CN102970676A - Method for processing original data, internet of thing system and terminal - Google Patents

Method for processing original data, internet of thing system and terminal Download PDF

Info

Publication number
CN102970676A
CN102970676A CN2011102565578A CN201110256557A CN102970676A CN 102970676 A CN102970676 A CN 102970676A CN 2011102565578 A CN2011102565578 A CN 2011102565578A CN 201110256557 A CN201110256557 A CN 201110256557A CN 102970676 A CN102970676 A CN 102970676A
Authority
CN
China
Prior art keywords
initial data
data
terminal
data summary
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011102565578A
Other languages
Chinese (zh)
Other versions
CN102970676B (en
Inventor
罗乾鹏
赵长军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110256557.8A priority Critical patent/CN102970676B/en
Publication of CN102970676A publication Critical patent/CN102970676A/en
Application granted granted Critical
Publication of CN102970676B publication Critical patent/CN102970676B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a method for processing original data. The method is used for verifying whether data source is accurate and improving safety in data transformation. The method includes: receiving original data and encrypted original data summary of an application, wherein the encrypted original data summary is the summary obtained by utilizing private key encrypted original data in an asymmetrical secret key corresponding to the application; transmitting the original data and the encrypted original data summary to a terminal; receiving processing results, wherein the processing results are obtained by processing the encrypted original data summary from the terminal according to a public key in the asymmetrical secret key corresponding to the application; and transmitting the processing results to the terminal to enable the terminal to recognize the application corresponding to the original data according to the processing result. The invention discloses a device and system for achieving the method.

Description

A kind of method, Internet of things system and terminal that initial data is processed
Technical field
The present invention relates to the communications field, particularly a kind of method, Internet of things system and terminal that initial data is processed.
Background technology
The definition of Internet of Things is: by information sensing equipment such as radio-frequency (RF) identification (RFID), infrared inductor, global positioning system, laser scanners, agreement by agreement, any object is connected with the Internet, carry out information exchange and communicate by letter, to realize a kind of network to intellectuality identification, location, tracking, monitoring and the management of object.
Because the data of transmitting in the Internet of Things relate to household safety-protection, Transaction Information, locator data etc., so the fail safe of information is extremely important, need to use comparatively reliable cipher mode that data are protected.The general mode that adopts symmetric cryptography in the prior art.
For example, as shown in Figure 1, a cover Internet of things system has comprised, a platform 101, and one or more uses 102, and one or more terminal 103.When application 102 need send data to terminal 103, first data are sent to platform 101, platform 101 can use the session key key that presets to be encrypted, and then sends to terminal 103, and terminal 103 uses same session key key to be decrypted the data that obtain needs.
In the process that realizes the present application, the inventor finds to exist at least in the above-mentioned prior art following technical problem:
When adopting the symmetric cryptography mode, if same key repeatedly uses then may be stolen or be decrypted, there is the risk of divulging a secret.
Want to encrypt different information to send to different terminals if use, then need with different terminals different keys to be set first before message transfer, operation is comparatively complicated.
And prior art is symmetric cryptosystem because of what adopt, can't prevent from distorting or denying.
Summary of the invention
The embodiment of the invention provides a kind of method, Internet of things system and terminal that initial data is processed, and whether correct, the fail safe that improves transfer of data if being used for the verification msg source.
A kind of Internet of things system comprises:
Platform of internet of things is connected with at least one application and at least one terminal; Authenticate device, described authenticate device is connected with described platform of internet of things, and described authenticate device comprises:
Storage device, be used for storage comprise with described at least one use at least one pair of corresponding unsymmetrical key, include private key and the PKI of pairing in the every pair of unsymmetrical key;
Wherein, described platform of internet of things comprises:
The first receiving element is used for receiving the initial data of described application and the initial data summary of encryption, and the initial data summary of described encryption is for utilizing the described summary that corresponding encrypted private key initial data summary obtains of using;
The first transmitting element is used for the initial data summary of described initial data and described encryption is sent to described at least one terminal;
Described authenticate device also comprises:
Processing unit is used for according to using corresponding PKI the initial data summary from the described encryption of described terminal is processed the acquisition result with described;
Wherein, the first transmitting element of described platform of internet of things also is used for described result is sent to described terminal, identifies application corresponding to described initial data for described terminal according to described result.
A kind of terminal is connected with platform of internet of things in the Internet of things system, and is connected to authenticate device in the described Internet of things system by described platform of internet of things, and described terminal comprises:
The second receiving element, be used for to receive initial data and utilize the encrypted private key initial data summary that described authenticate device produces and the initial data summary of the encryption that obtains, wherein, described private key is the private key in a pair of unsymmetrical key that includes private key and PKI corresponding with an application;
Processing unit is used for the initial data summary of described initial data and described encryption is processed, and obtains result, identifies application corresponding to described initial data according to described result.
A kind of method that initial data is processed is applied to include in the Internet of things system of authenticate device and the platform of internet of things that is connected with described authenticate device, comprising:
The initial data that reception is used and the initial data of encryption summary, the initial data summary of described encryption are the summary that utilization and the described encrypted private key initial data summary of using in the corresponding unsymmetrical key obtain; And the initial data of described initial data and described encryption summary is sent to terminal;
The reception ﹠ disposal result, described result is for obtaining according to processing making a summary from the initial data of the described encryption of described terminal with the described PKI of using in the corresponding unsymmetrical key;
Send described result to described terminal, identify application corresponding to described initial data for described terminal according to described result.
By above-mentioned one or more technical schemes, the application has following technique effect at least:
Because adopt asymmetric manner that data are encrypted, key has PKI and private key, to use and adopt private key (or PKI) to be encrypted, the authenticate device employing is decrypted with the PKI (or private key) of its pairing.The extraneous private key that can't pass through a PKI release and its pairing, thus data can't be stolen, prevent that data are forged or distort, all use identical key with respect to the symmetric cryptography two ends, strengthened significantly the fail safe of data interaction.Can whether correct by the source of checking specified data, avoid receiving wrong or even data that deliberately be tampered.Because using asymmetric encryption techniques, reduced the number of keys that generates, simplify the management to key, Effective Raise operating efficiency.
Description of drawings
Fig. 1 is Internet of things system schematic diagram in the prior art;
Fig. 2 is Internet of things system and coupled application, terminal overall construction drawing in the embodiment of the invention;
Fig. 3 A is the primary structure figure of platform of internet of things in the embodiment of the invention;
Fig. 3 B is the detailed structure view of authenticate device in the embodiment of the invention;
Fig. 3 C is the detailed structure view of terminal in the embodiment of the invention;
Fig. 4 is the main method flow chart of in the embodiment of the invention initial data being processed;
Fig. 5 is the method detailed flow chart of in the embodiment of the invention application being tested.
Embodiment
For solving the drawback that data is forged or is tampered because of key from stealing adopt in the prior art that symmetric key encryption may cause, the embodiment of the invention has adopted the mode of asymmetric encryption that data are encrypted in Internet of things system, with encrypted private key the first data, generate the 3rd data; Send the second data to be sent and described the 3rd data to terminal; Based on the decoding request of coming self terminal, utilize one to decipher described the 3rd data with the PKI of described private key pairing, generate the 4th data; Send described the 4th data to described terminal.What adopt because of asymmetric encryption is a pair of not identical unsymmetrical key pair, the extraneous private key that can't pass through a PKI release and its pairing, thereby can't steal data, prevent that data are forged or distort, all use identical key with respect to the symmetric cryptography two ends, strengthened significantly the fail safe of data interaction.Can whether correct by the source of checking specified data, avoid receiving wrong or even data that deliberately be tampered.Because using asymmetric encryption techniques, reduced the number of keys that generates, simplify the management to key, Effective Raise operating efficiency.
In the embodiment of the invention, the first data can be the initial data summaries, the second data can be initial data, the 3rd data can be the data that obtain after according to private key the initial data summary being encrypted, the 4th data can be the data that obtain after described the 3rd data are decrypted, the 5th data can be the data that obtain after the second data are processed, the 6th data can be the random data strings, the 7th data can be the data that obtain behind the 8th data deciphering, and the 8th data can be the data that obtain after adopting private key to the 6th data encryption.
Referring to Fig. 2, Internet of things system comprises platform of internet of things 201 and authenticate device 202 in the embodiment of the invention.Described system can also link to each other with application 203 and terminal 204.
Platform of internet of things 201 is connected with at least one application 203 and at least one terminal 204, be used for receiving from the initial data of described application 203 and the initial data summary of encryption the summary of the initial data summary of described encryption for utilizing described encrypted private key initial data summary to obtain; And the initial data of described initial data and described encryption summary is sent to described at least one terminal 204.Compare by the 5th data that will obtain according to the second data and the 4th data for described terminal 204 and whether to know data from correct described application 203, avoid data to be tampered or be forged.201 pairs of application 203 of platform of internet of things and terminal 204 are carried out unified management.For avoid in response to 203 and terminal 204 mix that is difficult to manage may appear when quantity is too much, therefore adopt the mode that a platform of internet of things 201 is set, in this platform of internet of things 201 and the same Internet of things system all use 203 and all terminals 204 link to each other, can transmit information.Concrete, in the embodiment of the invention, platform of internet of things 201 can be the server of a network side.
Authenticate device 202 links to each other with described platform of internet of things 201, is used for generating a pair of unsymmetrical key that comprises private key and PKI.Authenticate device 202 also is used for utilizing encrypted private key the first data, generate the 3rd data, and described the 3rd data are sent to platform of internet of things 201, and after the decoding request of receiving self terminal 204, utilize one to decipher described the 3rd data with the PKI of described private key pairing, generate the 4th data, and described the 4th data are sent to platform of internet of things 201.When initialization, authenticate device 202 can generate different unsymmetrical key pair according to different application 203, authenticate device 202 generates unsymmetrical key to rear, it can be preserved, and private key can be adopted secured fashion to pass to corresponding application 203, PKI can be disclosed simultaneously, for the at any time inquiry of other device.Authenticate device 202 can the receiver networked platforms 201 the 3rd data that send, the 3rd data that will receive according to PKI are decrypted, the information after will deciphering again sends to terminal 204, it can be transmitted by platform of internet of things 201.Concrete, in the embodiment of the invention, described authenticate device 202 can be M2M (machine to machine) ca (authentication) device.
Selected in the embodiment of the invention summary of initial data is encrypted, the byte number that generally comprises because making a summary is less, can save step to its encryption, saves time and the space, whether simultaneously, only summary is encrypted the information that enough checkings transmit correct.
The method and system of introducing in the embodiment of the invention, the data volume of encrypting at need hour has larger advantage, therefore, the first data in the embodiment of the invention, the 3rd data, the 4th data, the 6th data or the 7th data can be the data of the types such as household safety-protection data, trading information data or locator data.
Platform of internet of things 201 can comprise the test request processing unit, and it is used for receiving the test request that described terminal 204 sends, and according to described test request, generates and transmits the 6th data to described application 203.For Test Application 203 whether authentic and valid, terminal 204 or other use 203 may be to the test request of platform of internet of things 201 transmissions for a certain application 203, after platform of internet of things 201 receives test request, its test request processing unit can generate the 6th data, described the 6th data can be random data string or other data for test, and the test request processing unit can be with described the 6th data retransmission to respective application 203.
Referring to Fig. 3 A, platform of internet of things 201 can also comprise the first receiving element 2011 and the first transmitting element 2012 in the embodiment of the invention.
The first receiving element 2011 is used for receiving the initial data of described application 203 and the initial data summary of encryption, the summary that the initial data summary of described encryption obtains for the encrypted private key initial data summary that utilizes described application 203 correspondences.
The first transmitting element 2012 is used for the initial data summary of described initial data and described encryption is sent to described at least one terminal 204.The first transmitting element 2012 also is used for described decrypted result is sent to terminal 204, identifies application corresponding to described initial data 203 for terminal 204 according to described decrypted result.
Referring to Fig. 3 B, authenticate device 202 can comprise R-T unit 2021, storage device 2022 and processing unit 2023.
R-T unit 2021 is used for and will sends to platform of internet of things 201 to the 3rd data that obtain after the first data encryption that receives, and receives the decoding request of self terminal 204.R-T unit 2021 can also be used for sending private key to respective application 203.R-T unit 2021 can also receive initial data, i.e. the second data are processed it for processing unit 2023, obtain the 5th data.
Storage device 2022, be used for storage comprise with described at least one use 203 at least one pair of corresponding unsymmetrical key, include private key and the PKI of pairing in the every pair of unsymmetrical key.Better, storage device 2022 can be opened up respectively memory space, with private key and separately storage of PKI, perhaps can with for the different unsymmetrical key of different application 203 to separating storage, so that search.
Processing unit 2023 is used for according to the PKI corresponding with described application 203 the initial data summary from the described encryption of described terminal 204 being processed, and obtains result.Wherein, processing mode can be deciphering.R-T unit 2021 can export described result to terminal 204 by platform of internet of things 201.Processing unit 2023 also is used for deciphering the 8th data with corresponding PKI, obtains the 7th data.
Better, when authenticate device 202 needed deciphering and compares, processing unit 2023 specifically can comprise decryption unit, the first computing unit and the first comparing unit.
Decryption unit is used for according to described PKI the initial data summary from the described encryption of described terminal 204 being decrypted, and obtains the second initial data summary to be compared.
The first computing unit is used for described initial data is calculated, and obtains the first initial data summary to be compared.
The first comparing unit, be used for the more described first initial data summary to be compared and the described second initial data summary to be compared, obtain comparative result as described result, then export described comparative result to described terminal 204 via described the first transmitting element 2012, identify application corresponding to described initial data 203 for described terminal 204 according to described comparative result.In the embodiment of the invention, the first initial data summary to be compared i.e. the 5th data, and the second initial data summary to be compared i.e. the 3rd data.
Perhaps, when 202 need of authenticate device are decrypted and do not need to compare, processing unit 2023 can be specially decryption unit, be used for according to described PKI the initial data summary from the described encryption of described terminal 204 being decrypted, obtain the second initial data summary to be compared as described result.Can this result be sent to terminal 204 by R-T unit 2021, by terminal 204 the first initial data summary to be compared that itself and self obtain is compared, obtain comparative result, and identify application corresponding to described initial data 203 based on described comparative result.
When using 203 when not having the application 203 of cryptographic capabilities, authenticate device 202 can also comprise encryption device 2026, and it is used for utilizing described encrypted private key initial data summary, obtains the initial data summary of described encryption.The first data of namely utilizing encrypted private key to receive generate the 3rd data.Dotting encryption device 2026 among the figure can only not be arranged in the authenticate device 202 when application 203 does not have cryptographic capabilities.
Described authenticate device 202 can also comprise generating apparatus 2024 and comparison device 2025.
Generating apparatus 2024 is used for generating different unsymmetrical key pair according to different application 203.When initialization, generating apparatus 2024 can generate different unsymmetrical key pair according to different application 203.Generating apparatus 2024 also is used for generating the 6th data after R-T unit 2021 receives test request.
Comparison device 2025 is used for the 7th data and described the 6th data are compared, and generates a comparison result, wherein said the 7th data for utilize one with the data of encrypting the 6th data that private key enabling decryption of encrypted that described the 6th data PKI matches crosses and obtaining.After application 203 receives the 6th data, can be encrypted the 6th data according to respective private keys, obtain the 8th data, again the 8th data are sent to platform of internet of things 201, platform of internet of things 201 sends to authenticate device 202 with the 8th data and the 6th data, processing unit 2023 in the authenticate device 202 is decrypted the 8th data according to corresponding PKI, obtain the 7th data, comparison device 2025 can be compared described the 6th data and the 7th data, and generating a comparison result, authenticate device 202 can send to this comparison result corresponding terminal 204.Perhaps, R-T unit 2021 can send to terminal 204 with the 6th data and the 7th data, is compared by terminal.Wherein, if comparison result is the 6th data and the 7th data consistent, then terminal 204 can determine that this uses 203 authentic and validly, if comparison result is that the 6th data and the 7th data are inconsistent, then terminal 204 can determine that this application 203 exists fault or error.
Using 203 is used for sending data by described Internet of things system to terminal 204.Have encryption (or being called signature) function if use 203, then it can be encrypted the first data according to PKI first before sending data, obtained the 3rd data, and sent the second data and the 3rd data.In a described Internet of things system, a plurality of application 203 can be arranged.Use 203 encryption (or being called signature) function can be arranged, can not have yet, when application 203 does not have encryption function, data to be sent can be sent to platform of internet of things 201, the data that platform of internet of things 201 will be encrypted again send to authenticate device 202, send to platform of internet of things 201 after it being encrypted according to respective private keys by authenticate device 202 again.Concrete, the application 203 in the embodiment of the invention can be the device for the treatment of information, it can be realized also can being realized by software by hardware.
Concrete, when application 203 has cryptographic capabilities, to use 203 and can also comprise ciphering unit, it is used for utilizing encrypted private key initial data summary, obtains the initial data summary of encryption.
Terminal 204 is used for obtaining the 5th data according to the second data that receive, and the 4th data of described the 5th data and reception are compared, and whether if comparison result is consistent, then whether the source of specified data is correct, namely from correct transmit leg.Terminal 204 receives uses 203 by the initial data of Internet of things system forwarding and the initial data summary after the encryption, terminal 204 can be processed this initial data, obtain the initial data summary info, for example, processing mode can be that this initial data is carried out Hash operation.If need to confirm whether the information that receives is correct, then terminal 204 can send to authenticate device 202 with the summary of the initial data after the encryption that receives, can transmit by platform of internet of things 201, initial data summary after will being encrypted by authenticate device 202 usefulness PKIs is decrypted, obtain the initial data summary, again the initial data summary is sent to terminal 204, can transmit by platform of internet of things 201, terminal 204 can and be processed the initial data summary info that obtains and compare this initial data summary, if the two is consistent, can determine that then the information that receives is correct.The 6th data and the 7th data that terminal 204 also is used for receiving are compared, and when the two comparison result is consistent, determine that respective application 203 is authentic and valid.
Referring to Fig. 3 C, terminal 204 can comprise the second receiving element 2041 and processing unit 2042 in the embodiment of the invention.
The second receiving element 2041, be used for to receive initial data and utilize the encrypted private key initial data summary that described authenticate device 202 produces and the initial data summary of the encryption that obtains, wherein, described private key for a private key of using in the 203 corresponding a pair of unsymmetrical key that include private key and PKI.The second data, the 3rd data that the second receiving element 2041 receiver networked platforms 201 send, and receive after sending decoding request to described platform of internet of things 201 that described platform of internet of things 201 sends to described the 3rd data deciphering after the 4th data that obtain, carry described the 3rd data in the described decoding request.Wherein, can carry the 3rd data that need deciphering in the described decoding request, obtain the 4th data for authenticate device 202 after with described the 3rd data deciphering.The second receiving element 2041 also is used for the 6th data and the 7th data that receiver networked platforms 201 sends after sending test request to platform of internet of things 201.
Processing unit 2042 is used for the initial data summary of described initial data and described encryption is processed, and obtains result,, identify application corresponding to described initial data 203 according to described result.The initial data summary of encrypting is the 3rd data, it is decrypted processes rear the 4th data that obtain.2042 pairs of described the second data of processing unit are processed, and obtain the 5th data.Wherein, processing unit 2042 can carry out Hash operation to the second data that receive, to obtain the 5th data.Processing unit 2042 can be compared the 5th data and the 4th data, and the described result in the embodiment of the invention is exactly comparison result, and which comparison result reflection data use 203 from.If comparison result is consistent, illustrate that then data are from correct application 203.
Concrete, if terminal 204 is used for according to the second data acquisition the 5th data, and the 5th data and the 4th data are compared, then processing unit 2042 can specifically comprise the second computing unit and the second comparing unit.
The second computing unit is used for initial data is calculated, and obtains the first initial data summary to be compared.Namely obtain the 5th data.
The second comparing unit is used for receiving the second initial data summary to be compared that described authenticate device 202 obtains by the initial data summary that utilizes described PKI to decipher described encryption, and more described first initial data to be compared summary summary data and the described second initial data summary to be compared, obtain comparative result as described result, identify application corresponding to described initial data 203 according to described comparative result.
Perhaps, if terminal 204 directly receives the decrypted result that comes from authenticate device 202, then processing unit 2042 can comprise the second transmitting element and the second receiving element.
The second transmitting element is used for the initial data summary of described initial data and described encryption is sent to described authenticate device 202.At this moment, authenticate device 202 also is used for initial data is calculated, and obtains the first initial data summary to be compared; Utilize described PKI to decipher the initial data summary of described encryption and obtain the second initial data to be compared and make a summary, and the more described first initial data summary summary data to be compared and the described second initial data summary to be compared, comparative result obtained.
The second receiving element is used for receiving described comparative result, and described comparative result is used for identifying application corresponding to described initial data 203.
When initialization, authenticate device 202 can be used 203 according to one and generate a pair of unsymmetrical key pair, it comprises the private cipher key (hereinafter to be referred as private key) of a Public Key (hereinafter to be referred as PKI) and and its pairing, namely one use 203 can corresponding a pair of unsymmetrical key pair, authenticate device 202 can adopt the key that generates safer mode to pass to corresponding application 203, for example physics mode can be adopted, also the mode that sends the Internet Transmissions such as message can be under the prerequisite of determining network security, adopted.
When application 203 need to send information to terminal 204, for example information described in the embodiment of the invention can be data.Using 203 can be encrypted the first data that need send according to private key first, obtains the 3rd data, and described the second data and the 3rd data can be sent to platform of internet of things 201.Platform of internet of things 201 can judge at first whether the initial data summary of reception has been enciphered data, judge in the embodiment of the invention and determine that it has been enciphered data, if judge and determine that it is not enciphered data, then also to transmit it to authenticate device 202, according to private key it is encrypted.Platform of internet of things 201 with described the second data and the 3rd transfer of data to terminal 204.If whether the data that terminal 204 needs checking to receive are correct, then can process the second data that receive, for example can carry out Hash operation to it, obtain the 5th data, and can send decoding request to platform of internet of things 201, can carry the 3rd data in this decoding request, platform of internet of things 201 is forwarded to authenticate device 202 with described decoding request, the 3rd data are decrypted according to PKI by authenticate device 202, obtain the 4th data, authenticate device 202 is crossed platform of internet of things 201 with described the 4th data communication device and is sent to corresponding terminal 204, the 4th data and the 5th data that terminal 204 will receive are compared, when the two comparison result was consistent, whether terminal 204 specified datas were from correct application 203, otherwise specified data is not from correct application 203.
Referring to Fig. 4, the main method flow process of in the embodiment of the invention initial data being processed is as follows:
Step 401: receive the initial data of self-application 203 and the initial data summary of encryption, the initial data summary of described encryption is for utilizing the summary of the encrypted private key initial data summary acquisition in the unsymmetrical key corresponding with described application 203; And the initial data of described initial data and described encryption summary is sent to terminal 204.
Step 402: the reception ﹠ disposal result, described result is for obtaining processing from the initial data summary of the described encryption of described terminal 204 according to the PKI in the unsymmetrical key corresponding with described application 203.
Step 403: send described result to described terminal 204, identify application corresponding to described initial data 203 for described terminal 204 according to described result.
Referring to Fig. 5, as follows to using the 203 method detailed flow processs of testing in the embodiment of the invention:
Step 501: the test request that receiving terminal 204 sends.The test request that authenticate device 202 sends by platform of internet of things 201 receiving terminals 204.
Step 502: generate the random data string and send it to corresponding application 203.Authenticate device 202 generates the random data string after receiving described test request.
Step 503: according to private key the random data string that receives is encrypted, and the random data string after will encrypting sends to authenticate device 202.Use 203 and according to private key the random data string that receives is encrypted, and the random data string after will encrypting by platform of internet of things 201 sends to authenticate device 202.Use 203 in the embodiment of the invention and have encryption function.
Step 504: according to PKI the random data string after encrypting is decrypted, and sends to platform of internet of things 201.
Step 505: the random data string after random data string and the deciphering is sent to corresponding terminal 204.The random data string of platform of internet of things 201 after with random data string and deciphering sends to the terminal 204 that sends test request.
Whether step 506: terminal 204 is compared the random data string after random data string and the deciphering, determine to use 203 effective according to comparison result.When comparison result is consistent, determine that application 203 is authentic and valid, may there be fault or error otherwise determine to use 203.
By the technical scheme among the above-mentioned embodiment of the application or a plurality of embodiment, the application has following technique effect at least:
For solving the drawback that data is forged or is tampered because of key from stealing adopt in the prior art that symmetric key encryption may cause, the embodiment of the invention increases an authenticate device 202 in Internet of things system, it adopts the mode of asymmetric encryption that data are encrypted, with encrypted private key the first data, generate the 3rd data; Send the second data to be sent and described the 3rd data to terminal; Based on the decoding request of coming self terminal, utilize one to decipher described the 3rd data with the PKI of described private key pairing, generate the 4th data; Send described the 4th data to described terminal.What adopt because of asymmetric encryption is a pair of not identical unsymmetrical key pair, the extraneous private key that can't pass through a PKI release and its pairing, thereby can't steal data, prevent that data are forged or distort, all use identical key with respect to the symmetric cryptography two ends, asymmet-ric encryption method has strengthened the fail safe of data interaction significantly.Because using asymmetric encryption techniques, reduced the number of keys that generates, simplify the management to key, Effective Raise operating efficiency.Simultaneously can also by sending the random data strings and use 203 whether authentic and validly to test using 203 validity, terminal 204 can in time be known to using 203, reduce the fault that may occur as far as possible.
Those skilled in the art should understand that embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt complete hardware implementation example, complete implement software example or in conjunction with the form of the embodiment of software and hardware aspect.And the present invention can adopt the form of the computer program of implementing in one or more computer-usable storage medium (including but not limited to magnetic disc store and optical memory etc.) that wherein include computer usable program code.
The present invention is that reference is described according to flow chart and/or the block diagram of method, equipment (system) and the computer program of the embodiment of the invention.Should understand can be by the flow process in each flow process in computer program instructions realization flow figure and/or the block diagram and/or square frame and flow chart and/or the block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device producing a machine, so that the instruction of carrying out by the processor of computer or other programmable data processing device produces the device of the function that is used for being implemented in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame appointments.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, so that the instruction that is stored in this computer-readable memory produces the manufacture that comprises command device, this command device is implemented in the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.
These computer program instructions also can be loaded on computer or other programmable data processing device, so that carry out the sequence of operations step producing computer implemented processing at computer or other programmable devices, thereby be provided for being implemented in the step of the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame in the instruction that computer or other programmable devices are carried out.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (11)

1. an Internet of things system is characterized in that, comprising:
Platform of internet of things is connected with at least one application and at least one terminal; Authenticate device, described authenticate device is connected with described platform of internet of things, and described authenticate device comprises:
Storage device, be used for storage comprise with described at least one use at least one pair of corresponding unsymmetrical key, include private key and the PKI of pairing in the every pair of unsymmetrical key;
Wherein, described platform of internet of things comprises:
The first receiving element is used for receiving the initial data of described application and the initial data summary of encryption, and the initial data summary of described encryption is for utilizing the described summary that corresponding encrypted private key initial data summary obtains of using;
The first transmitting element is used for the initial data summary of described initial data and described encryption is sent to described at least one terminal;
Described authenticate device also comprises:
Processing unit is used for according to using corresponding PKI the initial data summary from the described encryption of described terminal is processed the acquisition result with described;
Wherein, the first transmitting element of described platform of internet of things also is used for described result is sent to described terminal, identifies application corresponding to described initial data for described terminal according to described result.
2. the system as claimed in claim 1 is characterized in that, the initial data summary of described encryption is:
The initial data summary of the encryption that the described encrypted private key initial data summary of described applications exploiting obtains; Or
Described authenticate device utilizes the initial data summary of the encryption of described encrypted private key initial data summary acquisition.
3. system as claimed in claim 1 or 2 is characterized in that, described processing unit specifically comprises:
Decryption unit is used for according to described PKI the initial data summary from the described encryption of described terminal being decrypted, and obtains the second initial data summary to be compared;
The first computing unit is used for described initial data is calculated, and obtains the first initial data summary to be compared;
The first comparing unit, be used for the more described first initial data summary to be compared and the described second initial data summary to be compared, obtain comparative result as described result, then export described comparative result to described terminal via described the first transmitting element, identify application corresponding to described initial data for described terminal according to described comparative result.
4. system as claimed in claim 1 or 2 is characterized in that, described processing unit specifically comprises:
Decryption unit is used for according to described PKI the initial data summary from the described encryption of described terminal being decrypted, and obtains the second initial data summary to be compared as described result;
Wherein, described terminal obtains comparative result, and identifies application corresponding to described initial data based on described comparative result by the more described second initial data summary to be compared with based on the first initial data summary to be compared that initial data is calculated acquisition.
5. terminal is connected with platform of internet of things in the Internet of things system, and is connected to authenticate device in the described Internet of things system by described platform of internet of things, it is characterized in that, comprising:
The second receiving element, be used for to receive initial data and utilize the encrypted private key initial data summary that described authenticate device produces and the initial data summary of the encryption that obtains, wherein, described private key is the private key in a pair of unsymmetrical key that includes private key and PKI corresponding with an application;
Processing unit is used for the initial data summary of described initial data and described encryption is processed, and obtains result, identifies application corresponding to described initial data according to described result.
6. terminal as claimed in claim 5 is characterized in that, described processing unit specifically comprises:
The second computing unit is used for initial data is calculated, and obtains the first initial data summary to be compared;
The second comparing unit, be used for receiving the second initial data summary to be compared that described authenticate device obtains by the initial data summary that utilizes described PKI to decipher described encryption, and more described first initial data to be compared summary summary data and the described second initial data summary to be compared, obtain comparative result as described result, identify application corresponding to described initial data according to described comparative result.
7. terminal as claimed in claim 5 is characterized in that, described processing unit specifically comprises:
The second transmitting element is used for the initial data summary of described initial data and described encryption is sent to described authenticate device;
Described the second receiving element is used for receiving described comparative result, and described comparative result is used for identifying application corresponding to described initial data;
Wherein, described comparative result is calculated initial data by described authenticate device, obtains the first initial data summary to be compared; Utilize described PKI to decipher the initial data summary of described encryption and obtain the second initial data summary to be compared, and the more described first initial data summary summary data to be compared and the described second initial data summary to be compared and obtain.
8. the method that initial data is processed is applied to include in the Internet of things system of authenticate device and the platform of internet of things that is connected with described authenticate device, it is characterized in that, comprising:
The initial data that reception is used and the initial data of encryption summary, the initial data summary of described encryption are the summary that utilization and the described encrypted private key initial data summary of using in the corresponding unsymmetrical key obtain; And the initial data of described initial data and described encryption summary is sent to terminal;
The reception ﹠ disposal result, described result is for obtaining according to processing making a summary from the initial data of the described encryption of described terminal with the described PKI of using in the corresponding unsymmetrical key;
Send described result to described terminal, identify application corresponding to described initial data for described terminal according to described result.
9. method as claimed in claim 8 is characterized in that, the initial data summary of described encryption is:
Obtained by the described encrypted private key initial data summary of described applications exploiting; Or
Utilize described encrypted private key initial data summary to obtain by described authenticate device.
10. method as claimed in claim 8 is characterized in that, described result is comparative result, and described comparative result is:
Initial data summary from the described encryption of described terminal is decrypted according to described PKI by described authenticate device, obtains the second initial data summary to be compared; Described initial data is calculated, obtained the first initial data summary to be compared; The more described first initial data to be compared summary and the described second initial data summary to be compared and obtain, the described terminal of confession is identified application corresponding to described initial data according to described comparative result.
11. method as claimed in claim 8 is characterized in that, described result is the second initial data summary to be compared, and the described second initial data summary to be compared is specially:
Initial data summary from the described encryption of described terminal is decrypted according to described PKI by described authenticate device and obtains;
Wherein, described terminal obtains comparative result, and identifies application corresponding to described initial data based on described comparative result by the more described second initial data summary to be compared with based on the first initial data summary to be compared that initial data is calculated acquisition.
CN201110256557.8A 2011-09-01 2011-09-01 A kind of method handled initial data, Internet of things system and terminal Active CN102970676B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110256557.8A CN102970676B (en) 2011-09-01 2011-09-01 A kind of method handled initial data, Internet of things system and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110256557.8A CN102970676B (en) 2011-09-01 2011-09-01 A kind of method handled initial data, Internet of things system and terminal

Publications (2)

Publication Number Publication Date
CN102970676A true CN102970676A (en) 2013-03-13
CN102970676B CN102970676B (en) 2018-04-10

Family

ID=47800476

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110256557.8A Active CN102970676B (en) 2011-09-01 2011-09-01 A kind of method handled initial data, Internet of things system and terminal

Country Status (1)

Country Link
CN (1) CN102970676B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105407072A (en) * 2014-09-05 2016-03-16 北京握奇智能科技有限公司 Method and system for achieving safety of Internet of Things, and interconnection equipment
TWI576779B (en) * 2015-10-13 2017-04-01 Nat Sun Yat-Sen Univ Method and Method of Payment Authentication System for Internet of Things
CN106899600A (en) * 2017-03-09 2017-06-27 广州力小浦科技有限公司 The data processing method and device of water purifier
CN106911663A (en) * 2016-11-16 2017-06-30 上海艾融软件股份有限公司 One kind sells bank's full message encryption system and method for mixed mode directly to households
CN109033851A (en) * 2018-07-02 2018-12-18 北京科东电力控制系统有限责任公司 The mobile application protecting information safety method and apparatus of electric power transaction platform
CN109255249A (en) * 2018-09-14 2019-01-22 腾讯科技(武汉)有限公司 Image generating method, device, image display method, device and storage medium
CN111783120A (en) * 2020-06-30 2020-10-16 曙光信息产业(北京)有限公司 Data interaction method, computing device, BMC chip and electronic device
CN113468569A (en) * 2021-07-13 2021-10-01 京东科技控股股份有限公司 Data encryption method and device and data decryption method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101175270A (en) * 2006-10-31 2008-05-07 华为技术有限公司 Communication terminal and its start-up method and device
CN101291223A (en) * 2007-12-21 2008-10-22 任少华 System and method for a third party to provide identity authentication service
EP2211497A1 (en) * 2009-01-26 2010-07-28 Gemalto SA Secure communication establishment process, without sharing prior information
CN101951371A (en) * 2010-09-17 2011-01-19 浙江大学 Method for authenticating electronic tags in Internet of things
CN102025505A (en) * 2010-12-16 2011-04-20 浪潮(北京)电子信息产业有限公司 Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
CN102065430A (en) * 2010-12-28 2011-05-18 上海华御信息技术有限公司 Method for realizing safe access of terminal of internet of thing

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101175270A (en) * 2006-10-31 2008-05-07 华为技术有限公司 Communication terminal and its start-up method and device
CN101291223A (en) * 2007-12-21 2008-10-22 任少华 System and method for a third party to provide identity authentication service
EP2211497A1 (en) * 2009-01-26 2010-07-28 Gemalto SA Secure communication establishment process, without sharing prior information
CN101951371A (en) * 2010-09-17 2011-01-19 浙江大学 Method for authenticating electronic tags in Internet of things
CN102025505A (en) * 2010-12-16 2011-04-20 浪潮(北京)电子信息产业有限公司 Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
CN102065430A (en) * 2010-12-28 2011-05-18 上海华御信息技术有限公司 Method for realizing safe access of terminal of internet of thing

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105407072A (en) * 2014-09-05 2016-03-16 北京握奇智能科技有限公司 Method and system for achieving safety of Internet of Things, and interconnection equipment
TWI576779B (en) * 2015-10-13 2017-04-01 Nat Sun Yat-Sen Univ Method and Method of Payment Authentication System for Internet of Things
CN106911663A (en) * 2016-11-16 2017-06-30 上海艾融软件股份有限公司 One kind sells bank's full message encryption system and method for mixed mode directly to households
CN106899600A (en) * 2017-03-09 2017-06-27 广州力小浦科技有限公司 The data processing method and device of water purifier
CN109033851A (en) * 2018-07-02 2018-12-18 北京科东电力控制系统有限责任公司 The mobile application protecting information safety method and apparatus of electric power transaction platform
CN109255249A (en) * 2018-09-14 2019-01-22 腾讯科技(武汉)有限公司 Image generating method, device, image display method, device and storage medium
CN109255249B (en) * 2018-09-14 2021-02-02 腾讯科技(武汉)有限公司 Image generation method, image generation apparatus, image display method, image display apparatus, and storage medium
CN111783120A (en) * 2020-06-30 2020-10-16 曙光信息产业(北京)有限公司 Data interaction method, computing device, BMC chip and electronic device
CN113468569A (en) * 2021-07-13 2021-10-01 京东科技控股股份有限公司 Data encryption method and device and data decryption method and device

Also Published As

Publication number Publication date
CN102970676B (en) 2018-04-10

Similar Documents

Publication Publication Date Title
CN106656510B (en) A kind of encryption key acquisition methods and system
CN102970676A (en) Method for processing original data, internet of thing system and terminal
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
JP6417036B2 (en) Entity authentication method and apparatus based on pre-shared key
CN105162772A (en) IoT equipment authentication and key agreement method and device
CN101645899B (en) Bidirectional authentication method and system based on symmetric encipherment algorithm
CN106850207B (en) Identity identifying method and system without CA
CN104704769A (en) A wireless communication system
CN104583028B (en) One-way key fob and vehicle pairing
CN101247605A (en) Short information enciphering and endorsement method, mobile terminal and short information ciphering system
CN103888938A (en) PKI private key protection method of dynamically generated key based on parameters
CA2969332C (en) A method and device for authentication
CN102664898A (en) Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system
JP2012527190A (en) System and method for securely identifying and authenticating a device in a symmetric encryption system
JP2020530726A (en) NFC tag authentication to remote servers with applications that protect supply chain asset management
WO2018227685A1 (en) Method and system for secure access of terminal device to internet of things
EP3128696B1 (en) Entity authentication method and device
CN113190860B (en) Block chain sensor data authentication method and system based on ring signature
CN115396121A (en) Security authentication method for security chip OTA data packet and security chip device
CN105281902A (en) Web system safety login method based on mobile terminal
CN109922022A (en) Internet of Things communication means, platform, terminal and system
CN102882687B (en) Intelligent household safe access method and system based on searchable cipher text
KR102322605B1 (en) Method for setting secret key and authenticating mutual device of internet of things environment
Dolev et al. RFID authentication efficient proactive information security within computational security
CN106027256B (en) A kind of identity card card reading response system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant