CN105391540A - IOT safety system, interconnection equipment, and implementation method - Google Patents
IOT safety system, interconnection equipment, and implementation method Download PDFInfo
- Publication number
- CN105391540A CN105391540A CN201410433200.6A CN201410433200A CN105391540A CN 105391540 A CN105391540 A CN 105391540A CN 201410433200 A CN201410433200 A CN 201410433200A CN 105391540 A CN105391540 A CN 105391540A
- Authority
- CN
- China
- Prior art keywords
- interworking equipment
- equipment
- memory
- pki
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The embodiment of the invention provides an IOT safety system, interconnection equipment, and an implementation method. The system comprises second interconnection equipment and at least one piece of first interconnection equipment, and the first interconnection equipment is connected with the first interconnection equipment, and comprises a first safety chip and a first storage unit which stores a first private key belonging to a first safety chip, and also stores a corresponding public key. The first safety chip comprises a first processor and a first transmitting device, and the first processor is used for reading the first private key for the encryption of the information of the first interconnection equipment. The first transmitting device is used for sending a processing result of the first processor to the second interconnection equipment. The second interconnection equipment comprises a second safety chip, and the second safety chip comprises the second processor and a second storage unit storing the first public key. The second processor is used for reading the verification of the processing results of the first processor through the first public key. According to the embodiment of the invention can improve the safety of the IOT.
Description
Technical field
The execution mode of the application relates to technical field of data security, particularly relates to a kind of Internet of Things safety system and implementation method.
Background technology
Along with information technology, sensing technology etc. develop rapidly, Internet of Things is day by day universal, is widely used in the occasions such as user's health check-up, storage administration, home automation and environmental data tracking.Internet of Things is made up of multiple InterWorking Equipment, and these InterWorking Equipments are self-existent equipment group not, and is all interconnected with rear end platform, forms the system of a networking.By upgrading application and the function of InterWorking Equipment, can trigger InterWorking Equipment and carry out associative operation, realize the automation collection of data, analysis etc., InterWorking Equipment and rear end platform form complete Internet of things system jointly for people provide various judicial convenience service.
Under normal circumstances, can store the customizing messages of some sensitiveness, privacy in InterWorking Equipment, these customizing messages, according to the needs realizing intended service function, can transmit between InterWorking Equipment and between InterWorking Equipment and remote platform.In order to prevent these customizing messages to be stolen, to leak, must ensure that the fail safe of data interaction is carried out in the fail safe of the InterWorking Equipment self in Internet of Things and InterWorking Equipment and other equipment.
Although the safety of InterWorking Equipment has become the hot issue in the Internet of Things world in Internet of Things, also the Internet of Things solution that some relate to customizing messages fail safe is there is in prior art, but these schemes are not nearly all considered or are better considered the safety issue of InterWorking Equipment.Such as, in current Internet of things system, the certification of InterWorking Equipment self, only comprise simple login and password input, usually be connected with open network between InterWorking Equipment with remote platform, between the two with form transmission data expressly and shared data, this produces a series of unsafe factor: the IP of InterWorking Equipment exposes in a network, the authentication security risk that is poor, data leak of InterWorking Equipment and remote platform is higher, and these unsafe factors cause Internet of things system very easily under attack.
Summary of the invention
In order to solve the problem, the application's execution mode provides a kind of Internet of Things safety system and realizes the method for Internet of Things safety, to improve the safety of Internet of things system, reduces or avoid the attack that Internet of things system may be subject to.
The Internet of Things safety system that the application's execution mode provides comprises: the second InterWorking Equipment and at least one first InterWorking Equipment, and described first InterWorking Equipment is connected with the second InterWorking Equipment, wherein:
Described first InterWorking Equipment comprises the first safety chip and stores the first memory of the first private key and the first corresponding PKI belonging to the first safety chip, described first safety chip comprises first processor and the first dispensing device, described first processor is used for from first memory, read the information of the first private key to the second InterWorking Equipment and is encrypted, and described first dispensing device is used for the result of first processor to send to described first InterWorking Equipment;
Described second InterWorking Equipment comprises the second safety chip, described second safety chip comprises the second processor and stores the second memory of described first PKI, and described second processor is used for from second memory, read the first PKI and carries out certification to the result of first processor.
Preferably, described second InterWorking Equipment is Hub equipment, Platform Server or smart machine, described first InterWorking Equipment is smart machine, when described second InterWorking Equipment is Platform Server, described system also comprises router, and described first InterWorking Equipment is connected with the second InterWorking Equipment and is connected with Platform Server by router for described smart machine.
Preferably, when described second InterWorking Equipment is Hub equipment, described Hub equipment also comprises the second dispensing device, described second memory, also for storing the second private key and the second corresponding PKI that belong to the second safety chip; Described first memory, also for storing described second PKI;
Described second processor, is also encrypted for reading the information of the second private key to smart machine from second memory; Described second dispensing device, for sending to described smart machine by the result of the second processor;
Described first processor, also carries out certification for reading the second PKI from first memory to the result of the second processor;
Or,
When described second InterWorking Equipment is Platform Server, described Platform Server also comprises the second dispensing device, described second memory, also for storing the second private key and the second corresponding PKI that belong to the second safety chip; Described first memory, also for storing described second PKI;
Described second processor, is also encrypted for reading the information of the second private key to the first InterWorking Equipment from second memory; Described second dispensing device, for sending to described smart machine by the result of the second processor by described router;
Described first processor, also carries out certification for reading the second PKI from first memory to the result of the second processor.
Preferably, described first memory is embedded in described first safety chip, and/or described second memory is embedded in described second safety chip;
Or,
First memory has two quantum memories, the quantum memory of first memory storage private key is embedded in the first safety chip, the quantum memory of storage of public keys is arranged on outside the first safety chip, and/or, second memory has two quantum memories, and the quantum memory storing private key in second memory is embedded in the second safety chip, the quantum memory of storage of public keys is arranged on outside the second safety chip.
Preferably, described smart machine to be connected with Platform Server by router and to be specially described smart machine and to be connected with router by bluetooth, WIFI, WiMax or Zigbee, and described router is connected with Platform Server by bluetooth, WIFI, WiMax or Zigbee.
Preferably, described smart machine comprises wearable device, monitoring Medical Devices or home automation device.
The application embodiment further provides a kind of InterWorking Equipment.Described InterWorking Equipment is connected with other InterWorking Equipment, wherein:
Described InterWorking Equipment comprises the first safety chip and stores the first memory of the first private key and the first corresponding PKI belonging to the first safety chip, described first safety chip comprises first processor and the first dispensing device, described first processor is used for from first memory, read the information of the first private key to the second InterWorking Equipment and is encrypted, described first dispensing device is used for the result of first processor to send to other InterWorking Equipment described as information, and described first private key is corresponding with the first PKI used in other InterWorking Equipments; Or,
Described InterWorking Equipment comprises the second safety chip, described second safety chip comprises the second processor and stores the second memory of the first PKI, described second processor is used for from second memory, read the first PKI and carries out certification to the message that other InterWorking Equipment sends, and described first PKI is corresponding with the first private key used in miscellaneous equipment.
Preferably, described InterWorking Equipment is Hub equipment, Platform Server or smart machine.
The application embodiment further provides a kind of method realizing Internet of Things safety, and the method is applied to and comprises the second InterWorking Equipment and at least one first InterWorking Equipment, the system that the first InterWorking Equipment is connected with the second InterWorking Equipment.The method comprises:
First InterWorking Equipment reads the first private key self prestored, and utilizes the information of described first private key to the second InterWorking Equipment to be encrypted, and the result of encryption is sent to the second InterWorking Equipment;
First PKI corresponding with described first private key of the second InterWorking Equipment reading pre-stored, utilizes described first PKI to carry out certification to the result of the first InterWorking Equipment.
Preferably, described method also comprises:
Second InterWorking Equipment reads the second private key self prestored, and utilizes the information of described second private key to the first InterWorking Equipment to be encrypted, and the result of encryption is sent to the first InterWorking Equipment;
Described second PKI of the first InterWorking Equipment reading pre-stored, utilizes described second PKI to carry out certification to the result of the second InterWorking Equipment.
Preferably, described method also comprises:
First InterWorking Equipment is session key generation before a session produces or in process, utilizes the 3rd PKI prestored to be encrypted described session key, and the session key after encryption is sent to the second InterWorking Equipment;
After the session key of the second InterWorking Equipment after receiving described encryption, the session key after the 3rd private key pair encryption corresponding with the 3rd PKI utilizing self to prestore is decrypted, and obtains described session key.
Preferably, described method comprises:
First InterWorking Equipment utilizes described session key to be encrypted session data, and the session data after encryption is sent to the second InterWorking Equipment;
The session key that second InterWorking Equipment utilizes self to obtain is decrypted the session data after described encryption, obtains session data.
Preferably, described method also comprises:
First InterWorking Equipment gathers particular data, and the 4th PKI utilizing self to store is encrypted this particular data, send to the second InterWorking Equipment to preserve the particular data after encryption, described particular data is the data that the first InterWorking Equipment needs to carry out the plaintext state of safe storage;
When the first InterWorking Equipment needs the particular data checking expressly state, first InterWorking Equipment obtains the particular data after described encryption from the second InterWorking Equipment, and the particular data of four private key pair encryption corresponding with the 4th PKI utilizing the first InterWorking Equipment self to store is decrypted, to obtain the particular data of expressly state.
The application's execution mode arranges safety chip in the InterWorking Equipment of construct networked system, safety chip has information processing capability, by the processor on the safety chip of InterWorking Equipment, the private key utilizing safety chip to store, PKI carry out encryption and decryption to the message of InterWorking Equipment, thus can realize the certification between the InterWorking Equipment in Internet of Things.Compared with prior art, in InterWorking Equipment, embed the element with anti-tamper encryption ability, make the communication between InterWorking Equipment self and InterWorking Equipment be provided with reliable security mechanism, thus improve and improve the fail safe of existing Internet of things system.
Accompanying drawing explanation
By reference to accompanying drawing reading detailed description hereafter, above-mentioned and other objects of exemplary embodiment of the invention, feature and advantage will become easy to understand.In the accompanying drawings, show some execution modes of the present invention by way of example, and not by way of limitation, wherein:
Fig. 1 is the structured flowchart of an embodiment of Internet of Things safety system;
Fig. 2 is the scene application drawing of another embodiment of Internet of Things safety system;
Fig. 3 is the scene application drawing of another embodiment of Internet of Things safety system;
Fig. 4 is the schematic flow sheet of the mutual authentication process realizing Internet of things system safety;
Fig. 5 is the schematic flow sheet of the session key transmittance process realizing Internet of things system safety;
Fig. 6 is the schematic flow sheet that the session data realizing Internet of things system safety transmits;
Fig. 7 is the schematic flow sheet that the particular data realizing Internet of things system safety transmits.
Embodiment
Below with reference to some illustrative embodiments, principle of the present invention and spirit are described.Should be appreciated that providing these execution modes is only used to enable those skilled in the art understand better and then realize the present invention, and not limit the scope of the invention by any way.On the contrary, provide these execution modes to be to make disclosing of the application more thorough and complete, and scope disclosed in the present application intactly can be conveyed to those skilled in the art.
See Fig. 1, the figure shows the structured flowchart of an embodiment (embodiment one) of a kind of Internet of Things safety system that the application provides.This Internet of things system comprises:
At least one first InterWorking Equipment 11 and the second InterWorking Equipment 12, first InterWorking Equipment 11 are connected with the second InterWorking Equipment 12, wherein:
First InterWorking Equipment 11 comprises the first safety chip 111 and stores the first memory 112 of the first private key and the first corresponding PKI belonging to the first safety chip, first safety chip 111 comprises first processor 1111 and the first dispensing device 1112, first processor 1111 is encrypted for reading the information of the first private key to the first InterWorking Equipment from first memory, and the first dispensing device 1112 is for sending to the second InterWorking Equipment 12 by the result of first processor; The information of the first InterWorking Equipment here can be the information that the first InterWorking Equipment self produces, and also can be the information from other InterWorking Equipments in Internet of things system, or the session information between the first InterWorking Equipment and other InterWorking Equipments.
Second InterWorking Equipment 12 comprises the second safety chip 121, second memory 122, second processor 1211 that second safety chip 121 comprises the second processor 1211 and stores described first PKI carries out certification for reading the first PKI from second memory to the result of first processor.
The present embodiment arranges safety chip in the InterWorking Equipment of construct networked system, safety chip has information processing capability, by the processor on the safety chip of InterWorking Equipment, the private key utilizing safety chip to store, PKI carry out encryption and decryption to the message of InterWorking Equipment, thus can realize the certification between the InterWorking Equipment in Internet of Things.Compared with prior art, embed in InterWorking Equipment and there is the anti-tamper element of encryption ability or the combination of element, these elements or elements combination in substance form a security component, make the communication between InterWorking Equipment self and InterWorking Equipment be provided with reliable security mechanism based on this security component, thus improve and improve the fail safe of existing Internet of things system.
In the above-described embodiments, first InterWorking Equipment can be presented as smart machine, smart machine has information processing capability, such as, can gather from environment or the data of self, and as required to the analyzing and processing that these environmental datas carry out to a certain degree, these data are carried out storing and being sent to destination.Particularly, smart machine can comprise wearable device, monitoring Medical Devices or home automation device, wearable device can be embodied in wrist strap, intelligent ring, necklace, monitoring Medical Devices can be embodied in intelligent physical examination equipment, heart checkout equipment, blood pressure monitoring device, blood sugar concentration monitoring equipment and skin detection equipment etc., and home automation device can be embodied in switch gate equipment, light control device, music control equipment, thermal control equipment, intelligent thermostat, intelligent refrigerator etc.
In the above-described embodiment, the second InterWorking Equipment can be Hub equipment, can form another embodiment (embodiment two) in this case.See Fig. 2, the figure shows the application scenarios of this embodiment.In this application scenarios, Internet of Things safety system comprises the smart machine as the first InterWorking Equipment and the Hub equipment as the second InterWorking Equipment, as shown by arrows in FIG., by the chip on smart machine and the information interaction between Hub equipment, the certification of Hub equipment to smart machine can be realized.But, in real process, the certification of smart machine to Hub equipment can also be realized, at this moment, described Hub equipment can also comprise the second dispensing device 1212, described second memory, also for storing the second private key and the second corresponding PKI that belong to the second safety chip; Described first memory, also for storing described second PKI; Described second processor, is also encrypted for reading the information of the second private key to smart machine from second memory; Described second dispensing device, for sending to described smart machine by the result of the second processor; Described first processor, also carries out certification for reading the second PKI from first memory to the result of the second processor.By the improvement of the above-mentioned composition structure to smart machine and Hub equipment, achieve the two-way authentication between Hub equipment and InterWorking Equipment, in fact this bidirectional authentication mechanism establishes PKI framework, thus Internet of Things can be made to have safely many-sided outstanding technique effect.Such as, encrypt owing to achieving two-way authentication between Hub equipment and InterWorking Equipment, the IP of InterWorking Equipment is no longer exposed among network, can guarantee data security (comprise the data ensureing device memory storage safe, ensure the data interaction safety of equipment room), ensure interactive authentication (comprise the fail safe ensureing physical access, the fail safe etc. ensureing remote access fail safe, ensure InterWorking Equipment certification) safely, ensure application safely (comprise ensure the environment stoping malicious attack fail safe, allow to implement secure payment application etc.).
In the above-described embodiment, the second InterWorking Equipment can also be Platform Server, can form another embodiment (embodiment two) in this case.See Fig. 3, the figure shows the application scenarios of this embodiment.In this application scenarios, Internet of Things safety system comprises as the smart machine of the first InterWorking Equipment and the Platform Server as the second InterWorking Equipment, also the equipment such as router are comprised between smart machine and Platform Server, thus smart machine to be connected with Platform Server by router and specifically can be presented as that described smart machine is connected with router by bluetooth, WIFI, WiMax or Zigbee, described router is connected with Platform Server by bluetooth, WIFI, WiMax or Zigbee.As shown by arrows in FIG., by the information interaction between the chip on smart machine and Platform Server, can implementation platform server to the certification of smart machine.But, in real process, the certification of smart machine to Platform Server can also be realized, at this moment, described Platform Server also comprises the second dispensing device 1212, described second memory, also for storing the second private key and the second corresponding PKI that belong to the second safety chip; Described first memory, also for storing described second PKI; Described second processor, is also encrypted for reading the information of the second private key to the first InterWorking Equipment from second memory; Described second dispensing device, for sending to described smart machine by the result of the second processor by described router; Described first processor, also carries out certification for reading the second PKI from first memory to the result of the second processor.The technique effect similar with previous embodiment can be realized equally by above-mentioned structure, for avoiding repetition, no longer superfluous words here.
Among above-mentioned several situation, be referred to two kinds of situations: one is the Internet of things system that smart machine and Hub devices interconnect are formed, two is five networked systems of the interconnected formation of smart machine and Platform Server, in fact, in actual moving process, also may there is the third situation, i.e. smart machine and the interconnected formation networked system of smart machine, under this situation, the first InterWorking Equipment and the second InterWorking Equipment all show as smart machine.
Also it should be noted that, above-described embodiment is described from the angle of the whole system of Internet of Things, in fact, the description of technical scheme can also be carried out from each InterWorking Equipment of construct networking, such as, when describing InterWorking Equipment from the angle of above-mentioned first equipment, this InterWorking Equipment comprises the first safety chip and stores the first memory of the first private key and the first corresponding PKI belonging to the first safety chip, described first safety chip comprises first processor and the first dispensing device, described first processor is used for from first memory, read the information of the first private key to InterWorking Equipment and is encrypted, described first dispensing device is used for the result of first processor to send to other InterWorking Equipment described as information, described first private key is corresponding with the first PKI used in other InterWorking Equipment.When describing InterWorking Equipment from the angle of above-mentioned second InterWorking Equipment, this InterWorking Equipment comprises the second safety chip, described second safety chip comprises the second processor and stores the second memory of the first PKI, described second processor is used for from second memory, read the first PKI and carries out certification to the message that other InterWorking Equipment sends, and described first PKI is corresponding with the first private key used in other InterWorking Equipment.
In some cases, safer in order to Internet of things system, first memory can be embedded in described first safety chip, or described second memory is embedded in described second safety chip, carries out above-mentioned setting even simultaneously.Because safety chip has good fail safe, the system that safety chip runs by it and the isolation of system that smart machine or Hub equipment (Platform Server) run come, by memory devices is embedded in safety chip, making must meet some requirements to the access of data in memory could realize access, thus ensure that the safety of memory store data inside.Certainly, when considering to store the factor in the fail safe of data and embedded cost size etc. two, memory can also be decomposed into two quantum memories, the quantum memory wherein storing private key is embedded among safety chip, and the quantum memory storing corresponding PKI is placed into outside safety chip.In addition, this " separate type " arranges the way of memory, may be also based on the consideration to safety chip storage size, because safety chip is for InterWorking Equipment, its memory headroom is usually less, is thus only placed into wherein by those of paramount importance data (such as, private key), and time important or unessential data (such as, PKI) are placed on other storage area of the InterWorking Equipment outside safety chip.
Foregoing provides the embodiment of the Internet of Things safety system of the application, correspondingly, present invention also provides the embodiment of the method realizing Internet of Things safety, the method embodiment can be applied to and comprise the second InterWorking Equipment and at least one first InterWorking Equipment, the system that first InterWorking Equipment is connected with the second InterWorking Equipment, or to be applied in previous embodiment among the Internet of Things safety system that describes.See Fig. 4, the figure shows the flow process of the method embodiment.This flow process comprises:
Step S41: the first InterWorking Equipment reads the first private key self prestored, and utilizes the information of described first private key to the first InterWorking Equipment to be encrypted, and the result of encryption is sent to the second InterWorking Equipment;
First PKI corresponding with described first private key of the step S42: the second InterWorking Equipment reading pre-stored, utilizes described first PKI to carry out certification to the result of the first InterWorking Equipment.
The certification of the second InterWorking Equipment to the first InterWorking Equipment can be realized by these steps, namely can determine that information that the second InterWorking Equipment receives is from the first InterWorking Equipment.As previously mentioned, if the first InterWorking Equipment is smart machine, the second InterWorking Equipment is Hub equipment, what so realize is the certification of Hub equipment to smart machine, if the first InterWorking Equipment is smart machine, the second InterWorking Equipment is Platform Server, what so realize is the certification of Platform Server to smart machine, if the first InterWorking Equipment, the second InterWorking Equipment are all smart machines, what so realize is the certification of previous InterWorking Equipment to a rear InterWorking Equipment.
In order to improve the fail safe of certification, on aforesaid unilateral authentication basis, also may there is the certification of the second InterWorking Equipment to the first InterWorking Equipment, thus realize the two-way authentication between the first InterWorking Equipment, the second InterWorking Equipment.The flow process realizing two-way authentication can still see Fig. 4, and concrete steps comprise::
Step S43: the second InterWorking Equipment reads the second private key self prestored, and utilizes the information of described second private key to the first InterWorking Equipment to be encrypted, and the result of encryption is sent to the first InterWorking Equipment;
Step S44: the first InterWorking Equipment reading pre-stored with described second PKI, utilize described second PKI to carry out certification to the result of the second InterWorking Equipment.
Achieve the two-way authentication between the first InterWorking Equipment and the second InterWorking Equipment by abovementioned steps, thus ensure that the device security of the main body of transfer of data.In real process, also need to carry out data transmission between two InterWorking Equipments.If when data are transmitted, the data directly will transmitted, by disclosed Internet Transmission, will be very dangerous, for this reason, need to be encrypted the data of transmission, but, same problem may be there is to the key of data encryption, therefore, need to be encrypted key, to make two InterWorking Equipments have identical session key by the passage of safety, thus use this session key to the decrypt data of encryption, here session key can be single key, also can be symmetric key.Pass through symmetric key.The application preferably realizes above-mentioned purpose (see Fig. 5, the figure shows the flow chart that session key transmits) in the following manner:
Step S51: the first InterWorking Equipment is session key generation before a session produces or in process, utilizes the 3rd PKI prestored to be encrypted described session key, and the session key after encryption is sent to the second InterWorking Equipment;
After the session key of the step S52: the second InterWorking Equipment after receiving described encryption, the session key after the 3rd private key pair encryption utilizing self to prestore is decrypted, and obtains described session key.
Save identical or corresponding session key by the mode of safety between the first interconnected InterWorking Equipment and the second InterWorking Equipment after, can synchronously decipher whole communication informations between the first InterWorking Equipment and the second InterWorking Equipment by this session key.That is, the method for the application can comprise (see Fig. 6, the figure shows the flow chart that session data transmits):
Step S61: the first InterWorking Equipment utilizes described session key to be encrypted session data, and the session data after encryption is sent to the second InterWorking Equipment;
The session key that step S62: the second InterWorking Equipment utilizes self to obtain is decrypted the session data after described encryption, obtains session data.
In actual application, also may there is a kind of special situation, namely certain InterWorking Equipment acquires sensitive data (particular data), this particular data is that the user of this InterWorking Equipment owns, usually there is privacy, for this reason, the user of this InterWorking Equipment may to wish this particular data to be kept on remote platform (such as, second InterWorking Equipment), at this moment can according to the application provide as under type guarantee data fail safe (see Fig. 7, the figure shows to the storage of particular data with check flow process):
Step S71: the first InterWorking Equipment gathers particular data, and the 4th PKI utilizing self to store is encrypted this particular data, send to the second InterWorking Equipment to preserve the particular data after encryption, described particular data is the data that the first InterWorking Equipment needs to carry out the plaintext state of safe storage;
Step S72: when the first InterWorking Equipment needs the particular data checking expressly state, first InterWorking Equipment obtains the particular data after described encryption from the second InterWorking Equipment, and the particular data of the 4th private key pair encryption utilizing the first InterWorking Equipment self to store is decrypted, to obtain the particular data of expressly state.
It should be noted that: on the one hand, foregoing description the application Internet of Things safety system and realize in the procedure of Internet of Things safety, repeatedly mention key, and these keys have all identified " first, the term such as second ", but, this mark to key is only schematic, in actual application, they can be different keys, also can be identical key, such as, second PKI and the 3rd PKI can be identical PKI, second private key and the 3rd private key can be identical private key, first PKI and the 4th PKI can be identical PKI, first private key and the 4th private key can be identical private key.Another aspect, although foregoing describes the various methods that the application realizes Internet of Things safety in more detail, these introduce the only property enumerated, those skilled in the art can on the content basis of aforementioned description, and the method for application the application is among various application scenarios.Such as, by Internet of things system and the method for the application, the upgrading to the certificate data in the application be stored on InterWorking Equipment safety chip and application can be realized.Again on the one hand, in the Internet of Things safety system of the application, the various functions that the safety chip of InterWorking Equipment has can adopt various ways to realize in actual applications, such as, software or hardware, or the mode of software and hardware realizes.For the processor in the second safety chip of the second InterWorking Equipment, the function that this processor can realize can utilize program should be used for realizing on the upper strata of an operating system, namely the process/thread based on software transfer relevant operation system completes relevant work, also can utilize corresponding electronic devices and components to realize at the bottom of an operating system.When comprising hardware, software, safety chip runtime environment is responsible for the space providing the neutral API of a set of hardware and safe storage and these application of operation to all application, to guarantee other code applied and data separating on the code of each application and data and card, to realize fail safe.This safety chip can also comprise card management device, for managing the contents such as GlobalPlatform environment, (OPEN) publisher security domain, card holder verification mechanism, security domain can also be there is, support security service (key management, encryption, deciphering, digital signature generate and checking) by security domain, there is the feature of application (such as, AID, life cycle), perform escape way agreement, application interface etc. be provided, in a word, the application is not particularly limited this.
Also what deserves to be explained is, although foregoing teachings has described spirit and the principle of the invention with reference to some embodiments, but should be appreciated that, the invention is not limited to disclosed embodiment, can not combine the feature that the division of each side does not mean that in these aspects yet, this division is only the convenience in order to state.The invention is intended to contain the interior included various amendment of spirit and scope and the equivalent arrangements of claims.
Claims (13)
1. an Internet of Things safety system, is characterized in that, this system comprises: the second InterWorking Equipment and at least one first InterWorking Equipment, and described first InterWorking Equipment is connected with the second InterWorking Equipment, wherein:
Described first InterWorking Equipment comprises the first safety chip and stores the first memory of the first private key and the first corresponding PKI belonging to the first safety chip, described first safety chip comprises first processor and the first dispensing device, described first processor is used for from first memory, read the information of the first private key to the first InterWorking Equipment and is encrypted, and described first dispensing device is used for the result of first processor to send to described second InterWorking Equipment;
Described second InterWorking Equipment comprises the second safety chip, described second safety chip comprises the second processor and stores the second memory of described first PKI, and described second processor is used for from second memory, read the first PKI and carries out certification to the result of first processor.
2. system according to claim 1, is characterized in that, described second InterWorking Equipment is Hub equipment, Platform Server or smart machine, and described first InterWorking Equipment is smart machine,
When described second InterWorking Equipment is Platform Server, described system also comprises router, and described first InterWorking Equipment is connected with the second InterWorking Equipment and is connected with Platform Server by router for described smart machine.
3. system according to claim 2, it is characterized in that, when described second InterWorking Equipment is Hub equipment, described Hub equipment also comprises the second dispensing device, described second memory, also for storing the second private key and the second corresponding PKI that belong to the second safety chip; Described first memory, also for storing described second PKI;
Described second processor, is also encrypted for reading the information of the second private key to smart machine from second memory; Described second dispensing device, for sending to described smart machine by the result of the second processor;
Described first processor, also carries out certification for reading the second PKI from first memory to the result of the second processor;
Or,
When described second InterWorking Equipment is Platform Server, described Platform Server also comprises the second dispensing device, described second memory, also for storing the second private key and the second corresponding PKI that belong to the second safety chip; Described first memory, also for storing described second PKI;
Described second processor, is also encrypted for reading the information of the second private key to the first InterWorking Equipment from second memory; Described second dispensing device, for sending to described smart machine by the result of the second processor by described router;
Described first processor, also carries out certification for reading the second PKI from first memory to the result of the second processor.
4. the system according to Claims 2 or 3, is characterized in that, described first memory is embedded in described first safety chip, and/or described second memory is embedded in described second safety chip;
Or,
First memory has two quantum memories, the quantum memory of first memory storage private key is embedded in the first safety chip, the quantum memory of storage of public keys is arranged on outside the first safety chip, and/or, second memory has two quantum memories, and the quantum memory storing private key in second memory is embedded in the second safety chip, the quantum memory of storage of public keys is arranged on outside the second safety chip.
5. system according to claim 4, it is characterized in that, described smart machine to be connected with Platform Server by router and to be specially described smart machine and to be connected with router by bluetooth, WIFI, WiMax or Zigbee, and described router is connected with Platform Server by bluetooth, WIFI, WiMax or Zigbee.
6. system according to claim 5, is characterized in that, described smart machine comprises wearable device, monitoring Medical Devices or home automation device.
7. an InterWorking Equipment, is characterized in that, described InterWorking Equipment is connected with other InterWorking Equipment, wherein:
Described InterWorking Equipment comprises the first safety chip and stores the first memory of the first private key and the first corresponding PKI belonging to the first safety chip, described first safety chip comprises first processor and the first dispensing device, described first processor is used for from first memory, read the information of the first private key to described InterWorking Equipment and is encrypted, described first dispensing device is used for the result of first processor to send to other InterWorking Equipment described as information, and described first private key is corresponding with the first PKI used in other InterWorking Equipment; Or,
Described InterWorking Equipment comprises the second safety chip, described second safety chip comprises the second processor and stores the second memory of the first PKI, described second processor is used for from second memory, read the first PKI and carries out certification to the message that other InterWorking Equipment sends, and described first PKI is corresponding with the first private key used in miscellaneous equipment.
8. InterWorking Equipment according to claim 7, is characterized in that, described InterWorking Equipment is Hub equipment, Platform Server or smart machine.
9. realize a method for Internet of Things safety, it is characterized in that, described method is applied to and comprises the second InterWorking Equipment and at least one first InterWorking Equipment, the system that the first InterWorking Equipment is connected with the second InterWorking Equipment, and the method comprises:
First InterWorking Equipment reads the first private key self prestored, and utilizes the information of described first private key to the first InterWorking Equipment to be encrypted, and the result of encryption is sent to the second InterWorking Equipment;
First PKI corresponding with described first private key of the second InterWorking Equipment reading pre-stored, utilizes described first PKI to carry out certification to the result of the first InterWorking Equipment.
10. method according to claim 9, is characterized in that, described method also comprises:
Second InterWorking Equipment reads the second private key self prestored, and utilizes the information of described second private key to the first InterWorking Equipment to be encrypted, and the result of encryption is sent to the first InterWorking Equipment;
Second PKI of the first InterWorking Equipment reading pre-stored, utilizes described second PKI to carry out certification to the result of the second InterWorking Equipment.
11. methods according to claim 9 or 10, it is characterized in that, described method also comprises:
First InterWorking Equipment is session key generation before a session produces or in process, utilizes the 3rd PKI prestored to be encrypted described session key, and the session key after encryption is sent to the second InterWorking Equipment;
After the session key of the second InterWorking Equipment after receiving described encryption, the session key after the 3rd private key pair encryption corresponding with the 3rd PKI utilizing self to prestore is decrypted, and obtains described session key.
12. methods according to claim 11, is characterized in that, described method comprises:
First InterWorking Equipment utilizes described session key to be encrypted session data, and the session data after encryption is sent to the second InterWorking Equipment;
The session key that second InterWorking Equipment utilizes self to obtain is decrypted the session data after described encryption, obtains session data.
13. methods according to claim 9, is characterized in that, described method also comprises:
First InterWorking Equipment gathers particular data, and the 4th PKI utilizing self to store is encrypted this particular data, send to the second InterWorking Equipment to preserve the particular data after encryption, described particular data is the data that the first InterWorking Equipment needs to carry out the plaintext state of safe storage;
When the first InterWorking Equipment needs the particular data checking expressly state, first InterWorking Equipment obtains the particular data after described encryption from the second InterWorking Equipment, and the particular data of four private key pair encryption corresponding with the 4th PKI utilizing the first InterWorking Equipment self to store is decrypted, to obtain the particular data of expressly state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410433200.6A CN105391540A (en) | 2014-08-28 | 2014-08-28 | IOT safety system, interconnection equipment, and implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410433200.6A CN105391540A (en) | 2014-08-28 | 2014-08-28 | IOT safety system, interconnection equipment, and implementation method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105391540A true CN105391540A (en) | 2016-03-09 |
Family
ID=55423395
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410433200.6A Pending CN105391540A (en) | 2014-08-28 | 2014-08-28 | IOT safety system, interconnection equipment, and implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105391540A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533671A (en) * | 2016-11-29 | 2017-03-22 | 美的智慧家居科技有限公司 | Information interactive method and system and apparatus thereof |
| CN107171804A (en) * | 2017-05-16 | 2017-09-15 | 歌尔科技有限公司 | A kind of data transmission method |
| CN107395361A (en) * | 2017-07-25 | 2017-11-24 | 成都国科微电子有限公司 | The conversion of information source data and authentication method and system |
| CN108199851A (en) * | 2018-02-01 | 2018-06-22 | 北京华大智宝电子系统有限公司 | A kind of data safe transmission method, apparatus and system |
| CN110086755A (en) * | 2018-01-26 | 2019-08-02 | 巍乾全球技术有限责任公司 | Realize method, application server, internet of things equipment and the medium of Internet of Things service |
| CN110401950A (en) * | 2019-07-24 | 2019-11-01 | Oppo广东移动通信有限公司 | Register method, head-mounted display apparatus, helmet system and storage medium |
| CN110874476A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Data processing system, method, storage medium and processor |
| CN111865592A (en) * | 2020-09-21 | 2020-10-30 | 四川科锐得电力通信技术有限公司 | Internet of things equipment fast access method and device, Internet of things platform and storage medium |
| CN113179240A (en) * | 2020-09-28 | 2021-07-27 | 深圳华智融科技股份有限公司 | Key protection method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873588A (en) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | Method and system for realizing service application safety |
| CN103179086A (en) * | 2011-12-21 | 2013-06-26 | 中国电信股份有限公司 | Method and system for remote storing processing of data |
| CN103532713A (en) * | 2012-07-04 | 2014-01-22 | 中国移动通信集团公司 | Sensor authentication and sharing key generating method, sensor authentication and sharing key generating system and sensor |
| US20140195807A1 (en) * | 2009-11-16 | 2014-07-10 | Hagai Bar-El | System, device, and method of provisioning cryptographic data to electronic devices |
-
2014
- 2014-08-28 CN CN201410433200.6A patent/CN105391540A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140195807A1 (en) * | 2009-11-16 | 2014-07-10 | Hagai Bar-El | System, device, and method of provisioning cryptographic data to electronic devices |
| CN101873588A (en) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | Method and system for realizing service application safety |
| CN103179086A (en) * | 2011-12-21 | 2013-06-26 | 中国电信股份有限公司 | Method and system for remote storing processing of data |
| CN103532713A (en) * | 2012-07-04 | 2014-01-22 | 中国移动通信集团公司 | Sensor authentication and sharing key generating method, sensor authentication and sharing key generating system and sensor |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533671A (en) * | 2016-11-29 | 2017-03-22 | 美的智慧家居科技有限公司 | Information interactive method and system and apparatus thereof |
| CN107171804A (en) * | 2017-05-16 | 2017-09-15 | 歌尔科技有限公司 | A kind of data transmission method |
| CN107171804B (en) * | 2017-05-16 | 2019-12-03 | 歌尔科技有限公司 | A kind of data transmission method |
| CN107395361A (en) * | 2017-07-25 | 2017-11-24 | 成都国科微电子有限公司 | The conversion of information source data and authentication method and system |
| CN110086755A (en) * | 2018-01-26 | 2019-08-02 | 巍乾全球技术有限责任公司 | Realize method, application server, internet of things equipment and the medium of Internet of Things service |
| CN108199851A (en) * | 2018-02-01 | 2018-06-22 | 北京华大智宝电子系统有限公司 | A kind of data safe transmission method, apparatus and system |
| CN110874476A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Data processing system, method, storage medium and processor |
| CN110874476B (en) * | 2018-08-31 | 2024-03-22 | 阿里巴巴集团控股有限公司 | Data processing system, method, storage medium, and processor |
| CN110401950A (en) * | 2019-07-24 | 2019-11-01 | Oppo广东移动通信有限公司 | Register method, head-mounted display apparatus, helmet system and storage medium |
| CN111865592A (en) * | 2020-09-21 | 2020-10-30 | 四川科锐得电力通信技术有限公司 | Internet of things equipment fast access method and device, Internet of things platform and storage medium |
| CN113179240A (en) * | 2020-09-28 | 2021-07-27 | 深圳华智融科技股份有限公司 | Key protection method, device, equipment and storage medium |
| CN113179240B (en) * | 2020-09-28 | 2023-01-06 | 深圳华智融科技股份有限公司 | Key protection method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105391540A (en) | IOT safety system, interconnection equipment, and implementation method | |
| Hou et al. | A survey on internet of things security from data perspectives | |
| Garg et al. | BAKMP-IoMT: Design of blockchain enabled authenticated key management protocol for internet of medical things deployment | |
| CN105392134B (en) | The method of at least one first unit is authenticated at least one second unit | |
| US10389531B2 (en) | Authentication system and authentication method | |
| US20160277933A1 (en) | Secure Data Communication system between IoT smart devices and a Network gateway under Internet of Thing environment | |
| CN107294709A (en) | A kind of block chain data processing method, apparatus and system | |
| CN105407072A (en) | Method and system for achieving safety of Internet of Things, and interconnection equipment | |
| CN102882847B (en) | Secure digital (SD)-password-card-based secure communication method of Internet of things healthcare service system | |
| CN110535647A (en) | Believable data transmission method, system, electronic equipment, storage medium | |
| CN106464488A (en) | Information transmission method and mobile device | |
| CN107210911A (en) | The improvement of terminal is installed in security system | |
| Lin et al. | Secure Internet of medical Things (IoMT) based on ECMQV-MAC authentication protocol and EKMC-SCP blockchain networking | |
| Guduri et al. | Blockchain-based federated learning technique for privacy preservation and security of smart electronic health records | |
| CN203984457U (en) | A kind of Internet of Things safety system, smart machine and Platform Server | |
| CN203984458U (en) | A kind of Internet of Things safety system, smart machine and Hub equipment | |
| CN108848503B (en) | A kind of smart home dynamic encryption means of communication and system transmitted using merogenesis | |
| Kim et al. | A study of privacy problem solving using device and user authentication for M2M environments | |
| Kamarudin et al. | IBE_Trust Authentication for e-health mobile monitoring system | |
| JP7015328B2 (en) | Peer transaction system | |
| CN112199695A (en) | Processing method and device for receivable financing, electronic device and storage medium | |
| CN202750117U (en) | SD cipher card based internet of things health medical service system | |
| US10445510B2 (en) | Data checking apparatus and method using same | |
| Tareen et al. | User Privacy in IoT | |
| Parcha et al. | Implementing security in IoT systems via blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |