CN106686015A - Method for dynamically verifying safety networking for intelligent device - Google Patents

Method for dynamically verifying safety networking for intelligent device Download PDF

Info

Publication number
CN106686015A
CN106686015A CN201710157702.4A CN201710157702A CN106686015A CN 106686015 A CN106686015 A CN 106686015A CN 201710157702 A CN201710157702 A CN 201710157702A CN 106686015 A CN106686015 A CN 106686015A
Authority
CN
China
Prior art keywords
smart machine
key
request
certification
final
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710157702.4A
Other languages
Chinese (zh)
Other versions
CN106686015B (en
Inventor
李亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Square Technology Co Ltd
Original Assignee
Beijing Square Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Square Technology Co Ltd filed Critical Beijing Square Technology Co Ltd
Priority to CN201710157702.4A priority Critical patent/CN106686015B/en
Publication of CN106686015A publication Critical patent/CN106686015A/en
Application granted granted Critical
Publication of CN106686015B publication Critical patent/CN106686015B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention belongs to the field of Internet of Things and particularly relates to a method for dynamically verifying safety networking for an intelligent device. The method for dynamically verifying safety networking for the intelligent device comprises the following steps: (1) carrying out interaction on the intelligent device and a distribution service; (2) carrying out interaction on the intelligent device and a verifying service; and (3) carrying out interaction on the intelligent device and the verifying service. The method for dynamically verifying safety networking for the intelligent device disclosed by the invention has the following beneficial effects: (1) multilayer strong safety logic is adopted according to the dynamic verifying method, so that the attack techniques, such as replaying and bypass monitoring, adopted by an attacker to the intelligent device can be effectively prevented and (2) the identifying logic is forcefully made for each connection of each intelligent device, so that the differences in the identity labels and secrete key signals between the devices can be guaranteed and the uniqueness of the identity label and the secrete key signal of the same intelligent device in each connection also can be guaranteed.

Description

A kind of safe networking dynamic confirming method for smart machine
Technical field
The invention belongs to Internet of Things field, and in particular to a kind of safe networking dynamic confirming method for smart machine.
Background technology
Internet of Things is the important component part of generation information technology, and the important development stage in " informationization " epoch. Its English name is:“Internet of things(IoT)”.As its name suggests, Internet of Things is exactly the Internet that thing thing is connected.This There is two-layer to look like:First, the core of Internet of Things and basis remain the Internet, it is extension and extension on Internet basic Network;Second, its user side extends and extend between any article and article, enter row information and exchange and communicate, that is, Thing thing mutually ceases.
Internet of Things is widely used in network by the cognition technology that communicates such as Intellisense, technology of identification and general fit calculation In fusion, also therefore it is referred to as the third wave of the world information industry development after computer, the Internet.Internet of Things is mutual The application extension of networking, rather than Internet of Things is network, Internet of Things is business and application.Therefore, application innovation is thing The core of networking development, the innovation 2.0 with Consumer's Experience as core are the souls of Internet of Things development.
In Internet of Things, smart machine safe networking is key issue, how to make smart machine networking have very strong safety It is very important work.More or less presence some potential safety hazards of at present general authentication logic.
The content of the invention
Goal of the invention:The present invention makes improvement for the problem that above-mentioned prior art is present, i.e., the invention discloses a kind of For the safe networking dynamic confirming method of smart machine, in solving smart machine networking process, safety that may be present is asked Topic.
Technical scheme:A kind of safe networking dynamic confirming method for smart machine, comprises the following steps:
(1) smart machine and distribution service interaction
(11) smart machine construction distribution access request, distribution access request in contain random factor, magic numerical value with And the identification information of smart machine, using dynamic secret key pair distribute access request in data be encrypted, then to encryption after Data encoded based on privately owned binary protocol;
(12) the distribution access request for having constructed is sent to into Distributor;
(13), after Distributor obtains distribution access request, privately owned binary protocol is based on to the data of distribution request first Gray code is carried out, then acquisition clear data is decrypted using key, then extract the magic numerical value and default evil spirit of plaintext Physicopsychic training techniques value is verified, while checking is digitally signed to random factor, the return authentication server info if being proved to be successful To smart machine, if conversely, authentication failed, return error message is to smart machine, and terminates this operation;
(2) smart machine is interacted with authentication service
(21) smart machine construction activation request, activation request data include random factor and smart machine identification information, It is digitally signed using smart machine and certificate server secret key pair random factor set in advance;
(22) using safe socket character layer protocol encapsulate again smart machine activation request, then send activation request to Certificate server;
(23) certificate server receives activation request, and whether checking digital signature, equipment identification information are legal, if activation Request is legal, then generate activation reply data, using smart machine and certificate server secret key pair reply data set in advance Symmetric cryptography is carried out, and finally using the packaged final reply data of safe socket character layer protocol, reply data is sent to intelligence Equipment, while certificate server generates final symmetrical key according to pre- key signaling and being stored in certificate server and entering step Suddenly (24);If activation request is illegal, error message is returned to smart machine, and terminate this operation;
(24) smart machine gets the request-reply data of certificate server return, using smart machine and authentication service Device key set in advance is decrypted, and obtains the legal pre- identity and pre- key signaling for returning, is believed according to pre- key It is local to there is smart machine in the final symmetrical key of order generation;
(3) smart machine is interacted with authentication service
(31) smart machine construction certification request, certification request packet contain random factor and equipment identification information, use Pre- key signaling that step (24) is obtained and smart machine and certificate server key set in advance respectively to random factor, Equipment identification information is digitally signed, and is then carried out using the final symmetrical secret key pair certification request data that step (24) is generated Encryption;
(32) certification request data are encapsulated again using safe socket character layer protocol, the certification request is then sent to certification Server;
(33) certificate server receives certification request data, and the final symmetrical key generated in using (23) is decrypted, Then digital signature is verified, if checking is legal, generate certification reply data, reply data includes final identity mark Know and final key signaling, the final symmetrical key generated in using (23) is encrypted, finally using security socket layer Protocol encapsulation certification reply data, sends certification reply data to smart machine, and enters step (34);If checking does not conform to Method, then return error message to smart machine, and terminate this operation;
(34) smart machine gets the certification reply data of certificate server return, the final key for using (24) to generate It is decrypted, obtains the final identity of conjunction and final key signaling for returning, complete authentication logic.
Further, the reply data in step (23) includes pre- part mark and pre- key signaling.
Beneficial effect:A kind of safe networking dynamic confirming method for smart machine disclosed by the invention has and following has Beneficial effect:
1st, the dynamic confirming method employs the strong security logic of multilamellar, can effectively prevent attacker from adopting to smart machine The attack meanses such as the playback for taking and monitor bypass;
2nd, each connection of each smart machine is forced to make authentication logic, be so not only able to guarantee equipment and equipment it Between identity it is different with key signaling, moreover it is possible to ensure same the smart machine every time identity of connection and key signaling Uniqueness.
Description of the drawings
Fig. 1 is a kind of schematic diagram of safe networking dynamic confirming method for smart machine disclosed by the invention.
Specific embodiment:
Below the specific embodiment of the present invention is described in detail.
As shown in figure 1, a kind of safe networking dynamic confirming method for smart machine, comprises the following steps:
(1) smart machine and distribution service interaction
(11) smart machine construction distribution access request, distribution access request in contain random factor, magic numerical value with And the identification information of smart machine, using dynamic secret key pair distribute access request in data be encrypted, then to encryption after Data encoded based on privately owned binary protocol;
(12) the distribution access request for having constructed is sent to into Distributor;
(13), after Distributor obtains distribution access request, privately owned binary protocol is based on to the data of distribution request first Gray code is carried out, then acquisition clear data is decrypted using key, then extract the magic numerical value and default evil spirit of plaintext Physicopsychic training techniques value is verified, while checking is digitally signed to random factor, the return authentication server info if being proved to be successful To smart machine, if conversely, authentication failed, return error message is to smart machine, and terminates this operation;
(2) smart machine is interacted with authentication service
(21) smart machine construction activation request, activation request data include random factor and smart machine identification information, It is digitally signed using smart machine and certificate server secret key pair random factor set in advance;
(22) using safe socket character layer protocol encapsulate again smart machine activation request, then send activation request to Certificate server;
(23) certificate server receives activation request, and whether checking digital signature, equipment identification information are legal, if activation Request is legal, then generate activation reply data, using smart machine and certificate server secret key pair reply data set in advance Symmetric cryptography is carried out, and finally using the packaged final reply data of safe socket character layer protocol, reply data is sent to intelligence Equipment, while certificate server generates final symmetrical key according to pre- key signaling and being stored in certificate server and entering step Suddenly (24);If activation request is illegal, error message is returned to smart machine, and terminate this operation;
(24) smart machine gets the request-reply data of certificate server return, using smart machine and authentication service Device key set in advance is decrypted, and obtains the legal pre- identity and pre- key signaling for returning, is believed according to pre- key It is local to there is smart machine in the final symmetrical key of order generation;
(3) smart machine is interacted with authentication service
(31) smart machine construction certification request, certification request packet contain random factor and equipment identification information, use Pre- key signaling that step (24) is obtained and smart machine and certificate server key set in advance respectively to random factor, Equipment identification information is digitally signed, and is then carried out using the final symmetrical secret key pair certification request data that step (24) is generated Encryption;
(32) certification request data are encapsulated again using safe socket character layer protocol, the certification request is then sent to certification Server;
(33) certificate server receives certification request data, and the final symmetrical key generated in using (23) is decrypted, Then digital signature is verified, if checking is legal, generate certification reply data, reply data includes final identity mark Know and final key signaling, the final symmetrical key generated in using (23) is encrypted, finally using security socket layer Protocol encapsulation certification reply data, sends certification reply data to smart machine, and enters step (34);If checking does not conform to Method, then return error message to smart machine, and terminate this operation;
(34) smart machine gets the certification reply data of certificate server return, the final key for using (24) to generate It is decrypted, obtains the final identity of conjunction and final key signaling for returning, complete authentication logic.
Further, the reply data in step (23) includes pre- part mark and pre- key signaling.
Above embodiments of the present invention are elaborated.But the present invention is not limited to above-mentioned embodiment, In the ken that art those of ordinary skill possesses, can be doing on the premise of without departing from present inventive concept Go out various change.

Claims (2)

1. a kind of safe networking dynamic confirming method for smart machine, it is characterised in that comprise the following steps:
(1) smart machine and distribution service interaction
(11) smart machine construction distribution access request, contains random factor, magic numerical value and intelligence in distribution access request The identification information of energy equipment, distributes the data in access request using dynamic secret key pair and is encrypted, then to the number after encryption According to being encoded based on privately owned binary protocol;
(12) the distribution access request for having constructed is sent to into Distributor;
(13), after Distributor obtains distribution access request, first the data of distribution request are carried out based on privately owned binary protocol Gray code, is then decrypted acquisition clear data using key, then extracts the magic numerical value and default magic number of plaintext Value is verified, while checking is digitally signed to random factor, if being proved to be successful, return authentication server info is to intelligence Energy equipment, if conversely, authentication failed, return error message is to smart machine, and terminates this operation;
(2) smart machine is interacted with authentication service
(21) smart machine construction activation request, activation request data include random factor and smart machine identification information, use Smart machine and certificate server secret key pair random factor set in advance are digitally signed;
(22) encapsulate the activation request of smart machine using safe socket character layer protocol again, activation request is then sent to certification Server;
(23) certificate server receives activation request, and whether checking digital signature, equipment identification information are legal, if activation request It is legal, then activation reply data is generated, is carried out using smart machine and certificate server secret key pair reply data set in advance Symmetric cryptography, finally using the packaged final reply data of safe socket character layer protocol, sends reply data to smart machine, Certificate server generates final symmetrical key according to pre- key signaling and is stored in certificate server and enters step simultaneously (24);If activation request is illegal, error message is returned to smart machine, and terminate this operation;
(24) smart machine gets the request-reply data of certificate server return, pre- using smart machine and certificate server The key for first setting is decrypted, and obtains the legal pre- identity and pre- key signaling for returning, is given birth to according to pre- key signaling There is smart machine into final symmetrical key local;
(3) smart machine is interacted with authentication service
(31) smart machine construction certification request, certification request packet contains random factor and equipment identification information, using step (24) the pre- key signaling for obtaining and smart machine and certificate server key set in advance are respectively to random factor, equipment Identification information is digitally signed, and then carries out adding using the final symmetrical secret key pair certification request data that step (24) is generated It is close;
(32) certification request data are encapsulated again using safe socket character layer protocol, the certification request is then sent to authentication service Device;
(33) certificate server receives certification request data, and the final symmetrical key generated in using (23) is decrypted, then Digital signature is verified, if checking it is legal, generate certification reply data, reply data comprising final identity with And final key signaling, the final symmetrical key generated in using (23) is encrypted, finally using safe socket character layer protocol Encapsulation certification reply data, sends certification reply data to smart machine, and enters step (34);If checking is illegal, Error message is returned to smart machine, and terminates this operation;
(34) smart machine gets the certification reply data of certificate server return, uses the final key that (24) generate to carry out Decryption, obtains the final identity of conjunction and final key signaling for returning, completes authentication logic.
2. a kind of safe networking dynamic confirming method for smart machine according to claim 1, it is characterised in that step Suddenly the reply data in (23) includes pre- part mark and pre- key signaling.
CN201710157702.4A 2017-03-16 2017-03-16 A kind of safe networking dynamic confirming method for smart machine Active CN106686015B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710157702.4A CN106686015B (en) 2017-03-16 2017-03-16 A kind of safe networking dynamic confirming method for smart machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710157702.4A CN106686015B (en) 2017-03-16 2017-03-16 A kind of safe networking dynamic confirming method for smart machine

Publications (2)

Publication Number Publication Date
CN106686015A true CN106686015A (en) 2017-05-17
CN106686015B CN106686015B (en) 2019-10-22

Family

ID=58828880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710157702.4A Active CN106686015B (en) 2017-03-16 2017-03-16 A kind of safe networking dynamic confirming method for smart machine

Country Status (1)

Country Link
CN (1) CN106686015B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965246A (en) * 2018-05-31 2018-12-07 北京车和家信息技术有限公司 The processing method of car networking data, apparatus and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090055892A1 (en) * 2007-08-20 2009-02-26 Feitian Technologies Co., Ltd. Authentication method and key device
CN101969438A (en) * 2010-10-25 2011-02-09 胡祥义 Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things
CN103517273A (en) * 2013-10-09 2014-01-15 中国联合网络通信集团有限公司 Authentication method, managing platform and Internet-of-Things equipment
CN105791272A (en) * 2016-02-23 2016-07-20 青岛海尔智能家电科技有限公司 Method and device for secure communication in Internet of Things
CN106330456A (en) * 2016-08-19 2017-01-11 Tcl集团股份有限公司 Intelligent device security access method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090055892A1 (en) * 2007-08-20 2009-02-26 Feitian Technologies Co., Ltd. Authentication method and key device
CN101969438A (en) * 2010-10-25 2011-02-09 胡祥义 Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things
CN103517273A (en) * 2013-10-09 2014-01-15 中国联合网络通信集团有限公司 Authentication method, managing platform and Internet-of-Things equipment
CN105791272A (en) * 2016-02-23 2016-07-20 青岛海尔智能家电科技有限公司 Method and device for secure communication in Internet of Things
CN106330456A (en) * 2016-08-19 2017-01-11 Tcl集团股份有限公司 Intelligent device security access method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965246A (en) * 2018-05-31 2018-12-07 北京车和家信息技术有限公司 The processing method of car networking data, apparatus and system
CN108965246B (en) * 2018-05-31 2021-04-02 北京车和家信息技术有限公司 Method, device and system for processing Internet of vehicles data

Also Published As

Publication number Publication date
CN106686015B (en) 2019-10-22

Similar Documents

Publication Publication Date Title
CN103581173B (en) Safe data transmission method, system and device based on industrial Ethernet
CN108092776A (en) A kind of authentication server and authentication token
CN112073375A (en) Isolation device and isolation method suitable for power Internet of things client side
CN105471833A (en) Safe communication method and device
CN109787761B (en) Equipment authentication and key distribution system and method based on physical unclonable function
Tan et al. Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks”
CN107454079A (en) Lightweight device authentication and shared key machinery of consultation based on platform of internet of things
CN102595213B (en) Security certificate method and system of credible TV terminal
CN106535184A (en) Key management method and system
CN102195957A (en) Resource sharing method, device and system
CN104184743A (en) Three-layer authentication system and method oriented to cloud computing platform
CN104168267A (en) Identity authentication method for accessing SIP security video monitoring system
CN107172056A (en) A kind of channel safety determines method, device, system, client and server
CN109088810A (en) Communication means, device, relevant device, system and the storage medium of group message
CN108683501A (en) Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number
CN107888381A (en) A kind of implementation method of key importing, apparatus and system
CN108650028A (en) Multiple identity authorization system and method based on quantum communication network and true random number
CN113704780B (en) Power distribution network user side information self-adaptive encryption method based on model driving
CN108809636A (en) The communication system and communication means of message authentication between member are realized based on group's type quantum key card
CN109617875A (en) A kind of the secure accessing platform and its implementation of terminal communication network
CN105471901A (en) Industrial information security authentication system
CN108600152A (en) Modified Kerberos identity authorization systems based on quantum communication network and method
CN107968745A (en) One kind is based on dynamic token double factor Quick Response Code open-door system and implementation method
CN114567470A (en) SDK-based key splitting verification system and method under multiple systems
CN110198320A (en) A kind of ciphered information transmission method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: Room 502, 1-28, floor 5, No. 8, Qijiahuozi, Chaoyang District, Beijing 100083

Patentee after: Beijing Fangyan Mohang Technology Co., Ltd.

Address before: 100000 Beijing City, Chaoyang District, No. 218, 10 layer 1121 Tang Li Lu

Patentee before: Beijing Fangyan Mohang Technology Co., Ltd.