CN102970676B - A kind of method handled initial data, Internet of things system and terminal - Google Patents

A kind of method handled initial data, Internet of things system and terminal Download PDF

Info

Publication number
CN102970676B
CN102970676B CN201110256557.8A CN201110256557A CN102970676B CN 102970676 B CN102970676 B CN 102970676B CN 201110256557 A CN201110256557 A CN 201110256557A CN 102970676 B CN102970676 B CN 102970676B
Authority
CN
China
Prior art keywords
initial data
encryption
terminal
data
compared
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110256557.8A
Other languages
Chinese (zh)
Other versions
CN102970676A (en
Inventor
罗乾鹏
赵长军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110256557.8A priority Critical patent/CN102970676B/en
Publication of CN102970676A publication Critical patent/CN102970676A/en
Application granted granted Critical
Publication of CN102970676B publication Critical patent/CN102970676B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a kind of method handled initial data, for verifying whether data source is correct, improves the security of data transfer.Methods described includes:The initial data of application and the initial data summary of encryption are received, the initial data summary of the encryption is the summary obtained using the private key encryption initial data summary in unsymmetrical key corresponding with the application;And the initial data and the initial data of encryption summary are sent to terminal;Reception processing result, the public key according to the result in unsymmetrical key corresponding with the application are handled the initial data summary of the encryption from the terminal and obtained;The result is sent to the terminal, is applied for the terminal according to corresponding to the result identifies the initial data.The invention also discloses the apparatus and system for realizing methods described.

Description

A kind of method handled initial data, Internet of things system and terminal
Technical field
The present invention relates to the communications field, more particularly to a kind of method handled initial data, Internet of things system and Terminal.
Background technology
The definition of Internet of Things is:Pass through radio frequency identification (RFID), infrared inductor, global positioning system, laser scanner Etc. information sensing device, by the agreement of agreement, any object is connected with internet, enters row information and exchanges and communicate, with reality Now to a kind of network of the Weigh sensor of object, positioning, tracking, monitoring and management.
Because the data transmitted in Internet of Things are related to household safety-protection, Transaction Information, location data etc., therefore information Security is extremely important, it is necessary to be protected using more reliable cipher mode to data.General use pair in the prior art Claim the mode of encryption.
For example, as shown in Figure 1, a set of Internet of things system includes, and a platform 101, one or more application 102, and one or more terminal 103.When need to send data to terminal 103 using 102, platform is first transmitted data to 101, platform 101 can be encrypted using preset session key key, be then sent to terminal 103, and terminal 103 uses same The data needed are decrypted in the session key key of sample.
During the present application is realized, inventor has found above-mentioned following technology in the prior art at least be present and ask Topic:
During using symmetric cryptography mode, same key may be stolen or be decrypted if being used for multiple times, and exist and let out Close risk.
If, need to be before message be transmitted first and different ends using wanting to encrypt different information to be sent to different terminals End sets different keys, operates complex.
And prior art can not prevent from distorting or denying because using symmetric cryptosystem.
The content of the invention
The embodiment of the present invention provides a kind of method handled initial data, Internet of things system and terminal, for testing Whether correct demonstrate,prove data source, improve the security of data transfer.
A kind of Internet of things system, including:
Platform of internet of things, it is connected with least one application and at least one terminal;Authentication device, the authentication device and institute Platform of internet of things connection is stated, the authentication device includes:
Storage device, include at least one pair of unsymmetrical key corresponding with least one application, each pair for storing Include the private key and public key of pairing in unsymmetrical key;
Wherein, the platform of internet of things, including:
First receiving unit, for receiving the initial data of the application and the initial data summary of encryption, the encryption Initial data summary be the summary obtained using private key encryption initial data summary corresponding to the application;
First transmitting element, for by the initial data and the initial data of the encryption summary send to it is described at least One terminal;
The authentication device, in addition to:
Processing unit, for the original number according to public key corresponding with the application to the encryption from the terminal Handled according to summary, obtain result;
Wherein, the first transmitting element of the platform of internet of things is additionally operable to send the result to the terminal, Applied for the terminal according to corresponding to the result identifies the initial data.
A kind of terminal, it is connected with the platform of internet of things in Internet of things system, and institute is connected to by the platform of internet of things The authentication device in Internet of things system is stated, the terminal includes:
Second receiving unit, for receiving initial data and utilizing private key encryption initial data caused by the authentication device The initial data summary for the encryption made a summary and obtained, wherein, the private key includes private key and public key to be corresponding with an application A pair of unsymmetrical key in private key;
Processing unit, for handling the initial data and the initial data of encryption summary, handled As a result, applied according to corresponding to the result identifies the initial data.
A kind of method handled initial data, applied to including authentication device and be connected with the authentication device Platform of internet of things Internet of things system in, including:
Receive application initial data and encryption initial data summary, the encryption initial data summary be using with The summary that private key encryption initial data summary in unsymmetrical key corresponding to the application obtains;And by the initial data and The initial data summary of the encryption is sent to terminal;
Reception processing result, the public key according to the result in unsymmetrical key corresponding with the application is to coming Handled and obtained from the initial data summary of the encryption of the terminal;
The result is sent to the terminal, the initial data is identified according to the result for the terminal Corresponding application.
At least had the following technical effect that by said one or multiple technical schemes, the application:
Due to data being encrypted using asymmetric manner, key has public key and private key, using (or public using private key Key) it is encrypted, authentication device uses the public key (or private key) matched with it to be decrypted.The external world can not be pushed away by a public key Go out the private key matched with it, so as to which data can not be stolen, prevent data to be forged or distort, all used relative to symmetric cryptography both ends For identical key, the security of data interaction is significantly enhanced.The source of data can be determined by verifying whether just Really, avoid receiving the data being even deliberately tampered with of mistake.Because using asymmetric encryption techniques, reducing generation Number of keys, simplify the management to key, effectively increase operating efficiency.
Brief description of the drawings
Fig. 1 is Internet of things system schematic diagram in the prior art;
Fig. 2 is Internet of things system and coupled application, terminal overall construction drawing in the embodiment of the present invention;
Fig. 3 A are the primary structure figure of platform of internet of things in the embodiment of the present invention;
Fig. 3 B are the detailed structure view of authentication device in the embodiment of the present invention;
Fig. 3 C are the detailed structure view of terminal in the embodiment of the present invention;
Fig. 4 is the main method flow chart handled in the embodiment of the present invention initial data;
Fig. 5 is the method detailed flow chart tested in the embodiment of the present invention application.
Embodiment
To solve to make data pseudo- because of key from stealing caused by using symmetric key encryption possible in the prior art The drawbacks of making or being tampered, the mode that the embodiment of the present invention employs asymmetric encryption in Internet of things system add to data It is close, with the data of private key encryption first, generate the 3rd data;The second data to be sent and the 3rd data are sent to terminal; Based on the decoding request for carrying out self terminal, one and the 3rd data described in the public key decryptions of private key pairing, the number of generation the 4th are utilized According to;The 4th data are sent to the terminal.Because asymmetric encryption is using a pair of unsymmetrical key pair differed, outside Boundary can not release the private key matched with it by a public key, so as to steal data, prevent data to be forged or distort, phase For symmetric cryptography both ends all with for identical key, the security of data interaction is significantly enhanced.Checking can be passed through Determine whether the source of data is correct, avoid receiving the data being even deliberately tampered with of mistake.Because using asymmetric Encryption technology, reduce the number of keys of generation, simplify the management to key, effectively increase operating efficiency.
In the embodiment of the present invention, the first data can be initial data summary, and the second data can be initial data, the 3rd Data can be the data to being obtained after initial data summary encryption according to private key, and the 4th data can be to the 3rd data The data obtained after being decrypted, the 5th data can be the data obtained after handling the second data, and the 6th data can To be random data string, the 7th data can be the data to being obtained after the 8th data deciphering, and the 8th data can be using private Key is to the data that are obtained after the 6th data encryption.
Referring to Fig. 2, Internet of things system includes platform of internet of things 201 and authentication device 202 in the embodiment of the present invention.The system System can also be connected with application 203 and terminal 204.
Platform of internet of things 201 is connected with least one application 203 and at least one terminal 204, for receiving from described Made a summary using 203 initial data and the initial data of encryption, the initial data summary of the encryption is to be added using the private key The summary that close initial data summary obtains;And by the initial data and the initial data of the encryption summary send to it is described extremely A few terminal 204.So that the terminal 204 is by the way that the 5th data obtained according to the second data are compared with the 4th data To know data whether from correctly it is described apply 203, avoid data from being tampered or be forged.The correspondence of platform of internet of things 201 It is managed collectively with 203 and terminal 204.For avoid in response to be likely to occur with 203 and terminal 204 when quantity is excessive be difficult into The mix of row management, therefore by the way of a platform of internet of things 201 is set, the platform of internet of things 201 and same thing All applications 203 and all terminals 204 in networked system are connected, and information can be forwarded.Specifically, the present invention is implemented In example, platform of internet of things 201 can be the server of a network side.
Authentication device 202 is connected with the platform of internet of things 201, for generate include a pair of private key and public key it is asymmetric Key.Authentication device 202 is additionally operable to utilize the data of private key encryption first, generates the 3rd data, and the 3rd data are sent To platform of internet of things 201, and after receiving and carrying out the decoding request of self terminal 204, a public key solution with private key pairing is utilized Close 3rd data, the 4th data are generated, and the 4th data are sent to platform of internet of things 201.In initialization, recognize Card device 202 can generate different unsymmetrical key pair according to different applications 203, and authentication device 202 generates asymmetric close Key can be preserved to rear, and can by private key using secured fashion pass to it is corresponding apply 203, while can be with Public key is subjected to disclosure, so that other devices are inquired about at any time.Authentication device 202 can receive the of the transmission of platform of internet of things 201 Three data, the 3rd data of reception are decrypted according to public key, then the information after decryption is sent to terminal 204, it can be with Forwarded by platform of internet of things 201.Specifically, in the embodiment of the present invention, the authentication device 202 can be M2M (machines To machine) ca (certification) device.
Have selected in the embodiment of the present invention and the summary of initial data be encrypted, because the byte number that summary generally comprises compared with Few, it, which is encrypted, can save step, save time and space, meanwhile, only summary is encrypted and verifies and is transmitted enough Information it is whether correct.
Method and system described in the embodiment of the present invention, have when the data volume that need to be encrypted is smaller larger excellent Gesture, therefore, the first data, the 3rd data, the 4th data, the 6th data or the 7th data in the embodiment of the present invention can be families The data of the types such as front yard security protection data, trading information data or location data.
Platform of internet of things 201 can include test request processing unit, and it is used to receive the test that the terminal 204 is sent Request, according to the test request, generate and forward the 6th data to the application 203.Whether truly have using 203 for test Effect, terminal 204 or other application 203 may send the test request for a certain application 203, thing to platform of internet of things 201 After networked platforms 201 receive test request, its test request processing unit can generate the 6th data, and the 6th data can To be random data string or other data for being used to test, test request processing unit can be by the 6th data forwarding to phase 203 should be applied.
Referring to Fig. 3 A, platform of internet of things 201 can also include the first receiving unit 2011 and first in the embodiment of the present invention Transmitting element 2012.
First receiving unit 2011 is used for the initial data summary for the initial data and encryption for receiving the application 203, institute The initial data summary for stating encryption is the summary obtained using private key encryption initial data summary corresponding to the application 203.
First transmitting element 2012 is used to send the initial data and the initial data of encryption summary to described At least one terminal 204.First transmitting element 2012 is additionally operable to send the decrypted result to terminal 204, for 204, terminal Identified according to the decrypted result and 203 are applied corresponding to the initial data.
Referring to Fig. 3 B, authentication device 202 can include R-T unit 2021, storage device 2022 and processing unit 2023.
R-T unit 2021, put down for the 3rd data obtained after the first data encryption to reception to be sent into Internet of Things Platform 201, and receive the decoding request for carrying out self terminal 204.R-T unit 2021 can be also used for sending private to respective application 203 Key.R-T unit 2021 can also receive initial data, i.e. the second data, and device 2023 for processing is handled it, obtained Obtain the 5th data.
Storage device 2022, include that corresponding with least one application 203 at least one pair of is asymmetric close for storing Key, the private key and public key of pairing are included in each pair unsymmetrical key.Preferably, storage device 2022 can open up storage respectively Space, private key and public key are stored separately, or can by for the different unsymmetrical key of different application 203 to separating Storage, in order to search.
Processing unit 2023, for according to 203 corresponding public keys of the application to from described in the terminal 204 plus Close initial data summary is handled, and obtains result.Wherein, processing mode can be decryption.R-T unit 2021 can So that the result is exported to terminal 204 by platform of internet of things 201.Processing unit 2023 is additionally operable to corresponding public key solution Close 8th data, obtain the 7th data.
Preferably, when authentication device 202 needs to decrypt and be compared, processing unit 2023 can specifically include decryption Unit, the first computing unit and the first comparing unit.
Decryption unit, which is used to make a summary to the initial data of the encryption from the terminal 204 according to the public key, to be carried out Decryption, obtain the second initial data summary to be compared.
First computing unit, for calculating the initial data, obtain the first initial data summary to be compared.
First comparing unit, for the more described first initial data summary to be compared and the described second original number to be compared According to summary, comparative result is obtained as the result, then by the comparative result via first transmitting element 2012 outputs are applied to the terminal 204 for the terminal 204 according to corresponding to the comparative result identifies the initial data 203.In the embodiment of the present invention, the first initial data summary to be compared is the 5th data, and the second initial data summary to be compared is 3rd data.
Or when 202 need of authentication device are decrypted without being compared, processing unit 2023 can be specific For decryption unit, it is decrypted for being made a summary according to the public key to the initial data of the encryption from the terminal 204, Obtain the second initial data summary to be compared and be used as the result.The result can be sent by R-T unit 2021 To terminal 204, compared with by terminal 204, it is made a summary with the first initial data to be compared itself obtained, knot is compared in acquisition Fruit, and identified based on the comparative result and 203 are applied corresponding to the initial data.
When application 203 is the application 203 without cryptographic capabilities, authentication device 202 can also include encryption device 2026, it is used to make a summary using the private key encryption initial data, obtains the initial data summary of the encryption.Utilize private key The first data received are encrypted, generate the 3rd data.Encryption device 2026 is represented by dashed line in figure only not to be had using 203 It is arranged at when there are cryptographic capabilities in authentication device 202.
The authentication device 202 can also include generating means 2024 and comparison device 2025.
Generating means 2024, for generating different unsymmetrical key pair according to different applications 203.In initialization, Generating means 2024 can generate different unsymmetrical key pair according to different applications 203.Generating means 2024 are additionally operable to R-T unit 2021 generates the 6th data after receiving test request.
Comparison device 2025 is used to the 7th data being compared with the 6th data, and generates a comparison result, its Described in the 7th data be using one with encrypt the private key of the 6th data public key pairing decrypt the 6th encrypted data and Obtained data.After six data are received using 203, the 6th data can be encrypted according to respective private keys, obtained Platform of internet of things 201 is sent to the 8th data, then by the 8th data, platform of internet of things 201 counts the 8th data and the 6th According to authentication device 202 is sent to, the processing unit 2023 in authentication device 202 is solved the 8th data according to corresponding public key It is close, the 7th data are obtained, the 6th data and the 7th data can be compared for comparison device 2025, and generate a ratio To result, the comparison result can be sent to corresponding terminal 204 by authentication device 202.Or R-T unit 2021 can be by Six data and the 7th data are sent to terminal 204, are compared by terminal.Wherein, if comparison result is the 6th data and the Seven data are consistent, then terminal 204 can determine that this is authentic and valid using 203, if comparison result is the 6th data and the 7th number According to inconsistent, then terminal 204 can determine that this has failure or error using 203.
It is used to send data to terminal 204 by the Internet of things system using 203.If using 203 have encryption (or Referred to as sign) function, then its before transmitting data, first the first data can be encrypted according to public key, obtain the 3rd number According to, and send the second data and the 3rd data.Can have in an Internet of things system and multiple apply 203.Can using 203 To there is encryption (or for signature) function, can also not have, can be by data to be sent when there is no encryption function using 203 Platform of internet of things 201 is sent to, the data that need to be encrypted are sent to authentication device 202 by platform of internet of things 201 again, by authentication device 202 it is encrypted according to respective private keys after be then forwarded to platform of internet of things 201.Specifically, answering in the embodiment of the present invention Can be device for processing information with 203, it can be realized by hardware and can also be realized by software.
Specifically, when there are cryptographic capabilities using 203, ciphering unit can also be included using 203, it is used to utilize private Key encryption initial data summary, obtain the initial data summary of encryption.
Terminal 204 is used to according to the second data of reception obtain the 5th data, by the 5th data with receive the 4th Data are compared, if comparison result is consistent, it is determined that whether the source of data is correct, i.e., from correctly transmission Side.Terminal 204 receives makes a summary using the initial data after 203 initial data forwarded by Internet of things system and encryption, terminal 204 can be handled the initial data, obtain initial data summary info, for example, processing mode can be original to this Data carry out Hash operation.Whether the information if necessary to confirm to receive is correct, then terminal 204 can be by after the encryption of reception Initial data summary is sent to authentication device 202, can be forwarded by platform of internet of things 201, by the public affairs of authentication device 202 The initial data summary after encrypting is decrypted key, obtains initial data summary, then initial data summary is sent into end End 204, can be forwarded, the initial data can be made a summary and handled obtained original by terminal 204 by platform of internet of things 201 Beginning metadata digest information is compared, if the two is consistent, can determine that the information of reception is correct.Terminal 204 be additionally operable to by The 6th data and the 7th data received are compared, and when the two comparison result is consistent, determine that respective application 203 truly has Effect.
Referring to Fig. 3 C, terminal 204 can include the second receiving unit 2041 and processing unit 2042 in the embodiment of the present invention.
Second receiving unit 2041, for receiving initial data and utilizing private key encryption caused by the authentication device 202 The initial data summary for the encryption that initial data is made a summary and obtained, wherein, the private key is corresponding to include with an application 203 Private key in a pair of unsymmetrical key of private key and public key.Second receiving unit 2041 receives that platform of internet of things 201 is sent Two data, the 3rd data, and receive the platform of internet of things 201 after decoding request is sent to the platform of internet of things 201 and send out Send to the 4th data that are obtained after the 3rd data deciphering, carry the 3rd data in the decoding request.Wherein, The 3rd data that need to be decrypted can be carried in the decoding request, so that authentication device 202 is by after the 3rd data deciphering Obtain the 4th data.Second receiving unit 2041 is additionally operable to receive Internet of Things after test request is sent to platform of internet of things 201 The 6th data and the 7th data that platform 201 is sent.
Processing unit 2042, for handling the initial data and the initial data of encryption summary, obtain Result, 203 are applied according to corresponding to the result identifies the initial data.The initial data of encryption is made a summary 3rd data, the 4th data are obtained after it being decrypted processing.Processing unit 2042 is handled second data, is obtained Obtain the 5th data.Wherein, processing unit 2042 can carry out Hash operation to the second data of reception, to obtain the 5th data. The 5th data can be compared with the 4th data for processing unit 2042, and the result in the embodiment of the present invention is exactly Which comparison result, comparison result reflection data apply 203 from.If comparison result is consistent, illustrate data from correct Application 203.
Specifically, if terminal 204 is used to obtain the 5th data according to the second data, and by the 5th data and the 4th data It is compared, then processing unit 2042 can specifically include the second computing unit and the second comparing unit.
Second computing unit is used to calculate initial data, obtains the first initial data summary to be compared.Obtain 5th data.
Second comparing unit is original by using what is encrypted described in the public key decryptions for receiving the authentication device 202 Data summarization and the second initial data to be compared summary obtained, and the first initial data summary summary number to be compared Made a summary according to the described second initial data to be compared, comparative result is obtained as the result, according to the comparative result Identify and 203 are applied corresponding to the initial data.
Or if terminal 204 directly receives the decrypted result for coming from authentication device 202, processing unit 2042 can With including the second transmitting element and the second receiving unit.
Second transmitting element, which is used to the initial data and the initial data of encryption summary being sent to, described to be recognized Card device 202.Now, authentication device 202 is additionally operable to calculate initial data, obtains the first initial data to be compared and plucks Will;The second initial data summary to be compared is obtained using the initial data summary encrypted described in the public key decryptions, and is compared The first initial data summary summary data to be compared and the second initial data summary to be compared, obtain comparative result.
Second receiving unit is used to receive the comparative result, and the comparative result is used for identifying that the initial data is corresponding Application 203.
In initialization, authentication device 202 can generate a pair of unsymmetrical key pair according to an application 203, and it includes One Public Key (hereinafter referred to as public key) and a private cipher key (hereinafter referred to as private key) matched with it, i.e., one application 203 can correspond to a pair of unsymmetrical key pair, and authentication device 202 can be transmitted the key of generation by the way of safer 203 are applied to corresponding, such as physics mode can be used, can also be it is determined that using transmission message on the premise of network security Etc. the mode of network transmission.
When needing to send information to terminal 204 using 203, such as information described in the embodiment of the present invention can be several According to.First the first data that need to be sent can be encrypted according to private key using 203, obtain the 3rd data, and can be by described in Second data and the 3rd data are sent to platform of internet of things 201.Platform of internet of things 201 can first determine whether the initial data received Whether summary has been encryption data, judges to determine that it has been encryption data in the embodiment of the present invention, if it is determined that determining that it is not Encryption data, then authentication device 202 is also transmitted it to, it is encrypted according to private key.Platform of internet of things 201 is by described in Second data and the 3rd data are transferred to terminal 204.Whether terminal 204 is correct if necessary to verify the data received, then can be with Second data of reception are handled, such as Hash operation can be carried out to it, obtain the 5th data, and can be to Internet of Things Platform 201 sends decoding request, can carry the 3rd data in the decoding request, and platform of internet of things 201 is by the decoding request Authentication device 202 is forwarded to, the 3rd data are decrypted according to public key by authentication device 202, obtains the 4th data, certification dress Put 202 and the 4th data are sent to corresponding terminal 204 by platform of internet of things 201, terminal 204 is by the 4th data of reception It is compared with the 5th data, when the two comparison result is consistent, terminal 204 determines whether data come from and correctly applies 203, Otherwise determine that data are not from correctly applying 203.
Referring to Fig. 4, the main method flow handled in the embodiment of the present invention initial data is as follows:
Step 401:Receive come self-application 203 initial data and encryption initial data summary, the encryption it is original Data summarization is to be plucked using with what the private key encryption initial data summary in 203 corresponding unsymmetrical key of the application obtained Will;And the initial data and the initial data of encryption summary are sent to terminal 204.
Step 402:Reception processing result, according to the result with 203 corresponding unsymmetrical key of the application In public key the initial data of the encryption from the terminal 204 summary is handled and obtained.
Step 403:The result is sent to the terminal 204, is known for the terminal 204 according to the result 203 are applied corresponding to not described initial data.
Referring to Fig. 5, to as follows using the 203 method detailed flows tested in the embodiment of the present invention:
Step 501:The test request that receiving terminal 204 is sent.Authentication device 202 receives end by platform of internet of things 201 The test request that end 204 is sent.
Step 502:Generation random data string is simultaneously sent it to corresponding using 203.Authentication device 202 receives described Random data string is generated after test request.
Step 503:The random data string of reception is encrypted according to private key, and the random data string after encryption is sent To authentication device 202.The random data string of reception is encrypted according to private key using 203, and will by platform of internet of things 201 Random data string after encryption is sent to authentication device 202.There is encryption function using 203 in the embodiment of the present invention.
Step 504:The random data string after encryption is decrypted according to public key, and is sent to platform of internet of things 201.
Step 505:Random data string after random data string and decryption is sent to corresponding terminal 204.Platform of internet of things 201 are sent to the random data string after random data string and decryption the terminal 204 for sending test request.
Step 506:Random data string is compared terminal 204 with the random data string after decryption, according to comparison result It is it is determined that whether effective using 203.When comparison result is consistent, it is determined that authentic and valid using 203, otherwise determining may using 203 Failure or error be present.
By the technical scheme in the application said one embodiment or multiple embodiments, the application at least has following skill Art effect:
To solve to make data pseudo- because of key from stealing caused by using symmetric key encryption possible in the prior art The drawbacks of making or being tampered, the embodiment of the present invention increase an authentication device 202 in Internet of things system, and it uses asymmetric add Data are encrypted close mode, with the data of private key encryption first, generate the 3rd data;Send the second data to be sent and 3rd data are to terminal;Based on the decoding request for carrying out self terminal, using described in the public key decryptions matched with the private key 3rd data, generate the 4th data;The 4th data are sent to the terminal.Because asymmetric encryption is using a pair of not phases Same unsymmetrical key pair, it is extraneous the private key that matched with it to be released by a public key, so as to which data can not be stolen, prevent Data are forged or distorted, and relative to symmetric cryptography both ends all with for identical key, asymmet-ric encryption method significantly increases The strong security of data interaction.Because using asymmetric encryption techniques, reducing the number of keys of generation, simplifying the pipe to key Reason, effectively increases operating efficiency.Simultaneously can also be by sending random data string to application 203 with to the effective of application 203 Whether property is tested, terminal 204 is known in time authentic and valid using 203, reduce the failure being likely to occur as far as possible.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more The shape for the computer program product that usable storage medium is implemented on (including but is not limited to magnetic disk storage and optical memory etc.) Formula.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising including these changes and modification.

Claims (11)

  1. A kind of 1. Internet of things system, it is characterised in that including:
    Platform of internet of things, it is connected with least one application and at least one terminal;Authentication device, the authentication device and the thing Networked platforms connect, and the authentication device includes:
    Storage device, include at least one pair of unsymmetrical key corresponding with least one application for storing, each pair is non-right Claim the private key and public key for including pairing in key;
    Wherein, the platform of internet of things, including:
    First receiving unit, for receiving the initial data of the application and the initial data summary of encryption, the original of the encryption Beginning data summarization is the summary obtained using private key encryption initial data summary corresponding to the application;
    First transmitting element, for the initial data and the initial data of encryption summary to be sent to described at least one Terminal;
    The authentication device, in addition to:
    Processing unit, for being plucked according to public key corresponding with the application to the initial data of the encryption from the terminal Handled, obtain result;
    Wherein, the first transmitting element of the platform of internet of things is additionally operable to send the result to the terminal, for institute Terminal is stated to apply according to corresponding to the result identifies the initial data.
  2. 2. the system as claimed in claim 1, it is characterised in that the initial data of the encryption, which is made a summary, is:
    The initial data summary for the encryption that the application is obtained using private key encryption initial data summary;Or
    The initial data summary for the encryption that the authentication device is obtained using private key encryption initial data summary.
  3. 3. system as claimed in claim 1 or 2, it is characterised in that the processing unit specifically includes:
    Decryption unit, for the initial data summary of the encryption from the terminal to be decrypted according to the public key, Obtain the second initial data summary to be compared;
    First computing unit, for calculating the initial data, obtain the first initial data summary to be compared;
    First comparing unit, plucked for the more described first initial data summary to be compared and the described second initial data to be compared Will, obtain comparative result as the result, then by the comparative result via first transmitting element export to The terminal, applied for the terminal according to corresponding to the comparative result identifies the initial data.
  4. 4. system as claimed in claim 1 or 2, it is characterised in that the processing unit specifically includes:
    Decryption unit, for the initial data summary of the encryption from the terminal to be decrypted according to the public key, Obtain the second initial data summary to be compared and be used as the result;
    Wherein, the terminal obtains by the more described second initial data summary to be compared and based on calculating is carried out to initial data The the first initial data summary to be compared obtained, obtains comparative result, and identify the initial data pair based on the comparative result The application answered.
  5. 5. a kind of terminal, be connected with the platform of internet of things in Internet of things system, and it is connected to by the platform of internet of things described Authentication device in Internet of things system, it is characterised in that including:
    Second receiving unit, for receiving initial data and utilizing private key encryption initial data summary caused by the authentication device And the initial data summary of the encryption obtained, wherein, the private key includes the one of private key and public key to be corresponding with an application To the private key in unsymmetrical key;
    Processing unit, for handling the initial data and the initial data of encryption summary, result is obtained, Applied according to corresponding to the result identifies the initial data.
  6. 6. terminal as claimed in claim 5, it is characterised in that the processing unit specifically includes:
    Second computing unit, for calculating initial data, obtain the first initial data summary to be compared;
    Second comparing unit, plucked for receiving the authentication device by using the initial data encrypted described in the public key decryptions The the second initial data summary to be compared wanted and obtained, and the first initial data summary summary data to be compared and institute The second initial data summary to be compared is stated, comparative result is obtained as the result, institute is identified according to the comparative result State and applied corresponding to initial data.
  7. 7. terminal as claimed in claim 5, it is characterised in that the processing unit specifically includes:
    Second transmitting element, filled for the initial data and the initial data of encryption summary to be sent into described certification Put;
    Second receiving unit, for receiving comparative result, the comparative result is used for identifying corresponding to the initial data Using;
    Wherein, the comparative result is calculated initial data by the authentication device, obtains the first initial data to be compared Summary;The second initial data summary to be compared is obtained using the initial data summary encrypted described in the public key decryptions, and is compared What the first initial data summary summary data to be compared and second initial data to be compared were made a summary and obtained.
  8. 8. a kind of method handled initial data, applied to including authentication device and be connected with the authentication device In the Internet of things system of platform of internet of things, it is characterised in that including:
    Receive application initial data and encryption initial data summary, the encryption initial data summary be using with it is described The summary obtained using the private key encryption initial data summary in corresponding unsymmetrical key;And by the initial data and described The initial data summary of encryption is sent to terminal;
    Reception processing result, the public key according to the result in unsymmetrical key corresponding with the application is to from institute The initial data summary for stating the encryption of terminal is handled and obtained;
    The result is sent to the terminal, identifies that the initial data is corresponding according to the result for the terminal Application.
  9. 9. method as claimed in claim 8, it is characterised in that the initial data of the encryption, which is made a summary, is:
    Obtained by the application using private key encryption initial data summary;Or
    Obtained by the authentication device using private key encryption initial data summary.
  10. 10. method as claimed in claim 8, it is characterised in that the result is comparative result, the comparative result For:
    The initial data summary of the encryption from the terminal is decrypted according to the public key by the authentication device, Obtain the second initial data summary to be compared;The initial data is calculated, obtains the first initial data summary to be compared; Compare the described first initial data summary to be compared and the described second initial data summary to be compared and obtain, for the terminal Applied according to corresponding to the comparative result identifies the initial data.
  11. 11. method as claimed in claim 8, it is characterised in that the result is the second initial data summary to be compared, Second initial data to be compared, which is made a summary, is specially:
    The initial data summary of the encryption from the terminal is decrypted according to the public key by the authentication device And obtain;
    Wherein, the terminal obtains by the more described second initial data summary to be compared and based on calculating is carried out to initial data The the first initial data summary to be compared obtained, obtains comparative result, and identify the initial data pair based on the comparative result The application answered.
CN201110256557.8A 2011-09-01 2011-09-01 A kind of method handled initial data, Internet of things system and terminal Active CN102970676B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110256557.8A CN102970676B (en) 2011-09-01 2011-09-01 A kind of method handled initial data, Internet of things system and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110256557.8A CN102970676B (en) 2011-09-01 2011-09-01 A kind of method handled initial data, Internet of things system and terminal

Publications (2)

Publication Number Publication Date
CN102970676A CN102970676A (en) 2013-03-13
CN102970676B true CN102970676B (en) 2018-04-10

Family

ID=47800476

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110256557.8A Active CN102970676B (en) 2011-09-01 2011-09-01 A kind of method handled initial data, Internet of things system and terminal

Country Status (1)

Country Link
CN (1) CN102970676B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105407072A (en) * 2014-09-05 2016-03-16 北京握奇智能科技有限公司 Method and system for achieving safety of Internet of Things, and interconnection equipment
TWI576779B (en) * 2015-10-13 2017-04-01 Nat Sun Yat-Sen Univ Method and Method of Payment Authentication System for Internet of Things
CN106911663A (en) * 2016-11-16 2017-06-30 上海艾融软件股份有限公司 One kind sells bank's full message encryption system and method for mixed mode directly to households
CN106899600A (en) * 2017-03-09 2017-06-27 广州力小浦科技有限公司 The data processing method and device of water purifier
CN109033851A (en) * 2018-07-02 2018-12-18 北京科东电力控制系统有限责任公司 The mobile application protecting information safety method and apparatus of electric power transaction platform
CN109255249B (en) * 2018-09-14 2021-02-02 腾讯科技(武汉)有限公司 Image generation method, image generation apparatus, image display method, image display apparatus, and storage medium
CN111783120A (en) * 2020-06-30 2020-10-16 曙光信息产业(北京)有限公司 Data interaction method, computing device, BMC chip and electronic device
CN113468569A (en) * 2021-07-13 2021-10-01 京东科技控股股份有限公司 Data encryption method and device and data decryption method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101175270A (en) * 2006-10-31 2008-05-07 华为技术有限公司 Communication terminal and its start-up method and device
CN101291223A (en) * 2007-12-21 2008-10-22 任少华 System and method for a third party to provide identity authentication service
EP2211497A1 (en) * 2009-01-26 2010-07-28 Gemalto SA Secure communication establishment process, without sharing prior information
CN101951371A (en) * 2010-09-17 2011-01-19 浙江大学 Method for authenticating electronic tags in Internet of things
CN102065430A (en) * 2010-12-28 2011-05-18 上海华御信息技术有限公司 Method for realizing safe access of terminal of internet of thing

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025505A (en) * 2010-12-16 2011-04-20 浪潮(北京)电子信息产业有限公司 Advanced encryption standard (AES) algorithm-based encryption/decryption method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101175270A (en) * 2006-10-31 2008-05-07 华为技术有限公司 Communication terminal and its start-up method and device
CN101291223A (en) * 2007-12-21 2008-10-22 任少华 System and method for a third party to provide identity authentication service
EP2211497A1 (en) * 2009-01-26 2010-07-28 Gemalto SA Secure communication establishment process, without sharing prior information
CN101951371A (en) * 2010-09-17 2011-01-19 浙江大学 Method for authenticating electronic tags in Internet of things
CN102065430A (en) * 2010-12-28 2011-05-18 上海华御信息技术有限公司 Method for realizing safe access of terminal of internet of thing

Also Published As

Publication number Publication date
CN102970676A (en) 2013-03-13

Similar Documents

Publication Publication Date Title
CN102970676B (en) A kind of method handled initial data, Internet of things system and terminal
CN103763631B (en) Authentication method, server and television set
CN105162772B (en) A kind of internet of things equipment certifiede-mail protocol method and apparatus
CN104219228B (en) A kind of user's registration, user identification method and system
CN103905202B (en) A kind of RFID lightweight mutual authentication methods based on PUF
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
CN106533689A (en) Method and device for loading digital certificate in SSL/TLS communication
CN106302422B (en) Business encryption and decryption method and device
CN106850207B (en) Identity identifying method and system without CA
CN108347419A (en) Data transmission method and device
CN106533669A (en) Device identification method, device and system
US10243829B2 (en) Communication protocol testing method, and tested device and testing platform thereof
CN106612180A (en) Method and device for realizing session identifier synchronization
CN102663591A (en) Product anti-counterfeiting method and system based on electronic tag
CA2969332C (en) A method and device for authentication
CN109688098B (en) Method, device and equipment for secure communication of data and computer readable storage medium
CN108600222A (en) The communication means of client application and trusted application, system and terminal
CN107800675A (en) A kind of data transmission method, terminal and server
CN113114621B (en) Communication method for bus dispatching system and bus dispatching system
CN106603496A (en) Data transmission protection method, intelligent card, server, and communication system
CN102571355B (en) Method and device for importing secret key without landing
US20210091950A1 (en) Secure self-identification of a device
WO2018227685A1 (en) Method and system for secure access of terminal device to internet of things
CN110300287A (en) A kind of public safety video monitoring networking camera access authentication method
CN109922022A (en) Internet of Things communication means, platform, terminal and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant