CN106686015B - A kind of safe networking dynamic confirming method for smart machine - Google Patents

A kind of safe networking dynamic confirming method for smart machine Download PDF

Info

Publication number
CN106686015B
CN106686015B CN201710157702.4A CN201710157702A CN106686015B CN 106686015 B CN106686015 B CN 106686015B CN 201710157702 A CN201710157702 A CN 201710157702A CN 106686015 B CN106686015 B CN 106686015B
Authority
CN
China
Prior art keywords
smart machine
code key
request
final
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710157702.4A
Other languages
Chinese (zh)
Other versions
CN106686015A (en
Inventor
李亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Fangyan Mohang Technology Co Ltd
Original Assignee
Beijing Fangyan Mohang Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Fangyan Mohang Technology Co Ltd filed Critical Beijing Fangyan Mohang Technology Co Ltd
Priority to CN201710157702.4A priority Critical patent/CN106686015B/en
Publication of CN106686015A publication Critical patent/CN106686015A/en
Application granted granted Critical
Publication of CN106686015B publication Critical patent/CN106686015B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention belongs to internet of things field, and in particular to a kind of safe networking dynamic confirming method for smart machine.A kind of safe networking dynamic confirming method for smart machine, comprising the following steps: (1) smart machine and distribution service interaction;(2) smart machine is interacted with authentication service;(3) smart machine is interacted with authentication service.A kind of safe networking dynamic confirming method for smart machine disclosed by the invention has the advantages that the 1, dynamic confirming method uses the strong security logic of multilayer, the attack means such as the playback that can effectively prevent attacker from taking to smart machine and monitor bypass;2, authentication logic is made in each connection pressure of each smart machine, and the identity and code key signaling for being not only able to guarantee in this way between equipment and equipment are different, moreover it is possible to guarantee the uniqueness for the identity and code key signaling that the same smart machine connects every time.

Description

A kind of safe networking dynamic confirming method for smart machine
Technical field
The invention belongs to internet of things field, and in particular to a kind of safe networking dynamic confirming method for smart machine.
Background technique
Internet of Things is the important component of generation information technology, and the important development stage in " informationization " epoch. Its English name is: " Internet of things (IoT) ".As its name suggests, Internet of Things is exactly the connected internet of object object.This There is two layers of meaning: first, the core of Internet of Things and basis are still internet, it is extension and extension based on the internet Network;Second, its user terminal extends and extends between any article and article, information exchange and communication are carried out, that is, Object object mutually ceases.
Internet of Things communicates cognition technology by Intellisense, identification technology and general fit calculation etc., is widely used in network In fusion, also therefore it is referred to as the third wave that world information industry develops after computer, internet.Internet of Things is mutual The application extension of networking, rather than Internet of Things is network, Internet of Things is business and application.Therefore, application innovation is object The core of networking development is the soul of Internet of Things development using user experience as the innovation 2.0 of core.
In Internet of Things, smart machine safe networking is critical issue, and smart machine networking how to be made to have very strong safety It is very important work.At present general authentication logic it is more or less there are some security risks.
Summary of the invention
Goal of the invention: the present invention has made improvements in view of the above-mentioned problems of the prior art, i.e., the invention discloses one kind For the safe networking dynamic confirming method of smart machine, asked to solve safety that may be present in smart machine networking process Topic.
A kind of technical solution: safe networking dynamic confirming method for smart machine, comprising the following steps:
(1) smart machine and distribution service interaction
(11) smart machine construction distribution access request, distribute access request in contain random factor, magic numerical value with And the identification information of smart machine, using dynamic secret key pair distribution access request in data encrypted, then to encryption after Data encoded based on privately owned binary protocol;
(12) the distribution access request constructed is sent to the distribution server;
(13) after the distribution server obtains distribution access request, privately owned binary protocol first is based on to the data of distribution request Gray code is carried out, acquisition clear data then is decrypted using code key, then the magic numerical value of extraction plaintext and preset evil spirit Art numerical value is verified, while being digitally signed verifying to random factor, the return authentication server info if being proved to be successful To smart machine, conversely, returning to error message to smart machine if authentication failed, and terminate this operation;
(2) smart machine is interacted with authentication service
(21) smart machine construction activation request, activation request data include random factor and smart machine identification information, It is digitally signed using smart machine and the preset secret key pair random factor of certificate server;
(22) the activation request for being encapsulated smart machine again using safe socket character layer protocol, is then sent activation request and arrived Certificate server;
(23) certificate server receives activation request, and whether verifying digital signature, equipment identification information are legal, if activation It is legal to request, then generates activation reply data, uses smart machine and the preset secret key pair reply data of certificate server Symmetric cryptography is carried out, the packaged final reply data of safe socket character layer protocol is finally used, sends reply data to intelligence Equipment, while certificate server is stored in certificate server and enters according to the final symmetrical code key of pre- code key signaling generation and walks Suddenly (24);If activation request is illegal, error message is returned to smart machine, and terminate this operation;
(24) smart machine gets the request-reply data of certificate server return, uses smart machine and authentication service The preset code key of device is decrypted, and obtains the legal pre- identity and pre- code key signaling of return, is believed according to pre- code key There are smart machine locals for the symmetrical code key for enabling generation final;
(3) smart machine is interacted with authentication service
(31) smart machine constructs certification request, and certification request data include random factor and equipment identification information, uses The pre- code key signaling and smart machine and the preset code key of certificate server that step (24) obtains respectively to random factor, Equipment identification information is digitally signed, and is then carried out using the final symmetrical secret key pair certification request data that step (24) generate Encryption;
(32) certification request data are encapsulated using safe socket character layer protocol again, then send the certification request to certification Server;
(33) certificate server receives certification request data, and the final symmetrical code key generated in (23) is used to be decrypted, Then digital signature is verified, if verifying is legal, generates certification reply data, reply data includes final identity mark Know and final code key signaling, the middle final symmetrical code key generated of use (23) are encrypted, finally uses security socket layer Protocol encapsulation authenticates reply data, sends certification reply data to smart machine, and enter step (34);If verifying does not conform to Method then returns to error message to smart machine, and terminates this operation;
(34) smart machine gets the certification reply data of certificate server return, the final code key for using (24) to generate It is decrypted, obtains the final identity of conjunction and final code key signaling of return, complete authentication logic.
Further, the reply data in step (23) includes pre- part mark and pre- code key signaling.
The utility model has the advantages that a kind of safe networking dynamic confirming method for smart machine disclosed by the invention has with following Beneficial effect:
1, the dynamic confirming method uses the strong security logic of multilayer, effectively can prevent attacker from adopting to smart machine The attack means such as the playback taken and monitor bypass;
2, authentication logic is made in each connection pressure of each smart machine, be not only able to guarantee in this way equipment and equipment it Between identity and code key signaling it is different, moreover it is possible to guarantee the identity and code key signaling that the same smart machine connects every time Uniqueness.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of the safe networking dynamic confirming method for smart machine disclosed by the invention.
Specific embodiment:
Detailed description of specific embodiments of the present invention below.
As shown in Figure 1, a kind of safe networking dynamic confirming method for smart machine, comprising the following steps:
(1) smart machine and distribution service interaction
(11) smart machine construction distribution access request, distribute access request in contain random factor, magic numerical value with And the identification information of smart machine, using dynamic secret key pair distribution access request in data encrypted, then to encryption after Data encoded based on privately owned binary protocol;
(12) the distribution access request constructed is sent to the distribution server;
(13) after the distribution server obtains distribution access request, privately owned binary protocol first is based on to the data of distribution request Gray code is carried out, acquisition clear data then is decrypted using code key, then the magic numerical value of extraction plaintext and preset evil spirit Art numerical value is verified, while being digitally signed verifying to random factor, the return authentication server info if being proved to be successful To smart machine, conversely, returning to error message to smart machine if authentication failed, and terminate this operation;
(2) smart machine is interacted with authentication service
(21) smart machine construction activation request, activation request data include random factor and smart machine identification information, It is digitally signed using smart machine and the preset secret key pair random factor of certificate server;
(22) the activation request for being encapsulated smart machine again using safe socket character layer protocol, is then sent activation request and arrived Certificate server;
(23) certificate server receives activation request, and whether verifying digital signature, equipment identification information are legal, if activation It is legal to request, then generates activation reply data, uses smart machine and the preset secret key pair reply data of certificate server Symmetric cryptography is carried out, the packaged final reply data of safe socket character layer protocol is finally used, sends reply data to intelligence Equipment, while certificate server is stored in certificate server and enters according to the final symmetrical code key of pre- code key signaling generation and walks Suddenly (24);If activation request is illegal, error message is returned to smart machine, and terminate this operation;
(24) smart machine gets the request-reply data of certificate server return, uses smart machine and authentication service The preset code key of device is decrypted, and obtains the legal pre- identity and pre- code key signaling of return, is believed according to pre- code key There are smart machine locals for the symmetrical code key for enabling generation final;
(3) smart machine is interacted with authentication service
(31) smart machine constructs certification request, and certification request data include random factor and equipment identification information, uses The pre- code key signaling and smart machine and the preset code key of certificate server that step (24) obtains respectively to random factor, Equipment identification information is digitally signed, and is then carried out using the final symmetrical secret key pair certification request data that step (24) generate Encryption;
(32) certification request data are encapsulated using safe socket character layer protocol again, then send the certification request to certification Server;
(33) certificate server receives certification request data, and the final symmetrical code key generated in (23) is used to be decrypted, Then digital signature is verified, if verifying is legal, generates certification reply data, reply data includes final identity mark Know and final code key signaling, the middle final symmetrical code key generated of use (23) are encrypted, finally uses security socket layer Protocol encapsulation authenticates reply data, sends certification reply data to smart machine, and enter step (34);If verifying does not conform to Method then returns to error message to smart machine, and terminates this operation;
(34) smart machine gets the certification reply data of certificate server return, the final code key for using (24) to generate It is decrypted, obtains the final identity of conjunction and final code key signaling of return, complete authentication logic.
Further, the reply data in step (23) includes pre- part mark and pre- code key signaling.
Embodiments of the present invention are elaborated above.But present invention is not limited to the embodiments described above, Technical field those of ordinary skill within the scope of knowledge, can also do without departing from the purpose of the present invention Various change out.

Claims (2)

1. a kind of safe networking dynamic confirming method for smart machine, which comprises the following steps:
(1) smart machine and distribution service interaction
(11) smart machine construction distribution access request, distributes in access request and contains random factor, magic numerical value and intelligence The identification information of energy equipment is encrypted using the data in dynamic secret key pair distribution access request, then to encrypted number It is encoded according to based on privately owned binary protocol;
(12) the distribution access request constructed is sent to the distribution server;
(13) after the distribution server obtains distribution access request, first the data of distribution request are carried out based on privately owned binary protocol Then acquisition clear data is decrypted using code key in Gray code, then extract the magic numerical value and preset magic number of plaintext Value is verified, while being digitally signed verifying to random factor, and return authentication server info is to intelligence if being proved to be successful Energy equipment, conversely, returning to error message to smart machine if authentication failed, and terminates this operation;
(2) smart machine is interacted with authentication service
(21) smart machine construction activation request, activation request data include random factor and smart machine identification information, are used Smart machine and the preset secret key pair random factor of certificate server are digitally signed;
(22) the activation request for encapsulating smart machine again using safe socket character layer protocol, then sends activation request to certification Server;
(23) certificate server receives activation request, and whether verifying digital signature, equipment identification information are legal, if activation request It is legal, then activation reply data is generated, is carried out using smart machine and the preset secret key pair reply data of certificate server Symmetric cryptography finally uses the packaged final reply data of safe socket character layer protocol, sends reply data to smart machine, Certificate server is stored in certificate server and enters step according to the final symmetrical code key of pre- code key signaling generation simultaneously (24);If activation request is illegal, error message is returned to smart machine, and terminate this operation;
(24) smart machine gets the request-reply data of certificate server return, pre- using smart machine and certificate server The code key first set is decrypted, and obtains the legal pre- identity and pre- code key signaling of return, raw according to pre- code key signaling At final symmetrical code key, there are smart machine locals;
(3) smart machine is interacted with authentication service
(31) smart machine constructs certification request, and certification request data include random factor and equipment identification information, uses step (24) the pre- code key signaling and smart machine and the preset code key of certificate server obtained is respectively to random factor, equipment Identification information is digitally signed, and is then added using the final symmetrical secret key pair certification request data that step (24) generate It is close;
(32) certification request data are encapsulated using safe socket character layer protocol again, then send the certification request to authentication service Device;
(33) certificate server receives certification request data, uses the final symmetrical code key generated in (23) to be decrypted, then Digital signature is verified, if verifying is legal, generates certification reply data, reply data include final identity with And final code key signaling, it uses the final symmetrical code key generated in (23) to be encrypted, finally uses safe socket character layer protocol Encapsulation certification reply data sends certification reply data to smart machine, and enters step (34);If verifying is illegal, Error message is returned to smart machine, and terminates this operation;
(34) smart machine gets the certification reply data of certificate server return, and the final code key for using (24) to generate carries out Decryption obtains the legal final identity and final code key signaling of return, completes authentication logic.
2. a kind of safe networking dynamic confirming method for smart machine according to claim 1, which is characterized in that step Suddenly the reply data in (23) includes pre- identity and pre- code key signaling.
CN201710157702.4A 2017-03-16 2017-03-16 A kind of safe networking dynamic confirming method for smart machine Active CN106686015B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710157702.4A CN106686015B (en) 2017-03-16 2017-03-16 A kind of safe networking dynamic confirming method for smart machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710157702.4A CN106686015B (en) 2017-03-16 2017-03-16 A kind of safe networking dynamic confirming method for smart machine

Publications (2)

Publication Number Publication Date
CN106686015A CN106686015A (en) 2017-05-17
CN106686015B true CN106686015B (en) 2019-10-22

Family

ID=58828880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710157702.4A Active CN106686015B (en) 2017-03-16 2017-03-16 A kind of safe networking dynamic confirming method for smart machine

Country Status (1)

Country Link
CN (1) CN106686015B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965246B (en) * 2018-05-31 2021-04-02 北京车和家信息技术有限公司 Method, device and system for processing Internet of vehicles data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101969438A (en) * 2010-10-25 2011-02-09 胡祥义 Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things
CN103517273A (en) * 2013-10-09 2014-01-15 中国联合网络通信集团有限公司 Authentication method, managing platform and Internet-of-Things equipment
CN105791272A (en) * 2016-02-23 2016-07-20 青岛海尔智能家电科技有限公司 Method and device for secure communication in Internet of Things
CN106330456A (en) * 2016-08-19 2017-01-11 Tcl集团股份有限公司 Intelligent device security access method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106455B (en) * 2007-08-20 2010-10-13 北京飞天诚信科技有限公司 Identity authentication method and intelligent secret key device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101969438A (en) * 2010-10-25 2011-02-09 胡祥义 Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things
CN103517273A (en) * 2013-10-09 2014-01-15 中国联合网络通信集团有限公司 Authentication method, managing platform and Internet-of-Things equipment
CN105791272A (en) * 2016-02-23 2016-07-20 青岛海尔智能家电科技有限公司 Method and device for secure communication in Internet of Things
CN106330456A (en) * 2016-08-19 2017-01-11 Tcl集团股份有限公司 Intelligent device security access method and system

Also Published As

Publication number Publication date
CN106686015A (en) 2017-05-17

Similar Documents

Publication Publication Date Title
CN106101147B (en) A kind of method and system for realizing smart machine and the communication of remote terminal dynamic encryption
CN108092776A (en) A kind of authentication server and authentication token
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN102725995B (en) Method for establishing secure communication channel between nodes, equipment and operating method
CN102595213B (en) Security certificate method and system of credible TV terminal
CN105471833A (en) Safe communication method and device
CN105069864A (en) Door lock control secure communication scheme based on NFC (near field communication) function of smart phone
CN104486087B (en) A kind of digital signature method based on remote hardware security module
CN109088810A (en) Communication means, device, relevant device, system and the storage medium of group message
TW201409990A (en) Communication method utilizing fingerprint information for authentication
CN114765534B (en) Private key distribution system and method based on national secret identification cryptographic algorithm
CN107612949A (en) A kind of intelligent wireless terminal access authentication method and system based on radio-frequency fingerprint
CN103916363A (en) Communication security management method and system for encryption machine
CN108809636A (en) The communication system and communication means of message authentication between member are realized based on group's type quantum key card
CN105471901A (en) Industrial information security authentication system
CN105553979A (en) Encryption publishing method for privacy information in smart power grid
CZ2013373A3 (en) Authentication method of safe data channel
CN104618402A (en) Out-of-band authentication-based virtual desktop cloud connecting method
CN110519238B (en) Internet of things security system and communication method based on cryptographic technology
CN108206738B (en) Quantum key output method and system
CN109922022A (en) Internet of Things communication means, platform, terminal and system
CN105657699A (en) Safe data transmission method
CN110198320A (en) A kind of ciphered information transmission method
CN105162592B (en) A kind of method and system of certification wearable device
CN106686015B (en) A kind of safe networking dynamic confirming method for smart machine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder

Address after: Room 502, 1-28, floor 5, No. 8, Qijiahuozi, Chaoyang District, Beijing 100083

Patentee after: Beijing Fangyan Mohang Technology Co., Ltd.

Address before: 100000 Beijing City, Chaoyang District, No. 218, 10 layer 1121 Tang Li Lu

Patentee before: Beijing Fangyan Mohang Technology Co., Ltd.

CP02 Change in the address of a patent holder