如图4所示的网络构架下实现,如图4所示,一个AP20下可以连接多个物联网终端,该AP具体可以为中继站,当然在实际应用中也可以为路由器或其他的具有无线连接以及数据转发功能的网络设备,例如开通热点的手机、提供无线连接的个人电脑等设备,该方法如图3所示,包括如下步骤: Referring to FIG. 3, FIG. 3 is a schematic diagram of a type-based uplink data encryption control method for an Internet of Things repeater according to the present invention. The method is implemented in a network architecture as shown in FIG. 4, as shown in FIG. Multiple IoT terminals can be connected. The AP can be a relay station. Of course, in actual applications, it can also be a router or other network device with wireless connection and data forwarding function, such as a mobile phone that provides hotspots and a personal computer that provides wireless connection. Such equipment, as shown in Figure 3, includes the following steps:
步骤S301、物联网终端向物联网中继器发送数据包;Step S301: The Internet of Things terminal sends a data packet to the Internet of Things relay.
上述步骤S301中的物联网终端具体可以为:手机、平板电脑、计算机等设备,当然其也可以包含带有联网功能的其他设备,例如智能电视、智能空调、智能水壶、智能灯、智能开关或一些物联网的智能设备。The object-to-network terminal in the above step S301 may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions, such as a smart TV, a smart air conditioner, a smart water bottle, a smart light, a smart switch, or Some IoT smart devices.
上述步骤S301中物联网终端向物联网中继器发送数据包的方式可以为通过无线连接的方式发送数据包,该无线方式包括但不限于:蓝牙、无线保真(英文:Wireless Fidelity,WIFI)或Zigbee等无线方式,其中,上述WIFI需要遵守IEEE802.11b的标准。In the foregoing step S301, the manner in which the Internet of Things terminal sends a data packet to the Internet of Things relay may be a method of transmitting a data packet by using a wireless connection, including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
需要说明的是,这里的物联网以及物联网中继器仅仅只是针对无线物联网中继器,因为对于物联网来说,其接入的设备数量众多,对于物联网中继器来说,如果通过有线连接,首先物联网中继器的接入数量会有所限制,并且对于家庭来说,均用有线连接,对于家庭用户的布线来说是无法想象的,另外此有线的成本也非常高,所以本发明的技术方案中的中物联网终端与物联网中继器之间的连接仅限无线连接。It should be noted that the Internet of Things and IoT repeaters here are only for wireless IoT repeaters, because for the Internet of Things, the number of devices it accesses is large, for IoT repeaters, if With wired connections, the number of IoT repeaters will be limited first, and for the home, wired connections are unimaginable for home users' wiring, and the cost of this cable is also very high. Therefore, the connection between the Internet of Things terminal and the Internet of Things relay in the technical solution of the present invention is limited to a wireless connection.
步骤S302、物联网中继器识别该物联网终端的类型,依据该类型在预先配置的类型与加密单元映射表中查询出该类型对应的第一加密单元。Step S302: The Internet of Things repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type.
上述步骤S302中的物联网终端的类型各个厂家可以根据自行的情况进行设置,例如,该物联网终端的类型具体可以包括:智能电灯、智能电视、智能清扫设备、智能睡眠设备,智能监控设备等,其表现的形式可以为多种多样,例如对于智能电灯,该智能电灯包括但不限于:智能台灯,智能吸顶灯,智能壁灯等设备,例如对于智能电视来说,其可以为三星牌智能电视,当然其也可以为夏普牌智能电视,例如对于智能清扫设备来说,其可以为,智能扫地机器人,当然其还可以包括智能吸尘器、智能垃圾处理器等设备,例如对于智能睡眠设备来说,其可以为:智能床垫、智能沙发等设备,例如对智能监控设备来说或,其可以为,智能血压计,智能温度计等,本发明对上述物联网终端的具体类型以及类型的数量或种类并不限定。The types of the Internet of Things terminals in the above step S302 can be set according to the situation of the device. For example, the types of the Internet of Things terminals can include: smart lights, smart TVs, smart cleaning devices, smart sleep devices, intelligent monitoring devices, etc. The form of performance can be varied. For example, for a smart electric light, the smart electric light includes, but is not limited to, a smart table lamp, a smart ceiling lamp, a smart wall lamp, etc., for example, for a smart TV, it can be a Samsung smart TV. Of course, it can also be a Sharp smart TV. For example, for a smart cleaning device, it can be a smart sweeping robot. Of course, it can also include a smart vacuum cleaner, a smart garbage processor, etc., for example, for a smart sleep device, It can be: a smart mattress, a smart sofa, etc., for example, for an intelligent monitoring device, or it can be an intelligent blood pressure meter, a smart thermometer, etc., the specific types and types of the above-mentioned Internet of Things terminals of the present invention. Not limited.
上述步骤中的类型与加密单元映射表如图5所示,上述映射可以为一一映射,当然也可以为一对多映射等方式。The type and encryption unit mapping table in the above steps are as shown in FIG. 5, and the foregoing mapping may be a one-to-one mapping, and may of course be a one-to-many mapping.
上述步骤S302中的加密单元具体可以为设置在物联网中继器的硬件加密 单元,其包含厂家预设设置的加密算法,当然在实际应用中,上述加密单元还可以为配置在物联网中继器内的软件加密单元,本发明并不限制上述加密单元的具体表现形式。The encryption unit in the above step S302 may specifically be a hardware encryption set in the Internet of Things repeater. The unit includes an encryption algorithm preset by the manufacturer. Of course, in an actual application, the encryption unit may also be a software encryption unit configured in the Internet of Things repeater, and the present invention does not limit the specific expression of the encryption unit.
上述加密算法包括但不限于:三重数据加密算法块密码(英文:riple Data Encryption Algorithm,3DES)、消息摘要算法(英文:Message Digest Algorithm,MD5)或RSA(Rivest,Shamir,Adleman)等加密算法,本发明并不局限具体的加密算法。例如3DES是三重数据加密算法块密码的通称。它相当于是对每个数据块应用三次DES加密算法。由于计算机运算能力的增强,原版DES密码的密钥长度变得容易被暴力破解;3DES即是设计用来提供一种相对简单的方法,即通过增加DES的密钥长度来避免类似的攻击。The foregoing encryption algorithms include, but are not limited to, triple data encryption algorithm block cipher (English: riple Data Encryption Algorithm, 3DES), message digest algorithm (English: Message Digest Algorithm, MD5) or RSA (Rivest, Shamir, Adleman) and other encryption algorithms. The invention is not limited to specific encryption algorithms. For example, 3DES is a generic term for triple-data encryption algorithm block ciphers. It is equivalent to applying three DES encryption algorithms to each data block. Due to the increased computing power of the computer, the key length of the original DES password becomes vulnerable to brute force; 3DES is designed to provide a relatively simple method to avoid similar attacks by increasing the key length of DES.
步骤S303、物联网中继器调用第一加密单元对该数据包进行加密处理;Step S303: The Internet of Things repeater invokes the first encryption unit to perform encryption processing on the data packet.
上述步骤S303的实现方法具体可以为:The implementation method of the foregoing step S303 may specifically be:
例如,第一加密单元为3DES加密单元,则物联网中继器调用3DES加密单元对数据包进行3DES加密处理。例如第一加密单元为RAS加密单元,则物联网中继器调用RAS加密单元对数据包进行RAS加密处理。例如第一加密单元为MD5加密单元,则物联网中继器调用MD5加密单元对数据包进行MD5加密处理。For example, the first encryption unit is a 3DES encryption unit, and the Internet of Things relay invokes the 3DES encryption unit to perform 3DES encryption processing on the data packet. For example, the first encryption unit is a RAS encryption unit, and the Internet of Things relay invokes the RAS encryption unit to perform RAS encryption processing on the data packet. For example, if the first encryption unit is an MD5 encryption unit, the Internet of Things relay invokes the MD5 encryption unit to perform MD5 encryption processing on the data packet.
上述加密处理的具体方式可以参见3DES、RSA以及MD5的相关描述,这里不再赘述。For details about the encryption process, refer to related descriptions of 3DES, RSA, and MD5, and details are not described here.
上述步骤S303的实现方法具体可以为:The implementation method of the foregoing step S303 may specifically be:
物联网中继器调用第一加密单元对该数据包进行加密处理,如加密成功,进行后续步骤S304,如加密不成功,则调用第一加密单元的备用加密单元对该数据包进行加密处理,将采用备用加密单元标识添加到加密处理后的数据包的包头扩展字段。The IoT repeater invokes the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, the subsequent step S304 is performed. If the encryption is unsuccessful, the standby encryption unit of the first encryption unit is called to encrypt the data packet. The alternate encryption unit identifier is added to the header extension field of the encrypted packet.
步骤S304、物联网中继器将该加密处理后的数据包发送至无线接入控制器。Step S304: The Internet of Things relay sends the encrypted data packet to the wireless access controller.
上述步骤S304的实现方法可以为:The implementation method of the above step S304 can be:
通过另一种方式将加密处理的数据包发送至无线接入控制器,例如,物联网终端通过WIFI与AP连接,那么AP20可以通过有线方式将数据包发送至 无线接入控制器,当然在实际应用中,AP20也可以通过长期演进(英文:Long Term Evolution,LTE)将加密处理后的数据包发送至无线接入控制器。当然上述LTE或有限方式以及物联网终端通过WIFI与AP连接的方式仅仅为了举例说明,本发明并不局限上述连接的具体方式。The encrypted data packet is sent to the wireless access controller in another manner. For example, if the Internet of Things terminal is connected to the AP through the WIFI, the AP 20 can send the data packet to the wired device to The radio access controller, of course, in practical applications, the AP 20 can also send the encrypted data packet to the radio access controller through Long Term Evolution (LTE). Of course, the foregoing LTE or limited mode and the manner in which the Internet of Things terminal is connected to the AP through the WIFI are merely for illustrative purposes, and the present invention does not limit the specific manner of the foregoing connection.
可选的,所述物联网中继器调用所述第一加密单元对所述数据包进行加密处理具体,包括:Optionally, the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
如物联网中继器解析所述数据包得到所述数据包的信号调制方式为正交相移键控(Quadrature Phase Shift Keying,QPSK),则获取所述QPSK中具有能量的相位编号,将该相位编号按顺序排序得到的值作为秘钥,采用所述秘钥调用所述加密单元对所述数据包进行加密处理。If the IoT repeater parses the data packet to obtain a signal modulation mode of the data packet, which is Quadrature Phase Shift Keying (QPSK), obtain a phase number with energy in the QPSK, and The value obtained by sequentially sorting the phase numbers is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
上述具有能量的相位编号指的是QPSK子载波的具有能量,即该子载波传递数字1,其对应的相位编号具体可以为,其相位的排号,例如第一相位排号为1,第二相位排号为2,第15相位的排号为15,采用此方式得到秘钥增加秘钥被破译的难度,进一步提高安全性。The phase number with energy refers to the energy of the QPSK subcarrier, that is, the subcarrier transmits the number 1, and the corresponding phase number may specifically be the phase number of the phase, for example, the first phase row number is 1, the second The phase number is 2, and the 15th phase has a row number of 15. In this way, it is difficult to obtain a secret key to be decrypted, and the security is further improved.
依据如图3提供的方法,物联网终端将数据包发送至物联网中继器以后,物联网中继器依据物联网终端的类型查询出该类型对应的加密单元,通过该加密单元对数据进行加密,对于物联网来说,物联网终端无需对加密进行配置,所有的加密设置均在物联网中继器,此方式能够有效的降低物联网终端的成本,并且对于整个物联网来说,由于其一个物联网中继器下面可以连接众多的物联网终端,仅仅对物联网中继器配置也可以降低物联网整体的成本,另外,对于物联网中继器来说其计算的能力一般强于物联网终端,那么对运行加密单元时能够减少数据发送的延时,减少网络的时延,提高用户的体验。According to the method provided in FIG. 3, after the Internet of Things terminal sends the data packet to the Internet of Things repeater, the IoT repeater queries the corresponding encryption unit according to the type of the Internet of Things terminal, and performs data on the data through the encryption unit. Encryption, for the Internet of Things, the IoT terminal does not need to configure encryption. All encryption settings are in the IoT repeater. This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, One of the IoT repeaters can connect to many IoT terminals. The IoT repeater configuration can also reduce the overall cost of the Internet of Things. In addition, for IoT repeaters, the computing power is generally stronger than that of IoT repeaters. The Internet of Things terminal can reduce the delay of data transmission when running the encryption unit, reduce the delay of the network, and improve the user experience.
参阅图6,图6为本发明提供的一种物联网中继器基于类型的上行数据加密控制方法,该方法在如图4所示的网络构架下实现,如图4所示,一个物联网中继器下可以连接多个物联网终端,该物联网中继器具体可以为中继站,当然在实际应用中也可以为路由器或其他的具有无线连接以及数据转发功能的网络设备,例如开通热点的手机、提供无线连接的个人电脑等设备,该方法如 图6所示,包括如下步骤:Referring to FIG. 6, FIG. 6 is a method for controlling uplink type data encryption of an Internet of Things repeater according to the present invention. The method is implemented in a network architecture as shown in FIG. 4, as shown in FIG. Multiple IoT terminals can be connected under the repeater. The IoT repeater can be a relay station. Of course, in practical applications, it can also be a router or other network device with wireless connection and data forwarding function, for example, hotspots are opened. Mobile phones, personal computers and other devices that provide wireless connectivity, such as As shown in Figure 6, the following steps are included:
步骤S601、物联网终端向物联网中继器发送数据包;Step S601: The Internet of Things terminal sends a data packet to the Internet of Things relay.
上述步骤S601中的物联网终端具体可以为:手机、平板电脑、计算机等设备,当然其也可以包含带有联网功能的其他设备,例如智能电视、智能空调、智能水壶、智能灯、智能开关或一些物联网的智能设备。The IoT terminal in the above step S601 may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions, such as a smart TV, a smart air conditioner, a smart water bottle, a smart light, a smart switch, or Some IoT smart devices.
上述步骤S601中物联网终端向物联网中继器发送数据包的方式可以为通过无线连接的方式发送数据包,该无线方式包括但不限于:蓝牙、无线保真(英文:Wireless Fidelity,WIFI)或Zigbee等无线方式,其中,上述WIFI需要遵守IEEE802.11b的标准。In the foregoing step S601, the manner in which the Internet of Things terminal sends a data packet to the Internet of Things relay may be a method of sending a data packet by using a wireless connection, including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
需要说明的是,这里的物联网以及物联网中继器仅仅只是针对无线AP,因为对于物联网来说,其接入的设备数量众多,对于物联网中继器来说,如果通过有线连接,首先物联网中继器的接入数量会有所限制,并且对于家庭来说,均用有线连接,对于家庭用户的布线来说是无法想象的,另外此有线的成本也非常高,所以本发明的技术方案中的中物联网终端与物联网中继器之间的连接仅限无线连接。It should be noted that the Internet of Things and IoT repeaters here are only for wireless APs, because for the Internet of Things, the number of devices connected to them is large. For IoT repeaters, if they are connected by wire, First, the number of accesses of the Internet of Things repeater is limited, and for the home, wired connections are unimaginable for the wiring of the home users, and the cost of the cable is also very high, so the present invention The connection between the Internet of Things terminal and the Internet of Things repeater in the technical solution is limited to wireless connection.
步骤S602、物联网中继器识别该物联网终端的类型,依据该类型在预先配置的类型与加密单元映射表中查询出该类型对应的第一加密单元;Step S602, the Internet of Things repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type;
上述步骤S602中的物联网终端的类型各个厂家可以根据自行的情况进行设置,例如,该物联网终端的类型具体可以包括:智能电灯、智能电视、智能清扫设备、智能睡眠设备,智能监控设备等,其表现的形式可以为多种多样,例如对于智能电灯,该智能电灯包括但不限于:智能台灯,智能吸顶灯,智能壁灯等设备,例如对于智能电视来说,其可以为三星牌智能电视,当然其也可以为夏普牌智能电视,例如对于智能清扫设备来说,其可以为,智能扫地机器人,当然其还可以包括智能吸尘器、智能垃圾处理器等设备,例如对于智能睡眠设备来说,其可以为:智能床垫、智能沙发等设备,例如对智能监控设备来说或,其可以为,智能血压计,智能温度计等,本发明对上述物联网终端的具体类型以及类型的数量或种类并不限定。The types of the Internet of Things terminals in the above step S602 can be set according to the situation of the device. For example, the types of the Internet of Things terminals can include: smart lights, smart TVs, smart cleaning devices, smart sleep devices, intelligent monitoring devices, etc. The form of performance can be varied. For example, for a smart electric light, the smart electric light includes, but is not limited to, a smart table lamp, a smart ceiling lamp, a smart wall lamp, etc., for example, for a smart TV, it can be a Samsung smart TV. Of course, it can also be a Sharp smart TV. For example, for a smart cleaning device, it can be a smart sweeping robot. Of course, it can also include a smart vacuum cleaner, a smart garbage processor, etc., for example, for a smart sleep device, It can be: a smart mattress, a smart sofa, etc., for example, for an intelligent monitoring device, or it can be an intelligent blood pressure meter, a smart thermometer, etc., the specific types and types of the above-mentioned Internet of Things terminals of the present invention. Not limited.
上述步骤S602中物联网中继器识别该物联网终端的类型的具体实现方法 可以为:The specific implementation method for identifying the type of the Internet of Things terminal by the Internet of Things repeater in the above step S602 Can be:
物联网中继器通过物联网终端的标识来识别物联网终端的类型,该标识包括但不限于:物联网终端的媒体访问地址(英文:Media Access Control,MAC)、IP地址或物联网终端的名称等等,当然在实际应用中,AP20和物联网终端之间也可以通过信息交互来确定上述物联网终端的类型,如图7所示,该信息交互的流程具体可以为:The Internet of Things repeater identifies the type of the Internet of Things terminal through the identification of the Internet of Things terminal, including but not limited to: the media access address (English: Media Access Control, MAC) of the Internet of Things terminal, the IP address, or the Internet of Things terminal. Name and so on, of course, in practical applications, the AP20 and the Internet of Things terminal can also determine the type of the above-mentioned Internet of Things terminal through information interaction. As shown in FIG. 7, the flow of the information interaction may specifically be:
步骤S701、物联网终端向物联网中继器发送连接请求,Step S701: The Internet of Things terminal sends a connection request to the Internet of Things repeater.
步骤S702、物联网中继器向物联网终端返回连接响应,建立与物联网终端的无线连接;Step S702, the Internet of Things repeater returns a connection response to the Internet of Things terminal, and establishes a wireless connection with the Internet of Things terminal;
步骤S703、物联网中继器通过该无线连接将物联网中继器内的物联网终端类型表下发给物联网终端;Step S703, the Internet of Things repeater sends the IoT terminal type table in the Internet of Things relay to the Internet of Things terminal through the wireless connection;
步骤S704、物联网终端从该物联网终端类型表中查找出与自身匹配的物联网终端类型;Step S704: The Internet of Things terminal searches for the type of the Internet of Things terminal that matches the self of the Internet of Things terminal type table;
步骤S705、物联网终端将该物联网终端类型上报给物联网中继器。Step S705: The Internet of Things terminal reports the type of the Internet of Things terminal to the Internet of Things repeater.
上述步骤中的类型与加密单元映射表如图5所示,上述映射可以为一一映射,当然也可以为一对多映射等方式。The type and encryption unit mapping table in the above steps are as shown in FIG. 5, and the foregoing mapping may be a one-to-one mapping, and may of course be a one-to-many mapping.
上述步骤S602中的加密单元具体可以为设置在物联网中继器的硬件加密单元,其包含厂家预设设置的加密算法,当然在实际应用中,上述加密单元还可以为配置在物联网中继器内的软件加密单元,本发明并不限制上述加密单元的具体表现形式。The cryptographic unit in the above step S602 may specifically be a hardware cryptographic unit disposed in the Internet of Things repeater, and includes an encryption algorithm preset by the manufacturer. Of course, in an actual application, the cryptographic unit may also be configured in the Internet of Things relay. The software encryption unit in the device does not limit the specific expression of the above encryption unit.
上述加密算法包括但不限于:3DES、MD5或RSA等加密算法,本发明并不局限具体的加密算法。The foregoing encryption algorithm includes, but is not limited to, an encryption algorithm such as 3DES, MD5 or RSA, and the present invention is not limited to a specific encryption algorithm.
步骤S603、物联网中继器生成密钥对,该秘钥对包含私钥和公钥,物联网中继器采用公钥依据第一加密单元对该数据包进行加密处理;Step S603, the Internet of Things repeater generates a key pair, the secret key pair includes a private key and a public key, and the Internet of Things repeater uses a public key to encrypt the data packet according to the first encryption unit;
上述步骤S603的实现方法具体可以为:The implementation method of the foregoing step S603 may specifically be:
例如,第一加密单元为3DES加密单元,则物联网中继器调用3DES加密单元对数据包进行3DES加密处理。例如第一加密单元为RAS加密单元,则AP20调用RAS加密单元对数据包进行RAS加密处理。例如第一加密单元为MD5加密单元,则物联网中继器调用MD5加密单元对数据包进行MD5加密 处理。For example, the first encryption unit is a 3DES encryption unit, and the Internet of Things relay invokes the 3DES encryption unit to perform 3DES encryption processing on the data packet. For example, if the first encryption unit is a RAS encryption unit, the AP 20 invokes the RAS encryption unit to perform RAS encryption processing on the data packet. For example, if the first encryption unit is an MD5 encryption unit, the Internet of Things repeater calls the MD5 encryption unit to perform MD5 encryption on the data packet. deal with.
上述加密处理的具体方式可以参见3DES、RSA以及MD5的相关描述,这里不再赘述。For details about the encryption process, refer to related descriptions of 3DES, RSA, and MD5, and details are not described here.
步骤S604、物联网中继器将该加密处理后的数据包通过第一路径发送至无线接入控制器,物联网中继器将私钥通过第二路径发送至无线接入控制器。Step S604: The Internet of Things relay sends the encrypted data packet to the wireless access controller through the first path, and the Internet of Things relay sends the private key to the wireless access controller through the second path.
上述步骤S604的实现方法可以为:The implementation method of the above step S604 can be:
通过另一种方式将加密处理的数据包发送至无线接入控制器,例如,物联网终端通过WIFI与AP连接,那么AP20可以通过有线方式将数据包发送至无线接入控制器,当然在实际应用中,AP20也可以通过长期演进(英文:Long Term Evolution,LTE)将加密处理后的数据包发送至无线接入控制器。当然上述LTE或有限方式以及物联网终端通过WIFI与AP连接的方式仅仅为了举例说明,本发明并不局限上述连接的具体方式。The encrypted data packet is sent to the wireless access controller in another manner. For example, the Internet of Things terminal is connected to the AP through the WIFI, and then the AP20 can send the data packet to the wireless access controller by wire, of course, in practice. In the application, the AP20 can also send the encrypted data packet to the radio access controller through Long Term Evolution (LTE). Of course, the foregoing LTE or limited mode and the manner in which the Internet of Things terminal is connected to the AP through the WIFI are merely for illustrative purposes, and the present invention does not limit the specific manner of the foregoing connection.
上述第一路径和第二路径为不同的路径,上述第一路径可以通过不同的路径算法计算出来,该路径算法包括但不限于:最短路径优先算法或最短时延优先算法,当然上述第一路径以及第二路径也可以通过不同的路径算法计算处理,例如,第一路径可以采用最短路径优先算法计算出来,第二路径可以通过最短时延优先算法计算出来。The first path and the second path are different paths, and the first path may be calculated by using a different path algorithm, including but not limited to: a shortest path first algorithm or a shortest time delay first algorithm, of course, the first path And the second path may also be calculated by using different path algorithms. For example, the first path may be calculated by using a shortest path first algorithm, and the second path may be calculated by a shortest delay first algorithm.
依据如图6提供的方法,物联网终端将数据包发送至物联网中继器以后,物联网中继器依据物联网终端的类型查询出该类型对应的加密单元,通过该加密单元对数据进行加密,对于物联网来说,物联网终端无需对加密进行配置,所有的加密设置均在物联网中继器,此方式能够有效的降低物联网终端的成本,并且对于整个物联网来说,由于其一个AP下面可以连接众多的物联网终端,仅仅对物联网中继器配置也可以降低物联网整体的成本,另外,对于物联网中继器来说其计算的能力一般强于物联网终端,那么对运行加密单元时能够减少数据发送的延时,减少网络的时延,提高用户的体验。如图6所示的方法在发送加密数据包和私钥时采用不同的路径发送,这样增加了信息拦截的难度,这样能够进一步提高数据的安全性。According to the method provided in FIG. 6, after the Internet of Things terminal sends the data packet to the Internet of Things repeater, the IoT repeater queries the corresponding encryption unit according to the type of the Internet of Things terminal, and performs data on the data through the encryption unit. Encryption, for the Internet of Things, the IoT terminal does not need to configure encryption. All encryption settings are in the IoT repeater. This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, One AP can connect to many IoT terminals, and the IoT repeater configuration can also reduce the overall cost of the Internet of Things. In addition, for IoT repeaters, the computing power is generally stronger than the IoT terminal. Then, when running the encryption unit, the delay of data transmission can be reduced, the delay of the network can be reduced, and the user experience can be improved. The method shown in FIG. 6 uses different paths when transmitting encrypted data packets and private keys, which increases the difficulty of information interception, which can further improve data security.
本发明还提供一种计算机存储介质,其中,该计算机存储介质可存储有程序,该程序执行时包括上述第一方面记载的任何一种物联网中继器基于类型的 上行数据加密控制方法的部分或全部步骤。The present invention also provides a computer storage medium, wherein the computer storage medium can store a program, the program including any type of Internet of Things repeater described in the first aspect, based on type Some or all of the steps of the uplink data encryption control method.
参阅图8,图8为本发明提供的一种物联网中继器装置800,所述装置包括:Referring to FIG. 8, FIG. 8 is an IoT repeater device 800 according to the present invention. The device includes:
接收单元801,用于接收物联网终端发送的数据包;The receiving unit 801 is configured to receive a data packet sent by the Internet of Things terminal;
识别单元802,用于识别所述物联网终端的类型;The identifying unit 802 is configured to identify a type of the Internet of Things terminal;
查找单元803,用于依据所述类型在预先配置的类型与加密单元映射表中查询出所述类型对应的第一加密单元;The searching unit 803 is configured to query, according to the type, the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table;
加密单元804,用于调用所述第一加密单元对所述数据包进行加密处理;The encryption unit 804 is configured to invoke the first encryption unit to perform encryption processing on the data packet.
发送单元805,用于将加密处理后的数据包发送至无线接入控制器。The sending unit 805 is configured to send the encrypted data packet to the radio access controller.
可选的,识别单元802具体,用于通过所述物联网终端的标识来识别物联网终端的类型。Optionally, the identifying unit 802 is specifically configured to identify, by using the identifier of the Internet of Things terminal, a type of the Internet of Things terminal.
可选的,识别单元805具体,用于向物联网终端发送物联网终端类型表,接收物联网终端发送的依据所述物联网终端类型表查找出与自身匹配的物联网终端类型。Optionally, the identifying unit 805 is specifically configured to send the IoT terminal type table to the Internet of Things terminal, and receive the IoT terminal type that is matched by the IoT terminal according to the IoT terminal type table.
可选的,加密单元804具体,用于调用所述第一加密单元对所述数据包进行加密处理,如加密成功,进行后续步骤,如加密不成功,调用第一加密单元的备用加密单元对所述数据包进行加密处理,将采用备用加密单元标识添加到加密处理后的数据包的包头扩展字段。Optionally, the encryption unit 804 is specifically configured to invoke the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, perform subsequent steps. If the encryption is unsuccessful, the standby encryption unit pair of the first encryption unit is invoked. The data packet is subjected to an encryption process, and the alternate encryption unit identifier is added to the header extension field of the encrypted data packet.
可选的,加密单元804具体,用于如解析所述数据包得到所述数据包的信号调制方式为正交相移键控QPSK,则获取所述QPSK中具有能量的相位编号,将该相位编号按顺序排序得到的值作为秘钥,采用所述秘钥调用所述加密单元对所述数据包进行加密处理。Optionally, the encryption unit 804 is specifically configured to: if the signal modulation mode of the data packet is obtained by parsing the data packet into a quadrature phase shift keying QPSK, obtain a phase number with energy in the QPSK, and obtain the phase The value obtained by sequentially sorting the numbers is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
可选的,加密单元804具体,用于生成密钥对,所述密钥对包括:公钥和私钥,采用公钥通过第一加密单元对数据包进行加密处理,所述发送单元,用于将加密处理后的数据包通过第一路径发送,将私钥通过第二路径发送。Optionally, the encryption unit 804 is specifically configured to generate a key pair, where the key pair includes: a public key and a private key, and the data packet is encrypted by the first encryption unit by using a public key, where the sending unit uses The encrypted data packet is sent through the first path, and the private key is sent through the second path.
参阅图9,图9为本发明提供的一种物联网中继器900,该物联网中继器可以为部署在互联网系统中的一个节点,互联网系统还可以包括:物联网终端和无线接入控制器,该物联网中继器900包括但不限于:计算机、服务器等设备,如图9所示,该物联网中继器900包括:处理器901、存储器902、收发 器903和总线904。收发器903用于与外部设备(例如互联系统中的其他设备,包括但不限于:中继器,核心网设备等)之间收发数据。物联网中继器900中的处理器901的数量可以是一个或多个。本申请的一些实施例中,处理器901、存储器902和收发器903可通过总线系统或其他方式连接。关于本实施例涉及的术语的含义以及举例,可以参考图3或图6对应的实施例,此处不再赘述。Referring to FIG. 9, FIG. 9 is an Internet of Things repeater 900 provided by the present invention. The Internet of Things relay can be a node deployed in an Internet system, and the Internet system can further include: an Internet of Things terminal and wireless access. The controller, the Internet of Things repeater 900 includes but is not limited to: a computer, a server, etc., as shown in FIG. 9, the Internet of Things repeater 900 includes: a processor 901, a memory 902, and a transceiver 903 and bus 904. The transceiver 903 is configured to transmit and receive data with an external device (eg, other devices in the interconnection system, including but not limited to: a repeater, a core network device, etc.). The number of processors 901 in the Internet of Things repeater 900 may be one or more. In some embodiments of the present application, processor 901, memory 902, and transceiver 903 may be connected by a bus system or other means. For the meanings and examples of the terms involved in this embodiment, reference may be made to the corresponding embodiment of FIG. 3 or FIG. 6 , and details are not described herein again.
其中,存储器902中可以存储程序代码。处理器901用于调用存储器902中存储的程序代码,用于执行以下操作:The program code can be stored in the memory 902. The processor 901 is configured to call the program code stored in the memory 902, and is configured to perform the following operations:
收发器903,用于接收物联网终端发送的数据包;The transceiver 903 is configured to receive a data packet sent by the Internet of Things terminal;
处理器901,用于识别所述物联网终端的类型,依据所述类型在预先配置的类型与加密单元映射表中查询出所述类型对应的第一加密单元,调用所述第一加密单元对所述数据包进行加密处理。The processor 901 is configured to identify the type of the Internet of Things terminal, query the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type, and invoke the first encryption unit pair. The data packet is encrypted.
收发器903,还用于将加密处理后的数据包发送至无线接入控制器。The transceiver 903 is further configured to send the encrypted data packet to the wireless access controller.
可选的,处理器901、收发器903,还可以用于执行如图3或如图6所示实施例中的步骤以及步骤的细化方案以及可选方案。Optionally, the processor 901 and the transceiver 903 can also be used to perform the refinement and the steps of the steps and steps in the embodiment shown in FIG. 3 or FIG. 6.
需要说明的是,这里的处理器901可以是一个处理元件,也可以是多个处理元件的统称。例如,该处理元件可以是中央处理器(Central Processing Unit,CPU),也可以是特定集成电路(Application Specific Integrated Circuit,ASIC),或者是被配置成实施本申请实施例的一个或多个集成电路,例如:一个或多个微处理器(digital singnal processor,DSP),或,一个或者多个现场可编程门阵列(Field Programmable Gate Array,FPGA)。It should be noted that the processor 901 herein may be a processing component or a general term of multiple processing components. For example, the processing component may be a central processing unit (CPU), an application specific integrated circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present application. For example, one or more digital singal processors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs).
存储器903可以是一个存储装置,也可以是多个存储元件的统称,且用于存储可执行程序代码或应用程序运行装置运行所需要参数、数据等。且存储器903可以包括随机存储器(RAM),也可以包括非易失性存储器(non-volatile memory),例如磁盘存储器,闪存(Flash)等。The memory 903 may be a storage device or a collective name of a plurality of storage elements, and is used to store executable program code or parameters, data, and the like required for the application running device to operate. And the memory 903 may include random access memory (RAM), and may also include non-volatile memory such as a magnetic disk memory, a flash memory, or the like.
总线904可以是工业标准体系结构(Industry Standard Architecture,ISA)总线、外部设备互连(Peripheral Component,PCI)总线或扩展工业标准体系结构(Extended Industry Standard Architecture,EISA)总线等。该总线可以分为地址总线、数据总线、控制总线等。为便于表示,图9中仅用一条粗线表示, 但并不表示仅有一根总线或一种类型的总线。The bus 904 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus. The bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 9. But it does not mean that there is only one bus or one type of bus.
该用户设备还可以包括输入输出装置,连接于总线904,以通过总线与处理器901等其它部分连接。该输入输出装置可以为操作人员提供一输入界面,以便操作人员通过该输入界面选择布控项,还可以是其它接口,可通过该接口外接其它设备。The user equipment may also include input and output means coupled to bus 904 for connection to other portions, such as processor 901, via a bus. The input/output device can provide an input interface for the operator, so that the operator can select the control item through the input interface, and can also be other interfaces through which other devices can be externally connected.
需要说明的是,对于前述的各个方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的动作顺序的限制,因为依据本申请,某一些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本申请所必须的。It should be noted that, for the foregoing various method embodiments, for the sake of brevity, they are all described as a series of action combinations, but those skilled in the art should understand that the present application is not limited by the described action sequence. Because some steps may be performed in other orders or concurrently in accordance with the present application. In the following, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present application.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详细描述的部分,可以参见其他实施例的相关描述。In the above embodiments, the descriptions of the various embodiments are different, and the parts that are not described in detail in a certain embodiment can be referred to the related descriptions of other embodiments.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:闪存盘、只读存储器(英文:Read-Only Memory,简称:ROM)、随机存取器(英文:Random Access Memory,简称:RAM)、磁盘或光盘等。A person skilled in the art may understand that all or part of the various steps of the foregoing embodiments may be performed by a program to instruct related hardware. The program may be stored in a computer readable storage medium, and the storage medium may include: Flash disk, read-only memory (English: Read-Only Memory, referred to as: ROM), random accessor (English: Random Access Memory, referred to as: RAM), disk or optical disk.
以上对本申请实施例所提供的内容下载方法及相关设备、系统进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。 The content downloading method and the related device and system provided by the embodiments of the present application are described in detail. The principles and implementation manners of the present application are described in the specific examples. The description of the above embodiments is only used to help understand the present application. The method of application and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present application, there will be changes in the specific implementation manner and application scope. In summary, the content of this specification should not be understood. To limit the application.

Claims (12)

  1. 一种物联网中继器基于类型的上行数据加密控制方法,其特征在于,所述方法包括如下步骤:An IoT repeater type-based uplink data encryption control method, characterized in that the method comprises the following steps:
    所述物联网中继器接收物联网终端发送的数据包;The Internet of Things relay receives a data packet sent by the Internet of Things terminal;
    所述物联网中继器识别所述物联网终端的类型,依据所述类型在预先配置的类型与加密单元映射表中查询出所述类型对应的第一加密单元;The IoT repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type;
    所述物联网中继器调用所述第一加密单元对所述数据包进行加密处理;The Internet of Things repeater invokes the first encryption unit to perform encryption processing on the data packet;
    所述物联网中继器将加密处理后的数据包向物联网接入点发送。The IoT repeater sends the encrypted data packet to an IoT access point.
  2. 根据权利要求1所述的方法,其特征在于,所述物联网中继器识别所述物联网终端的类型具体,包括:The method according to claim 1, wherein the Internet of Things relay identifies the type of the Internet of Things terminal, including:
    所述物联网中继器通过所述物联网终端的标识来识别物联网终端的类型,所述类型包括:智能电灯、智能电视、智能清扫设备、智能睡眠设备或智能监控设备。The Internet of Things repeater identifies the type of the Internet of Things terminal by the identifier of the Internet of Things terminal, and the type includes: a smart light, a smart TV, a smart cleaning device, a smart sleep device, or an intelligent monitoring device.
  3. 根据权利要求1所述的方法,其特征在于,所述物联网中继器识别所述物联网终端的类型具体,包括:The method according to claim 1, wherein the Internet of Things relay identifies the type of the Internet of Things terminal, including:
    所述物联网中继器向物联网终端发送物联网终端类型表,The Internet of Things repeater sends an IoT terminal type table to the Internet of Things terminal,
    所述物联网中继器接收物联网终端发送的依据所述物联网终端类型表查找出与自身匹配的物联网终端类型。The Internet of Things relay receives the type of the Internet of Things terminal that is matched by the Internet of Things terminal type table according to the Internet of Things terminal type.
  4. 根据权要求1所述的方法,其特征在于,所述物联网中继器调用所述第一加密单元对所述数据包进行加密处理具体,包括:The method of claim 1, wherein the object-to-network repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
    所述物联网中继器调用所述第一加密单元对所述数据包进行加密处理,如加密成功,进行后续步骤,如加密不成功,所述物联网中继器调用第一加密单元的备用加密单元对所述数据包进行加密处理,将采用备用加密单元标识添加到加密处理后的数据包的包头扩展字段。The IoT repeater invokes the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, the subsequent steps are performed. If the encryption is unsuccessful, the IoT repeater calls the standby of the first encryption unit. The encryption unit encrypts the data packet, and adds the alternate encryption unit identifier to the header extension field of the encrypted data packet.
  5. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    所述物联网中继器生成密钥对,所述密钥对包括:公钥和私钥,所述物联网中继器采用公钥通过第一加密单元对数据包进行加密处理,将加密处理后的数据包通过第一路径发送,将私钥通过第二路径发送。 The IoT repeater generates a key pair, the key pair includes: a public key and a private key, and the IoT repeater encrypts the data packet by using the public key through the first encryption unit, and encrypts the data packet The subsequent data packet is sent through the first path, and the private key is sent through the second path.
  6. 一种物联网中继器基于类型的上行数据加密控制装置,其特征在于,所述装置包括:An IoT repeater type-based uplink data encryption control device, characterized in that the device comprises:
    接收单元,用于接收物联网终端发送的数据包;a receiving unit, configured to receive a data packet sent by the Internet of Things terminal;
    识别单元,用于识别所述物联网终端的类型;An identification unit, configured to identify a type of the Internet of Things terminal;
    查找单元,用于依据所述类型在预先配置的类型与加密单元映射表中查询出所述类型对应的第一加密单元;a searching unit, configured to query, according to the type, a first encryption unit corresponding to the type in a pre-configured type and an encryption unit mapping table;
    加密单元,用于调用所述第一加密单元对所述数据包进行加密处理;An encryption unit, configured to invoke the first encryption unit to perform encryption processing on the data packet;
    发送单元,用于将加密处理后的数据包向物联网接入点发送。The sending unit is configured to send the encrypted data packet to the Internet of Things access point.
  7. 根据权利要求6所述的装置,其特征在于,所述识别单元具体,用于通过所述物联网终端的标识来识别物联网终端的类型,所述类型包括:智能电灯、智能电视、智能清扫设备、智能睡眠设备或智能监控设备。The device according to claim 6, wherein the identifying unit is specifically configured to identify an type of the Internet of Things terminal by using an identifier of the Internet of Things terminal, the type comprising: a smart electric light, a smart television, and a smart cleaning Equipment, smart sleep equipment or intelligent monitoring equipment.
  8. 根据权利要求6所述的装置,其特征在于,所述识别单元具体,用于向物联网终端发送物联网终端类型表,接收物联网终端发送的依据所述物联网终端类型表查找出与自身匹配的物联网终端类型。The device according to claim 6, wherein the identification unit is configured to send an IoT terminal type table to the Internet of Things terminal, and receive the IoT terminal to send and find out according to the IoT terminal type table. Matching IoT terminal type.
  9. 根据权要求6所述的装置,其特征在于,所述加密单元具体,用于调用所述第一加密单元对所述数据包进行加密处理,如加密成功,进行后续步骤,如加密不成功,调用第一加密单元的备用加密单元对所述数据包进行加密处理,将采用备用加密单元标识添加到加密处理后的数据包的包头扩展字段。The device according to claim 6, wherein the encryption unit is configured to invoke the first encryption unit to perform encryption processing on the data packet, and if the encryption is successful, perform subsequent steps, such as unsuccessful encryption. The alternate encryption unit that invokes the first encryption unit encrypts the data packet, and adds the alternate encryption unit identifier to the header extension field of the encrypted data packet.
  10. 根据权利要求6所述的装置,其特征在于,所述发送单元,具体用于生成密钥对,所述密钥对包括:公钥和私钥,所述物联网中继器采用公钥通过第一加密单元对数据包进行加密处理,将加密处理后的数据包通过第一路径发送,将私钥通过第二路径发送。The device according to claim 6, wherein the sending unit is specifically configured to generate a key pair, the key pair includes: a public key and a private key, and the Internet of Things relay adopts a public key to pass The first encryption unit encrypts the data packet, transmits the encrypted data packet through the first path, and transmits the private key through the second path.
  11. 一种计算机可读存储介质,其特征在于,其存储用于电子数据交换的计算机程序,其中,所述计算机程序使得计算机执行如权利要求1-5任一项所述的方法。A computer readable storage medium storing a computer program for electronic data exchange, wherein the computer program causes a computer to perform the method of any of claims 1-5.
  12. 一种计算机程序产品,其特征在于,所述计算机程序产品包括存储了计算机程序的非瞬时性计算机可读存储介质,所述计算机程序可操作来使计算机执行如权利要求1-5任一项所述的方法。 A computer program product, comprising: a non-transitory computer readable storage medium storing a computer program, the computer program being operative to cause a computer to perform any of claims 1-5 The method described.
PCT/CN2017/100751 2017-07-20 2017-09-06 Encryption control method and device for type-based uplink data of internet of things repeater WO2019015038A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710593623.8A CN107493571B (en) 2017-07-20 2017-07-20 Type-based uplink data encryption control method and device for Internet of things repeater
CN201710593623.8 2017-07-20

Publications (1)

Publication Number Publication Date
WO2019015038A1 true WO2019015038A1 (en) 2019-01-24

Family

ID=60644580

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/100751 WO2019015038A1 (en) 2017-07-20 2017-09-06 Encryption control method and device for type-based uplink data of internet of things repeater

Country Status (2)

Country Link
CN (1) CN107493571B (en)
WO (1) WO2019015038A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740109A (en) * 2018-07-18 2020-01-31 慧与发展有限责任合伙企业 Network device, method for security, and computer-readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202296A (en) * 2010-03-25 2011-09-28 巴比禄股份有限公司 Wireless LAN relay device, wireless communication system and method for controlling wireless LAN relay device
CN104539439A (en) * 2015-01-12 2015-04-22 中国联合网络通信集团有限公司 Data transmission method and terminal
CN105337981A (en) * 2015-11-18 2016-02-17 上海新储集成电路有限公司 Relay device, update method and method for performing data interaction between devices
CN106254327A (en) * 2016-07-28 2016-12-21 努比亚技术有限公司 Information processor and method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2518256A (en) * 2013-09-13 2015-03-18 Vodafone Ip Licensing Ltd Communicating with a machine to machine device
CN105281904B (en) * 2014-06-06 2019-05-31 佛山市顺德区美的电热电器制造有限公司 Encryption method, system, Internet of Things server and the internet-of-things terminal of message data
CN104394143A (en) * 2014-11-24 2015-03-04 青岛海尔软件有限公司 Internet of Things equipment and Internet of Things server communicating method and device
CN105722069A (en) * 2016-03-24 2016-06-29 深圳市创百通讯科技有限公司 Mobile terminal capable of encrypting voice information and encryption method thereof
CN105897784B (en) * 2016-07-01 2019-03-26 三星电子(中国)研发中心 Internet-of-things terminal equipment encryption communication method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202296A (en) * 2010-03-25 2011-09-28 巴比禄股份有限公司 Wireless LAN relay device, wireless communication system and method for controlling wireless LAN relay device
CN104539439A (en) * 2015-01-12 2015-04-22 中国联合网络通信集团有限公司 Data transmission method and terminal
CN105337981A (en) * 2015-11-18 2016-02-17 上海新储集成电路有限公司 Relay device, update method and method for performing data interaction between devices
CN106254327A (en) * 2016-07-28 2016-12-21 努比亚技术有限公司 Information processor and method

Also Published As

Publication number Publication date
CN107493571B (en) 2020-04-14
CN107493571A (en) 2017-12-19

Similar Documents

Publication Publication Date Title
JP6929390B2 (en) Wireless local area network configuration method and device
US11943695B2 (en) Network channel switching method and apparatus, device, and storage medium
WO2018120247A1 (en) Terminal matching method and device
JP2019506049A (en) Wireless communication system with multiple security levels
CN112566113B (en) Key generation and terminal network distribution method, device and equipment
WO2018098633A1 (en) Data transmission method, data transmission apparatus, electronic device and computer program product
WO2018053894A1 (en) Internet-of-things access point handover method and device based on transmission rate
WO2015065210A1 (en) Secure mobile access to resources within a private network
EP3840518A1 (en) Rrc connection method, device, and system
WO2019041371A1 (en) Internet of things number-of-connections-based router switching method and device
WO2023001082A1 (en) Network configuration method and apparatus
WO2018053895A1 (en) Type-based uplink data encryption control method and device for internet-of-things access point
WO2019019282A1 (en) Method for internet of things terminal to sequentially encrypt data, and apparatus
WO2019019280A1 (en) Method for internet of things terminal to encrypt data according to time periods, and apparatus
CN105657040A (en) Inter-device intranet communication method and system
WO2019015041A1 (en) Time division encryption method and device for data of internet of things repeater
TWI733408B (en) Internet of things networking authentication system and method thereof
WO2019010793A1 (en) Time period based encryption method and device for data received by internet of things access point
WO2019015038A1 (en) Encryption control method and device for type-based uplink data of internet of things repeater
WO2019015039A1 (en) Internet of things repeater-based method and apparatus for selective encryption
WO2019019279A1 (en) Type-based uplink data encryption control method and apparatus for internet of things terminal
WO2019019287A1 (en) Random encryption method and apparatus for internet of things terminal data
WO2019010796A1 (en) Sub-device encryption method and device for receiving data of internet of things ap
WO2019015037A1 (en) Internet of things access point-based method and device for selective encryption
US20230188510A1 (en) Distributed Trust-Based Communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17918040

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/05/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17918040

Country of ref document: EP

Kind code of ref document: A1