CN106549924B - A kind of communication security protection methods, devices and systems - Google Patents
A kind of communication security protection methods, devices and systems Download PDFInfo
- Publication number
- CN106549924B CN106549924B CN201510609796.5A CN201510609796A CN106549924B CN 106549924 B CN106549924 B CN 106549924B CN 201510609796 A CN201510609796 A CN 201510609796A CN 106549924 B CN106549924 B CN 106549924B
- Authority
- CN
- China
- Prior art keywords
- information
- para
- payload
- terminal
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of communication security protection methods, devices and systems, wherein the described method includes: terminal generates specific parameter Para according to preset first rule;According to application programming interface key A PI Key, the message Payload and the Para to be transmitted, summary information is generated;According to mark Device ID of the terminal, the Payload, the Para and the summary information, generates the first information and be sent to server;The server obtains the API Key prestored according to the Device ID in the first information;According to the Payload and the Para in API Key prestored, the first information, validation value is calculated;The validation value and the summary information in the first information are compared;When the validation value is matched with the summary information, determine that the authentication is passed for the first information.
Description
Technical field
The present invention relates to computer technology more particularly to a kind of communication security protection methods, devices and systems.
Background technique
In general, Internet of Things company developing and opening cloud platform, shown in Figure 1, third-party application is grasped by http client
Make the resource that open cloud platform provides;Equipment realizes the RestFUL interface that OneNet is provided, and business datum is packaged into open flat
The format transmission that platform requires is stored to OneNet.When third-party application needs business datum, obtained by RestFUL interface
It takes.
Shown in Figure 2, platform provides equipment (device), data flow (datastream), data point
(datapoint), the resources such as trigger (trigger), API key can look into platform progress additions and deletions by REST API and change
Operation.
Each platform user can create the list of devices of oneself, set device association attributes;It, can be under each equipment
Create multiple data flows;Data flow is the data point that certain one kind stores in chronological order;Data point is then with timestamp for key,
Any json data type is key-value pair of value;For each data flow, it can set and data point is monitored
Trigger;Key is the permission whether for regulation user with operation related resource, refine to data flow rank;Use standard
HTTP method realizes resource operation.
Illustrate that shown in Figure 3, API key is with " api-key:xxxx-ffff-zzzzz " according to specification in the prior art
Format be placed in HTTP header information, sent with clear-text way.According to design principle, API key is for Internet of Things
The key of OneNet cloud platform identification internet-of-things terminal equipment identities.But the key is sent by clear-text way, is cut in attacker
When obtaining related news, it can directly parse and obtain API key, and then attacker can be used same API key and pretend to be Internet of Things
Terminal sends spoofing, so that Internet of Things OneNet cloud platform receives feedback information or the request of mistake.
Traditional solution is to encrypt to API key, but will be unable to solve asking for equipment identification after encrypting
Topic, and the problem of being played out after message is trapped can be faced.
Or traditional solution is the verifying completed by challenge/response class process to user identity and then leads to
It crosses while the session key generated protects subsequent message.But this method will bring additional process and key
It calculates, it will lead to the expense that equipment is additional, resource-constrained equipment cost this for the terminal of Internet of Things is huge.
Summary of the invention
To solve existing technical problem, the embodiment of the present invention provide a kind of communication security protection method, apparatus and
System.
The embodiment of the present invention provides a kind of communication security protection method, is applied to Internet of Things, which comprises
Terminal generates specific parameter Para according to preset first rule;
It is raw according to application programming interface key A PI Key, the message Payload and the Para to be transmitted
At summary information;
According to mark Device ID of the terminal, the Payload, the Para and the summary information, generate
The first information is simultaneously sent to server;
The server obtains the API Key prestored according to the Device ID in the first information;
According to the Payload and the Para in API Key prestored, the first information, it is calculated
Validation value;
The validation value and the summary information in the first information are compared;
When the validation value is matched with the summary information, determine that the authentication is passed for the first information.
Wherein, the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, obtained according to the Device ID in the first information
The step of API Key prestored.
Wherein, the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract
Message generates the first information;
The validation value that is calculated includes:
According to the Payload, the Para and the RAND in API Key prestored, the first information,
Validation value is calculated.
Wherein, the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, generates abstract and disappear
Breath;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the KDF_p and described pluck
Message is wanted, the first information is generated;
The validation value that is calculated includes:
According to the API Key and the KDF_p prestored, authentication secret is generated;
According to the Payload, the Para and the KDF_p in the authentication secret, the first information, calculate
It is verified value.
Wherein, the generation summary information includes:
Summary information is generated by HMAC function.
The embodiment of the present invention provides a kind of communication security protection method, is applied to Internet of Things, which comprises
Terminal generates specific parameter Para according to preset first rule;
It is raw according to application programming interface key A PI Key, the message Payload and the Para to be transmitted
At summary information;
According to mark Device ID of the terminal, the Payload, the Para and the summary information, generate
The first information is simultaneously sent to server;So that the server according to the information in the first information to the first information into
Row authentication.
Wherein, the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract
Message generates the first information;So that the server can be according to the institute in API Key prestored, the first information
Payload, the Para and the RAND are stated, validation value is calculated, to be authenticated to the first information.
Wherein, the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, generates abstract and disappear
Breath;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the KDF_p and described pluck
Message is wanted, the first information is generated;So that the server can be tested according to the API Key prestored and the KDF_p, generation
Demonstrate,prove key;And according to the Payload, the Para and the KDF_p in the authentication secret, the first information, meter
Calculation is verified value, to authenticate to the first information.
Another kind communication security protection method of the embodiment of the present invention is applied to Internet of Things, which comprises
The first information that server receiving terminal is sent;The first information include: API Key, specific parameter Para,
The message Payload and summary information to be transmitted;The parameter Para is that the terminal is generated according to preset first rule
, the summary information is generated according to API Key, the Payload and the Para;
The API Key prestored is obtained according to the Device ID in the first information;
According to the Payload and Para in API Key prestored, the first information, validation value is calculated;
The validation value and the summary information in the first information are compared;
When the validation value is matched with the summary information, determine that the authentication is passed for the first information.
Wherein, the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, obtained according to the Device ID in the first information
The step of API Key prestored.
Another communication security protection system of the embodiment of the present invention is applied to Internet of Things, and the system comprises terminal kimonos
Business device:
The terminal, for generating specific parameter Para according to preset first rule;It is connect according to application programming
Mouthful key A PI Key, the message Payload and the Para to be transmitted, generation summary information;According to the mark of the terminal
Know Device ID, the Payload, the Para and the summary information, generate the first information and is sent to the service
Device;
The server, for obtaining the API Key prestored according to the Device ID in the first information;Root
According to the Payload and the Para in API Key prestored, the first information, validation value is calculated;By institute
Validation value is stated to compare with the summary information in the first information;When the validation value is matched with the summary information
When, determine that the authentication is passed for the first information.
The embodiment of the present invention provides a kind of terminal, is applied to Internet of Things, and the terminal includes:
First generation unit, for generating specific parameter Para according to preset first rule;
Second generation unit, for according to application programming interface key A PI Key, the message to be transmitted
The Payload and Para generates summary information;
Third generation unit, for according to mark Device ID of the terminal, the Payload, the Para and
The summary information generates the first information
Transmission unit, for the first information to be sent to server;So that the server is according to first letter
Information in breath authenticates the first information.
Wherein, the terminal further include:
4th generation unit, for generating the first random parameter RAND according to preset Second Rule;
Correspondingly, second generation unit: for according to API Key, the message Payload to be transmitted, described
The Para and RAND generates summary information;
The third generation unit: for according to mark Device ID of the terminal, Payload, described
Para, the RAND and the summary information generate the first information;So that the server can be prestored according to described
The Payload, the Para and the RAND in API Key, the first information, are calculated validation value, to institute
The first information is stated to be authenticated.
Wherein, the terminal further include:
Detection unit, for detecting the state of the terminal;
5th generation unit, for generating second according to preset third rule when the terminal is in first state
Random parameter KDF_p;According to API Key and the KDF_p, key is generated;
Correspondingly, second generation unit: for according to the key, the message Payload to be transmitted, described
The Para and KDF_p generates summary information;
The third generation unit: for according to mark Device ID of the terminal, Payload, described
Para, the KDF_p and the summary information generate the first information;So that the server can be prestored according to described
The API Key and KDF_p generates authentication secret;And according in the authentication secret, the first information
Payload, the Para and the KDF_p, are calculated validation value, to authenticate to the first information.
The embodiment of the present invention provides a kind of server, is applied to Internet of Things, and the server includes:
Receiving unit, the first information sent for receiving terminal;The first information includes: API Key, specific ginseng
The message Payload and summary information for counting Para, being transmitted;The parameter Para is the terminal according to preset first rule
It then generates, the summary information is generated according to API Key, the Payload and the Para;
Acquiring unit, for obtaining the API Key prestored according to the Device ID in the first information;
Computing unit, API Key for prestoring according to, Payload and Para in the first information are calculated
It is verified value;
Comparison unit compares the validation value and the summary information in the first information;
Determination unit, for when the validation value is matched with the summary information, determining that the first information authentication is logical
It crosses.
Wherein, the server further include:
Whether judging unit, the Para for judging in the first information meet preset condition;
The determination unit is also used to determine that the first information is attached most importance to when the Para is unsatisfactory for preset condition
The information put;When the Para meets preset condition, control acquiring unit is executed according in the first information
Device ID obtains the operation of the API Key prestored.
From the foregoing, it will be observed that the technical solution of the embodiment of the present invention includes: that terminal generates specifically according to preset first rule
Parameter Para;It is raw according to application programming interface key A PI Key, the message Payload and the Para to be transmitted
At summary information;According to mark Device ID of the terminal, the Payload, the Para and the summary information,
It generates the first information and is sent to server;The server obtains pre- according to the Device ID in the first information
The API Key deposited;According to the Payload and the Para in API Key prestored, the first information, calculate
It is verified value;The validation value and the summary information in the first information are compared;When the validation value with
When the summary information matches, determine that the authentication is passed for the first information.The embodiment of the present invention can effectively solve the problem that API as a result,
The problem of key is leaked ensures communication safety.
Detailed description of the invention
Fig. 1 is the operation principle schematic diagram that cloud platform is interacted with third-party application;
Fig. 2 is the operation principle schematic diagram of cloud platform;
Fig. 3 is the transmission schematic diagram of API key in the prior art;
Fig. 4 is a kind of implementation flow chart of the first embodiment of communication security protection method provided by the invention;
Fig. 5 is a kind of implementation flow chart of the second embodiment of communication security protection method provided by the invention;
Fig. 6 is a kind of implementation flow chart of the 3rd embodiment of communication security protection method provided by the invention;
Fig. 7 is a kind of implementation flow chart of the fourth embodiment of communication security protection method provided by the invention;
Fig. 8 is the implementation flow chart of the embodiment of another communication security protection method provided by the invention;
Fig. 9 is the implementation flow chart of the embodiment of another communication security protection method provided by the invention;
Figure 10 is a kind of structural schematic diagram of the embodiment of communication security protection system provided by the invention;
Figure 11 is a kind of structural schematic diagram of the embodiment of terminal provided by the invention;
Figure 12 is a kind of structural schematic diagram of the embodiment of server provided by the invention;
Figure 13 is that information provided in an embodiment of the present invention sends schematic diagram.
Specific embodiment
A kind of first embodiment of communication security protection method provided by the invention, as shown in figure 4, it is applied to Internet of Things,
The described method includes:
Step 401, terminal generate specific parameter Para according to preset first rule;
Here, terminal described herein can be internet-of-things terminal.
Step 402, according to application programming interface key A PI Key, the message Payload to be transmitted and described
Para generates summary information;
Specifically, can according to application programming interface key A PI Key, the message Payload to be transmitted and
The Para generates summary information by HMAC function.Such as, HMAC (Payload, API Key, Para).
Step 403, according to mark Device ID of the terminal, the Payload, the Para and the abstract
Message generates the first information and is sent to server;
Specifically, the first information can be expressed as Message (Device ID, Payload, Para, HMAC
(Payload,API Key,Para))。
Here, server described herein can be Internet of Things OneNet platform.
Step 404, the server obtain the API Key prestored according to the Device ID in the first information;
Here, the Device ID can be correspondingly arranged with the API Key.
Step 405, API Key prestored according to, the Payload and the Para in the first information,
Validation value is calculated;
Step 406 compares the validation value and the summary information in the first information;
Step 407, when the validation value is matched with the summary information, determine that the authentication is passed for the first information.
Technical solution provided in an embodiment of the present invention can effectively solve the problem that the problem of API key is leaked as a result, guarantee logical
Letter safety.
A kind of second embodiment of communication security protection method provided by the invention, as shown in figure 5, it is applied to Internet of Things,
The described method includes:
Step 501, terminal generate specific parameter Para according to preset first rule;
Step 502, according to application programming interface key A PI Key, the message Payload to be transmitted and described
Para generates summary information;
Specifically, can according to application programming interface key A PI Key, the message Payload to be transmitted and
The Para generates summary information by HMAC function.
Step 503, according to mark Device ID of the terminal, the Payload, the Para and the abstract
Message generates the first information and is sent to server;
Step 504, the server judge whether the Para in the first information meets preset condition;Work as institute
When stating Para and meeting preset condition, 505 are entered step;When the Para is unsatisfactory for preset condition, 509 are entered step;
In practical applications, a list is respectively arranged in terminal and server, and the list of terminal stores different Para, clothes
The list of business device is used to store the Para in the first information by authentication that terminal is sent, and the list of server is initially empty.
Terminal successively chooses Para from its list.When determining that the first information passes through verifying, the server is pressed
The Para is recorded according to preset Second Rule;
Specifically, whether the Para judged in the first information meets preset condition may include:
Whether the Para for judging that the Para in the first information and the server record is identical, when identical,
Then determination is Replay Attack.
Alternatively, in practical applications, a list is respectively arranged in terminal and server, and the list of terminal stores different
Para, Para grow simultaneously according to time or number;The list (being initially empty) of server is used to store that terminal sends to be logical
Cross the Para in the first information of authentication.
Terminal successively chooses Para from its list.When determining that the first information passes through verifying, the server is pressed
The Para is recorded according to preset Second Rule;
Specifically, whether the Para judged in the first information meets preset condition may include:
Whether the Para for judging that the Para in the first information and the server record is identical or smaller, when
When same or less, it is determined that be Replay Attack.
Step 505, the server obtain the API Key prestored according to the Device ID in the first information;
Step 506, API Key prestored according to, the Payload and the Para in the first information,
Validation value is calculated;
Step 507 compares the validation value and the summary information in the first information;
Step 508, when the validation value is matched with the summary information, determine that the authentication is passed for the first information, tie
Shu Benci process.
Step 509 determines that the first information is the information reset, and terminates this process.
As a result, technical solution provided in an embodiment of the present invention can quickly be judged according to Para the first information whether be
Communication security is effectively ensured in Replay Attack.
A kind of 3rd embodiment of communication security protection method provided by the invention is applied to Internet of Things, as shown in fig. 6,
The described method includes:
Step 601, terminal generate specific parameter Para according to preset first rule;
Step 602, the terminal generate the first random parameter RAND according to preset Second Rule;
Step 603 is plucked according to API Key, the message Payload to be transmitted, the Para and the RAND, generation
Want message;
Specifically, can be led to according to API Key, the message Payload to be transmitted, the Para and the RAND
It crosses HMAC function and generates summary information.Such as, HMAC (Payload, API key, Para | | RAND).
Step 604, according to mark Device ID of the terminal, the Payload, the Para, the RAND and
The summary information generates the first information and is sent to server;
Specifically, the first information can be expressed as Message (Device ID, Payload, Para | | RAND,
HMAC (Payload, API key, Para | | RAND)).
Step 605, the server obtain the API Key prestored according to the Device ID in the first information;
Step 606, API Key prestored according to, the Payload in the first information, the Para and
The RAND, is calculated validation value.
Step 607 compares the validation value and the summary information in the first information;
Step 608, when the validation value is matched with the summary information, determine that the authentication is passed for the first information.
Technical solution provided in an embodiment of the present invention can also use random parameter RAND that API key is avoided to reveal as a result, into
One step ensures communication safety.
A kind of fourth embodiment of communication security protection method provided by the invention is applied to Internet of Things, as shown in fig. 7,
The described method includes:
Step 701, terminal generate specific parameter Para according to preset first rule;
The state of step 702, the detection terminal;
Step 703, when the terminal is in first state, according to preset third rule generate the second random parameter
KDF_p;
Here, the first state refers to sends KDF_p for the first time, i.e., when internet-of-things terminal generates a piece of news.It can
With understanding, non-first time, which sends KDF_p, can be the second state, i.e. internet-of-things terminal generates the message after first
When.
After network side receives a piece of news, takes out KDF_p and save, then, disappear when internet-of-things terminal sends other
When breath, then calculated using the KDF_p being saved.
After network side receives message, a piece of news is judged whether it is according to whether message preserves KDF_p, if without if
The KDF_p for directly taking out the counterpart terminal of preservation is calculated.
Step 704, according to API Key and the KDF_p, generate key;
Step 705, according to the key, the message Payload to be transmitted, the Para and the KDF_p, generate
Summary information;
Specifically, being passed through according to the key, the message Payload to be transmitted, the Para and the KDF_p
HMAC function generates summary information, e.g., HMAC (Payload, f (API key, KDF_p), Para | | KDF_p).
Step 706, according to mark Device ID of the terminal, the Payload, the Para, the KDF_p with
And the summary information, it generates the first information and is sent to server;
Here, the first information can be expressed as Message (Device ID, Payload, Para | | KDF_p, HMAC
(Payload, f (API key, KDF_p), Para | | KDF_p)).
Step 707, the server judge whether the Para in the first information meets preset condition;Work as institute
When stating Para and meeting preset condition, 708 are entered step;When the Para is unsatisfactory for preset condition, 713 are entered step;
Step 708, the server obtain the API Key prestored according to the Device ID in the first information;
Step 709, the API Key prestored according to and the KDF_p generate authentication secret;
Step 710, the Payload according in the authentication secret, the first information, the Para and described
Validation value is calculated in KDF_p.
Step 711 compares the validation value and the summary information in the first information;
Step 712, when the validation value is matched with the summary information, determine that the authentication is passed for the first information, tie
Shu Benci process.
Step 713 determines that the first information is the information reset, and terminates this process.
Here, it should be noted that after server receives first first information and the authentication is passed, save therein
KDF_p then calculates authentication secret simultaneously using the KDF_p being saved when receiving other message that the terminal is then sent
Calculate validation value.
It can be appreciated that the first information of non-first time are as follows: Message (Device ID, Payload, Para, HMAC
(Payload, f (API key, KDF_p), Para))
Technical solution provided in an embodiment of the present invention can also use random parameter KDF_p that API key is avoided to let out as a result,
Dew, is further ensured that communication security.
The embodiment of another kind communication security protection method provided by the invention, is applied to Internet of Things, shown in Figure 8,
The described method includes:
Step 801, terminal generate specific parameter Para according to preset first rule;
Step 802, according to application programming interface key A PI Key, the message Payload to be transmitted and described
Para generates summary information;
Step 803, according to mark Device ID of the terminal, the Payload, the Para and the abstract
Message generates the first information and is sent to server;So that the server is according to the information in the first information to described
The first information is authenticated.
In one embodiment, which comprises
Step 801, terminal generate specific parameter Para according to preset first rule;
Step 802, according to application programming interface key A PI Key, the message Payload to be transmitted and described
Para generates summary information;
Step 803, according to mark Device ID of the terminal, the Payload, the Para and the abstract
Message generates the first information and is sent to server;So that the server is according to the information in the first information to described
The first information is authenticated.In addition, the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract
Message generates the first information;So that the server can be according to the institute in API Key prestored, the first information
Payload, the Para and the RAND are stated, validation value is calculated, to be authenticated to the first information.
In one embodiment, which comprises
Step 801, terminal generate specific parameter Para according to preset first rule;
Step 802, according to application programming interface key A PI Key, the message Payload to be transmitted and described
Para generates summary information;
Step 803, according to mark Device ID of the terminal, the Payload, the Para and the abstract
Message generates the first information and is sent to server;So that the server is according to the information in the first information to described
The first information is authenticated.In addition, the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, generates abstract and disappear
Breath;
The generation first information includes:
According to mark Device ID of the terminal, the Payload, the Para, the KDF_p and described pluck
Message is wanted, the first information is generated;So that the server can be tested according to the API Key prestored and the KDF_p, generation
Demonstrate,prove key;And according to the Payload, the Para and the KDF_p in the authentication secret, the first information, meter
Calculation is verified value, to authenticate to the first information.
The embodiment of another communication security protection method provided by the invention is applied to Internet of Things, shown in Figure 9,
The described method includes:
The first information that step 901, server receiving terminal are sent;The first information includes: API Key, specific
Parameter Para, the message Payload to be transmitted and summary information;The parameter Para is the terminal according to preset first
What rule generated, the summary information is generated according to API Key, the Payload and the Para;
Step 902 obtains the API Key prestored according to the Device ID in the first information;
Step 903, API Key prestored according to, Payload and Para in the first information, are calculated
Validation value;
Step 904 compares the validation value and the summary information in the first information;
Step 905, when the validation value is matched with the summary information, determine that the authentication is passed for the first information.
In one embodiment, the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, obtained according to the Device ID in the first information
The step of API Key prestored.
A kind of embodiment of communication security protection system provided by the invention is applied to Internet of Things, shown in Figure 10, institute
The system of stating includes terminal and server:
The terminal 1001, for generating specific parameter Para according to preset first rule;It is compiled according to application program
Journey interface secret key API Key, the message Payload to be transmitted and the Para generate summary information;According to the terminal
Mark Device ID, the Payload, the Para and the summary information, generate the first information be simultaneously sent to it is described
Server;
The server 1002, for obtaining the API prestored according to the Device ID in the first information
Key;According to the Payload and the Para in API Key prestored, the first information, verifying is calculated
Value;The validation value and the summary information in the first information are compared;When the validation value and the abstract
When match messages, determine that the authentication is passed for the first information.
A kind of embodiment of terminal provided by the invention is applied to Internet of Things, and shown in Figure 11, the terminal includes:
First generation unit 1101, for generating specific parameter Para according to preset first rule;
Second generation unit 1102, for according to application programming interface key A PI Key, the message to be transmitted
The Payload and Para generates summary information;
Third generation unit 1103, for mark Device ID, the Payload, the Para according to the terminal
And the summary information, generate the first information
Transmission unit 1104, for the first information to be sent to server;So that the server is according to described
Information in one information authenticates the first information.
In one embodiment, the terminal includes:
First generation unit 1101, for generating specific parameter Para according to preset first rule;
Second generation unit 1102, for according to application programming interface key A PI Key, the message to be transmitted
The Payload and Para generates summary information;
Third generation unit 1103, for mark Device ID, the Payload, the Para according to the terminal
And the summary information, generate the first information
Transmission unit 1104, for the first information to be sent to server;So that the server is according to described
Information in one information authenticates the first information.In addition, the terminal further include:
4th generation unit 1105, for generating the first random parameter RAND according to preset Second Rule;
Correspondingly, second generation unit: for according to API Key, the message Payload to be transmitted, described
The Para and RAND generates summary information;
The third generation unit 1103: for according to mark Device ID of the terminal, Payload, described
Para, the RAND and the summary information generate the first information;So that the server can be prestored according to described
The Payload, the Para and the RAND in API Key, the first information, are calculated validation value, to institute
The first information is stated to be authenticated.
In one embodiment, the terminal includes:
First generation unit 1101, for generating specific parameter Para according to preset first rule;
Second generation unit 1102, for according to application programming interface key A PI Key, the message to be transmitted
The Payload and Para generates summary information;
Third generation unit 1103, for mark Device ID, the Payload, the Para according to the terminal
And the summary information, generate the first information
Transmission unit 1104, for the first information to be sent to server;So that the server is according to described
Information in one information authenticates the first information.In addition, the terminal further include:
Detection unit 1106, for detecting the state of the terminal;
5th generation unit 1107, for being generated according to preset third rule when the terminal is in first state
Second random parameter KDF_p;According to API Key and the KDF_p, key is generated;
Correspondingly, second generation unit 1102: for according to the key, the message Payload to be transmitted, institute
The Para and KDF_p is stated, summary information is generated;
The third generation unit 1103: for according to mark Device ID of the terminal, Payload, described
Para, the KDF_p and the summary information generate the first information;So that the server can be prestored according to described
The API Key and KDF_p generates authentication secret;And according in the authentication secret, the first information
Payload, the Para and the KDF_p, are calculated validation value, to authenticate to the first information.
In practical application, above-mentioned each unit can be by central processing unit (CPU, the Central Processing in terminal
Unit), digital signal processor (DSP, Digital Signal Processor) or field programmable gate array (FPGA,
Field-Programmable Gate Array) it realizes.
A kind of embodiment of server provided by the invention is applied to Internet of Things, shown in Figure 12, the server packet
It includes:
Receiving unit 1201, the first information sent for receiving terminal;The first information includes: API Key, specific
Parameter Para, the message Payload and summary information to be transmitted;The parameter Para is the terminal according to preset
What one rule generated, the summary information is generated according to API Key, the Payload and the Para;
Acquiring unit 1202, for obtaining the API Key prestored according to the Device ID in the first information;
Computing unit 1203, API Key for being prestored according to, Payload and Para in the first information,
Validation value is calculated;
Comparison unit 1204 compares the validation value and the summary information in the first information;
Determination unit 1205, for when the validation value is matched with the summary information, determining the first information mirror
Power passes through.
In one embodiment, the server further include:
Whether judging unit 1206, the Para for judging in the first information meet preset condition;
The determination unit 1205 is also used to determine the first information when the Para is unsatisfactory for preset condition
For the information of playback;When the Para meets preset condition, control acquiring unit is executed according in the first information
The Device ID obtains the operation of the API Key prestored.
In practical application, above-mentioned each unit can be by central processing unit (CPU, the Central Processing in server
Unit), digital signal processor (DSP, Digital Signal Processor) or field programmable gate array (FPGA,
Field-Programmable Gate Array) it realizes.
Combined with specific embodiments below, the embodiment of the present invention is described further in application scenarios and attached drawing.
The present embodiments relate to internet-of-things terminal, Internet of Things OneNet platform and relevant device.
The main technical schemes of the embodiment of the present invention be change API Key plain text transmit method so that attacker without
Method obtains API key.At the same time, additionally it is possible to guarantee that OneNet platform can effectively identify the identity of internet-of-things terminal equipment.
So internet-of-things terminal passes through in message in embodiments of the present invention when internet-of-things terminal and OneNet Platform communication
Device ID identify terminal, message to be sent, and directly or indirectly made a summary to the processing of message using API key
It is sent to network side together.Network side recycles same API key to verify abstract.And then during according to
Same format sends message.
For this purpose, the message transmission mode between internet-of-things terminal equipment and OneNet platform becomes:
1, set device ID (Device ID) identifies internet-of-things terminal with Device ID, while by Device ID and end
Hold API key binding.
2, when internet-of-things terminal and OneNet Platform communication, internet-of-things terminal is when generating message, no longer directly
API key is written, but:
A, increase Device ID in the message,
B, specific parameter Para is generated
C, according to API key, Para, and the message Payload to be transmitted generates summary info
Then above- mentioned information are combined into new message together with Payload by terminal
3, terminal sends the message to network side, at this point, being used to that the API key of sender of the message is marked to become
Device ID。
4, network side needs after receiving message according to the determining hair of Device ID for replacing API key mark informed source
Then the person of sending obtains corresponding API key from local, judge that Para entrained in message whether may be used further according to corresponding rule
To receive.If cannot receive, that is, thinks that message is the message reset, stop treatment process.If can receive, recycle
Payload and Para in message calculate validation value, finally compare with the summary info carried in message, identical, pass through
Verifying.And according to corresponding regular record Para.
Para parameter is to guarantee to reset after message is not intercepted and captured by third party, it is therefore desirable to be added in abstract relevant
Parameter is to avoid Replay Attack.
During message generates, the processing of API key can have following different embodiment:
Embodiment 1: directly message is handled using API key, therefore message body specifically:
Message (Device ID, Payload, Para, HMAC (Payload, API Key, Para))
I.e. internet-of-things terminal is shown in Figure 13 when generating message, and Device ID is written in the message, generates specific
Parameter Para, according to API key, Para, and the message Payload to be transmitted generates summary info by HMAC function
H (i.e. H=HMAC (Payload, API Key, Para)).Then above- mentioned information are combined into newly by terminal together with Payload
Message
After network side receives message, according to same algorithm calculate H '=HMAC (Payload, API Key,
Para), H and H ' is compared, thinks that message is correct if consistent, otherwise directly abandons the message
Embodiment 2: in order to avoid a large amount of reuses of API key cause API key to be cracked, can be increased using additional
Add the mode of random number that API key is avoided to be leaked, therefore message body specifically:
Message (Device ID, Payload, Para | | RAND, HMAC (Payload, API key, Para | |
RAND))
That is Device ID is written in the message, generates specific parameter Para when generating message for internet-of-things terminal, with
And the random parameter RAND being randomly generated.Terminal passes through according to API key, Para, RAND and the message Payload to be transmitted
HMAC function generates summary info H.Then above- mentioned information are combined into new message together with Payload by terminal.
After network side receives message, H is calculated according to same algorithm, compares H and H ', thinks message if consistent
Correctly, the message is otherwise directly abandoned
Embodiment 3:, can be using utilization in order to avoid a large amount of reuses of API key cause API key to be cracked
API key, which generates session key and key generation parameters are sent past mode in first time, avoids API key from being leaked, because
This message body specifically:
For the first time: Message (Device ID, Payload, Para | | KDF_p, HMAC (Payload, f (API key,
KDF_p), Para | | KDF_p))
Non-first time: Message (Device ID, Payload, Para, HMAC (Payload, f (API key, KDF_
P), Para))
That is when generating a piece of news, generation random parameter KDF_p first is simultaneously saved internet-of-things terminal, is then utilized
API key and KDF_p are calculated and are generated new key f (API key, KDF_p), and Device ID is written in the message, are generated special
Fixed parameter Para, and the random parameter KDF_p being randomly generated.Terminal is according to API key, Para, KDF_p, and is wanted
The message Payload of transmitting generates summary info H by HMAC function.Then terminal is by above- mentioned information together with Payload
It is combined into new message.
After network side receives a piece of news, takes out KDF_p and save, then equally calculate f (API key, KDF_p)
H is calculated according to same algorithm, compares H and H ', thinks that message is correct if consistent, otherwise directly abandons the message.
Then, it when internet-of-things terminal sends other message, is then calculated using the KDF_p being saved and generates key f
(API key, KDF_p) simultaneously calculates H.
After network side receives message, a piece of news is judged whether it is according to whether message preserves KDF_p, if without if
The KDF_p for directly taking out the counterpart terminal of preservation calculates H ', compares H and H ', thinks that message is correct if consistent, otherwise directly
Abandon the message.
For the parameter designing of preventing playback attack, different embodiments can have:
Embodiment 1:M2M terminal and OneNet cloud platform respectively retain the list of a regular length, send for storing
The parameter Para to come over, and compared in the parameter for receiving new Para and reservation, if identical, then it is assumed that be to reset to attack
It hits.After list, which retains Para, has expired, then the Para received earliest in the different Para covering tabulations that newly receive, such as
Shown in lower:
OneNet platform (assuming that list length is 5):
Before receiving message: list (NULL, NULL, NULL, NULL, NULL)
Receive a piece of news: list (Para1, NULL, NULL, NULL, NULL)
It receives Article 2 message: first determining whether Para2<>Para1, otherwise judgement is reset, refuse information.Then list
Become (Para1, Para2, NULL, NULL, NULL)
Receive Article 3 message: list (Para1, Para2, Para3, NULL, NULL)
And so on
Receive Article 5 message: list (Para1, Para2, Para3, Para4, Para5)
Receive Article 6 message: list (Para6, Para2, Para3, Para4, Para5)
Receive Article 7 message: list (Para6, Para7, Para3, Para4, Para5)
And so on, details are not described herein again.
Embodiment 2:M2M terminal and OneNet cloud platform respectively retain a list, for storing the parameter sended over
Para simultaneously retains the regular hour, and compares in the parameter for receiving new Para and reservation, if identical, then it is assumed that is weight
Put attack.It expires, is then removed from list when list retains the Para time.It is as follows:
OneNet platform (assuming that list setting time is 60 seconds):
Before receiving message: list ()
Receive a piece of news: list (Para1:60)
Article 2 message is received after 2 seconds: first determining whether Para2<>Para1, and otherwise judgement is reset, refuse information.Then
List becomes (Para1:58, Para2:60)
And so on
Receive within 59th second nth message: list (Para1:1, Para2:3 ..., Para_n:60)
Delete overdue parameter after 60th second: list (Para2:2 ..., Para_n:59)
Delete overdue parameter after 62nd second: list (Para3:x ..., Para_n:57)
And so on, details are not described herein again.
Embodiment 3: parameter Para grows simultaneously according to time or number, and retention parameter simultaneously is used to compare, and is receiving
The parameter of new Para and reservation compare, if the Para received is more identical or smaller than preservation, then it is assumed that are weights
Put attack.It is as follows:
OneNet platform (assuming that list setting time is 60 seconds):
Before receiving message: list ()
Receive a piece of news: list (1)
When receiving Article 2 message, first determine whether Para is greater than 1, if it is not, then Replay Attack.If it is,
list(2)
And so on, details are not described herein again.
Technical solution provided in an embodiment of the present invention, which can be realized in communication process, provides information security using API key,
And it can ensure that API key not will be leaked.
Shown in sum up, technical solution provided in an embodiment of the present invention can prevent malicious attacker from illegally getting API
Key, while can be identified for that corresponding equipment, additionally it is possible to prevent Replay Attack.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, the shape of hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the present invention
Formula.Moreover, the present invention, which can be used, can use storage in the computer that one or more wherein includes computer usable program code
The form for the computer program product implemented on medium (including but not limited to magnetic disk storage and optical memory etc.).
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.
Claims (16)
1. a kind of communication security protection method, which is characterized in that be applied to Internet of Things, which comprises
Terminal generates specific parameter Para according to preset first rule;
It is plucked according to application programming interface key A PI Key, the message Payload to be transmitted and the Para, generation
Want message;
According to mark Device ID of the terminal, the Payload, the Para and the summary information, first is generated
Information is simultaneously sent to server;
The server obtains the API Key prestored according to the Device ID in the first information;
According to the Payload and the Para in API Key prestored, the first information, verifying is calculated
Value;
The validation value and the summary information in the first information are compared;
When the validation value is matched with the summary information, determine that the authentication is passed for the first information.
2. the method according to claim 1, wherein the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, prestored according to the Device ID acquisition in the first information
API Key the step of.
3. method according to claim 1 or 2, which is characterized in that the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
Disappeared according to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract
Breath generates the first information;
The validation value that is calculated includes:
According to the Payload, the Para and the RAND in API Key prestored, the first information, calculate
It is verified value.
4. method according to claim 1 or 2, which is characterized in that the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, summary information is generated;
The generation first information includes:
Disappeared according to mark Device ID of the terminal, the Payload, the Para, the KDF_p and the abstract
Breath generates the first information;
The validation value that is calculated includes:
According to the API Key and the KDF_p prestored, authentication secret is generated;
According to the Payload, the Para and the KDF_p in the authentication secret, the first information, it is calculated
Validation value.
5. method according to claim 1 or 2, which is characterized in that the generation summary information includes:
Summary information is generated by HMAC function.
6. a kind of communication security protection method, which is characterized in that be applied to Internet of Things, which comprises
Terminal generates specific parameter Para according to preset first rule;
It is plucked according to application programming interface key A PI Key, the message Payload to be transmitted and the Para, generation
Want message;
According to mark Device ID of the terminal, the Payload, the Para and the summary information, first is generated
Information is simultaneously sent to server;So that the server reflects to the first information according to the information in the first information
Power.
7. according to the method described in claim 6, it is characterized in that, the method also includes:
The terminal generates the first random parameter RAND according to preset Second Rule;
Correspondingly, the generation summary information includes:
According to API Key, the message Payload to be transmitted, the Para and the RAND, summary information is generated;
The generation first information includes:
Disappeared according to mark Device ID of the terminal, the Payload, the Para, the RAND and the abstract
Breath generates the first information;So that the server can according to API Key prestored, in the first information described in
Payload, the Para and the RAND, are calculated validation value, to authenticate to the first information.
8. according to the method described in claim 6, it is characterized in that, the method also includes:
Detect the state of the terminal;
When the terminal is in first state, the second random parameter KDF_p is generated according to preset third rule;
According to API Key and the KDF_p, key is generated;
Correspondingly, the generation summary information includes:
According to the key, the message Payload to be transmitted, the Para and the KDF_p, summary information is generated;
The generation first information includes:
Disappeared according to mark Device ID of the terminal, the Payload, the Para, the KDF_p and the abstract
Breath generates the first information;So that the server can generate authentication secret according to the API Key and the KDF_p prestored;
And according to the Payload, the Para and the KDF_p in the authentication secret, the first information, it is calculated and tests
Card value, to be authenticated to the first information.
9. a kind of communication security protection method, which is characterized in that be applied to Internet of Things, which comprises
The first information that server receiving terminal is sent;The first information includes: API Key, specific parameter Para, is wanted
The message Payload and summary information of transmitting;The parameter Para is that the terminal is generated according to preset first rule, institute
Stating summary information is generated according to API Key, the Payload and the Para;
The API Key prestored is obtained according to the Device ID in the first information;
According to the Payload and Para in API Key prestored, the first information, validation value is calculated;
The validation value and the summary information in the first information are compared;
When the validation value is matched with the summary information, determine that the authentication is passed for the first information.
10. according to the method described in claim 9, it is characterized in that, the method also includes:
The server judges whether the Para in the first information meets preset condition;
When the Para is unsatisfactory for preset condition, determine that the first information is the information reset;
When the Para meets preset condition, prestored according to the Device ID acquisition in the first information
API Key the step of.
11. a kind of communication security protection system, which is characterized in that be applied to Internet of Things, the system comprises terminal and servers:
The terminal, for generating specific parameter Para according to preset first rule;It is close according to application programming interface
Key API Key, the message Payload to be transmitted and the Para generate summary information;According to the mark of the terminal
Device ID, the Payload, the Para and the summary information generate the first information and are sent to the service
Device;
The server, for obtaining the API Key prestored according to the Device ID in the first information;According to institute
API Key prestored, the Payload and the Para in the first information are stated, validation value is calculated;It is tested described
Card value is compared with the summary information in the first information;When the validation value is matched with the summary information,
Determine that the authentication is passed for the first information.
12. a kind of terminal, which is characterized in that be applied to Internet of Things, the terminal includes:
First generation unit, for generating specific parameter Para according to preset first rule;
Second generation unit, for according to application programming interface key A PI Key, the message Payload to be transmitted with
And the Para, generate summary information;
Third generation unit, for according to mark Device ID of the terminal, the Payload, the Para and described
Summary information generates the first information
Transmission unit, for the first information to be sent to server;So that the server is according in the first information
Information the first information is authenticated.
13. terminal according to claim 12, which is characterized in that the terminal further include:
4th generation unit, for generating the first random parameter RAND according to preset Second Rule;
Correspondingly, second generation unit: for according to API Key, the message Payload to be transmitted, the Para with
And the RAND, generate summary information;
The third generation unit: for according to mark Device ID of the terminal, the Payload, the Para, institute
RAND and the summary information are stated, the first information is generated;So that the server can be according to API Key, described prestored
The Payload, the Para and the RAND in the first information, are calculated validation value, with to the first information into
Row authentication.
14. terminal according to claim 12, which is characterized in that the terminal further include:
Detection unit, for detecting the state of the terminal;
5th generation unit, for it is random to generate second according to preset third rule when the terminal is in first state
Parameter KDF_p;According to API Key and the KDF_p, key is generated;
Correspondingly, second generation unit: for according to the key, the message Payload to be transmitted, the Para with
And the KDF_p, generate summary information;
The third generation unit: for according to mark Device ID of the terminal, the Payload, the Para, institute
KDF_p and the summary information are stated, the first information is generated;So that the server can be according to the API Key and institute prestored
KDF_p is stated, authentication secret is generated;And according to the Payload, the Para in the authentication secret, the first information
With the KDF_p, validation value is calculated, to authenticate to the first information.
15. a kind of server, which is characterized in that be applied to Internet of Things, the server includes:
Receiving unit, the first information sent for receiving terminal;The first information includes: API Key, specific parameter
Para, the message Payload to be transmitted and summary information;The parameter Para is the terminal according to preset first rule
It generates, the summary information is generated according to API Key, the Payload and the Para;
Acquiring unit, for obtaining the API Key prestored according to the Device ID in the first information;
Computing unit, API Key for prestoring according to, Payload and Para in the first information, is calculated
Validation value;
Comparison unit compares the validation value and the summary information in the first information;
Determination unit, for determining that the authentication is passed for the first information when the validation value is matched with the summary information.
16. server according to claim 15, which is characterized in that the server further include:
Whether judging unit, the Para for judging in the first information meet preset condition;
The determination unit is also used to when the Para is unsatisfactory for preset condition, determines that the first information is to reset
Information;When the Para meets preset condition, control acquiring unit is executed according in the first information
Device ID obtains the operation of the API Key prestored.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510609796.5A CN106549924B (en) | 2015-09-22 | 2015-09-22 | A kind of communication security protection methods, devices and systems |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510609796.5A CN106549924B (en) | 2015-09-22 | 2015-09-22 | A kind of communication security protection methods, devices and systems |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106549924A CN106549924A (en) | 2017-03-29 |
CN106549924B true CN106549924B (en) | 2019-06-28 |
Family
ID=58364444
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510609796.5A Active CN106549924B (en) | 2015-09-22 | 2015-09-22 | A kind of communication security protection methods, devices and systems |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106549924B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108737485B (en) * | 2017-04-25 | 2021-05-11 | 中移物联网有限公司 | Method and system for operating resources of Internet of things |
CN110730063B (en) * | 2018-07-16 | 2022-11-11 | 中国电信股份有限公司 | Security verification method and system, internet of things platform, terminal and readable storage medium |
CN109639672A (en) * | 2018-12-11 | 2019-04-16 | 北京首汽智行科技有限公司 | The method and system for preventing Replay Attack based on JWT data |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1980121A (en) * | 2005-11-29 | 2007-06-13 | 北京书生国际信息技术有限公司 | Electronic signing mobile terminal, system and method |
CN101854377A (en) * | 2010-01-25 | 2010-10-06 | 杭州东信北邮信息技术有限公司 | Information platform system supporting wireless terminal and implementation method thereof |
CN103166931A (en) * | 2011-12-15 | 2013-06-19 | 华为技术有限公司 | Method, device and system of transmitting data safely |
CN103441989A (en) * | 2013-08-05 | 2013-12-11 | 大唐移动通信设备有限公司 | Authentication and information processing method and device |
CN103532963A (en) * | 2013-10-22 | 2014-01-22 | 中国联合网络通信集团有限公司 | IOT (Internet of Things) based equipment authentication method, device and system |
-
2015
- 2015-09-22 CN CN201510609796.5A patent/CN106549924B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1980121A (en) * | 2005-11-29 | 2007-06-13 | 北京书生国际信息技术有限公司 | Electronic signing mobile terminal, system and method |
CN101854377A (en) * | 2010-01-25 | 2010-10-06 | 杭州东信北邮信息技术有限公司 | Information platform system supporting wireless terminal and implementation method thereof |
CN103166931A (en) * | 2011-12-15 | 2013-06-19 | 华为技术有限公司 | Method, device and system of transmitting data safely |
CN103441989A (en) * | 2013-08-05 | 2013-12-11 | 大唐移动通信设备有限公司 | Authentication and information processing method and device |
CN103532963A (en) * | 2013-10-22 | 2014-01-22 | 中国联合网络通信集团有限公司 | IOT (Internet of Things) based equipment authentication method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN106549924A (en) | 2017-03-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109246053B (en) | Data communication method, device, equipment and storage medium | |
CN107749848B (en) | Internet of things data processing method and device and Internet of things system | |
KR101508360B1 (en) | Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer | |
WO2016188290A1 (en) | Safety authentication method, device and system for api calling | |
CN107579991B (en) | Method for performing cloud protection authentication on client, server and client | |
CN106685973B (en) | Remember method and device, log-in control method and the device of log-on message | |
CN109309565A (en) | A kind of method and device of safety certification | |
CN102572815B (en) | Method, system and device for processing terminal application request | |
CN107612889B (en) | Method for preventing user information leakage | |
CN104883367B (en) | A kind of method, system and applications client that auxiliary verification logs in | |
CN109688098B (en) | Method, device and equipment for secure communication of data and computer readable storage medium | |
CN109474916A (en) | A kind of device authentication method, apparatus and machine readable media | |
US20160241536A1 (en) | System and methods for user authentication across multiple domains | |
WO2015003503A1 (en) | Network device, terminal device and information security improving method | |
US9398024B2 (en) | System and method for reliably authenticating an appliance | |
CN108111497A (en) | Video camera and server inter-authentication method and device | |
CN104243419A (en) | Data processing method, device and system based on secure shell protocol | |
CN109729000B (en) | Instant messaging method and device | |
CN106549924B (en) | A kind of communication security protection methods, devices and systems | |
CN105743854A (en) | Security authentication system and method | |
CN105208041A (en) | HOOK-based cloud storage application encryption data packet cracking method | |
CN104243452B (en) | A kind of cloud computing access control method and system | |
CN104038490A (en) | Communication safety verification method and device thereof | |
CN109698806B (en) | User data verification method and system | |
CN109218334A (en) | Data processing method, device, access control equipment, certificate server and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |