CN103763328B - Based on the OID Sensor Network equipment safety communication encryption mechanism encoded and addressing method - Google Patents
Based on the OID Sensor Network equipment safety communication encryption mechanism encoded and addressing method Download PDFInfo
- Publication number
- CN103763328B CN103763328B CN201410046880.6A CN201410046880A CN103763328B CN 103763328 B CN103763328 B CN 103763328B CN 201410046880 A CN201410046880 A CN 201410046880A CN 103763328 B CN103763328 B CN 103763328B
- Authority
- CN
- China
- Prior art keywords
- network
- sub
- terminal device
- mark
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
Object identifier is based on the invention discloses one kind(OID)Wireless sense network communication means, system and user's control end, the wireless sense network includes access device and terminal device, each access device is used to provide access communications for the sensing subnet including at least one terminal device, and the access device and the terminal device are stored with Enterprise Object identifier(OID), module id (MID), Sensor Network address mark (WID) and it is affiliated sensing subnet sub-network mark(NID)With sub-network key(NPASS), communication addressing and migration are carried out based on address above mentioned code.The present invention is by based on OID encoding setting equipment unique marks, sub-network mark and sub-network key is introduced simultaneously to aid in the addressing and encryption of sensor network communication, while ensureing communication security and uniquely addressing, speed and communication security, the reliability of addressing are improved.
Description
Technical field
The present invention relates to sensor network technology field, and in particular to the Sensor Network equipment safety communication encoded based on OID
Encryption mechanism and addressing method, more particularly to it is a kind of based on object identifier(OID)The wireless sense network communication means of coding, it is
System and user's control end.Methods described can be used for unifying identifier and the communication addressing of wireless sense network equipment, ensure wireless pass
While feeling the uniqueness of net device identification, and the reliable of wireless sense network device talk ensure that with minimum communication-cost
Property, security and flexibility.
Background technology
Object identifier(Object Identifier, OID)It is to be used in network communication or information processing system identifying pair
It is the identity card of " object " as the identifier of unique identities.By OID, we can obtain the correlation properties of the object, letter
Breath.The OID of some object is once register, and it is worldwide permanent effective.OID be widely used to comprising information security,
The phases such as computer network, communication, the information processing system of RFID, 3GPP, bio-identification, network management and medical imaging etc.
Pass field, such as internet domain name, OID is the important information resource of national information technology and association area, it is necessary to standardized administration.
The advantage of OID codings is:Hierarchy, relatively more flexible, scalability is strong, does not extend limitation.From coding note
The total solutions such as volume code, parsing, code storage are all more ripe, are the works of the Organisation recommendations such as ISO/ITU/IEC
For the system of member mark.And OID codings are managed independently by every country, are highly suitable for wireless sense network environmental requirement.
With the development of Internet of Things industry, wireless sense network(Wireless Sensor Network, WSN)The need of product
Ask and be continuously increased, but existing wireless sense network equipment still uses traditional volume in device identification and communication addressing method
The addressing system of code mode or internet, therefore, these codings do not adapt to the application characteristic of wireless sense network with addressing system,
So as to the problems such as data redundancy, communication efficiency are low, security is poor occur.
For example, the now widely used product based on Zigbee protocol, majority is all that manufacturer is formulated using oneself
A set of coded system, therefore, its versatility is poor, and can not ensure the uniqueness of device identification, it is impossible to obtain international
The accreditation of linked groups.
On the other hand, the mark of some wireless sense network equipment and addressing method employ IPv6 consensus standard, although
Such a method can ensure the uniqueness of device identification, and can obtain international organization's accreditation, but the complexity of its communication data,
Wireless sense network communication efficiency is caused to substantially reduce.IPv6 technologies applied to wireless sense network are had into an IPv6 messages excessive, report
Literary head overload, address conversion are complicated, easily cause that message spreads unchecked, routing mode is too high to resource requirement, do not support multicast
The defect such as function and network configuration complexity.
Existing communication mode, is adversely affected for the addressing of Sensor Network equipment, equipment transportation and encryption.
The content of the invention
The technical problem to be solved in the present invention is that a kind of combined with OID, addressing system of offer is simple, can facilitated
Carry out equipment transportation and the stronger sensor network communication method of security, system and user's control end.
In a first aspect, the present invention provides a kind of based on object identifier(OID)Wireless sense network communication means, it is described
Wireless sense network includes access device and terminal device, and it is to include the sensing of at least one terminal device that each access device, which is used for,
Subnet provides access communications, and the access device and the terminal device are stored with Enterprise Object identifier(OID), module mark
Know (MID), Sensor Network address mark (WID) and affiliated sensing subnet sub-network mark(NID)With sub-network key
(NPASS), the terminal device is with Enterprise Object identifier(OID), module id (MID), Sensor Network address mark (WID) make
For unique mark;The access device is with Enterprise Object identifier(OID), module id (MID) and sub-network mark(NID)Make
For unique mark, methods described includes:
When terminal device adds sensing subnet, the sub-network mark and sub-network key of terminal device are respectively set to
The sub-network mark and sub-network key of the sensing subnet added, and it is described via the access device upload of the sensing subnet
The unique mark of terminal device;
Sensor Network address mark, sub-network mark and the affiliated access for sensing subnet uploaded according to the terminal device is set
The standby network address obtains the addressable address of the terminal device;
Addressing list is set up according to the unique mark of the terminal device and corresponding addressable address;
The unique mark inquiry addressing list of target terminal equipment in addressing request, returns to corresponding target addressing
Address, sends command messages, the command messages include the target according to the target addressable address to target terminal equipment
The sub-network key of sensing subnet belonging to terminal device.
Preferably, it is described when terminal device adds sensing subnet, the sub-network mark and sub-network of terminal device is close
Key is respectively set to the sub-network mark and sub-network key of the sensing subnet, and uploads the end via the access device
The unique mark of end equipment includes:
The request that networks includes the unique mark of the terminal device, sub-network mark and sub-network key;
The networking request is forwarded to user's control end and authenticated by access device;
User's control end, by rear, indicates that access device sends initialization information, the initialization in unique mark certification
Information includes allowing the sub-network of the sensing subnet added to identify and sub-network key;
Sub-network mark and sub-network key are respectively set to the request by terminal device according to the initialization information
The sub-network mark and sub-network key of the sensing subnet of addition.
Preferably, the networking request is forwarded to user's control end authentication and included by access device:
Judge whether the terminal device that request networks is hard-reset state;
When the terminal device that request networks is hard-reset state, the sub-network key for the terminal device that contrast request networks
The sub-network key of the former affiliated sensing subnet of terminal device networked with request;
In the sub-network key and the former affiliated sensing subnet of terminal device of request networking of the terminal device of request networking
During sub-network cipher key match, pass through authentication.
Preferably, the sub-network mark of the terminal device of the hard-reset state is arranged to initial value, sub-network key
Keep original value constant.
Preferably, it is described to be included according to the target addressable address to target terminal equipment transmission command messages:
Belonging to command messages are sent into target terminal equipment according to the network address of access device in target addressable address
Sense the access device of subnet;
Sensor Network address of the access device of sensing subnet in addressable address is identified to mesh belonging to target terminal equipment
Mark terminal device and send the command messages with sub-network key;
Target terminal equipment is received after command messages, the sub-network of the sub-network key in comparison command message and storage
Key;
During the sub-network cipher key match of sub-network key and storage in command messages, the processing of target terminal equipment is described
Command messages.
Preferably, the command messages are the key modification message for the sub-network key for including renewal;The target terminal
The equipment processing command messages include:The sub-network key stored is revised as the renewal by the target terminal equipment
Sub-network key;Or
The command messages are warm reset message;The target terminal equipment, which handles the command messages, to be included:The mesh
Sub-network mark and sub-network key are set to initial value by mark terminal device.
Preferably, the unique mark is uniformly written in the memory of equipment in device fabrication by manufacturing enterprise,
User can not rewrite;
Meanwhile, the sub-network mark of access device writes access device by manufacturing enterprise, and user can not rewrite, terminal device
Sub-network mark application access sensing subnet when obtain;
Sub-network key is the rewritable data of user, and user can be arranged as required to user's group private cipher key or be repaiied
Change.
Second aspect, the present invention also provides a kind of based on object identifier(OID)Wireless sense network system, it is described wireless
Sensor network system includes user's control end, access device and terminal device, and it is to include at least one end that each access device, which is used for,
The sensing subnet of end equipment provides access communications, and the access device and the terminal device are stored with Enterprise Object identifier
(OID), module id (MID), Sensor Network address mark (WID) and it is affiliated sensing subnet sub-network mark(NID)And son
Netkey(NPASS), the terminal device is with Enterprise Object identifier(OID), module id (MID), Sensor Network address label
Know (WID) and be used as unique mark;The access device is with Enterprise Object identifier(OID), module id (MID) and sub-network mark
Know(NID)It is used as unique mark;
Wherein, terminal device is used for when adding sensing subnet, by the sub-network stored mark and sub-network key point
The sub-network mark and sub-network key of added sensing subnet are not set to, and via the access device of the sensing subnet
Upload the unique mark of the terminal device;
User's control end is used for the Sensor Network address mark, sub-network mark and affiliated biography uploaded according to the terminal device
The network address for feeling the access device of subnet obtains the addressable address of the terminal device, and according to the unique of the terminal device
Mark and corresponding addressable address set up addressing list;
User's control end is additionally operable to the target unique mark inquiry addressing list in addressing request, returns to corresponding mesh
Addressable address is marked, command messages are sent to target terminal equipment according to the target addressable address, the command messages include institute
State the sub-network key of sensing subnet belonging to target terminal equipment.
Preferably, the unique mark is uniformly written in the memory of equipment in device fabrication by manufacturing enterprise,
User can not rewrite;
Meanwhile, the sub-network mark of access device writes access device by manufacturing enterprise, and user can not rewrite, terminal device
Sub-network mark application access sensing subnet when obtain;
Sub-network key is the rewritable data of user, and user can be arranged as required to user's group private cipher key or be repaiied
Change.
The third aspect, the present invention also provides a kind of based on object identifier(OID)Wireless sense network user's control end, institute
Stating user's control end includes networking module, addressable address acquisition module, addressing list acquisition module and order sending module;It is described
The unique mark of terminal device includes Enterprise Object identifier(OID), module id (MID) and Sensor Network address mark (WID);
The networking module is used for when terminal device adds sensing subnet, by the sub-network mark and subnet of terminal device
Network key is respectively set to the sub-network mark and sub-network key of added sensing subnet, and obtains the terminal device
Unique mark;
The addressable address acquisition module is used for Sensor Network address mark, the sub-network mark uploaded according to the terminal device
The network address known with the access device of affiliated sensing subnet obtains the addressable address of the terminal device;
Addressing list acquisition module, which is used to be set up according to the unique mark of the terminal device and corresponding addressable address, to be sought
Location list;
The target unique mark inquiry addressing list that order sending module is used in addressing request, returns to corresponding mesh
Addressable address is marked, command messages are sent to target terminal equipment according to the target addressable address, the command messages include institute
State the sub-network key of sensing subnet belonging to target terminal equipment.
The present invention is by based on OID encoding setting equipment unique marks, while introducing sub-network mark and sub-network key
To aid in the addressing and encryption of sensor network communication, while ensureing communication security and uniquely addressing, the speed of addressing is improved
And communication security, reliability, and expense of the node in terms of communication security and addressing is reduced to a certain extent.
Brief description of the drawings
Figure 1A is the schematic diagram based on the OID wireless sensing network terminal device address codes encoded of the embodiment of the present invention;
Figure 1B is the schematic diagram based on the OID wireless sense network access device address codes encoded of the embodiment of the present invention;
Fig. 2 is the network topological diagram based on the OID wireless sense networks encoded of the embodiment of the present invention;
Fig. 3 is the schematic diagram at wireless sense network user's control end provided in an embodiment of the present invention;
Fig. 4 is the method flow diagram based on the OID wireless sense network communication means encoded of the embodiment of the present invention;
Fig. 5 be the embodiment of the present invention the wireless sense network communication means encoded based on OID in one of step 100 preferably
The flow chart of mode;
Fig. 6 be the embodiment of the present invention the wireless sense network communication means encoded based on OID in one of step 120 preferably
The flow chart of mode;
Fig. 7 be the embodiment of the present invention the wireless sense network communication means encoded based on OID in one of step 400 preferably
The flow chart of mode.
Embodiment
Further illustrate technical scheme below in conjunction with the accompanying drawings and by embodiment.It may be appreciated
It is that specific embodiment described herein is used only for explaining the present invention, rather than limitation of the invention.Further need exist for explanation
, for the ease of description, step related to the present invention rather than all processes are illustrate only in accompanying drawing.
Figure 1A is the schematic diagram based on the OID wireless sensing network terminal device address codes encoded of the embodiment of the present invention.Such as
Shown in Figure 1A, the address code is stored in the memory of wireless sense network equipment(For example, flash memory), it is included by Enterprise Object
Identifier(OID), module id(Module ID, abbreviation MID), Sensor Network address mark(WSN-ID, abbreviation WID)And son
Network identity(Net-ID, abbreviation UID)With sub-network key(Net-Password, abbreviation NPASS).
Wherein, for terminal device, Enterprise Object identifier, module id and Sensor Network address mark constitute wireless biography
Feel the unique mark part of network termination equipment, above three part is uniformly written to equipment when being device fabrication by manufacturing enterprise
Memory in, user can not rewrite.And simultaneously for terminal device, the unique mark does not include sub-network and identified and son
Netkey.The sub-network mark of access device writes access device by manufacturing enterprise, and user can not rewrite, the son of terminal device
Network identity is obtained in application access sensing subnet.Sub-network key is the rewritable data of user, and user can set as needed
Put user's group private cipher key or modify.
Figure 1B is the schematic diagram based on the OID wireless sense network access device address codes encoded of the embodiment of the present invention.Such as
Shown in Figure 1B, the address code is stored in the memory of wireless sense network equipment(For example, flash memory), it is included by Enterprise Object
Identifier(OID), module id(Module ID, abbreviation MID), Sensor Network address mark(WSN-ID, abbreviation WID)And son
Network identity(Net-ID, abbreviation UID)With sub-network key(Net-Password, abbreviation NPASS).For access device, enterprise
Industry object identifier, module id and sub-network mark constitute the unique mark part of wireless sense network access device, above-mentioned
Uniformly it is written to by manufacturing enterprise when Sensor Network address mark is device fabrication in three parts and access device address code
In the memory of equipment, user can not rewrite.
Wherein, Enterprise Object identifier is provided by national OID registration centers, for providing the mark for equipment manufacturing enterprise
Know, its content is exactly that the OID codings of enterprise are distributed to by OID administrative departments.In a preferred embodiment, module id
(MID)Length is 2 bytes(About 6.5 ten thousand address capability), for identifying device type.Sensor Network address mark provides equipment and existed
Unique address mark in wireless sense network, its length is also 2 bytes(The address capability of offer about 6.5 ten thousand), its length according to
Need also can further be expanded.Above-mentioned device coding and wireless sense network address code can provide about 4,000,000,000 together
Address capability, thus, it is possible to which ensureing each wireless sense network equipment of enterprise's production has globally unique mark, to set
The standby unique identification in Internet of Things provides support.
In one embodiment of the invention, the device coding of 2 bytes is expressed as 4 16 system numbers, with 16 system
Several first places represents device type, and other numerical digits are reserved place.Wherein, first place is that 0-9 represents that device type is module, first place
Represent that device type is that node, first place are that D represents that device type is that intelligent node/relaying, first place are that E represents equipment for A, B or C
Type is that intelligent AP gateways, first place are that F represents that device type is intelligent base station.It should be noted that these are only the present invention's
One example, the present invention distinguishes device type and is not limited to aforesaid way, in other embodiments of the present invention, can also adopt
With other one or more numerical digits in device coding, come in the way of known to other skilled in the art to device type
Make a distinction.
Sensor Network address is identified(WID)For representing address of the equipment in sensing subnet.
Simultaneously for terminal device network identity for can modified logo, and for access device its for can not modified logo,
Its length is 2 bytes, and initial value is set to 0x0000, and the sensing subnet for being belonged to wireless sense network equipment enters rower
Know, positioned at it is same sensing subnet in all wireless sense network equipment have identical sub-network mark, so as to help into
Row addressing.Sub-network key length is 2 bytes, is the key that dynamic updates, it is used for the peace for verifying radio sensing network message
Quan Xing, it is possible to for the authentication migrated to wireless sense network equipment.
Fig. 2 is the network topological diagram based on the OID wireless sense networks encoded of the embodiment of the present invention.As shown in Fig. 2 wireless
Sensor Network includes user's control end 10, at least one access device 20.Each access device 20 corresponds to wireless sensing
Net, each wireless sensing subnet includes an access device 20 and at least one terminal device 30.End in radio sensing network
The unified control by access device 20 of end equipment 30, data acquisition and communication are carried out in sensing subnet.And access device 20 by
The control at user's control end 10 sends the command messages of data acquisition and communication or system maintenance to terminal device 30, in terminal
Access communications are provided between equipment 30 and user's control end 10.Access device 20 can be intelligent node/relaying, intelligence AP nets
One kind in pass, intelligent base station equipment, terminal device 30 can be module, node, intelligent node/relaying, intelligence AP gateways, intelligence
One or more in energy base station equipment.User's control end 10 can be the cloud server for carrying control program, and it is to whole
Individual radio sensing network is controlled.
Access device 20 and terminal device 30 are stored with Enterprise Object identifier(OID), module id (MID), sensing
Net address identifies the sub-network mark of (WID) and affiliated sensing subnet(NID)With sub-network key(NPASS).Wherein, terminal
Equipment is with Enterprise Object identifier(OID), module id (MID), Sensor Network address mark (WID) be used as unique mark;It is described
Access device is with Enterprise Object identifier(OID), module id (MID) and sub-network mark(NID)It is used as unique mark.Its
In, the sub-network mark and sub-network key of terminal device are arranged to initial value before specific sensing subnet is added, one
In individual preferred embodiment, the initial value of sub-network mark is 0x0000, and the initial value of sub-network key is 0x8888.Certainly, ability
Field technique personnel are readily appreciated that, initial value can be arranged as required to as other length, it can also be provided that other values.Meanwhile,
The sub-network mark of access device is written into during fabrication, can not be changed.
Fig. 3 is the schematic diagram at wireless sense network user's control end provided in an embodiment of the present invention.As shown in figure 3, user is controlled
End 10 processed includes networking module 11, addressable address acquisition module 12, addressing list acquisition module 13 and order sending module 14.This
Art personnel are appreciated that
Wherein, networking module 11 is used to, when terminal device adds sensing subnet, the sub-network of terminal device be identified
(NID)With sub-network key(NPASS)The sub-network mark and sub-network key of added sensing subnet are respectively set to, and
Obtain the unique mark of the terminal device.
Sensor Network address mark, the sub-network that addressable address acquisition module 12 is used to be uploaded according to the terminal device are identified
The addressable address of the terminal device is obtained with the network address of the access device of affiliated sensing subnet.
Addressing list acquisition module 13 is used to be set up according to the unique mark of the terminal device and corresponding addressable address
Address list.
The target unique mark inquiry addressing list that order sending module 14 is used in addressing request, is returned corresponding
Target addressable address, sends command messages, the command messages include according to the target addressable address to target terminal equipment
The sub-network key of sensing subnet belonging to the target terminal equipment.
Obviously, it will be understood by those skilled in the art that each module of the above-mentioned embodiment of the present invention can be by with logical
The universal computing device of telecommunication function is implemented.Alternatively, the program that the embodiment of the present invention can be can perform with computer installation is come real
It is existing, performed so as to be stored in storage device by processor, described program can be stored in a kind of calculating
In machine readable storage medium storing program for executing, storage medium mentioned above can be read-only storage, disk or CD etc.;Or divide them
Each integrated circuit modules is not fabricated to, or the multiple modules or step in them are fabricated to single integrated circuit module
Realize.So, the present invention is not restricted to the combination of any specific hardware and software.
Fig. 4 is the method flow diagram based on the OID wireless sense network communication means encoded of the embodiment of the present invention.Such as Fig. 4
Shown, methods described includes:
Step 100, when terminal device adds sensing subnet, by the sub-network of terminal device mark and sub-network key point
The sub-network mark and sub-network key of added sensing subnet are not set to, and via the access device of the sensing subnet
Upload the unique mark of the terminal device.
Wherein, the sub-network mark and sub-network key of sensing subnet are stored by the access device of the management sensing subnet
Sub-network mark and sub-network key.
Specifically, as shown in figure 5, above-mentioned steps 100 may include following sub-step:
Step 110, terminal device send the request that networks to access device, and the request that networks includes the terminal device
Unique mark, sub-network mark and sub-network key.
Preferably, terminal device is arranged to only when sub-network is designated initial value, to transmit into access device
Net request, that is, only not adding any sensing network or the terminal device being reset could send to access device and network
Request.And because the reset of terminal device can be subject to certain restrictions, therefore, it can the terminal device kidnapped by hacker of limitation and enter
Enter the safety that sensing network is ensured to sensing network.
Networking request is forwarded to user's control end and authenticated by step 120, access device.
This step be mainly used in recognizing at user's control end terminal device that request networks whether be in reset state or
The terminal device of appearance original state, if terminal is not reset state or appearance original state, the networking of terminal is not allowed
Request authentication passes through.
In addition, the flexibility in order to increase system, in a preferred embodiment, the reset state of terminal device can be with
Including warm reset state and hard-reset state, in warm reset state, terminal device is recovered as factory state, its sub-network mark
Know and sub-network key is initial value.In hard-reset state, terminal device is not recovered as factory state, only its son
Network identity is arranged to initial value, and its sub-network key stored keeps original network key value constant.It is arranged such
Hard-reset state can coordinate with follow-up authorizing procedure, prevent illegal terminal device from accessing sensing network.
Preferably, as shown in fig. 6, step 120 can further include:
Step 121, judge request network terminal device whether be hard-reset state.
Preferably, its state is judged according to the sub-network mark of the terminal device carried in the request that networks.
Step 122, request network terminal device be hard-reset state when, contrast request network terminal device son
Whether the sub-network key of sensing subnet matches belonging to netkey is former with the terminal device that request networks.
Step 123, the former affiliated biography of the terminal device of sub-network key and request networking in the terminal device of request networking
When feeling the sub-network cipher key match of subnet, pass through authentication.
Step 124, the former affiliated biography of the terminal device of sub-network key and request networking in the terminal device of request networking
When the sub-network key for feeling subnet is mismatched, do not pass through authentication.
Accordingly, for the terminal device of hard-reset state, if the sensing subnet belonging to before it is at user's control end
Under control, and its sub-network cipher key match, it is legal terminal device to illustrate the terminal device, therefore, it can allow it again
It is added to the specific sensing subnet under sensing network.Thus, it is possible to realize the safety transfer of the terminal device of hard-reset state.
Certainly, due to the terminal device and appearance state consistency of warm reset state, if terminal device is warm reset state,
It then can directly pass through authentication.
Step 130, judge whether user's control end authenticates and pass through, if by performing step 140, if not held if
Row step 160.
Step 140, user's control end are when authentication passes through(That is, being recognized based on unique mark, sub-network mark etc.
Card), indicate that access device sends initialization information, the initialization information includes allowing the access of the sensing subnet added to set
Standby sub-network mark and sub-network key.
Step 150, terminal device identify sub-network according to the initialization information(NID)With sub-network key
(NPASS)It is respectively set to the sub-network mark and sub-network key of the access device.
Step 160, refusal access device add sensing subnet.
After step 100, the sub-network mark and sub-network key of the terminal device of addition are respectively set to its addition
Sensing subnet sub-network mark and sub-network key.Meanwhile, the unique mark of the terminal device of addition passes through access device
Be reported to user's control end.
Sensor Network address mark, sub-network mark and institute that step 200, user's control end are uploaded according to the terminal device
The network address of the access device of category sensing subnet obtains the addressable address of the terminal device.
According to addressable address structure recited above, terminal can be addressed to by the network address of access device and set
The access device of standby affiliated sensing subnet, sub-network, which is identified, herein can be used for the access device that the checking network address is positioned
It is whether correct.Certainly, the step of checking can also be omitted.After it located corresponding access device, according to sensing entoilage
Location mark is addressed inside sensing subnet to target terminal equipment, hereby it is achieved that unique addressing.Moreover, passing through such two
The addressing system of step formula, can improve addressing speed, reduce addressing overhead.
Specifically, addressable address is according to ethernet ip address++ NID yards of network port number(Sub-network is identified)+ WID yards(Son
The network address indicates)Combination is obtained.
Step 300, user's control end are set up according to the unique mark of the terminal device and corresponding addressable address and addressed
List.
User's control end can be according to equipment unique mark(OID+MID+WID)Set up and seek with corresponding equipment addressable address
Location list.By this addressing list, unique addressing of all wireless sense network equipment can be achieved.When terminal device is migrated, use
Family control end will update this addressing list.
The target unique mark inquiry addressing list of step 400, user's control end in addressing request, is returned corresponding
Target addressable address, sends command messages, the command messages include according to the target addressable address to target terminal equipment
The sub-network key of sensing subnet belonging to the target terminal equipment.
Specifically, as shown in fig. 7, step 400 may further include following sub-step:
Step 410, command messages are sent to by target terminal according to the network address of access device in target addressable address
The access device of sensing subnet belonging to equipment.
As described above, in a preferred scheme, the network address can be IP address+network port based on IP agreement
Number.
Sensing net address of the access device of sensing subnet in addressable address belonging to step 420, target terminal equipment
Identify to target terminal equipment and send the command messages with sub-network key.
Specifically, access device can sensing subnet in broadcast the message by way of addressing target terminal device.Only
The terminal device for having the mark matching of Sensor Network address just further carries out the verification step of command messages(Step 430).
Step 430, target terminal equipment are received after command messages, sub-network key and storage in comparison command message
Sub-network key.
After target terminal equipment is addressed to, target terminal equipment needs to verify command messages, whether judges it
For legal command messages.
During the sub-network cipher key match of step 440, the sub-network key in command messages and storage, target terminal equipment
Handle the command messages.
When command messages are legitimate messages, terminal device is handled according to command messages content.
Specifically, in addition to common information gathering feedback and communications command, command messages can also be that key modification disappears
Breath or warm reset message.
Key modification message is with the sub-network key updated, for indicating modification of all terminal devices in sub-network
Netkey.
In the present invention, sub-network key can be by the way of dynamic encryption, and system is by predetermined algorithm, according to connecing
Enter OID marks, NID codes and the random code of equipment, the random sub-network key of dynamic generation.For calculating adding for sub-network key
Decryption method can be symmetric encipherment algorithm or rivest, shamir, adelman.Wherein, symmetrical enciphering and deciphering algorithm includes DES algorithms, and 3DES is calculated
One kind in method, TDEA algorithms, Blowfish algorithms, RC5 algorithms, IDEA algorithms;Asymmetric enciphering and deciphering algorithm is calculated including RSA
One kind in method, ECC algorithm, Diffie-Hellman algorithms.
When command messages are that key changes message, the sub-network key stored is revised as by the target terminal equipment
The sub-network key of the renewal.
Warm reset message is used to control to cause terminal device to be reset to factory state by user's control end, i.e., set terminal
Standby sub-network mark and sub-network key are set to the initial value that dispatches from the factory.The terminal device being reset and the terminal device shape dispatched from the factory
State is consistent, can be then added in other sensing subnets, realize the migration of terminal device.And because warm reset needs user to control
End processed is controlled, and carries out message legitimate verification based on sub-network key, be therefore, it can enhancing and is resetted security, it is ensured that
Terminal device will not be resetted and illegal migration by illegal.
When the sub-network key of step 450, the sub-network key in command messages and storage is mismatched, do not handle described
Command messages.
Thus, the present embodiment is by providing wireless sensing network communication system and communication means, based on OID encoding setting equipment
Unique mark, while introducing sub-network mark and sub-network key to aid in the addressing and encryption of sensor network communication, is ensureing logical
While news are safe and uniquely address, speed and communication security, the reliability of addressing are improved, and reduce to a certain extent
Expense of the node in terms of communication security and addressing.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for those skilled in the art
For, the present invention can have various changes and change.It is all any modifications made within spirit and principles of the present invention, equivalent
Replace, improve etc., it should be included in the scope of the protection.
Claims (7)
1. one kind is based on the wireless sense network communication means of object identifier (OID), the wireless sense network includes:User's control
End, for being controlled to whole radio sensing network;At least one access device, each one sensing of access device correspondence
Net, each sensing subnet includes an access device and at least one terminal device, and it is to include at least that the access device, which is used for,
The sensing subnet of one terminal device provides access communications;The access device and terminal device be stored with Enterprise Object mark
Accord with (OID), module id (MID), Sensor Network address mark (WID) and it is affiliated sensing subnet sub-network mark (NID) and
Sub-network key (NPASS);The terminal device is with Enterprise Object identifier (OID), module id (MID), sensing net address
Mark (WID) is used as unique mark;The access device is with Enterprise Object identifier (OID), module id (MID) and sub-network
(NID) is identified as unique mark, methods described includes:
When terminal device adds sensing subnet, the sub-network mark and sub-network key of the terminal device are respectively set to
The sub-network mark and sub-network key of the sensing subnet added, and it is described via the access device upload of the sensing subnet
The unique mark of terminal device;
The access device of the Sensor Network address mark, sub-network mark and the affiliated sensing subnet that are uploaded according to the terminal device
The network address obtains the addressable address of the terminal device;
Addressing list is set up according to the unique mark of the terminal device and corresponding addressable address;
The unique mark of target terminal equipment in addressing request inquires about the addressing list, returns to corresponding target addressing
Address, sends command messages, the command messages include the target according to the target addressable address to target terminal equipment
The sub-network key of sensing subnet belonging to terminal device;
Wherein, it is described when terminal device adds sensing subnet, by the sub-network mark and sub-network key of the terminal device
The sub-network mark and sub-network key of the sensing subnet are respectively set to, and the terminal is uploaded via the access device
The unique mark of equipment includes:
Terminal device sends the request that networks to access device, and the request that networks includes unique mark, the son of the terminal device
Network identity and sub-network key;
The networking request is forwarded to user's control end and authenticated by access device;
User's control end indicates that access device sends initialization information, the initialization information includes permitting when authentication passes through
Perhaps the sub-network mark and sub-network key of the sensing subnet added;
Sub-network mark and sub-network key are respectively set to the request according to the initialization information and added by terminal device
Sensing subnet sub-network mark and sub-network key;
Wherein, the networking request is forwarded to user's control end progress authentication and included by access device:
Judge whether the terminal device that request networks is hard-reset state;
When the terminal device that request networks is hard-reset state, the sub-network key for the terminal device that contrast request networks is with asking
Seek the sub-network key of the former affiliated sensing subnet of terminal device of networking;
In the subnet of the sub-network key and the former affiliated sensing subnet of terminal device of request networking of the terminal device of request networking
During network cipher key match, pass through authentication.
2. the wireless sense network communication means according to claim 1 based on object identifier (OID), it is characterised in that
The sub-network mark of the terminal device of the hard-reset state is arranged to initial value, and sub-network key keeps original value constant.
3. the wireless sense network communication means according to claim 1 based on object identifier (OID), it is characterised in that
It is described to be included according to the target addressable address to target terminal equipment transmission command messages:
Sensed belonging to command messages are sent into target terminal equipment according to the network address of access device in target addressable address
The access device of subnet;
Sensor Network address of the access device of sensing subnet in addressable address identifies whole to target belonging to target terminal equipment
End equipment sends the command messages with sub-network key;
Target terminal equipment is received after command messages, and the sub-network of the sub-network key in comparison command message and storage is close
Key;
During the sub-network cipher key match of sub-network key and storage in command messages, the target terminal equipment processing order
Message.
4. the wireless sense network communication means according to claim 3 based on object identifier (OID), it is characterised in that
The command messages are the key modification message for the sub-network key for including renewal;The target terminal equipment handles the order
Message includes:The sub-network key stored is revised as the sub-network key of the renewal by the target terminal equipment;Or
The command messages are warm reset message;The target terminal equipment, which handles the command messages, to be included:The target is whole
Sub-network mark and sub-network key are set to initial value by end equipment.
5. the wireless sense network communication means according to claim 1 based on object identifier (OID), it is characterised in that
The unique mark is uniformly written in the memory of equipment in device fabrication by manufacturing enterprise, and user can not rewrite;
Meanwhile, the sub-network mark of access device writes access device by manufacturing enterprise, and user can not rewrite, the son of terminal device
Network identity is obtained in application access sensing subnet;
Sub-network key is the rewritable data of user, and user can be arranged as required to user's group private cipher key or modify.
6. one kind is based on the wireless sense network system of object identifier (OID), the wireless sense network system includes user's control
End, for being controlled to whole radio sensing network;At least one access device, each one sensing of access device correspondence
Net, each sensing subnet includes an access device and at least one terminal device, and it is to include at least that the access device, which is used for,
The sensing subnet of one terminal device provides access communications;The access device and terminal device be stored with Enterprise Object mark
Accord with (OID), module id (MID), Sensor Network address mark (WID) and it is affiliated sensing subnet sub-network mark (NID) and
Sub-network key (NPASS);The terminal device is with Enterprise Object identifier (OID), module id (MID), sensing net address
Mark (WID) is used as unique mark;The access device is with Enterprise Object identifier (OID), module id (MID) and sub-network
Mark (NID) is used as unique mark;
Wherein, user's control end is used to, when terminal device adds sensing subnet, indicate the terminal device by the son stored
The sub-network that network identity and sub-network key are respectively set to added sensing subnet is identified and sub-network key, and via
The access device of the sensing subnet uploads the unique mark of the terminal device;
User's control end is used for the Sensor Network address mark, sub-network mark and affiliated sensing uploaded according to the terminal device
The network address of the access device of net obtains the addressable address of the terminal device, and according to the unique mark of the terminal device
Addressing list is set up with corresponding addressable address;
The target unique mark that user's control end is additionally operable in addressing request inquires about the addressing list, returns to corresponding mesh
Addressable address is marked, command messages are sent to target terminal equipment according to the target addressable address, the command messages include institute
State the sub-network key of sensing subnet belonging to target terminal equipment;
Wherein, user's control end is used to, when terminal device adds sensing subnet, indicate the terminal device by the son stored
The sub-network that network identity and sub-network key are respectively set to added sensing subnet is identified and sub-network key, and via
The unique mark that the access device of the sensing subnet uploads the terminal device includes:
Terminal device sends the request that networks to access device, and the request that networks includes unique mark, the son of the terminal device
Network identity and sub-network key;
The networking request is forwarded to user's control end and authenticated by access device;
User's control end indicates that access device sends initialization information, the initialization information includes permitting after authentication passes through
Perhaps the sub-network mark and sub-network key of the sensing subnet added;
Sub-network mark and sub-network key are respectively set to the request according to the initialization information and added by terminal device
Sensing subnet sub-network mark and sub-network key;
Wherein, the networking request is forwarded to user's control end progress authentication and included by access device:
User's control end judges whether the terminal device that request networks is hard-reset state;
When the terminal device that request networks is hard-reset state, the subnet for the terminal device that the contrast request of user's control end networks
The sub-network key of network key and the former affiliated sensing subnet of the terminal device that request networks;
In the subnet of the sub-network key and the former affiliated sensing subnet of terminal device of request networking of the terminal device of request networking
During network cipher key match, user's control end passes through authentication.
7. the wireless sense network system according to claim 6 based on object identifier (OID), it is characterised in that described
Unique mark is uniformly written in the memory of equipment in device fabrication by manufacturing enterprise, and user can not rewrite;
Meanwhile, the sub-network mark of access device writes access device by manufacturing enterprise, and user can not rewrite, the son of terminal device
Network identity is obtained in application access sensing subnet;
Sub-network key is the rewritable data of user, and user can be arranged as required to user's group private cipher key or modify.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410046880.6A CN103763328B (en) | 2014-02-10 | 2014-02-10 | Based on the OID Sensor Network equipment safety communication encryption mechanism encoded and addressing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410046880.6A CN103763328B (en) | 2014-02-10 | 2014-02-10 | Based on the OID Sensor Network equipment safety communication encryption mechanism encoded and addressing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103763328A CN103763328A (en) | 2014-04-30 |
| CN103763328B true CN103763328B (en) | 2017-10-27 |
Family
ID=50530488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410046880.6A Active CN103763328B (en) | 2014-02-10 | 2014-02-10 | Based on the OID Sensor Network equipment safety communication encryption mechanism encoded and addressing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103763328B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102821414B (en) | 2012-08-07 | 2015-05-27 | 北京博大光通国际半导体技术有限公司 | System and method for managing CWSN (cloud wireless sensor network) communication data based on GUI (graphical user interface) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101917707A (en) * | 2010-08-18 | 2010-12-15 | 中兴通讯股份有限公司 | IP addressing method and system for wireless sensor network |
| CN102665297A (en) * | 2012-05-17 | 2012-09-12 | 廖原 | Communication device and system as well as method of wireless cloud sensor network |
| CN102883311A (en) * | 2012-09-21 | 2013-01-16 | 北京博大光通国际半导体技术有限公司 | OID (object identifier) coding based wireless sensing network equipment addressing method |
-
2014
- 2014-02-10 CN CN201410046880.6A patent/CN103763328B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101917707A (en) * | 2010-08-18 | 2010-12-15 | 中兴通讯股份有限公司 | IP addressing method and system for wireless sensor network |
| CN102665297A (en) * | 2012-05-17 | 2012-09-12 | 廖原 | Communication device and system as well as method of wireless cloud sensor network |
| CN102883311A (en) * | 2012-09-21 | 2013-01-16 | 北京博大光通国际半导体技术有限公司 | OID (object identifier) coding based wireless sensing network equipment addressing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103763328A (en) | 2014-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Al‐Turjman et al. | An overview of security and privacy in smart cities' IoT communications | |
| Razouk et al. | A new security middleware architecture based on fog computing and cloud to support IoT constrained devices | |
| CN110971415A (en) | Space-ground integrated space information network anonymous access authentication method and system | |
| KR20190034505A (en) | Data conversion system and method | |
| EP2974110B1 (en) | Privacy aware dhcp service | |
| CN104618369A (en) | Method, device and system for unique authorization of Internet-of-Things equipment based on OAuth | |
| CN109688243B (en) | Sensing node IPv 6address allocation method based on trusted identity | |
| CN105262773A (en) | A verification method and apparatus for an IOT system | |
| US10367794B2 (en) | Method and apparatus for securing a sensor or device | |
| CN105100268B (en) | A kind of method of controlling security of internet of things equipment, system and application server | |
| CN101039181B (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN104993993A (en) | Message processing method, device, and system | |
| CN102883311B (en) | OID (object identifier) coding based wireless sensing network equipment addressing method | |
| CN104883339B (en) | A kind of method, apparatus and system of privacy of user protection | |
| RU2474073C2 (en) | Network and method for initialising trust centre link key | |
| CN107342964A (en) | A kind of message parsing method and equipment | |
| CN113938474B (en) | Virtual machine access method and device, electronic equipment and storage medium | |
| CN103763328B (en) | Based on the OID Sensor Network equipment safety communication encryption mechanism encoded and addressing method | |
| CN110351254B (en) | Access operation execution method and device | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment | |
| Jian et al. | Internet of things (IOT) cybersecurity based on the hybrid cryptosystem | |
| CN104954125A (en) | Key agreement method, user equipment, router and location server | |
| CN104303452A (en) | Method and device for generating cryptographically protected redundant data packets | |
| Jensen et al. | Access Control with RFID in the Internet of Things | |
| CN114244788B (en) | Data response method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |