CN103475624A - Internet of Things key management center system, key distribution system and method - Google Patents
Internet of Things key management center system, key distribution system and method Download PDFInfo
- Publication number
- CN103475624A CN103475624A CN2012101847745A CN201210184774A CN103475624A CN 103475624 A CN103475624 A CN 103475624A CN 2012101847745 A CN2012101847745 A CN 2012101847745A CN 201210184774 A CN201210184774 A CN 201210184774A CN 103475624 A CN103475624 A CN 103475624A
- Authority
- CN
- China
- Prior art keywords
- key
- internet
- things
- pki
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an Internet of Things (IOT) key management center system used for generating and managing an asymmetrical secret key pair. When a request from an IOT platform applying for using a public key corresponding to a private key of an IOT terminal is received, key pair information is queried; and after inspection, the public key is returned to the IOT platform. The IOT key management center system comprises a key generation module, a key distribution module and a key management module. The invention also discloses an IOT safe key distribution system which comprises an IOT platform, an IOT terminal and an IOT key management center system. The invention discloses an IOT safe key distribution method. according to the invention, the problem that key distribution of the platform dependents on text messages can be solved, and the problem that simultaneous platform/terminal key setup is tedious and infeasible can also be solved.
Description
Technical field
The present invention relates to the Internet of Things field, particularly, relate to a kind of Internet of Things key manager system, key distribution system and method.
Background technology
Internet of Things is a kind of application and service that the machine terminal intelligent interaction is core, networking of take.It is by various terminal image data, and unification converges to platform of internet of things, for the client provides the terminal monitoring data.Its of paramount importance function of Internet of Things is to utilize the monitor data of terminal to report, completes a certain management function, produces certain to people live valuable information, ability.Internet of things service is exactly the logical combination that the user is processed the internet-of-things terminal data.
At present, Internet of Things security terminal encryption key distribution mode has two kinds: the one, and platform distributes, and security terminal, when registration, is handed down to terminal by platform of internet of things by the communication key of distribution; The 2nd, terminal/platform is preset, and security terminal arranges key or the use key that dispatches from the factory on terminal, and then corresponding key is set on platform, and the key correctness of platform verification terminal to report during endpoint registration, guarantee the endpoint registration success.
, there are some problems in actual use in two kinds of terminal key apportion models current.First kind of way, the security terminal registration time does not have cipher key related information, during registration by the platform distributing key.How how platform be distributed to terminal safely by the communication key of generation is that this mode must the primary problem solved.Realize at present in environment using the transmission medium of note as communication key, note is a kind of point-to-point secure communication, but the note transmission reliability, to postpone be the major obstacle in actual application; Use in addition this transmission means of note, limited undoubtedly the application scenarios of Internet of Things security terminal registration.For the second way, adopt and communicate the method that key arranges at terminal/platform two ends simultaneously, when terminal is less, be feasible; But, for Internet of Things, it is worthless that thousands of terminal communication key is set simultaneously.
Summary of the invention
In order to solve the problems of the technologies described above, the invention provides a kind of Internet of Things key manager system, key distribution system and method, can solve the problem of the dependence note that the platform distributing key issues, can solve again and carry out the loaded down with trivial details and infeasible problem that platform/terminal arranges key simultaneously.Concrete technical scheme is as follows:
A kind of Internet of Things key manager system, described key manager system generates and management unsymmetrical key pair, when the private key of receiving platform of internet of things application use and internet-of-things terminal during the request of corresponding PKI, query key, to information, checks and returns to described PKI by backward described platform of internet of things.
Further, key manager system comprises:
Key production module: for generating unsymmetrical key pair, and by described key to being transported to key management module;
The key distribution module: for the private key that receives use that described platform of internet of things sends and described internet-of-things terminal the request of corresponding PKI, to key management module, the request of query key to information proposed, receive the key management module inspection by after the PKI that returns, and export described PKI to platform of internet of things.
Key management module: for storing the key pair of described key production module input, receive the request of described key distribution module query key to information, and described cipher key pair information is inquired about, check and return to described PKI by backward key distribution module.
Further, described cipher key pair information comprises the term of validity that key is right and the corresponding informance of PKI and private key.
The invention provides a kind of Internet of Things safe key dissemination system, comprise platform of internet of things, internet-of-things terminal and described Internet of Things key manager system.
The present invention also provides a kind of Internet of Things safe key distribution method, comprising:
The Internet of Things key manager system generates and stores unsymmetrical key pair;
Internet-of-things terminal is initiated registration to platform of internet of things, and with the private key of described unsymmetrical key centering, log-on message is encrypted;
The registration request that platform of internet of things is initiated according to internet-of-things terminal is used the PKI corresponding with the private key of described internet-of-things terminal to the application of Internet of Things key manager system;
The request of described PKI is used in the application of Internet of Things key manager system receiver networked platforms, and query key is to information, check by after return to described PKI;
The PKI that platform of internet of things returns according to the Internet of Things key manager system is decrypted the log-on message of internet-of-things terminal, completes register flow path.
Further, the Internet of Things key manager system generates and stores unsymmetrical key to referring to: key production module generates unsymmetrical key pair, and by described key to being transported to key management module, key management module is stored described key pair.
Further, the registration request that platform of internet of things is initiated according to internet-of-things terminal is used the PKI corresponding with the private key of described internet-of-things terminal to refer to the application of Internet of Things key manager system:
The registration request that platform of internet of things is initiated according to internet-of-things terminal is used the PKI corresponding with the private key of described internet-of-things terminal to the application of key distribution module;
The key distribution module receives described PKI and uses request, and proposes the request of query key to information to key management module.
Further, the request of described PKI is used in the application of Internet of Things key manager system receiver networked platforms, and query key is to information, check by after return to described PKI and refer to:
Key management module receives the request of the query key of key distribution module proposition to information, inquires about described cipher key pair information;
After the cipher key pair information inspection is passed through, key management module is returned to described PKI to the key distribution module;
The key distribution module is returned to described PKI to platform of internet of things.
Further, key management module comprises the inquiry to the corresponding informance of the inquiry of the term of validity and PKI and private key to key to the inquiry of cipher key pair information.
Beneficial effect of the present invention comprises:
1, make platform of internet of things and terminal can key be set simultaneously, having solved internet-of-things terminal does not have key, and platform of internet of things issues the safety issue of key;
2, cipher key system adopts unsymmetrical key, and platform of internet of things and terminal adopt different keys, has effectively improved the fail safe of Internet of Things communication.
The accompanying drawing explanation
The structured flowchart that Fig. 1 is Internet of Things key distribution system in the embodiment of the present invention;
The flow chart that Fig. 2 is Internet of Things cryptographic key distribution method in the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, preferential embodiment of the present invention is described, should be appreciated that preferred embodiment described herein is only for description and interpretation the present invention, but be not used in restriction the present invention.
With reference to Fig. 1, the present invention relates to a kind of Internet of Things safe key dissemination system, comprise platform of internet of things, internet-of-things terminal and Internet of Things key manager system, the Internet of Things key manager system comprises key production module, key distribution module and key management module.
Key production module is for generating unsymmetrical key pair, and by key to being transported to key management module; The key distribution module for the private key of the use that receives described platform of internet of things and send and described internet-of-things terminal the request of corresponding PKI, to key management module, the request of query key to information proposed, receive the key management module inspection by after the PKI that returns, and to platform of internet of things output PKI; Key management module, for storing the key pair of described key production module input, receives the request of described key distribution module query key to information, and cipher key pair information is inquired about, and checks and returns to PKI by backward key distribution module.
With reference to Fig. 2, the invention still further relates to a kind of Internet of Things safe key distribution method, comprising:
S1, key production module generate unsymmetrical key pair, and by key to being transported to key management module, key management module to this key to being stored;
S2, internet-of-things terminal are initiated registration to platform of internet of things, and with the private key of described unsymmetrical key centering, log-on message are encrypted;
The registration request that S3, platform of internet of things are initiated according to internet-of-things terminal is to the key distribution module application use PKI corresponding with the private key of internet-of-things terminal;
S4, key distribution module receive PKI and use request, and propose the request of query key to information to key management module;
S5, key management module receive the request of the query key of key distribution module proposition to information, and query key is to information, and after the cipher key pair information inspection is passed through, key management module is returned to PKI to the key distribution module;
S6, key distribution module are returned to PKI to platform of internet of things;
The PKI that S7, platform of internet of things return according to the Internet of Things key manager system is decrypted the log-on message of internet-of-things terminal, completes register flow path.
Before internet-of-things terminal dispatches from the factory, generate asymmetric-key encryption key pair in the key manager system of safe key dissemination system, KMC's module be take terminal serial number as major key, set up the terminal key database, the corresponding key of terminal, to being stored in KMC's module, is stored in the private key of asymmetric cryptographic key centering on terminal with the form of file or other form.This private key is for the encryption of terminal communication information, the confirmation of platform to terminal identity.
During the safety-type endpoint registration, use private key preset or that be stored in the rivest, shamir, adelman on terminal to be encrypted communications related data, and initiate the registration operation to platform of internet of things.After platform of internet of things is received endpoint registration message, platform of internet of things, to Internet of Things KMC transmitting terminal key request, obtains the corresponding PKI of safety-type terminal, and with PKI, terminal to report message is decrypted the processing terminal register flow path.
Key management module also provides terminal key to provide renewal, and the user can upgrade on KMC's administration interface, also provides the platform of internet of things with authority to pass through more new interface and upgrades key pair.
Native system Internet of Things security terminal adopts while registering before connection setup, uses rivest, shamir, adelman that the foundation key of communication is set; After endpoint registration, platform is provided with consistent foundation key with terminal, and terminal and platform adopt symmetric encipherment algorithm to communicate again.
The Internet of Things key manager system is responsible for the key management of terminal in total system, and the request that platform of internet of things is proposed is processed.Can take multiple access mode between Internet of Things key manager system and platform of internet of things.Can use the short connected mode of TCP, also can adopt Web Service mode.
Internet of Things KMC key distribution module is responsible for the access of cipher key access, and calling interface XML is expressed as follows:
Request message:
Response message:
Wherein: Sid is same session for mark request and response, allows the public key information of a plurality of terminals of synchronization platform of internet of things request;
PlatNo is for the platform of internet of things of mark access Internet of Things KMC, and the platform of internet of things of accessing internet of things administrative center must have legal accesses identity;
The terminal serial number of the key that TermNo need to obtain for the current platform of internet of things of mark;
Hash is the validity check to the message data content, adopts the MD5 algorithm to calculate summary to data content+access code;
Key is the PKI of the counterpart terminal that returns of Internet of Things KMC;
The success or not of ResultCode sign current operation.
Internet of Things safe key dissemination system, can be that a platform is used a cipher key system, also can adopt a plurality of platforms to share a cipher key system.To the cipher key system of this plyability of the latter, when larger for platform of internet of things, terminal quantity, there is larger cost advantage, only need once to build, and repeatedly use.
Claims (9)
1. an Internet of Things key manager system, it is characterized in that: described key manager system generates and management unsymmetrical key pair, when the private key of receiving platform of internet of things application use and internet-of-things terminal during the request of corresponding PKI, query key, to information, checks and returns to described PKI by backward described platform of internet of things.
2. Internet of Things key manager system according to claim 1 is characterized in that: comprising:
Key production module: for generating unsymmetrical key pair, and by described key to being transported to key management module;
The key distribution module: for the private key that receives use that described platform of internet of things sends and described internet-of-things terminal the request of corresponding PKI, to key management module, the request of query key to information proposed, receive the key management module inspection by after the PKI that returns, and export described PKI to platform of internet of things;
Key management module: for storing the key pair of described key production module input, receive the request of described key distribution module query key to information, and described cipher key pair information is inquired about, check and return to described PKI by backward key distribution module.
3. Internet of Things key manager system according to claim 2 is characterized in that: described cipher key pair information comprises the term of validity that key is right and the corresponding informance of PKI and private key.
4. an Internet of Things safe key dissemination system is characterized in that: comprise platform of internet of things, internet-of-things terminal and according to claim 1,2 or 3 described Internet of Things key manager systems.
5. an Internet of Things safe key distribution method is characterized in that: comprising:
The Internet of Things key manager system generates and stores unsymmetrical key pair;
Internet-of-things terminal is initiated registration to platform of internet of things, and with the private key of described unsymmetrical key centering, log-on message is encrypted;
The registration request that platform of internet of things is initiated according to internet-of-things terminal is used the PKI corresponding with the private key of described internet-of-things terminal to the application of Internet of Things key manager system;
The request of described PKI is used in the application of Internet of Things key manager system receiver networked platforms, and query key is to information, check by after return to described PKI;
The PKI that platform of internet of things returns according to the Internet of Things key manager system is decrypted the log-on message of internet-of-things terminal, completes register flow path.
6. method according to claim 5, it is characterized in that: described Internet of Things key manager system generates and stores unsymmetrical key to referring to:
Key production module generates unsymmetrical key pair, and by described key to being transported to key management module, key management module is stored described key pair.
7. method according to claim 5, it is characterized in that: the registration request that described platform of internet of things is initiated according to internet-of-things terminal is used the PKI corresponding with the private key of described internet-of-things terminal to refer to the application of Internet of Things key manager system:
The registration request that platform of internet of things is initiated according to internet-of-things terminal is used the PKI corresponding with the private key of described internet-of-things terminal to the application of key distribution module;
The key distribution module receives described PKI and uses request, and proposes the request of query key to information to key management module.
8. method according to claim 5, it is characterized in that: the request of described PKI is used in the application of described Internet of Things key manager system receiver networked platforms, and query key is to information, check by after return to described PKI and refer to:
Key management module receives the request of the query key of key distribution module proposition to information, inquires about described cipher key pair information;
After the cipher key pair information inspection is passed through, key management module is returned to described PKI to the key distribution module;
The key distribution module is returned to described PKI to platform of internet of things.
9. method according to claim 5, it is characterized in that: described key management module comprises key the inquiry of the term of validity and the corresponding informance inquiry of PKI and private key the inquiry of cipher key pair information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101847745A CN103475624A (en) | 2012-06-06 | 2012-06-06 | Internet of Things key management center system, key distribution system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101847745A CN103475624A (en) | 2012-06-06 | 2012-06-06 | Internet of Things key management center system, key distribution system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103475624A true CN103475624A (en) | 2013-12-25 |
Family
ID=49800324
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012101847745A Pending CN103475624A (en) | 2012-06-06 | 2012-06-06 | Internet of Things key management center system, key distribution system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103475624A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105577613A (en) * | 2014-10-11 | 2016-05-11 | 电信科学技术研究院 | Secret key information transmitting method, secret key information receiving method, equipment and system thereof |
| CN105721141A (en) * | 2015-09-22 | 2016-06-29 | 德阳市闪通思动科技有限责任公司 | Multi-ONS query method based on certificateless cryptography through EPC network |
| CN106658349A (en) * | 2015-10-30 | 2017-05-10 | 中国电信股份有限公司 | Method for automatically generating and updating shared key and system thereof |
| CN107493167A (en) * | 2016-06-13 | 2017-12-19 | 广州江南科友科技股份有限公司 | Terminal key dissemination system and its terminal key distribution method |
| CN107637011A (en) * | 2015-06-09 | 2018-01-26 | 英特尔公司 | Self-configuring key management system for Internet of Things network |
| CN110071901A (en) * | 2018-01-23 | 2019-07-30 | 西门子(中国)有限公司 | Register method, device, system and the storage medium of internet of things equipment |
| CN110300126A (en) * | 2019-07-30 | 2019-10-01 | 中电科华北网络信息安全有限公司 | A kind of industrialized agriculture information security cloud service system and monitoring method |
| WO2019201154A1 (en) * | 2018-04-17 | 2019-10-24 | 阿里巴巴集团控股有限公司 | Method and apparatus for communication between internet of things devices |
| CN111082928A (en) * | 2019-11-13 | 2020-04-28 | 武汉融卡智能信息科技有限公司 | Key distribution method, key distribution system, and computer-readable storage medium |
| CN111372247A (en) * | 2019-12-23 | 2020-07-03 | 国网天津市电力公司 | Terminal secure access method and terminal secure access system based on narrowband Internet of things |
| CN112153068A (en) * | 2020-09-28 | 2020-12-29 | 黄谦 | Internet of things equipment access authority security management method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101297534A (en) * | 2005-10-27 | 2008-10-29 | 国际商业机器公司 | Method and apparatus for secure network authentication |
| CN101873588A (en) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | Method and system for realizing service application safety |
| CN102111264A (en) * | 2009-12-25 | 2011-06-29 | 上海格尔软件股份有限公司 | Asymmetric key management system |
-
2012
- 2012-06-06 CN CN2012101847745A patent/CN103475624A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101297534A (en) * | 2005-10-27 | 2008-10-29 | 国际商业机器公司 | Method and apparatus for secure network authentication |
| CN102111264A (en) * | 2009-12-25 | 2011-06-29 | 上海格尔软件股份有限公司 | Asymmetric key management system |
| CN101873588A (en) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | Method and system for realizing service application safety |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105577613B (en) * | 2014-10-11 | 2018-11-23 | 电信科学技术研究院 | A kind of method of sending and receiving of key information, equipment and system |
| CN105577613A (en) * | 2014-10-11 | 2016-05-11 | 电信科学技术研究院 | Secret key information transmitting method, secret key information receiving method, equipment and system thereof |
| CN107637011A (en) * | 2015-06-09 | 2018-01-26 | 英特尔公司 | Self-configuring key management system for Internet of Things network |
| CN105721141A (en) * | 2015-09-22 | 2016-06-29 | 德阳市闪通思动科技有限责任公司 | Multi-ONS query method based on certificateless cryptography through EPC network |
| CN105721141B (en) * | 2015-09-22 | 2019-03-05 | 德阳市闪通思动科技有限责任公司 | More ONS querying methods of the EPC network based on certificateless cryptosystem |
| CN106658349B (en) * | 2015-10-30 | 2020-11-20 | 中国电信股份有限公司 | Method and system for automatically generating and updating shared secret key |
| CN106658349A (en) * | 2015-10-30 | 2017-05-10 | 中国电信股份有限公司 | Method for automatically generating and updating shared key and system thereof |
| CN107493167A (en) * | 2016-06-13 | 2017-12-19 | 广州江南科友科技股份有限公司 | Terminal key dissemination system and its terminal key distribution method |
| CN107493167B (en) * | 2016-06-13 | 2021-01-29 | 广州江南科友科技股份有限公司 | Terminal key distribution system and terminal key distribution method thereof |
| CN110071901A (en) * | 2018-01-23 | 2019-07-30 | 西门子(中国)有限公司 | Register method, device, system and the storage medium of internet of things equipment |
| CN110071901B (en) * | 2018-01-23 | 2022-03-22 | 西门子(中国)有限公司 | Registration method, device and system of Internet of things equipment and storage medium |
| WO2019201154A1 (en) * | 2018-04-17 | 2019-10-24 | 阿里巴巴集团控股有限公司 | Method and apparatus for communication between internet of things devices |
| US11729156B2 (en) | 2018-04-17 | 2023-08-15 | Alibaba Group Holding Limited | Method and apparatus for communication between internet of things devices |
| CN110300126A (en) * | 2019-07-30 | 2019-10-01 | 中电科华北网络信息安全有限公司 | A kind of industrialized agriculture information security cloud service system and monitoring method |
| CN111082928A (en) * | 2019-11-13 | 2020-04-28 | 武汉融卡智能信息科技有限公司 | Key distribution method, key distribution system, and computer-readable storage medium |
| CN111372247A (en) * | 2019-12-23 | 2020-07-03 | 国网天津市电力公司 | Terminal secure access method and terminal secure access system based on narrowband Internet of things |
| CN112153068A (en) * | 2020-09-28 | 2020-12-29 | 黄谦 | Internet of things equipment access authority security management method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103475624A (en) | Internet of Things key management center system, key distribution system and method | |
| CN106357396B (en) | Digital signature method and system and quantum key card | |
| CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
| CN102984127B (en) | User-centered mobile internet identity managing and identifying method | |
| CN102946314B (en) | A kind of client-side user identity authentication method based on browser plug-in | |
| CN108965230A (en) | A kind of safety communicating method, system and terminal device | |
| CN101286842B (en) | Method for distributing key using public key cryptographic technique and on-line updating of the public key | |
| CN107483491A (en) | The access control method of distributed storage under a kind of cloud environment | |
| CN111030814B (en) | Secret key negotiation method and device | |
| CN108537046A (en) | A kind of online contract signature system and method based on block chain technology | |
| CN113256290A (en) | Decentralized encrypted communication and transaction system | |
| CN110099048B (en) | Cloud storage method and equipment | |
| CN103795692A (en) | Open authorization method, open authorization system and authentication and authorization server | |
| CN102780698A (en) | User terminal safety communication method in platform of Internet of Things | |
| CN105025019A (en) | Data safety sharing method | |
| CN113612605A (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
| CN101483525A (en) | Implementing method for authentication center | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| CN106713236A (en) | End-to-end identity authentication and encryption method based on CPK identifier authentication | |
| CN113382002B (en) | Data request method, request response method, data communication system, and storage medium | |
| CN109698746A (en) | Negotiate the method and system of the sub-key of generation bound device based on master key | |
| CN104144161A (en) | Interacting method and system for client side and WEB server side | |
| CN103166969A (en) | Security access method for cloud controller based on cloud computing platform | |
| Zhao et al. | Fuzzy identity-based dynamic auditing of big data on cloud storage | |
| CN111049649A (en) | Zero-interaction key negotiation security enhancement protocol based on identification password |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131225 |
|
| RJ01 | Rejection of invention patent application after publication |