CN106686015A - Method for dynamically verifying safety networking for intelligent device - Google Patents
Method for dynamically verifying safety networking for intelligent device Download PDFInfo
- Publication number
- CN106686015A CN106686015A CN201710157702.4A CN201710157702A CN106686015A CN 106686015 A CN106686015 A CN 106686015A CN 201710157702 A CN201710157702 A CN 201710157702A CN 106686015 A CN106686015 A CN 106686015A
- Authority
- CN
- China
- Prior art keywords
- smart machine
- key
- request
- certification
- final
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention belongs to the field of Internet of Things and particularly relates to a method for dynamically verifying safety networking for an intelligent device. The method for dynamically verifying safety networking for the intelligent device comprises the following steps: (1) carrying out interaction on the intelligent device and a distribution service; (2) carrying out interaction on the intelligent device and a verifying service; and (3) carrying out interaction on the intelligent device and the verifying service. The method for dynamically verifying safety networking for the intelligent device disclosed by the invention has the following beneficial effects: (1) multilayer strong safety logic is adopted according to the dynamic verifying method, so that the attack techniques, such as replaying and bypass monitoring, adopted by an attacker to the intelligent device can be effectively prevented and (2) the identifying logic is forcefully made for each connection of each intelligent device, so that the differences in the identity labels and secrete key signals between the devices can be guaranteed and the uniqueness of the identity label and the secrete key signal of the same intelligent device in each connection also can be guaranteed.
Description
Technical field
The invention belongs to Internet of Things field, and in particular to a kind of safe networking dynamic confirming method for smart machine.
Background technology
Internet of Things is the important component part of generation information technology, and the important development stage in " informationization " epoch.
Its English name is:“Internet of things(IoT)”.As its name suggests, Internet of Things is exactly the Internet that thing thing is connected.This
There is two-layer to look like:First, the core of Internet of Things and basis remain the Internet, it is extension and extension on Internet basic
Network;Second, its user side extends and extend between any article and article, enter row information and exchange and communicate, that is,
Thing thing mutually ceases.
Internet of Things is widely used in network by the cognition technology that communicates such as Intellisense, technology of identification and general fit calculation
In fusion, also therefore it is referred to as the third wave of the world information industry development after computer, the Internet.Internet of Things is mutual
The application extension of networking, rather than Internet of Things is network, Internet of Things is business and application.Therefore, application innovation is thing
The core of networking development, the innovation 2.0 with Consumer's Experience as core are the souls of Internet of Things development.
In Internet of Things, smart machine safe networking is key issue, how to make smart machine networking have very strong safety
It is very important work.More or less presence some potential safety hazards of at present general authentication logic.
The content of the invention
Goal of the invention:The present invention makes improvement for the problem that above-mentioned prior art is present, i.e., the invention discloses a kind of
For the safe networking dynamic confirming method of smart machine, in solving smart machine networking process, safety that may be present is asked
Topic.
Technical scheme:A kind of safe networking dynamic confirming method for smart machine, comprises the following steps:
(1) smart machine and distribution service interaction
(11) smart machine construction distribution access request, distribution access request in contain random factor, magic numerical value with
And the identification information of smart machine, using dynamic secret key pair distribute access request in data be encrypted, then to encryption after
Data encoded based on privately owned binary protocol;
(12) the distribution access request for having constructed is sent to into Distributor;
(13), after Distributor obtains distribution access request, privately owned binary protocol is based on to the data of distribution request first
Gray code is carried out, then acquisition clear data is decrypted using key, then extract the magic numerical value and default evil spirit of plaintext
Physicopsychic training techniques value is verified, while checking is digitally signed to random factor, the return authentication server info if being proved to be successful
To smart machine, if conversely, authentication failed, return error message is to smart machine, and terminates this operation;
(2) smart machine is interacted with authentication service
(21) smart machine construction activation request, activation request data include random factor and smart machine identification information,
It is digitally signed using smart machine and certificate server secret key pair random factor set in advance;
(22) using safe socket character layer protocol encapsulate again smart machine activation request, then send activation request to
Certificate server;
(23) certificate server receives activation request, and whether checking digital signature, equipment identification information are legal, if activation
Request is legal, then generate activation reply data, using smart machine and certificate server secret key pair reply data set in advance
Symmetric cryptography is carried out, and finally using the packaged final reply data of safe socket character layer protocol, reply data is sent to intelligence
Equipment, while certificate server generates final symmetrical key according to pre- key signaling and being stored in certificate server and entering step
Suddenly (24);If activation request is illegal, error message is returned to smart machine, and terminate this operation;
(24) smart machine gets the request-reply data of certificate server return, using smart machine and authentication service
Device key set in advance is decrypted, and obtains the legal pre- identity and pre- key signaling for returning, is believed according to pre- key
It is local to there is smart machine in the final symmetrical key of order generation;
(3) smart machine is interacted with authentication service
(31) smart machine construction certification request, certification request packet contain random factor and equipment identification information, use
Pre- key signaling that step (24) is obtained and smart machine and certificate server key set in advance respectively to random factor,
Equipment identification information is digitally signed, and is then carried out using the final symmetrical secret key pair certification request data that step (24) is generated
Encryption;
(32) certification request data are encapsulated again using safe socket character layer protocol, the certification request is then sent to certification
Server;
(33) certificate server receives certification request data, and the final symmetrical key generated in using (23) is decrypted,
Then digital signature is verified, if checking is legal, generate certification reply data, reply data includes final identity mark
Know and final key signaling, the final symmetrical key generated in using (23) is encrypted, finally using security socket layer
Protocol encapsulation certification reply data, sends certification reply data to smart machine, and enters step (34);If checking does not conform to
Method, then return error message to smart machine, and terminate this operation;
(34) smart machine gets the certification reply data of certificate server return, the final key for using (24) to generate
It is decrypted, obtains the final identity of conjunction and final key signaling for returning, complete authentication logic.
Further, the reply data in step (23) includes pre- part mark and pre- key signaling.
Beneficial effect:A kind of safe networking dynamic confirming method for smart machine disclosed by the invention has and following has
Beneficial effect:
1st, the dynamic confirming method employs the strong security logic of multilamellar, can effectively prevent attacker from adopting to smart machine
The attack meanses such as the playback for taking and monitor bypass;
2nd, each connection of each smart machine is forced to make authentication logic, be so not only able to guarantee equipment and equipment it
Between identity it is different with key signaling, moreover it is possible to ensure same the smart machine every time identity of connection and key signaling
Uniqueness.
Description of the drawings
Fig. 1 is a kind of schematic diagram of safe networking dynamic confirming method for smart machine disclosed by the invention.
Specific embodiment:
Below the specific embodiment of the present invention is described in detail.
As shown in figure 1, a kind of safe networking dynamic confirming method for smart machine, comprises the following steps:
(1) smart machine and distribution service interaction
(11) smart machine construction distribution access request, distribution access request in contain random factor, magic numerical value with
And the identification information of smart machine, using dynamic secret key pair distribute access request in data be encrypted, then to encryption after
Data encoded based on privately owned binary protocol;
(12) the distribution access request for having constructed is sent to into Distributor;
(13), after Distributor obtains distribution access request, privately owned binary protocol is based on to the data of distribution request first
Gray code is carried out, then acquisition clear data is decrypted using key, then extract the magic numerical value and default evil spirit of plaintext
Physicopsychic training techniques value is verified, while checking is digitally signed to random factor, the return authentication server info if being proved to be successful
To smart machine, if conversely, authentication failed, return error message is to smart machine, and terminates this operation;
(2) smart machine is interacted with authentication service
(21) smart machine construction activation request, activation request data include random factor and smart machine identification information,
It is digitally signed using smart machine and certificate server secret key pair random factor set in advance;
(22) using safe socket character layer protocol encapsulate again smart machine activation request, then send activation request to
Certificate server;
(23) certificate server receives activation request, and whether checking digital signature, equipment identification information are legal, if activation
Request is legal, then generate activation reply data, using smart machine and certificate server secret key pair reply data set in advance
Symmetric cryptography is carried out, and finally using the packaged final reply data of safe socket character layer protocol, reply data is sent to intelligence
Equipment, while certificate server generates final symmetrical key according to pre- key signaling and being stored in certificate server and entering step
Suddenly (24);If activation request is illegal, error message is returned to smart machine, and terminate this operation;
(24) smart machine gets the request-reply data of certificate server return, using smart machine and authentication service
Device key set in advance is decrypted, and obtains the legal pre- identity and pre- key signaling for returning, is believed according to pre- key
It is local to there is smart machine in the final symmetrical key of order generation;
(3) smart machine is interacted with authentication service
(31) smart machine construction certification request, certification request packet contain random factor and equipment identification information, use
Pre- key signaling that step (24) is obtained and smart machine and certificate server key set in advance respectively to random factor,
Equipment identification information is digitally signed, and is then carried out using the final symmetrical secret key pair certification request data that step (24) is generated
Encryption;
(32) certification request data are encapsulated again using safe socket character layer protocol, the certification request is then sent to certification
Server;
(33) certificate server receives certification request data, and the final symmetrical key generated in using (23) is decrypted,
Then digital signature is verified, if checking is legal, generate certification reply data, reply data includes final identity mark
Know and final key signaling, the final symmetrical key generated in using (23) is encrypted, finally using security socket layer
Protocol encapsulation certification reply data, sends certification reply data to smart machine, and enters step (34);If checking does not conform to
Method, then return error message to smart machine, and terminate this operation;
(34) smart machine gets the certification reply data of certificate server return, the final key for using (24) to generate
It is decrypted, obtains the final identity of conjunction and final key signaling for returning, complete authentication logic.
Further, the reply data in step (23) includes pre- part mark and pre- key signaling.
Above embodiments of the present invention are elaborated.But the present invention is not limited to above-mentioned embodiment,
In the ken that art those of ordinary skill possesses, can be doing on the premise of without departing from present inventive concept
Go out various change.
Claims (2)
1. a kind of safe networking dynamic confirming method for smart machine, it is characterised in that comprise the following steps:
(1) smart machine and distribution service interaction
(11) smart machine construction distribution access request, contains random factor, magic numerical value and intelligence in distribution access request
The identification information of energy equipment, distributes the data in access request using dynamic secret key pair and is encrypted, then to the number after encryption
According to being encoded based on privately owned binary protocol;
(12) the distribution access request for having constructed is sent to into Distributor;
(13), after Distributor obtains distribution access request, first the data of distribution request are carried out based on privately owned binary protocol
Gray code, is then decrypted acquisition clear data using key, then extracts the magic numerical value and default magic number of plaintext
Value is verified, while checking is digitally signed to random factor, if being proved to be successful, return authentication server info is to intelligence
Energy equipment, if conversely, authentication failed, return error message is to smart machine, and terminates this operation;
(2) smart machine is interacted with authentication service
(21) smart machine construction activation request, activation request data include random factor and smart machine identification information, use
Smart machine and certificate server secret key pair random factor set in advance are digitally signed;
(22) encapsulate the activation request of smart machine using safe socket character layer protocol again, activation request is then sent to certification
Server;
(23) certificate server receives activation request, and whether checking digital signature, equipment identification information are legal, if activation request
It is legal, then activation reply data is generated, is carried out using smart machine and certificate server secret key pair reply data set in advance
Symmetric cryptography, finally using the packaged final reply data of safe socket character layer protocol, sends reply data to smart machine,
Certificate server generates final symmetrical key according to pre- key signaling and is stored in certificate server and enters step simultaneously
(24);If activation request is illegal, error message is returned to smart machine, and terminate this operation;
(24) smart machine gets the request-reply data of certificate server return, pre- using smart machine and certificate server
The key for first setting is decrypted, and obtains the legal pre- identity and pre- key signaling for returning, is given birth to according to pre- key signaling
There is smart machine into final symmetrical key local;
(3) smart machine is interacted with authentication service
(31) smart machine construction certification request, certification request packet contains random factor and equipment identification information, using step
(24) the pre- key signaling for obtaining and smart machine and certificate server key set in advance are respectively to random factor, equipment
Identification information is digitally signed, and then carries out adding using the final symmetrical secret key pair certification request data that step (24) is generated
It is close;
(32) certification request data are encapsulated again using safe socket character layer protocol, the certification request is then sent to authentication service
Device;
(33) certificate server receives certification request data, and the final symmetrical key generated in using (23) is decrypted, then
Digital signature is verified, if checking it is legal, generate certification reply data, reply data comprising final identity with
And final key signaling, the final symmetrical key generated in using (23) is encrypted, finally using safe socket character layer protocol
Encapsulation certification reply data, sends certification reply data to smart machine, and enters step (34);If checking is illegal,
Error message is returned to smart machine, and terminates this operation;
(34) smart machine gets the certification reply data of certificate server return, uses the final key that (24) generate to carry out
Decryption, obtains the final identity of conjunction and final key signaling for returning, completes authentication logic.
2. a kind of safe networking dynamic confirming method for smart machine according to claim 1, it is characterised in that step
Suddenly the reply data in (23) includes pre- part mark and pre- key signaling.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710157702.4A CN106686015B (en) | 2017-03-16 | 2017-03-16 | A kind of safe networking dynamic confirming method for smart machine |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710157702.4A CN106686015B (en) | 2017-03-16 | 2017-03-16 | A kind of safe networking dynamic confirming method for smart machine |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106686015A true CN106686015A (en) | 2017-05-17 |
CN106686015B CN106686015B (en) | 2019-10-22 |
Family
ID=58828880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710157702.4A Active CN106686015B (en) | 2017-03-16 | 2017-03-16 | A kind of safe networking dynamic confirming method for smart machine |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106686015B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965246A (en) * | 2018-05-31 | 2018-12-07 | 北京车和家信息技术有限公司 | The processing method of car networking data, apparatus and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090055892A1 (en) * | 2007-08-20 | 2009-02-26 | Feitian Technologies Co., Ltd. | Authentication method and key device |
CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
CN103517273A (en) * | 2013-10-09 | 2014-01-15 | 中国联合网络通信集团有限公司 | Authentication method, managing platform and Internet-of-Things equipment |
CN105791272A (en) * | 2016-02-23 | 2016-07-20 | 青岛海尔智能家电科技有限公司 | Method and device for secure communication in Internet of Things |
CN106330456A (en) * | 2016-08-19 | 2017-01-11 | Tcl集团股份有限公司 | Intelligent device security access method and system |
-
2017
- 2017-03-16 CN CN201710157702.4A patent/CN106686015B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090055892A1 (en) * | 2007-08-20 | 2009-02-26 | Feitian Technologies Co., Ltd. | Authentication method and key device |
CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
CN103517273A (en) * | 2013-10-09 | 2014-01-15 | 中国联合网络通信集团有限公司 | Authentication method, managing platform and Internet-of-Things equipment |
CN105791272A (en) * | 2016-02-23 | 2016-07-20 | 青岛海尔智能家电科技有限公司 | Method and device for secure communication in Internet of Things |
CN106330456A (en) * | 2016-08-19 | 2017-01-11 | Tcl集团股份有限公司 | Intelligent device security access method and system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965246A (en) * | 2018-05-31 | 2018-12-07 | 北京车和家信息技术有限公司 | The processing method of car networking data, apparatus and system |
CN108965246B (en) * | 2018-05-31 | 2021-04-02 | 北京车和家信息技术有限公司 | Method, device and system for processing Internet of vehicles data |
Also Published As
Publication number | Publication date |
---|---|
CN106686015B (en) | 2019-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103581173B (en) | Safe data transmission method, system and device based on industrial Ethernet | |
CN108092776A (en) | A kind of authentication server and authentication token | |
CN112073375A (en) | Isolation device and isolation method suitable for power Internet of things client side | |
CN105471833A (en) | Safe communication method and device | |
CN109787761B (en) | Equipment authentication and key distribution system and method based on physical unclonable function | |
Tan et al. | Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks” | |
CN107454079A (en) | Lightweight device authentication and shared key machinery of consultation based on platform of internet of things | |
CN102595213B (en) | Security certificate method and system of credible TV terminal | |
CN106535184A (en) | Key management method and system | |
CN102195957A (en) | Resource sharing method, device and system | |
CN104184743A (en) | Three-layer authentication system and method oriented to cloud computing platform | |
CN104168267A (en) | Identity authentication method for accessing SIP security video monitoring system | |
CN107172056A (en) | A kind of channel safety determines method, device, system, client and server | |
CN109088810A (en) | Communication means, device, relevant device, system and the storage medium of group message | |
CN108683501A (en) | Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number | |
CN107888381A (en) | A kind of implementation method of key importing, apparatus and system | |
CN108650028A (en) | Multiple identity authorization system and method based on quantum communication network and true random number | |
CN113704780B (en) | Power distribution network user side information self-adaptive encryption method based on model driving | |
CN108809636A (en) | The communication system and communication means of message authentication between member are realized based on group's type quantum key card | |
CN109617875A (en) | A kind of the secure accessing platform and its implementation of terminal communication network | |
CN105471901A (en) | Industrial information security authentication system | |
CN108600152A (en) | Modified Kerberos identity authorization systems based on quantum communication network and method | |
CN107968745A (en) | One kind is based on dynamic token double factor Quick Response Code open-door system and implementation method | |
CN114567470A (en) | SDK-based key splitting verification system and method under multiple systems | |
CN110198320A (en) | A kind of ciphered information transmission method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder | ||
CP02 | Change in the address of a patent holder |
Address after: Room 502, 1-28, floor 5, No. 8, Qijiahuozi, Chaoyang District, Beijing 100083 Patentee after: Beijing Fangyan Mohang Technology Co., Ltd. Address before: 100000 Beijing City, Chaoyang District, No. 218, 10 layer 1121 Tang Li Lu Patentee before: Beijing Fangyan Mohang Technology Co., Ltd. |