CN106549924B - A kind of communication security protection methods, devices and systems - Google Patents

A kind of communication security protection methods, devices and systems Download PDF

Info

Publication number
CN106549924B
CN106549924B CN201510609796.5A CN201510609796A CN106549924B CN 106549924 B CN106549924 B CN 106549924B CN 201510609796 A CN201510609796 A CN 201510609796A CN 106549924 B CN106549924 B CN 106549924B
Authority
CN
China
Prior art keywords
information
para
payload
terminal
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510609796.5A
Other languages
Chinese (zh)
Other versions
CN106549924A (en
Inventor
齐旻鹏
阎军智
程紫尧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201510609796.5A priority Critical patent/CN106549924B/en
Publication of CN106549924A publication Critical patent/CN106549924A/en
Application granted granted Critical
Publication of CN106549924B publication Critical patent/CN106549924B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of communication security protection methods, devices and systems, wherein the described method includes: terminal generates specific parameter Para according to preset first rule;According to application programming interface key A PI Key, the message Payload and the Para to be transmitted, summary information is generated;According to mark Device ID of the terminal, the Payload, the Para and the summary information, generates the first information and be sent to server;The server obtains the API Key prestored according to the Device ID in the first information;According to the Payload and the Para in API Key prestored, the first information, validation value is calculated;The validation value and the summary information in the first information are compared;When the validation value is matched with the summary information, determine that the authentication is passed for the first information.

Description

A kind of communication security protection methods, devices and systems
Technical field
The present invention relates to computer technology more particularly to a kind of communication security protection methods, devices and systems.
Background technique
In general, Internet of Things company developing and opening cloud platform, shown in Figure 1, third-party application is grasped by http client Make the resource that open cloud platform provides;Equipment realizes the RestFUL interface that OneNet is provided, and business datum is packaged into open flat The format transmission that platform requires is stored to OneNet.When third-party application needs business datum, obtained by RestFUL interface It takes.
Shown in Figure 2, platform provides equipment (device), data flow (datastream), data point (datapoint), the resources such as trigger (trigger), API key can look into platform progress additions and deletions by REST API and change Operation.
Each platform user can create the list of devices of oneself, set device association attributes;It, can be under each equipment Create multiple data flows;Data flow is the data point that certain one kind stores in chronological order;Data point is then with timestamp for key, Any json data type is key-value pair of value;For each data flow, it can set and data point is monitored Trigger;Key is the permission whether for regulation user with operation related resource, refine to data flow rank;Use standard HTTP method realizes resource operation.
Illustrate that shown in Figure 3, API key is with " api-key:xxxx-ffff-zzzzz " according to specification in the prior art Format be placed in HTTP header information, sent with clear-text way.According to design principle, API key is for Internet of Things The key of OneNet cloud platform identification internet-of-things terminal equipment identities.But the key is sent by clear-text way, is cut in attacker When obtaining related news, it can directly parse and obtain API key, and then attacker can be used same API key and pretend to be Internet of Things Terminal sends spoofing, so that Internet of Things OneNet cloud platform receives feedback information or the request of mistake.
Traditional solution is to encrypt to API key, but will be unable to solve asking for equipment identification after encrypting Topic, and the problem of being played out after message is trapped can be faced.
Or traditional solution is the verifying completed by challenge/response class process to user identity and then leads to It crosses while the session key generated protects subsequent message.But this method will bring additional process and key It calculates, it will lead to the expense that equipment is additional, resource-constrained equipment cost this for the terminal of Internet of Things is huge.
Summary of the invention
To solve existing technical problem, the embodiment of the present invention provide a kind of communication security protection method, apparatus and System.
The embodiment of the present invention provides a kind of communication security protection method, is applied to Internet of Things, which comprises
Terminal generates specific parameter Para according to preset first rule;
It is raw according to application programming interface key A PI Key, the message Payload and the Para to be transmitted At summary information;
According to mark Device ID of the terminal, the Payload, the Para and the summary information, generate The first information is simultaneously sent to server;
The server obtains the API Key prestored according to the Device ID in the first information;
According to the Payload and the Para in API Key prestored, the first information, it is calculated Validation value;
The validation value and the summary information in the first information are compared;
When the validation value is matched with the summary information, determine that the authentication is passed for the first information.
Wherein, the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, obtained according to the Device ID in the first information The step of API Key prestored.
Wherein, the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract Message generates the first information;
The validation value that is calculated includes:
According to the Payload, the Para and the RAND in API Key prestored, the first information, Validation value is calculated.
Wherein, the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, generates abstract and disappear Breath;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the KDF_p and described pluck Message is wanted, the first information is generated;
The validation value that is calculated includes:
According to the API Key and the KDF_p prestored, authentication secret is generated;
According to the Payload, the Para and the KDF_p in the authentication secret, the first information, calculate It is verified value.
Wherein, the generation summary information includes:
Summary information is generated by HMAC function.
The embodiment of the present invention provides a kind of communication security protection method, is applied to Internet of Things, which comprises
Terminal generates specific parameter Para according to preset first rule;
It is raw according to application programming interface key A PI Key, the message Payload and the Para to be transmitted At summary information;
According to mark Device ID of the terminal, the Payload, the Para and the summary information, generate The first information is simultaneously sent to server;So that the server according to the information in the first information to the first information into Row authentication.
Wherein, the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract Message generates the first information;So that the server can be according to the institute in API Key prestored, the first information Payload, the Para and the RAND are stated, validation value is calculated, to be authenticated to the first information.
Wherein, the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, generates abstract and disappear Breath;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the KDF_p and described pluck Message is wanted, the first information is generated;So that the server can be tested according to the API Key prestored and the KDF_p, generation Demonstrate,prove key;And according to the Payload, the Para and the KDF_p in the authentication secret, the first information, meter Calculation is verified value, to authenticate to the first information.
Another kind communication security protection method of the embodiment of the present invention is applied to Internet of Things, which comprises
The first information that server receiving terminal is sent;The first information include: API Key, specific parameter Para, The message Payload and summary information to be transmitted;The parameter Para is that the terminal is generated according to preset first rule , the summary information is generated according to API Key, the Payload and the Para;
The API Key prestored is obtained according to the Device ID in the first information;
According to the Payload and Para in API Key prestored, the first information, validation value is calculated;
The validation value and the summary information in the first information are compared;
When the validation value is matched with the summary information, determine that the authentication is passed for the first information.
Wherein, the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, obtained according to the Device ID in the first information The step of API Key prestored.
Another communication security protection system of the embodiment of the present invention is applied to Internet of Things, and the system comprises terminal kimonos Business device:
The terminal, for generating specific parameter Para according to preset first rule;It is connect according to application programming Mouthful key A PI Key, the message Payload and the Para to be transmitted, generation summary information;According to the mark of the terminal Know Device ID, the Payload, the Para and the summary information, generate the first information and is sent to the service Device;
The server, for obtaining the API Key prestored according to the Device ID in the first information;Root According to the Payload and the Para in API Key prestored, the first information, validation value is calculated;By institute Validation value is stated to compare with the summary information in the first information;When the validation value is matched with the summary information When, determine that the authentication is passed for the first information.
The embodiment of the present invention provides a kind of terminal, is applied to Internet of Things, and the terminal includes:
First generation unit, for generating specific parameter Para according to preset first rule;
Second generation unit, for according to application programming interface key A PI Key, the message to be transmitted The Payload and Para generates summary information;
Third generation unit, for according to mark Device ID of the terminal, the Payload, the Para and The summary information generates the first information
Transmission unit, for the first information to be sent to server;So that the server is according to first letter Information in breath authenticates the first information.
Wherein, the terminal further include:
4th generation unit, for generating the first random parameter RAND according to preset Second Rule;
Correspondingly, second generation unit: for according to API Key, the message Payload to be transmitted, described The Para and RAND generates summary information;
The third generation unit: for according to mark Device ID of the terminal, Payload, described Para, the RAND and the summary information generate the first information;So that the server can be prestored according to described The Payload, the Para and the RAND in API Key, the first information, are calculated validation value, to institute The first information is stated to be authenticated.
Wherein, the terminal further include:
Detection unit, for detecting the state of the terminal;
5th generation unit, for generating second according to preset third rule when the terminal is in first state Random parameter KDF_p;According to API Key and the KDF_p, key is generated;
Correspondingly, second generation unit: for according to the key, the message Payload to be transmitted, described The Para and KDF_p generates summary information;
The third generation unit: for according to mark Device ID of the terminal, Payload, described Para, the KDF_p and the summary information generate the first information;So that the server can be prestored according to described The API Key and KDF_p generates authentication secret;And according in the authentication secret, the first information Payload, the Para and the KDF_p, are calculated validation value, to authenticate to the first information.
The embodiment of the present invention provides a kind of server, is applied to Internet of Things, and the server includes:
Receiving unit, the first information sent for receiving terminal;The first information includes: API Key, specific ginseng The message Payload and summary information for counting Para, being transmitted;The parameter Para is the terminal according to preset first rule It then generates, the summary information is generated according to API Key, the Payload and the Para;
Acquiring unit, for obtaining the API Key prestored according to the Device ID in the first information;
Computing unit, API Key for prestoring according to, Payload and Para in the first information are calculated It is verified value;
Comparison unit compares the validation value and the summary information in the first information;
Determination unit, for when the validation value is matched with the summary information, determining that the first information authentication is logical It crosses.
Wherein, the server further include:
Whether judging unit, the Para for judging in the first information meet preset condition;
The determination unit is also used to determine that the first information is attached most importance to when the Para is unsatisfactory for preset condition The information put;When the Para meets preset condition, control acquiring unit is executed according in the first information Device ID obtains the operation of the API Key prestored.
From the foregoing, it will be observed that the technical solution of the embodiment of the present invention includes: that terminal generates specifically according to preset first rule Parameter Para;It is raw according to application programming interface key A PI Key, the message Payload and the Para to be transmitted At summary information;According to mark Device ID of the terminal, the Payload, the Para and the summary information, It generates the first information and is sent to server;The server obtains pre- according to the Device ID in the first information The API Key deposited;According to the Payload and the Para in API Key prestored, the first information, calculate It is verified value;The validation value and the summary information in the first information are compared;When the validation value with When the summary information matches, determine that the authentication is passed for the first information.The embodiment of the present invention can effectively solve the problem that API as a result, The problem of key is leaked ensures communication safety.
Detailed description of the invention
Fig. 1 is the operation principle schematic diagram that cloud platform is interacted with third-party application;
Fig. 2 is the operation principle schematic diagram of cloud platform;
Fig. 3 is the transmission schematic diagram of API key in the prior art;
Fig. 4 is a kind of implementation flow chart of the first embodiment of communication security protection method provided by the invention;
Fig. 5 is a kind of implementation flow chart of the second embodiment of communication security protection method provided by the invention;
Fig. 6 is a kind of implementation flow chart of the 3rd embodiment of communication security protection method provided by the invention;
Fig. 7 is a kind of implementation flow chart of the fourth embodiment of communication security protection method provided by the invention;
Fig. 8 is the implementation flow chart of the embodiment of another communication security protection method provided by the invention;
Fig. 9 is the implementation flow chart of the embodiment of another communication security protection method provided by the invention;
Figure 10 is a kind of structural schematic diagram of the embodiment of communication security protection system provided by the invention;
Figure 11 is a kind of structural schematic diagram of the embodiment of terminal provided by the invention;
Figure 12 is a kind of structural schematic diagram of the embodiment of server provided by the invention;
Figure 13 is that information provided in an embodiment of the present invention sends schematic diagram.
Specific embodiment
A kind of first embodiment of communication security protection method provided by the invention, as shown in figure 4, it is applied to Internet of Things, The described method includes:
Step 401, terminal generate specific parameter Para according to preset first rule;
Here, terminal described herein can be internet-of-things terminal.
Step 402, according to application programming interface key A PI Key, the message Payload to be transmitted and described Para generates summary information;
Specifically, can according to application programming interface key A PI Key, the message Payload to be transmitted and The Para generates summary information by HMAC function.Such as, HMAC (Payload, API Key, Para).
Step 403, according to mark Device ID of the terminal, the Payload, the Para and the abstract Message generates the first information and is sent to server;
Specifically, the first information can be expressed as Message (Device ID, Payload, Para, HMAC (Payload,API Key,Para))。
Here, server described herein can be Internet of Things OneNet platform.
Step 404, the server obtain the API Key prestored according to the Device ID in the first information;
Here, the Device ID can be correspondingly arranged with the API Key.
Step 405, API Key prestored according to, the Payload and the Para in the first information, Validation value is calculated;
Step 406 compares the validation value and the summary information in the first information;
Step 407, when the validation value is matched with the summary information, determine that the authentication is passed for the first information.
Technical solution provided in an embodiment of the present invention can effectively solve the problem that the problem of API key is leaked as a result, guarantee logical Letter safety.
A kind of second embodiment of communication security protection method provided by the invention, as shown in figure 5, it is applied to Internet of Things, The described method includes:
Step 501, terminal generate specific parameter Para according to preset first rule;
Step 502, according to application programming interface key A PI Key, the message Payload to be transmitted and described Para generates summary information;
Specifically, can according to application programming interface key A PI Key, the message Payload to be transmitted and The Para generates summary information by HMAC function.
Step 503, according to mark Device ID of the terminal, the Payload, the Para and the abstract Message generates the first information and is sent to server;
Step 504, the server judge whether the Para in the first information meets preset condition;Work as institute When stating Para and meeting preset condition, 505 are entered step;When the Para is unsatisfactory for preset condition, 509 are entered step;
In practical applications, a list is respectively arranged in terminal and server, and the list of terminal stores different Para, clothes The list of business device is used to store the Para in the first information by authentication that terminal is sent, and the list of server is initially empty.
Terminal successively chooses Para from its list.When determining that the first information passes through verifying, the server is pressed The Para is recorded according to preset Second Rule;
Specifically, whether the Para judged in the first information meets preset condition may include:
Whether the Para for judging that the Para in the first information and the server record is identical, when identical, Then determination is Replay Attack.
Alternatively, in practical applications, a list is respectively arranged in terminal and server, and the list of terminal stores different Para, Para grow simultaneously according to time or number;The list (being initially empty) of server is used to store that terminal sends to be logical Cross the Para in the first information of authentication.
Terminal successively chooses Para from its list.When determining that the first information passes through verifying, the server is pressed The Para is recorded according to preset Second Rule;
Specifically, whether the Para judged in the first information meets preset condition may include:
Whether the Para for judging that the Para in the first information and the server record is identical or smaller, when When same or less, it is determined that be Replay Attack.
Step 505, the server obtain the API Key prestored according to the Device ID in the first information;
Step 506, API Key prestored according to, the Payload and the Para in the first information, Validation value is calculated;
Step 507 compares the validation value and the summary information in the first information;
Step 508, when the validation value is matched with the summary information, determine that the authentication is passed for the first information, tie Shu Benci process.
Step 509 determines that the first information is the information reset, and terminates this process.
As a result, technical solution provided in an embodiment of the present invention can quickly be judged according to Para the first information whether be Communication security is effectively ensured in Replay Attack.
A kind of 3rd embodiment of communication security protection method provided by the invention is applied to Internet of Things, as shown in fig. 6, The described method includes:
Step 601, terminal generate specific parameter Para according to preset first rule;
Step 602, the terminal generate the first random parameter RAND according to preset Second Rule;
Step 603 is plucked according to API Key, the message Payload to be transmitted, the Para and the RAND, generation Want message;
Specifically, can be led to according to API Key, the message Payload to be transmitted, the Para and the RAND It crosses HMAC function and generates summary information.Such as, HMAC (Payload, API key, Para | | RAND).
Step 604, according to mark Device ID of the terminal, the Payload, the Para, the RAND and The summary information generates the first information and is sent to server;
Specifically, the first information can be expressed as Message (Device ID, Payload, Para | | RAND, HMAC (Payload, API key, Para | | RAND)).
Step 605, the server obtain the API Key prestored according to the Device ID in the first information;
Step 606, API Key prestored according to, the Payload in the first information, the Para and The RAND, is calculated validation value.
Step 607 compares the validation value and the summary information in the first information;
Step 608, when the validation value is matched with the summary information, determine that the authentication is passed for the first information.
Technical solution provided in an embodiment of the present invention can also use random parameter RAND that API key is avoided to reveal as a result, into One step ensures communication safety.
A kind of fourth embodiment of communication security protection method provided by the invention is applied to Internet of Things, as shown in fig. 7, The described method includes:
Step 701, terminal generate specific parameter Para according to preset first rule;
The state of step 702, the detection terminal;
Step 703, when the terminal is in first state, according to preset third rule generate the second random parameter KDF_p;
Here, the first state refers to sends KDF_p for the first time, i.e., when internet-of-things terminal generates a piece of news.It can With understanding, non-first time, which sends KDF_p, can be the second state, i.e. internet-of-things terminal generates the message after first When.
After network side receives a piece of news, takes out KDF_p and save, then, disappear when internet-of-things terminal sends other When breath, then calculated using the KDF_p being saved.
After network side receives message, a piece of news is judged whether it is according to whether message preserves KDF_p, if without if The KDF_p for directly taking out the counterpart terminal of preservation is calculated.
Step 704, according to API Key and the KDF_p, generate key;
Step 705, according to the key, the message Payload to be transmitted, the Para and the KDF_p, generate Summary information;
Specifically, being passed through according to the key, the message Payload to be transmitted, the Para and the KDF_p HMAC function generates summary information, e.g., HMAC (Payload, f (API key, KDF_p), Para | | KDF_p).
Step 706, according to mark Device ID of the terminal, the Payload, the Para, the KDF_p with And the summary information, it generates the first information and is sent to server;
Here, the first information can be expressed as Message (Device ID, Payload, Para | | KDF_p, HMAC (Payload, f (API key, KDF_p), Para | | KDF_p)).
Step 707, the server judge whether the Para in the first information meets preset condition;Work as institute When stating Para and meeting preset condition, 708 are entered step;When the Para is unsatisfactory for preset condition, 713 are entered step;
Step 708, the server obtain the API Key prestored according to the Device ID in the first information;
Step 709, the API Key prestored according to and the KDF_p generate authentication secret;
Step 710, the Payload according in the authentication secret, the first information, the Para and described Validation value is calculated in KDF_p.
Step 711 compares the validation value and the summary information in the first information;
Step 712, when the validation value is matched with the summary information, determine that the authentication is passed for the first information, tie Shu Benci process.
Step 713 determines that the first information is the information reset, and terminates this process.
Here, it should be noted that after server receives first first information and the authentication is passed, save therein KDF_p then calculates authentication secret simultaneously using the KDF_p being saved when receiving other message that the terminal is then sent Calculate validation value.
It can be appreciated that the first information of non-first time are as follows: Message (Device ID, Payload, Para, HMAC (Payload, f (API key, KDF_p), Para))
Technical solution provided in an embodiment of the present invention can also use random parameter KDF_p that API key is avoided to let out as a result, Dew, is further ensured that communication security.
The embodiment of another kind communication security protection method provided by the invention, is applied to Internet of Things, shown in Figure 8, The described method includes:
Step 801, terminal generate specific parameter Para according to preset first rule;
Step 802, according to application programming interface key A PI Key, the message Payload to be transmitted and described Para generates summary information;
Step 803, according to mark Device ID of the terminal, the Payload, the Para and the abstract Message generates the first information and is sent to server;So that the server is according to the information in the first information to described The first information is authenticated.
In one embodiment, which comprises
Step 801, terminal generate specific parameter Para according to preset first rule;
Step 802, according to application programming interface key A PI Key, the message Payload to be transmitted and described Para generates summary information;
Step 803, according to mark Device ID of the terminal, the Payload, the Para and the abstract Message generates the first information and is sent to server;So that the server is according to the information in the first information to described The first information is authenticated.In addition, the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract Message generates the first information;So that the server can be according to the institute in API Key prestored, the first information Payload, the Para and the RAND are stated, validation value is calculated, to be authenticated to the first information.
In one embodiment, which comprises
Step 801, terminal generate specific parameter Para according to preset first rule;
Step 802, according to application programming interface key A PI Key, the message Payload to be transmitted and described Para generates summary information;
Step 803, according to mark Device ID of the terminal, the Payload, the Para and the abstract Message generates the first information and is sent to server;So that the server is according to the information in the first information to described The first information is authenticated.In addition, the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, generates abstract and disappear Breath;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the KDF_p and described pluck Message is wanted, the first information is generated;So that the server can be tested according to the API Key prestored and the KDF_p, generation Demonstrate,prove key;And according to the Payload, the Para and the KDF_p in the authentication secret, the first information, meter Calculation is verified value, to authenticate to the first information.
The embodiment of another communication security protection method provided by the invention is applied to Internet of Things, shown in Figure 9, The described method includes:
The first information that step 901, server receiving terminal are sent;The first information includes: API Key, specific Parameter Para, the message Payload to be transmitted and summary information;The parameter Para is the terminal according to preset first What rule generated, the summary information is generated according to API Key, the Payload and the Para;
Step 902 obtains the API Key prestored according to the Device ID in the first information;
Step 903, API Key prestored according to, Payload and Para in the first information, are calculated Validation value;
Step 904 compares the validation value and the summary information in the first information;
Step 905, when the validation value is matched with the summary information, determine that the authentication is passed for the first information.
In one embodiment, the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, obtained according to the Device ID in the first information The step of API Key prestored.
A kind of embodiment of communication security protection system provided by the invention is applied to Internet of Things, shown in Figure 10, institute The system of stating includes terminal and server:
The terminal 1001, for generating specific parameter Para according to preset first rule;It is compiled according to application program Journey interface secret key API Key, the message Payload to be transmitted and the Para generate summary information;According to the terminal Mark Device ID, the Payload, the Para and the summary information, generate the first information be simultaneously sent to it is described Server;
The server 1002, for obtaining the API prestored according to the Device ID in the first information Key;According to the Payload and the Para in API Key prestored, the first information, verifying is calculated Value;The validation value and the summary information in the first information are compared;When the validation value and the abstract When match messages, determine that the authentication is passed for the first information.
A kind of embodiment of terminal provided by the invention is applied to Internet of Things, and shown in Figure 11, the terminal includes:
First generation unit 1101, for generating specific parameter Para according to preset first rule;
Second generation unit 1102, for according to application programming interface key A PI Key, the message to be transmitted The Payload and Para generates summary information;
Third generation unit 1103, for mark Device ID, the Payload, the Para according to the terminal And the summary information, generate the first information
Transmission unit 1104, for the first information to be sent to server;So that the server is according to described Information in one information authenticates the first information.
In one embodiment, the terminal includes:
First generation unit 1101, for generating specific parameter Para according to preset first rule;
Second generation unit 1102, for according to application programming interface key A PI Key, the message to be transmitted The Payload and Para generates summary information;
Third generation unit 1103, for mark Device ID, the Payload, the Para according to the terminal And the summary information, generate the first information
Transmission unit 1104, for the first information to be sent to server;So that the server is according to described Information in one information authenticates the first information.In addition, the terminal further include:
4th generation unit 1105, for generating the first random parameter RAND according to preset Second Rule;
Correspondingly, second generation unit: for according to API Key, the message Payload to be transmitted, described The Para and RAND generates summary information;
The third generation unit 1103: for according to mark Device ID of the terminal, Payload, described Para, the RAND and the summary information generate the first information;So that the server can be prestored according to described The Payload, the Para and the RAND in API Key, the first information, are calculated validation value, to institute The first information is stated to be authenticated.
In one embodiment, the terminal includes:
First generation unit 1101, for generating specific parameter Para according to preset first rule;
Second generation unit 1102, for according to application programming interface key A PI Key, the message to be transmitted The Payload and Para generates summary information;
Third generation unit 1103, for mark Device ID, the Payload, the Para according to the terminal And the summary information, generate the first information
Transmission unit 1104, for the first information to be sent to server;So that the server is according to described Information in one information authenticates the first information.In addition, the terminal further include:
Detection unit 1106, for detecting the state of the terminal;
5th generation unit 1107, for being generated according to preset third rule when the terminal is in first state Second random parameter KDF_p;According to API Key and the KDF_p, key is generated;
Correspondingly, second generation unit 1102: for according to the key, the message Payload to be transmitted, institute The Para and KDF_p is stated, summary information is generated;
The third generation unit 1103: for according to mark Device ID of the terminal, Payload, described Para, the KDF_p and the summary information generate the first information;So that the server can be prestored according to described The API Key and KDF_p generates authentication secret;And according in the authentication secret, the first information Payload, the Para and the KDF_p, are calculated validation value, to authenticate to the first information.
In practical application, above-mentioned each unit can be by central processing unit (CPU, the Central Processing in terminal Unit), digital signal processor (DSP, Digital Signal Processor) or field programmable gate array (FPGA, Field-Programmable Gate Array) it realizes.
A kind of embodiment of server provided by the invention is applied to Internet of Things, shown in Figure 12, the server packet It includes:
Receiving unit 1201, the first information sent for receiving terminal;The first information includes: API Key, specific Parameter Para, the message Payload and summary information to be transmitted;The parameter Para is the terminal according to preset What one rule generated, the summary information is generated according to API Key, the Payload and the Para;
Acquiring unit 1202, for obtaining the API Key prestored according to the Device ID in the first information;
Computing unit 1203, API Key for being prestored according to, Payload and Para in the first information, Validation value is calculated;
Comparison unit 1204 compares the validation value and the summary information in the first information;
Determination unit 1205, for when the validation value is matched with the summary information, determining the first information mirror Power passes through.
In one embodiment, the server further include:
Whether judging unit 1206, the Para for judging in the first information meet preset condition;
The determination unit 1205 is also used to determine the first information when the Para is unsatisfactory for preset condition For the information of playback;When the Para meets preset condition, control acquiring unit is executed according in the first information The Device ID obtains the operation of the API Key prestored.
In practical application, above-mentioned each unit can be by central processing unit (CPU, the Central Processing in server Unit), digital signal processor (DSP, Digital Signal Processor) or field programmable gate array (FPGA, Field-Programmable Gate Array) it realizes.
Combined with specific embodiments below, the embodiment of the present invention is described further in application scenarios and attached drawing.
The present embodiments relate to internet-of-things terminal, Internet of Things OneNet platform and relevant device.
The main technical schemes of the embodiment of the present invention be change API Key plain text transmit method so that attacker without Method obtains API key.At the same time, additionally it is possible to guarantee that OneNet platform can effectively identify the identity of internet-of-things terminal equipment. So internet-of-things terminal passes through in message in embodiments of the present invention when internet-of-things terminal and OneNet Platform communication Device ID identify terminal, message to be sent, and directly or indirectly made a summary to the processing of message using API key It is sent to network side together.Network side recycles same API key to verify abstract.And then during according to Same format sends message.
For this purpose, the message transmission mode between internet-of-things terminal equipment and OneNet platform becomes:
1, set device ID (Device ID) identifies internet-of-things terminal with Device ID, while by Device ID and end Hold API key binding.
2, when internet-of-things terminal and OneNet Platform communication, internet-of-things terminal is when generating message, no longer directly API key is written, but:
A, increase Device ID in the message,
B, specific parameter Para is generated
C, according to API key, Para, and the message Payload to be transmitted generates summary info
Then above- mentioned information are combined into new message together with Payload by terminal
3, terminal sends the message to network side, at this point, being used to that the API key of sender of the message is marked to become Device ID。
4, network side needs after receiving message according to the determining hair of Device ID for replacing API key mark informed source Then the person of sending obtains corresponding API key from local, judge that Para entrained in message whether may be used further according to corresponding rule To receive.If cannot receive, that is, thinks that message is the message reset, stop treatment process.If can receive, recycle Payload and Para in message calculate validation value, finally compare with the summary info carried in message, identical, pass through Verifying.And according to corresponding regular record Para.
Para parameter is to guarantee to reset after message is not intercepted and captured by third party, it is therefore desirable to be added in abstract relevant Parameter is to avoid Replay Attack.
During message generates, the processing of API key can have following different embodiment:
Embodiment 1: directly message is handled using API key, therefore message body specifically:
Message (Device ID, Payload, Para, HMAC (Payload, API Key, Para))
I.e. internet-of-things terminal is shown in Figure 13 when generating message, and Device ID is written in the message, generates specific Parameter Para, according to API key, Para, and the message Payload to be transmitted generates summary info by HMAC function H (i.e. H=HMAC (Payload, API Key, Para)).Then above- mentioned information are combined into newly by terminal together with Payload Message
After network side receives message, according to same algorithm calculate H '=HMAC (Payload, API Key, Para), H and H ' is compared, thinks that message is correct if consistent, otherwise directly abandons the message
Embodiment 2: in order to avoid a large amount of reuses of API key cause API key to be cracked, can be increased using additional Add the mode of random number that API key is avoided to be leaked, therefore message body specifically:
Message (Device ID, Payload, Para | | RAND, HMAC (Payload, API key, Para | | RAND))
That is Device ID is written in the message, generates specific parameter Para when generating message for internet-of-things terminal, with And the random parameter RAND being randomly generated.Terminal passes through according to API key, Para, RAND and the message Payload to be transmitted HMAC function generates summary info H.Then above- mentioned information are combined into new message together with Payload by terminal.
After network side receives message, H is calculated according to same algorithm, compares H and H ', thinks message if consistent Correctly, the message is otherwise directly abandoned
Embodiment 3:, can be using utilization in order to avoid a large amount of reuses of API key cause API key to be cracked API key, which generates session key and key generation parameters are sent past mode in first time, avoids API key from being leaked, because This message body specifically:
For the first time: Message (Device ID, Payload, Para | | KDF_p, HMAC (Payload, f (API key, KDF_p), Para | | KDF_p))
Non-first time: Message (Device ID, Payload, Para, HMAC (Payload, f (API key, KDF_ P), Para))
That is when generating a piece of news, generation random parameter KDF_p first is simultaneously saved internet-of-things terminal, is then utilized API key and KDF_p are calculated and are generated new key f (API key, KDF_p), and Device ID is written in the message, are generated special Fixed parameter Para, and the random parameter KDF_p being randomly generated.Terminal is according to API key, Para, KDF_p, and is wanted The message Payload of transmitting generates summary info H by HMAC function.Then terminal is by above- mentioned information together with Payload It is combined into new message.
After network side receives a piece of news, takes out KDF_p and save, then equally calculate f (API key, KDF_p) H is calculated according to same algorithm, compares H and H ', thinks that message is correct if consistent, otherwise directly abandons the message.
Then, it when internet-of-things terminal sends other message, is then calculated using the KDF_p being saved and generates key f (API key, KDF_p) simultaneously calculates H.
After network side receives message, a piece of news is judged whether it is according to whether message preserves KDF_p, if without if The KDF_p for directly taking out the counterpart terminal of preservation calculates H ', compares H and H ', thinks that message is correct if consistent, otherwise directly Abandon the message.
For the parameter designing of preventing playback attack, different embodiments can have:
Embodiment 1:M2M terminal and OneNet cloud platform respectively retain the list of a regular length, send for storing The parameter Para to come over, and compared in the parameter for receiving new Para and reservation, if identical, then it is assumed that be to reset to attack It hits.After list, which retains Para, has expired, then the Para received earliest in the different Para covering tabulations that newly receive, such as Shown in lower:
OneNet platform (assuming that list length is 5):
Before receiving message: list (NULL, NULL, NULL, NULL, NULL)
Receive a piece of news: list (Para1, NULL, NULL, NULL, NULL)
It receives Article 2 message: first determining whether Para2<>Para1, otherwise judgement is reset, refuse information.Then list Become (Para1, Para2, NULL, NULL, NULL)
Receive Article 3 message: list (Para1, Para2, Para3, NULL, NULL)
And so on
Receive Article 5 message: list (Para1, Para2, Para3, Para4, Para5)
Receive Article 6 message: list (Para6, Para2, Para3, Para4, Para5)
Receive Article 7 message: list (Para6, Para7, Para3, Para4, Para5)
And so on, details are not described herein again.
Embodiment 2:M2M terminal and OneNet cloud platform respectively retain a list, for storing the parameter sended over Para simultaneously retains the regular hour, and compares in the parameter for receiving new Para and reservation, if identical, then it is assumed that is weight Put attack.It expires, is then removed from list when list retains the Para time.It is as follows:
OneNet platform (assuming that list setting time is 60 seconds):
Before receiving message: list ()
Receive a piece of news: list (Para1:60)
Article 2 message is received after 2 seconds: first determining whether Para2<>Para1, and otherwise judgement is reset, refuse information.Then List becomes (Para1:58, Para2:60)
And so on
Receive within 59th second nth message: list (Para1:1, Para2:3 ..., Para_n:60)
Delete overdue parameter after 60th second: list (Para2:2 ..., Para_n:59)
Delete overdue parameter after 62nd second: list (Para3:x ..., Para_n:57)
And so on, details are not described herein again.
Embodiment 3: parameter Para grows simultaneously according to time or number, and retention parameter simultaneously is used to compare, and is receiving The parameter of new Para and reservation compare, if the Para received is more identical or smaller than preservation, then it is assumed that are weights Put attack.It is as follows:
OneNet platform (assuming that list setting time is 60 seconds):
Before receiving message: list ()
Receive a piece of news: list (1)
When receiving Article 2 message, first determine whether Para is greater than 1, if it is not, then Replay Attack.If it is, list(2)
And so on, details are not described herein again.
Technical solution provided in an embodiment of the present invention, which can be realized in communication process, provides information security using API key, And it can ensure that API key not will be leaked.
Shown in sum up, technical solution provided in an embodiment of the present invention can prevent malicious attacker from illegally getting API Key, while can be identified for that corresponding equipment, additionally it is possible to prevent Replay Attack.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, the shape of hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the present invention Formula.Moreover, the present invention, which can be used, can use storage in the computer that one or more wherein includes computer usable program code The form for the computer program product implemented on medium (including but not limited to magnetic disk storage and optical memory etc.).
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.

Claims (16)

1. a kind of communication security protection method, which is characterized in that be applied to Internet of Things, which comprises
Terminal generates specific parameter Para according to preset first rule;
It is plucked according to application programming interface key A PI Key, the message Payload to be transmitted and the Para, generation Want message;
According to mark Device ID of the terminal, the Payload, the Para and the summary information, first is generated Information is simultaneously sent to server;
The server obtains the API Key prestored according to the Device ID in the first information;
According to the Payload and the Para in API Key prestored, the first information, verifying is calculated Value;
The validation value and the summary information in the first information are compared;
When the validation value is matched with the summary information, determine that the authentication is passed for the first information.
2. the method according to claim 1, wherein the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, prestored according to the Device ID acquisition in the first information API Key the step of.
3. method according to claim 1 or 2, which is characterized in that the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
Disappeared according to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract Breath generates the first information;
The validation value that is calculated includes:
According to the Payload, the Para and the RAND in API Key prestored, the first information, calculate It is verified value.
4. method according to claim 1 or 2, which is characterized in that the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, summary information is generated;
The generation first information includes:
Disappeared according to mark Device ID of the terminal, the Payload, the Para, the KDF_p and the abstract Breath generates the first information;
The validation value that is calculated includes:
According to the API Key and the KDF_p prestored, authentication secret is generated;
According to the Payload, the Para and the KDF_p in the authentication secret, the first information, it is calculated Validation value.
5. method according to claim 1 or 2, which is characterized in that the generation summary information includes:
Summary information is generated by HMAC function.
6. a kind of communication security protection method, which is characterized in that be applied to Internet of Things, which comprises
Terminal generates specific parameter Para according to preset first rule;
It is plucked according to application programming interface key A PI Key, the message Payload to be transmitted and the Para, generation Want message;
According to mark Device ID of the terminal, the Payload, the Para and the summary information, first is generated Information is simultaneously sent to server;So that the server reflects to the first information according to the information in the first information Power.
7. according to the method described in claim 6, it is characterized in that, the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
Disappeared according to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract Breath generates the first information;So that the server can according to API Key prestored, in the first information described in Payload, the Para and the RAND, are calculated validation value, to authenticate to the first information.
8. according to the method described in claim 6, it is characterized in that, the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, summary information is generated;
The generation first information includes:
Disappeared according to mark Device ID of the terminal, the Payload, the Para, the KDF_p and the abstract Breath generates the first information;So that the server can generate authentication secret according to the API Key and the KDF_p prestored; And according to the Payload, the Para and the KDF_p in the authentication secret, the first information, it is calculated and tests Card value, to be authenticated to the first information.
9. a kind of communication security protection method, which is characterized in that be applied to Internet of Things, which comprises
The first information that server receiving terminal is sent;The first information includes: API Key, specific parameter Para, is wanted The message Payload and summary information of transmitting;The parameter Para is that the terminal is generated according to preset first rule, institute Stating summary information is generated according to API Key, the Payload and the Para;
The API Key prestored is obtained according to the Device ID in the first information;
According to the Payload and Para in API Key prestored, the first information, validation value is calculated;
The validation value and the summary information in the first information are compared;
When the validation value is matched with the summary information, determine that the authentication is passed for the first information.
10. according to the method described in claim 9, it is characterized in that, the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, prestored according to the Device ID acquisition in the first information API Key the step of.
11. a kind of communication security protection system, which is characterized in that be applied to Internet of Things, the system comprises terminal and servers:
The terminal, for generating specific parameter Para according to preset first rule;It is close according to application programming interface Key API Key, the message Payload to be transmitted and the Para generate summary information;According to the mark of the terminal Device ID, the Payload, the Para and the summary information generate the first information and are sent to the service Device;
The server, for obtaining the API Key prestored according to the Device ID in the first information;According to institute API Key prestored, the Payload and the Para in the first information are stated, validation value is calculated;It is tested described Card value is compared with the summary information in the first information;When the validation value is matched with the summary information, Determine that the authentication is passed for the first information.
12. a kind of terminal, which is characterized in that be applied to Internet of Things, the terminal includes:
First generation unit, for generating specific parameter Para according to preset first rule;
Second generation unit, for according to application programming interface key A PI Key, the message Payload to be transmitted with And the Para, generate summary information;
Third generation unit, for according to mark Device ID of the terminal, the Payload, the Para and described Summary information generates the first information
Transmission unit, for the first information to be sent to server;So that the server is according in the first information Information the first information is authenticated.
13. terminal according to claim 12, which is characterized in that the terminal further include:
4th generation unit, for generating the first random parameter RAND according to preset Second Rule;
Correspondingly, second generation unit: for according to API Key, the message Payload to be transmitted, the Para with And the RAND, generate summary information;
The third generation unit: for according to mark Device ID of the terminal, the Payload, the Para, institute RAND and the summary information are stated, the first information is generated;So that the server can be according to API Key, described prestored The Payload, the Para and the RAND in the first information, are calculated validation value, with to the first information into Row authentication.
14. terminal according to claim 12, which is characterized in that the terminal further include:
Detection unit, for detecting the state of the terminal;
5th generation unit, for it is random to generate second according to preset third rule when the terminal is in first state Parameter KDF_p;According to API Key and the KDF_p, key is generated;
Correspondingly, second generation unit: for according to the key, the message Payload to be transmitted, the Para with And the KDF_p, generate summary information;
The third generation unit: for according to mark Device ID of the terminal, the Payload, the Para, institute KDF_p and the summary information are stated, the first information is generated;So that the server can be according to the API Key and institute prestored KDF_p is stated, authentication secret is generated;And according to the Payload, the Para in the authentication secret, the first information With the KDF_p, validation value is calculated, to authenticate to the first information.
15. a kind of server, which is characterized in that be applied to Internet of Things, the server includes:
Receiving unit, the first information sent for receiving terminal;The first information includes: API Key, specific parameter Para, the message Payload to be transmitted and summary information;The parameter Para is the terminal according to preset first rule It generates, the summary information is generated according to API Key, the Payload and the Para;
Acquiring unit, for obtaining the API Key prestored according to the Device ID in the first information;
Computing unit, API Key for prestoring according to, Payload and Para in the first information, is calculated Validation value;
Comparison unit compares the validation value and the summary information in the first information;
Determination unit, for determining that the authentication is passed for the first information when the validation value is matched with the summary information.
16. server according to claim 15, which is characterized in that the server further include:
Whether judging unit, the Para for judging in the first information meet preset condition;
The determination unit is also used to when the Para is unsatisfactory for preset condition, determines that the first information is to reset Information;When the Para meets preset condition, control acquiring unit is executed according in the first information Device ID obtains the operation of the API Key prestored.
CN201510609796.5A 2015-09-22 2015-09-22 A kind of communication security protection methods, devices and systems Active CN106549924B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510609796.5A CN106549924B (en) 2015-09-22 2015-09-22 A kind of communication security protection methods, devices and systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510609796.5A CN106549924B (en) 2015-09-22 2015-09-22 A kind of communication security protection methods, devices and systems

Publications (2)

Publication Number Publication Date
CN106549924A CN106549924A (en) 2017-03-29
CN106549924B true CN106549924B (en) 2019-06-28

Family

ID=58364444

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510609796.5A Active CN106549924B (en) 2015-09-22 2015-09-22 A kind of communication security protection methods, devices and systems

Country Status (1)

Country Link
CN (1) CN106549924B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108737485B (en) * 2017-04-25 2021-05-11 中移物联网有限公司 Method and system for operating resources of Internet of things
CN110730063B (en) * 2018-07-16 2022-11-11 中国电信股份有限公司 Security verification method and system, internet of things platform, terminal and readable storage medium
CN109639672A (en) * 2018-12-11 2019-04-16 北京首汽智行科技有限公司 The method and system for preventing Replay Attack based on JWT data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1980121A (en) * 2005-11-29 2007-06-13 北京书生国际信息技术有限公司 Electronic signing mobile terminal, system and method
CN101854377A (en) * 2010-01-25 2010-10-06 杭州东信北邮信息技术有限公司 Information platform system supporting wireless terminal and implementation method thereof
CN103166931A (en) * 2011-12-15 2013-06-19 华为技术有限公司 Method, device and system of transmitting data safely
CN103441989A (en) * 2013-08-05 2013-12-11 大唐移动通信设备有限公司 Authentication and information processing method and device
CN103532963A (en) * 2013-10-22 2014-01-22 中国联合网络通信集团有限公司 IOT (Internet of Things) based equipment authentication method, device and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1980121A (en) * 2005-11-29 2007-06-13 北京书生国际信息技术有限公司 Electronic signing mobile terminal, system and method
CN101854377A (en) * 2010-01-25 2010-10-06 杭州东信北邮信息技术有限公司 Information platform system supporting wireless terminal and implementation method thereof
CN103166931A (en) * 2011-12-15 2013-06-19 华为技术有限公司 Method, device and system of transmitting data safely
CN103441989A (en) * 2013-08-05 2013-12-11 大唐移动通信设备有限公司 Authentication and information processing method and device
CN103532963A (en) * 2013-10-22 2014-01-22 中国联合网络通信集团有限公司 IOT (Internet of Things) based equipment authentication method, device and system

Also Published As

Publication number Publication date
CN106549924A (en) 2017-03-29

Similar Documents

Publication Publication Date Title
CN109246053B (en) Data communication method, device, equipment and storage medium
CN107749848B (en) Internet of things data processing method and device and Internet of things system
KR101508360B1 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
WO2016188290A1 (en) Safety authentication method, device and system for api calling
CN107579991B (en) Method for performing cloud protection authentication on client, server and client
CN106685973B (en) Remember method and device, log-in control method and the device of log-on message
CN109309565A (en) A kind of method and device of safety certification
CN102572815B (en) Method, system and device for processing terminal application request
CN107612889B (en) Method for preventing user information leakage
CN104883367B (en) A kind of method, system and applications client that auxiliary verification logs in
CN109688098B (en) Method, device and equipment for secure communication of data and computer readable storage medium
CN109474916A (en) A kind of device authentication method, apparatus and machine readable media
US20160241536A1 (en) System and methods for user authentication across multiple domains
WO2015003503A1 (en) Network device, terminal device and information security improving method
US9398024B2 (en) System and method for reliably authenticating an appliance
CN108111497A (en) Video camera and server inter-authentication method and device
CN104243419A (en) Data processing method, device and system based on secure shell protocol
CN109729000B (en) Instant messaging method and device
CN106549924B (en) A kind of communication security protection methods, devices and systems
CN105743854A (en) Security authentication system and method
CN105208041A (en) HOOK-based cloud storage application encryption data packet cracking method
CN104243452B (en) A kind of cloud computing access control method and system
CN104038490A (en) Communication safety verification method and device thereof
CN109698806B (en) User data verification method and system
CN109218334A (en) Data processing method, device, access control equipment, certificate server and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant