CN103067166B - The stepped mixing encryption method and device of a kind of intelligent home system - Google Patents
The stepped mixing encryption method and device of a kind of intelligent home system Download PDFInfo
- Publication number
- CN103067166B CN103067166B CN201110317834.1A CN201110317834A CN103067166B CN 103067166 B CN103067166 B CN 103067166B CN 201110317834 A CN201110317834 A CN 201110317834A CN 103067166 B CN103067166 B CN 103067166B
- Authority
- CN
- China
- Prior art keywords
- subnet
- mode
- symmetric cryptography
- encryption
- intelligent terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses the stepped mixing encryption method and device of a kind of intelligent home system, including:Same subnet is closed between lower each intelligent terminal, subnet closes and is set to encryption mechanism in cluster between intelligent terminal, close that lower each intelligent terminal, subnet close data transfer between intelligent terminal and mutual access is encrypted and decrypted by symmetric cryptography mode to same subnet;Between each subnet is closed, subnet close and encryption mechanism between cluster be set between family's primary gateway, between being closed to each subnet, subnet closes the data transfer between family's primary gateway and mutually accesses and be encrypted and decrypted by Identity based encryption mode.Using the present invention, fully meet the safety requirements of wired home system, this method can make full use of symmetric cryptography computing cost small, the advantages of enciphering rate is fast and Identity-based encryption deployment, the low advantage of operating cost, and installation, operating cost are reduced on the premise of security is ensured.
Description
Technical field
The present invention relates to the stepped mixing encryption method and dress of Internet of Things field, more particularly to a kind of intelligent home system
Put.
Background technology
Wired home based on Internet of Things is a multifunctional network system, using advanced computer, network service, from
The advanced technologies such as dynamic control, by the various application subsystems related to family life, (such as safety-protection system, home wiring control, illumination are controlled
System, entertainment systems, remote monitoring etc.) organically combine, centralized Control is realized by central control machine or home gateway.Various intelligence
Terminal is communicated by wirelessly or non-wirelessly mode with home gateway, and the Intelligent mobile equipment such as smart mobile phone, notebook passes through
WIFI modes access external the Internet;Remote control terminal (such as mobile phone, PC) can be realized to intelligence by telecommunication network or internet
The remote control of energy household internal terminal.
Wherein ensure that the data confidentiality of wired home and the personal secrets of user data are the important of intelligent domestic system
Problem.The simple encryption policy that accesses can not meet demand of the wired home to safety:It is simple access Password Policy be easy to by
Crack, easily attacked by network hacker.Access password can be stolen or be cracked to malicious attacker, realize the remote control to terminal;
The user or terminal device that it is legal that malicious attacker can disguise oneself as, steal, change the information and private data of validated user;Dislike
Meaning attacker can even cause the threat (such as controlling natural gas, safety-protection system) of life by control terminal to user.
Classical cryptosystem is generally divided into three class modes:
(1) " ordinary cryptographic ", also known as " single key password ", " symmetric cryptography ".
(2) " public key cryptosystem ", also known as " conbined public or double key password ", " asymmetric cryptography ".
(3) Identity-based encryption (IBE).
First way:In symmetric encryption system, encryption and decryption use identical key.Because encryption and decryption key phase
With, it is necessary to which the both sides of communication must select and preserve their common keys, each side, which must trust other side, to divulge a secret key
Go out, can thus realize the confidentiality and integrity of data.The advantage of symmetric cryptographic algorithm is that computing cost is small, encryption speed
Degree is fast, is the main algorithm encrypted currently used for information.However, being had the following disadvantages in symmetric encryption system:
(1) it is not suitable for catenet.For the network with n user, it is necessary to n (n-1)/2 key, in customer group
In the case of not being very big, symmetric encryption system is effective.But for catenet, when customer group is very big, be distributed very wide
When, the distribution and preservation of key are just into problem.
(2) key maintenance cost is high.Symmetric cryptography is limited in that it ensures between there are the trade both sides of communication
The problem of key secure exchange.In addition, a certain communication terminal has several correspondences, he will safeguard several private keys.
(3) it cannot also differentiate communication terminal initiator or communication reciever because both sides key it is identical.
(4) it cannot be used for digital signature.Due to symmetric encryption system be simply possible to use in data carry out encryption and decryption processing there is provided
The confidentiality of data, therefore digital signature cannot be used for lining encryption system.
The second way:Asymmetric encryption theoretically, as long as the private cipher key of user is not lost or is stolen,
The information so encrypted between them can never be cracked.However, the limitation due to symmetric cryptography strategy in itself, has
Following shortcoming:
(1) it is cumbersome.Recipient must get out public keys and private key simultaneously, and originator needs to know or
Person can find out the public keys of recipient, in most cases, it means that originator, which must search for out a certificate, to be recognized
Demonstrate,prove to retrieve the public keys of intended recipient.Also, only determined in recipient using the encryption method and possess available
Key in the case of, could carry out public key encryption, and most people is all without public keys.
(2) enciphering rate is very slow.Due to carry out substantial amounts of mathematical operation, even if a small amount of information of encryption is also required to
Devote a tremendous amount of time.
The third mode:Compared with conventional public-key is encrypted, Identity based encryption does not need any certificate, the public affairs of recipient
Key is derived from his identity information altogether.Infrastructure required for IBE is more simply too much than conventional encryption methods, and this means that this is less
Server and easier installation.The operating cost of IBE encryptions is only 1/5th of those public key cryptosysts, and IBE is used
The productivity ratio at family those public keys user Gao Wubei.Key is provided with useful life, therefore need not be cancelled.In tradition
In public key cryptosyst, key must be cancelled.Information decryption can be postponed in order to later decryption.Due to introducing the 3rd
Square server, IBE encryptions have the disadvantage that:
(1) a centralized servers are needed, this also increases the centralization of the security risk of leakage, in addition IBE
Imply some keys must create and preserve in the form of managing on behalf of another.
(2) escape way is needed to transmit private key between originator or recipient and IBE servers.
In summary, no matter symmetric cryptography, public key encryption are also based on the encryption of identity to existing encryption technology, there is each
From shortcoming, be adapted to single application scenarios.But for function complexity, the intelligent home system of multiple network fusion, it is single
One encryption mechanism can not meet demand for security.Therefore it is currently needed for a kind of encryption system designed for wired home feature
Technical scheme.
The content of the invention
The technical problems to be solved by the invention are to provide the stepped mixing encryption method and dress of a kind of intelligent home system
Put, solve the problem of current single encryption mechanism can not meet intelligent home system demand for security.
In order to solve the above problems, the invention provides a kind of stepped mixing encryption method of intelligent home system, including:
Same subnet closed between lower each intelligent terminal, be set to encryption equipment in cluster between subnet pass and intelligent terminal
System, lower each intelligent terminal, subnet is closed to same subnet closes the data transfer between intelligent terminal and mutually accessing and pass through pair
Cipher mode is claimed to be encrypted and decrypted;
Between each subnet is closed, subnet close and encryption mechanism between cluster be set between family's primary gateway, it is closed to each subnet
Between, subnet close and family's primary gateway between data transfer and mutually access be encrypted by Identity based encryption mode and
Decryption.
Further, the above method may also include:Symmetric cryptography mode of the symmetric cryptography mode including DES algorithms,
The symmetric cryptography mode of 3DES algorithms, the symmetric cryptography mode of TDEA algorithms, the symmetric cryptography mode of Blowfish algorithms, RC5
The symmetric cryptography mode of algorithm or the symmetric cryptography mode of IDEA algorithms.
Further, the above method may also include:Each intelligent terminal, subnet under the pass to same subnet are closed and intelligence
The step of data transfer and mutual access between energy terminal are encrypted and decrypted by symmetric cryptography mode, including:
Each intelligent terminal, subnet under being closed to same subnet close the data transfer between intelligent terminal and mutually access logical
The symmetric cryptography mode for crossing RC5 algorithms is encrypted and decrypted, wherein, RC5 algorithms are joined by packet size parameter, cipher key size
Number and encryption round number parameter are adjusted, and computing is carried out using XOR, the computing mode for adding and circulating.
Further, the above method may also include:It is described to each subnet close between, subnet close and family's primary gateway between
The step of data transfer and mutual access are encrypted and decrypted by Identity based encryption mode, including:
Initialization system, security parameter needed for input, obtains systematic parameter and master key information;
According to the identity information of user, the corresponding private key information of generation user;
Public key information is used as by the identity information of user, the plaintext for needing to encrypt is encrypted, obtains corresponding close
Text;By the corresponding private key information of the identity information of user, ciphertext is decrypted, corresponding plaintext is obtained.
Further, the above method may also include:The Identity based encryption mode includes:Non-interactive type key updating
Identity-based encryption mode or Waters IBE modes.
Present invention also offers a kind of stepped mixing encryption device of intelligent home system, including:Stage unit is encrypted, it is right
Claim ciphering unit and Identity based encryption unit, wherein,
The encryption stage unit, for closing same subnet between lower each intelligent terminal, subnet pass and intelligent terminal
Between be set to encryption mechanism in cluster, between each subnet is closed, subnet closes and encryption equipment between cluster is set between family's primary gateway
System;
The symmetric cryptography unit, for being closed to each intelligent terminal under same subnet pass, subnet between intelligent terminal
Data transfer and mutually access be encrypted and decrypted by symmetric cryptography mode;
The Identity based encryption unit, for each subnet close between, subnet close and family's primary gateway between number
It is encrypted and decrypted according to transmission and mutually access by Identity based encryption mode.
Further, said apparatus may also include:The symmetric cryptography mode that the symmetric cryptography unit is used includes
The symmetric cryptography mode of DES algorithms, the symmetric cryptography mode of 3DES algorithms, the symmetric cryptography mode of TDEA algorithms, Blowfish
The symmetric cryptography mode of the symmetric cryptography mode of algorithm, the symmetric cryptography mode of RC5 algorithms or IDEA algorithms.
Further, said apparatus may also include:The symmetric cryptography unit to same subnet close under each intelligent terminal,
Subnet closes the data transfer between intelligent terminal and mutually accessed and is encrypted and decrypted by symmetric cryptography mode, refers to:
Each intelligent terminal, subnet under being closed to same subnet close the data transfer between intelligent terminal and mutually access logical
The symmetric cryptography mode for crossing RC5 algorithms is encrypted and decrypted, wherein, RC5 algorithms are joined by packet size parameter, cipher key size
Number and encryption round number parameter are adjusted, and computing is carried out using XOR, the computing mode for adding and circulating.
Further, said apparatus may also include:The Identity based encryption unit to each subnet close between, subnet close
It is encrypted and decrypted with the data transfer between family primary gateway and mutually accessing by Identity based encryption mode, is
Refer to:
The Identity based encryption unit is initialized, security parameter needed for input, obtains systematic parameter and master is close
Key information;According to the identity information of user, the corresponding private key information of generation user;It is used as public key by the identity information of user to believe
Breath, is encrypted to the plaintext for needing to encrypt, obtains corresponding ciphertext;Believed by the corresponding private key of the identity information of user
Breath, is decrypted to ciphertext, obtains corresponding plaintext.
Further, said apparatus may also include:The identity-based that the Identity based encryption unit is used
Cipher mode includes:The Identity-based encryption mode or WatersIBE modes of non-interactive type key updating.
Compared with prior art, using the present invention, the safety requirements of wired home system is fully met, this method can fill
Divide small using symmetric cryptography computing cost, the advantages of enciphering rate is fast and Identity-based encryption deployment, the low advantage of operating cost,
Installation, operating cost are reduced on the premise of security is ensured.
Brief description of the drawings
Fig. 1 is the flow chart of the stepped mixing encryption method of the intelligent home system of the present invention;
Fig. 2 is the structural representation of the stepped mixing encryption device of the intelligent home system of the present invention.
Embodiment
The stepped mixing encryption method of the wired home of the present invention, it is adaptable to the wired home system of hierarchy, mainly
Design is:The encryption method is divided into cluster two grades of encryption mechanism between encryption mechanism and cluster:It is between each intelligent terminal and sub
It is encryption stage in cluster between gateway and intelligent terminal, using asymmetric encryption mechanisms;Closed and family master with subnet between each subnet is closed
It is encryption stage between cluster between gateway, using Identity based encryption mechanism.
The invention will be further described with reference to the accompanying drawings and detailed description.
As shown in figure 1, a kind of stepped mixing encryption method of intelligent home system of the present invention, including:
Step 110, same subnet closed between lower each intelligent terminal, be set between subnet pass and intelligent terminal in cluster
Encryption mechanism, each intelligent terminal, subnet under being closed to same subnet close the data transfer between intelligent terminal and mutually accessed
It is encrypted and decrypted by symmetric cryptography mode;
Step 120, by each subnet close between, subnet close and encryption mechanism between cluster be set between family's primary gateway, to each
Subnet close between, subnet close and family's primary gateway between data transfer and mutually access entered by Identity based encryption mode
Row encryption and decryption.
Part I:Encryption mechanism in cluster:
Data encryption is responsible for closing lower intelligent terminal to same subnet in cluster, between intelligent terminal and subnet pass are added
Close, the present invention uses symmetric cryptography mode, and symmetric cryptography is a kind of encryption method of use one-key cryptosystem, same key
The encryption and decryption of information can be used as simultaneously, this encryption method is referred to as symmetric cryptography, also referred to as secret key cryptography.Due to it
Speed is fast, and symmetry encryption is generally used when message sender needs encryption mass data.
Symmetric encipherment algorithm includes DES algorithms, 3DES algorithms, TDEA algorithms, Blowfish algorithms, RC5 algorithms or IDEA
Algorithm etc., this is not limited by the present invention.
Wherein, the present invention can use RC5 AESs, and RC5 AESs are applied to the microprocessor of different word lengths, removable
Plant property is good;It can resist linear attack during the six wheel above;By adjust word length, key length and iteration wheel number can in security and
Compromise is obtained in speed
RC5 block ciphers are the block ciphers of changeable parameters, and three variable parameters are:It is packet size, close
Key size and encryption round number.Three kinds of computings have been used in this algorithm:XOR plus and circulation.The processing procedure of RC5 encrypting and decryptings
It is as follows:
(1) key group is created
32 words of 2r+2 key correlation are used during RC5 algorithm for encryption, r represents the wheel number of encryption here.Create this
The process of individual key group is extremely complex but is also direct, in the array L that key byte is copied to 32 words first,
If desired, the last character can use zero padding.Then array S is initialized using Linear Congruential Generator mould 2:
For i=1 to 2 (r+1) -1;
Wherein for the RC5, P=0xb7e1, Q=0x9e37 of 16 words, 32 packets;
For 32 words and 64 RC5, P=0xb7e15163, Q=0x9e3779b9 being grouped;
It is grouped for 64 words and 128,
P=0xb7151628aed2a6b, Q=0x9e3779b97f4a7c15;
Finally L is mixed with S, mixed process is as follows:
I=j=0
A=B=0
Processing 3n times (n is the maximum in 2 (r+1) and c here, and wherein c represents the number of the key word of input)
(2) encryption
Proceeded by after careful key group is created to encryption of plaintext, during encryption, clear packets are divided into two first
32 words:A and B (in the case of assuming that processor byte order is little-endian, w=32, first plaintext byte
Into A lowest byte, the 4th plaintext byte enters A highest byte, and the 5th plaintext byte enters B lowest byte,
By that analogy), wherein operator<<<Ring shift left is represented, plus computing is mould.
The ciphertext of output is the content in register A and B
(3) decryption processing
Decryption is also easily, ciphertext block to be divided into two words:A and B (storage mode is as encryption), here
Meet>>>It is ring shift right, it is also mould to subtract computing.
RC5 program, which is realized, includes following sections:Principal function, ring shift left and move to right function, produce sub-key letter
Number, the function for producing preliminary examination key, the function for taking nearest odd number, encryption function, decryption function.
Part II:Encryption mechanism between cluster
Between cluster encrypt be responsible for sub- gateway, subnet close primary gateway between data be encrypted.
Encryption selects and improved existing Identity based encryption algorithm, base of the design suitable for intelligent domestic system between cluster
In the encipherment scheme of identity.
Wherein, Identity based encryption scheme includes:Identity-based encryption mode (the IBE- of non-interactive type key updating
) or Waters IBE modes etc. NIKU.
Wherein, Identity based encryption conceptual design of the invention includes four parts:System initialization parameter generation algorithm,
Private key generating algorithm, AES, decipherment algorithm.
(a) system initialization parameter generation algorithm.System initialization parameter generation algorithm is mainly generation and sets up system institute
The open systematic parameter and secrecy system parameter needed.Algorithm input is security parameter, and output is systematic parameter and master key.
(b) private key generating algorithm.According to the identity information of user, the corresponding private key of generation user.
(c) AES.By the use of the identity information of user as public key, the plaintext for needing to encrypt is encrypted, obtained
Corresponding ciphertext.
(d) decipherment algorithm.Using the corresponding private key of the identity information of user, ciphertext is decrypted, obtains corresponding
In plain text.
The present invention uses Identity based encryption mechanism, specific to use Waters IBE modes, the encryption mechanism include with
Under several steps:
(1) systematic parameter generation subscriber identity information is the Bit String that length is n, randomly selects a positive integer q, is chosen
Two p ranks group G and G1, choose bilinear mapPKG randomly chooses G generation member g ∈ G, random selectionIt is assumed thatRandomly choose g2∈ G,Vectorial U=(u1, u2, u3, u4…un)∈Gn.Systematic parameter
It is with master key:
(2) private key is generated.Known γ is an identity information, γiRepresent the of γPosition, andIt is all γi=1Set, random selection r ∈ Zq, then identity γ private key be:
(3) encrypt.Known-plaintext M ∈ G1With identity γ.Randomly choose t ∈ Zq, then using identity γ encrypt after ciphertext as:
(4) decrypt.Known ciphertext C=(C1, C2, C3) be encrypted cipher texts of the message M under identity γ, then ciphertext C is with private key
dγ=(d1, d2) decrypt, the plaintext after decryption is
As shown in Fig. 2 present invention also offers a kind of stepped mixing encryption device of intelligent home system, including:Encryption
Stage unit 201, symmetric cryptography unit 202 and Identity based encryption unit 203, wherein,
The encryption stage unit 201, for closing same subnet between lower each intelligent terminal, subnet closes whole with intelligence
Encryption mechanism in cluster is set between end, between each subnet is closed, subnet closes and encryption between cluster is set between family's primary gateway
Mechanism;
The symmetric cryptography unit 202, for same subnet is closed lower each intelligent terminal, subnet close and intelligent terminal it
Between data transfer and mutually access be encrypted and decrypted by symmetric cryptography mode;
The Identity based encryption unit 203, for each subnet close between, subnet close and family's primary gateway between
Data transfer and mutually access are encrypted and decrypted by Identity based encryption mode.
Symmetric cryptography mode of the symmetric cryptography mode that the symmetric cryptography unit 202 is used including DES algorithms,
The symmetric cryptography mode of 3DES algorithms, the symmetric cryptography mode of TDEA algorithms, the symmetric cryptography mode of Blowfish algorithms, RC5
The symmetric cryptography mode of algorithm or the symmetric cryptography mode of IDEA algorithms.
The symmetric cryptography unit 202 is closed between intelligent terminal to each intelligent terminal under same subnet pass, subnet
Data transfer and mutually access are encrypted and decrypted by symmetric cryptography mode, are referred to:
Each intelligent terminal, subnet under being closed to same subnet close the data transfer between intelligent terminal and mutually access logical
The symmetric cryptography mode for crossing RC5 algorithms is encrypted and decrypted, wherein, RC5 algorithms are joined by packet size parameter, cipher key size
Number and encryption round number parameter are adjusted, and computing is carried out using XOR, the computing mode for adding and circulating.
Each subnet of 203 pairs of the Identity based encryption unit close between, subnet close data between family's primary gateway
Transmission and mutually access are encrypted and decrypted by Identity based encryption mode, are referred to:
The Identity based encryption unit 203 is initialized, security parameter needed for input, obtains systematic parameter and master
Key information;According to the identity information of user, the corresponding private key information of generation user;Public key is used as by the identity information of user
Information, is encrypted to the plaintext for needing to encrypt, obtains corresponding ciphertext;Believed by the corresponding private key of the identity information of user
Breath, is decrypted to ciphertext, obtains corresponding plaintext.
The Identity based encryption mode that the Identity based encryption unit 203 is used includes:Non-interactive type is close
Identity-based encryption mode or Waters IBE modes that key updates.
A kind of scheme of wired home stepped mixing encryption of the present invention, the program mainly has following key point:
(1) encryption, decryption technology are applied in wired home system, meet the safety requirements of wired home, solved
The potential safety hazard existed.
(2) unique architecture of wired home is directed to, using classification, Hybrid Encryption decryption policy.
(3) make full use of symmetric cryptography speed fast, be used for the advantage and identity-based of the environment of mass data encryption
The low advantage of deployment, operating cost, installation, operating cost are reduced on the premise of security is ensured.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
It is any be familiar with the people of the technology disclosed herein technical scope in, the change or replacement that can be readily occurred in should all be covered
Within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by scope of the claims.
Claims (8)
1. a kind of stepped mixing encryption method of intelligent home system, it is characterised in that including:
Same subnet closed between lower each intelligent terminal, be set to encryption mechanism in cluster between subnet pass and intelligent terminal, it is right
Each intelligent terminal, subnet under same subnet pass, which close the data transfer between intelligent terminal and mutually accessed, passes through symmetric cryptography
Mode is encrypted and decrypted;
Between each subnet is closed, subnet close and encryption mechanism between cluster be set between family's primary gateway, between being closed to each subnet, son
Data transfer and mutually access between gateway and family's primary gateway are encrypted and decrypted by Identity based encryption mode;
The Identity based encryption mode includes:The Identity-based encryption mode or Waters IBE of non-interactive type key updating
Mode.
2. the method as described in claim 1, it is characterised in that
The symmetric cryptography mode includes the symmetric cryptography mode, the symmetric cryptography mode of 3DES algorithms, TDEA algorithms of DES algorithms
Symmetric cryptography mode, the symmetric cryptography mode of Blowfish algorithms, pair of the symmetric cryptography mode of RC5 algorithms or IDEA algorithms
Claim cipher mode.
3. method as claimed in claim 2, it is characterised in that
Each intelligent terminal, subnet under the pass to same subnet close the data transfer between intelligent terminal and mutually access logical
The step of symmetric cryptography mode is encrypted and decrypted is crossed, including:
Each intelligent terminal, subnet under being closed to same subnet, which close the data transfer between intelligent terminal and mutually accessed, to be passed through
The symmetric cryptography mode of RC5 algorithms is encrypted and decrypted, wherein, RC5 algorithms pass through packet size parameter, cipher key size parameter
It is adjusted with encryption round number parameter, computing is carried out using XOR, the computing mode for adding and circulating.
4. the method as described in claim 1, it is characterised in that
It is described to each subnet close between, subnet close and family's primary gateway between data transfer and mutually access pass through identity-based
Cipher mode the step of be encrypted and decrypted, including:
Initialization system, security parameter needed for input, obtains systematic parameter and master key information;
According to the identity information of user, the corresponding private key information of generation user;
Public key information is used as by the identity information of user, the plaintext for needing to encrypt is encrypted, corresponding ciphertext is obtained;It is logical
The corresponding private key information of the identity information of user is crossed, ciphertext is decrypted, corresponding plaintext is obtained.
5. a kind of stepped mixing encryption device of intelligent home system, it is characterised in that
Including:Stage unit, symmetric cryptography unit and Identity based encryption unit are encrypted, wherein,
The encryption stage unit, for closing same subnet between lower each intelligent terminal, between subnet pass and intelligent terminal
Encryption mechanism in cluster is set to, between each subnet is closed, subnet closes and encryption mechanism between cluster is set between family's primary gateway;
The symmetric cryptography unit, for closing the number between intelligent terminal to each intelligent terminal under same subnet pass, subnet
It is encrypted and decrypted according to transmission and mutually access by symmetric cryptography mode;
The Identity based encryption unit, for each subnet close between, subnet close and family's primary gateway between data pass
Defeated and mutual access is encrypted and decrypted by Identity based encryption mode;
The Identity based encryption mode that the Identity based encryption unit is used includes:Non-interactive type key updating
Identity-based encryption mode or Waters IBE modes.
6. device as claimed in claim 5, it is characterised in that
The symmetric cryptography mode that the symmetric cryptography unit is used includes the symmetric cryptography mode of DES algorithms, 3DES algorithms
Symmetric cryptography mode, the symmetric cryptography mode of TDEA algorithms, the symmetric cryptography mode of Blowfish algorithms, pair of RC5 algorithms
Claim the symmetric cryptography mode of cipher mode or IDEA algorithms.
7. device as claimed in claim 6, it is characterised in that
The symmetric cryptography unit closes the data transfer between intelligent terminal to each intelligent terminal under same subnet pass, subnet
It is encrypted and decrypted, is referred to by symmetric cryptography mode with mutual access:
Each intelligent terminal, subnet under being closed to same subnet, which close the data transfer between intelligent terminal and mutually accessed, to be passed through
The symmetric cryptography mode of RC5 algorithms is encrypted and decrypted, wherein, RC5 algorithms pass through packet size parameter, cipher key size parameter
It is adjusted with encryption round number parameter, computing is carried out using XOR, the computing mode for adding and circulating.
8. device as claimed in claim 5, it is characterised in that
The Identity based encryption unit each subnet is closed between, subnet closes and the data transfer and phase between family primary gateway
Mutually access and be encrypted and decrypted by Identity based encryption mode, referred to:
The Identity based encryption unit is initialized, security parameter needed for input, obtains systematic parameter and master key letter
Breath;According to the identity information of user, the corresponding private key information of generation user;Public key information is used as by the identity information of user,
The plaintext for needing to encrypt is encrypted, corresponding ciphertext is obtained;It is right by the corresponding private key information of the identity information of user
Ciphertext is decrypted, and obtains corresponding plaintext.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110317834.1A CN103067166B (en) | 2011-10-19 | 2011-10-19 | The stepped mixing encryption method and device of a kind of intelligent home system |
| PCT/CN2011/085081 WO2013056502A1 (en) | 2011-10-19 | 2011-12-30 | Hierarchical hybrid encryption method and apparatus of smart home system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110317834.1A CN103067166B (en) | 2011-10-19 | 2011-10-19 | The stepped mixing encryption method and device of a kind of intelligent home system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103067166A CN103067166A (en) | 2013-04-24 |
| CN103067166B true CN103067166B (en) | 2017-09-29 |
Family
ID=48109637
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110317834.1A Active CN103067166B (en) | 2011-10-19 | 2011-10-19 | The stepped mixing encryption method and device of a kind of intelligent home system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103067166B (en) |
| WO (1) | WO2013056502A1 (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105207969A (en) * | 2014-06-10 | 2015-12-30 | 江苏大泰信息技术有限公司 | Lightweight stream encryption method for Internet of Things in low-consumption environment |
| CN105897819A (en) * | 2015-10-21 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Data communication method and system and gateway applied to in-vehicle network comprising multiple sub-networks |
| CN107786337A (en) * | 2016-08-26 | 2018-03-09 | 中兴通讯股份有限公司 | The encryption and decryption control method of intelligent domestic system, device, home equipment |
| CN109218016B (en) * | 2017-07-06 | 2020-05-26 | 北京嘀嘀无限科技发展有限公司 | Data transmission method and device, server, computer equipment and storage medium |
| CN109257165B (en) * | 2017-07-12 | 2020-08-21 | 北京嘀嘀无限科技发展有限公司 | Encryption and decryption method and encryption and decryption system for fine-grained mobile access |
| CN111600711A (en) * | 2017-07-06 | 2020-08-28 | 北京嘀嘀无限科技发展有限公司 | Encryption and decryption system and encryption and decryption method for fine-grained mobile access |
| US10693849B2 (en) | 2017-11-15 | 2020-06-23 | International Business Machines Corporation | Sending message in multilayer system |
| CN109150902B (en) * | 2018-09-25 | 2021-03-30 | 山东维平信息安全测评技术有限公司 | Encryption device based on home gateway system and encryption method thereof |
| CN109688118A (en) * | 2018-12-14 | 2019-04-26 | 东莞见达信息技术有限公司 | Internet of things data safe transmission method and system, internet of things equipment and gateway |
| CN112836192B (en) * | 2020-12-14 | 2023-10-31 | 航天信息股份有限公司 | Portrait characteristic data issuing method and device |
| CN112583833A (en) * | 2020-12-14 | 2021-03-30 | 珠海格力电器股份有限公司 | Data encryption processing method and device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141348A (en) * | 2007-09-20 | 2008-03-12 | 成都方程式电子有限公司 | Intelligent domestic system and safety implementing method |
| CN101594271A (en) * | 2008-05-27 | 2009-12-02 | 华为技术有限公司 | Wireless self-organization network establishment and method of work and network of relation and equipment |
| CN101699873A (en) * | 2009-10-21 | 2010-04-28 | 南京邮电大学 | Classification security-based broadcast authentication design method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1180566C (en) * | 2002-08-26 | 2004-12-15 | 联想(北京)有限公司 | Method of realizing safe and reliable interconnection between network equipments |
| CN1917422A (en) * | 2006-07-21 | 2007-02-21 | 北京理工大学 | Implementation method for reducing amount of calculation for managing cipher key of MANET network |
| KR101490687B1 (en) * | 2007-08-20 | 2015-02-06 | 삼성전자주식회사 | Method and apparatus for sharing secret information between devices in home network |
-
2011
- 2011-10-19 CN CN201110317834.1A patent/CN103067166B/en active Active
- 2011-12-30 WO PCT/CN2011/085081 patent/WO2013056502A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141348A (en) * | 2007-09-20 | 2008-03-12 | 成都方程式电子有限公司 | Intelligent domestic system and safety implementing method |
| CN101594271A (en) * | 2008-05-27 | 2009-12-02 | 华为技术有限公司 | Wireless self-organization network establishment and method of work and network of relation and equipment |
| CN101699873A (en) * | 2009-10-21 | 2010-04-28 | 南京邮电大学 | Classification security-based broadcast authentication design method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103067166A (en) | 2013-04-24 |
| WO2013056502A1 (en) | 2013-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067166B (en) | The stepped mixing encryption method and device of a kind of intelligent home system | |
| Ning et al. | White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes | |
| CN104363215B (en) | A kind of encryption method and system based on attribute | |
| Sahai et al. | Worry-free encryption: functional encryption with public keys | |
| CN106549753B (en) | A kind of encryption method that the support ciphertext of identity-based compares | |
| CN104320393B (en) | The controllable efficient attribute base proxy re-encryption method of re-encryption | |
| JPH06350598A (en) | Mutual verification/ciphering key delivery system | |
| CN104113408A (en) | Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption | |
| CN108123794A (en) | The generation method and encryption method of whitepack key, apparatus and system | |
| CN110933033B (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
| CN108040056A (en) | Safety medical treatment big data system based on Internet of Things | |
| Abusukhon et al. | A novel network security algorithm based on private key encryption | |
| CN107154845A (en) | A kind of BGN types ciphertext decryption outsourcing scheme based on attribute | |
| CN115426136B (en) | Cross-domain access control method and system based on block chain | |
| Toorani et al. | A secure cryptosystem based on affine transformation | |
| CN109450615A (en) | A kind of efficient OPC UA client and server data transfer encryption method | |
| CN101710879A (en) | Novel identity-based privacy enhanced mail forwarding system | |
| Mousavi et al. | Security of Internet of Things using RC4 and ECC algorithms (case study: smart irrigation systems) | |
| JPH10210023A (en) | Authentication method, cipher key sharing method, and communication system | |
| Liu et al. | A blockchain-based secure cloud files sharing scheme with fine-grained access control | |
| Sekar et al. | Comparative study of encryption algorithm over big data in cloud systems | |
| CN106230840B (en) | A kind of command identifying method of high security | |
| CN104320249B (en) | A kind of elastoresistance leakage encryption method of identity-based | |
| Daddala et al. | Design and implementation of a customized encryption algorithm for authentication and secure communication between devices | |
| Chen et al. | HAC: Enable high efficient access control for information-centric Internet of Things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |