CN107070998A - A kind of safe Internet of Things communications protocol and method - Google Patents
A kind of safe Internet of Things communications protocol and method Download PDFInfo
- Publication number
- CN107070998A CN107070998A CN201710167462.6A CN201710167462A CN107070998A CN 107070998 A CN107070998 A CN 107070998A CN 201710167462 A CN201710167462 A CN 201710167462A CN 107070998 A CN107070998 A CN 107070998A
- Authority
- CN
- China
- Prior art keywords
- internet
- tcp
- server
- tcp server
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/142—Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
Abstract
The problems such as communication security, heartbeat packet for current Internet of Things are excessive, data field encryption is dumb, it is proposed that the communications protocol and method of a safety.This method is logged in by dynamic random number Hash verification mode and safely consults symmetric key and TCP access addresses, and agreement can be used flexibly optionally to data field encryption, and heartbeat packet only 2 byte of agreement.Process provides a kind of safe Internet of Things communications protocol and method, Internet of Things distributed structure/architecture, message push system etc. can be easily applied to.
Description
Technical field
The present invention relates to communication field, and in particular to is applied to Internet of Things communication, the field of mobile terminal message communicating.
Background technology
The inventive method is related to the contents such as HTTPS, TCP, symmetric cryptography and protocol analysis.Logged in and obtained by HTTPS
Symmetric key, token and TCP server address, then connect TCP server, are verified by custom protocol, finally opened
Begin the process of message communication encrypted.
A kind of platform of internet of things communication protocols for thering is Fan CN103747004A to build et al. with the present invention most close method to propose
The implementation method of view, comprises the following steps:Design platform communication protocol enumeration type;Set Platform communication protocol contents;Sequence
Change Platform communication agreement;Protocol analysis.It solves that platform of internet of things transmitted data amount is big, establishes one's own system, be difficult to it is compatible other
System and being difficult to such as extends at the defect.But have in terms of security performance to be hoisted.
The content of the invention
Current Internet of Things communications protocol is usually to pack with protocol header after message sequence, is then sent directly to network
In.This mode result in the dangerous of communication, and the data of transmission should be re-fed into internet after the coding of safety.And
The inventive method overcomes this shortcoming, is logged in by HTTPS and obtains symmetric key, token and TCP server address, then connected
TCP server, is verified by custom protocol, and the process for finally starting the message communication of encryption can there is provided a kind of safety
The communication protocol leaned on.
Fig. 1 is the FB(flow block) of the protocol realization.It is main include logging in HTTPS servers, obtain AES key and token,
Log in TCP server, maintain connection and four steps of transmitting and receiving data bag.
Existing Internet of Things protocol safety is ensured by TLS, and this causes each heartbeat packet, need not encrypt
The all necessary computing encryption and decryption such as message, it is impossible to neatly selective encryption, therefore server has very big calculating pressure, and
After heartbeat packet encryption, several crossed joints have been reformed into, and heartbeat packet exactly occupies most flows of whole communication system, this
Flow will be caused to turn over several times of even tens times, very waste bandwidth.Present invention employs the login authentication mode of great security
To exchange AES key and token, and using the communication of easy binary protocol, heartbeat packet only 2 byte so that TCP flow amount is big
Big reduction, and encryption data field can be neatly selected, with the same high level securities of TLS.In addition, the present invention is non-
Often it is suitable for distributed structure/architecture.
Brief description of the drawings
Fig. 1 FB(flow block)s;
Fig. 2 TCP access checking flow charts;
Fig. 3 aggregated structure figures;
Fig. 4 logical architecture figures.
Embodiment
With reference to embodiment and accompanying drawing, the present invention is described in further detail
First, log in
HTTPS servers are logged in by account number cipher first, concrete mode is two steps:The first step is sent out to HTTPS servers
GET request is sent, parameter is account number, and server record simultaneously returns to a random number, and second step POST submission forms there are userID words
Section is account number, and pwd fields are (cryptographic Hash of random number+account number+password) cryptographic Hash, and server is read at random from record
Number, password is read from database, carries out verifying login after identical calculations.
2nd, symmetric key and TCP access addresses are obtained
After login authentication, HTTPS server lookup TCP server lists randomly select one, and generate AES key,
Token, returns to client, and client-side information (account number, token, AES key etc.) is sent to and chosen by message queue
TCP server.TCP server list generating mode is:By etcd service discoveries, after each TCP server starts, all can
Registered to etcd, HTTPS servers can receive list update in real time, if having TCP server failure or obtaining heartbeat packet
Time-out, then be removed from the list the address.Message queue uses NATS, each TCP server to generate the random of oneself after starting
Name is simultaneously registered to etcd, and the theme of oneself title is then subscribed to NATS, and HTTPS servers learn each TCP by etcd
The title of server, thus realizes the transmission of distribution subscription message.
3rd, access TCP server and verify
Specifically verification mode is:0th byte is 0x31 (fixed, to represent access checking), is next the data after sequence
Data={ UID, Cipher }, wherein Cipher=Base64&AES (Token), UID is account number.Then connect one ' n ' line feed
Symbol.And then a ping heartbeat packet is sent:0x3F+‘\n’.Server parsing take out data, and with second step from message team
Arrange the account number relevant information subscribed to and carry out same calculating, verify Cipher, if being proved to be successful, then server returns to pong
Heartbeat packet 0x3E+ ' n ', otherwise disconnect.Specific operation process is as shown in Figure 2.
4th, TCP connections are maintained with sending and receiving messages
Maintain connection:Timing is needed to send ping heartbeat packets to tell other side, other side to need after receiving after being proved to be successful
Pong heartbeat packets are responded immediately to, are disconnected if reply is not received more than certain number of times.The message packet length received every time
It will be recorded, buffering area is received for dynamic adjustment, such as be the packet of very little, then each buffering area can all halve, directly
To the byte of minimum value 32, on the contrary the byte of maximum 4096.
The each packet received can be resolved, and be disconnected if parsing wrong (such as order mistake etc.).Send
It is as follows with received data packet:
Server is sent:0x32+Base64&AES& serializing (message)+' n ', client end response:0x32+Base64&
AES& serializing (response is received)+' n '.
Client is sent:0x33+Base64&AES& serializing (message)+' n ', server response:0x33+Base64&
AES& serializing (response results)+' n '.
System that the present invention is described in further detail can be as shown in Figure 3.
First, design agreement order and field, connectivity verification, send and receive messages, heartbeat packet etc..
2nd, mode is serialized using protobuf.
3rd, using MD5 hash algorithms.
4th, HTTPS servers are write using go language.
5th, TCP server is write using go language.
6th, deployment is with starting etcd service discoveries and nats message queues.
7th, deployment postgresql databases, redis cachings.
8th, Android client app is write.
9th, gateway client is write, is put on orange pi lite and runs.
Tenth, logged in using app, send message, can be received in gateway.
Concrete implementation technology and method, as shown in Figure 4.
The specific embodiment of the present invention is described above.It is to be appreciated that the invention is not limited in above-mentioned
Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow
Ring the substantive content of the present invention.
Claims (6)
1. a kind of safe Internet of Things means of communication, it is characterised in that:Encode what is combined with HTTPS using dynamic random number Hash
Mode carries out login authentication and obtains AES key, then carries out selective encryption to TCP data bag respective field by key.
2. the Internet of Things means of communication according to claim 1, it is characterised in that:Heartbeat packet only 2 bytes.
3. the Internet of Things means of communication according to claim 1, it is characterised in that:Using distributed structure/architecture, taken with etcd
Business finds that nats does message queue.
4. the Internet of Things means of communication according to claim 1, it is characterised in that:Specifically include following steps:First, log in;
2nd, symmetric key and TCP access addresses are obtained;3rd, access TCP server and verify;4th, TCP connections are maintained to be received with sending
Message.
5. the Internet of Things means of communication according to claim 4, it is characterised in that:The step one includes:It is close by account number
Code logs in HTTPS servers, and concrete mode is two steps:The first step sends GET request to HTTPS servers, and parameter is account number, clothes
Business device records and returns to a random number, second step POST submission forms, and it is account number to have userID fields, and pwd fields are random
The cryptographic Hash of number, account number and password, server reads random number from record, and password is read from database, carries out identical calculations
Checking is logged in afterwards.
6. the Internet of Things means of communication according to claim 4, it is characterised in that:The step 2 includes:After login authentication,
HTTPS server lookup TCP server lists, randomly select one, and generate AES key, token, return to client, and
The TCP server chosen is sent to client-side information by message queue;TCP server list generating mode is:Pass through
Etcd service discoveries, after each TCP server starts, can all be registered, HTTPS servers can receive list in real time to etcd
Update, if having TCP server failure or obtaining heartbeat packet time-out, be removed from the list the address;Message queue is used
NATS, each TCP server generates the random name of oneself after starting and registered to etcd, then subscribes to oneself title to NATS
Theme, HTTPS servers learn the title of each TCP server by etcd, thus realize the biography of distribution subscription message
It is defeated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710167462.6A CN107070998B (en) | 2017-03-20 | 2017-03-20 | A kind of safe Internet of Things communications protocol and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710167462.6A CN107070998B (en) | 2017-03-20 | 2017-03-20 | A kind of safe Internet of Things communications protocol and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107070998A true CN107070998A (en) | 2017-08-18 |
| CN107070998B CN107070998B (en) | 2019-11-29 |
Family
ID=59620209
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710167462.6A Expired - Fee Related CN107070998B (en) | 2017-03-20 | 2017-03-20 | A kind of safe Internet of Things communications protocol and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107070998B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108830994A (en) * | 2018-06-23 | 2018-11-16 | 辽宁工程技术大学 | A kind of high security hotel check-in system based on cloud commercial affairs block chain |
| CN109802928A (en) * | 2017-11-17 | 2019-05-24 | 中兴通讯股份有限公司 | A kind of SSL/TLS Proxy Method, device, equipment and storage medium |
| CN110336807A (en) * | 2019-06-28 | 2019-10-15 | 苏州浪潮智能科技有限公司 | A kind of identity identifying method based on Web service, equipment and storage medium |
| CN110730063A (en) * | 2018-07-16 | 2020-01-24 | 中国电信股份有限公司 | Security verification method and system, Internet of things platform, terminal and readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080104390A1 (en) * | 2001-02-12 | 2008-05-01 | Vanheyningen Marc D | Method & Apparatus for Providing Secure Streaming Data Transmission Facilities Using Unreliable Protocols |
| CN102546175A (en) * | 2011-03-18 | 2012-07-04 | 贾松仁 | Anti-counterfeiting device and anti-counterfeiting method |
| CN103220257A (en) * | 2012-01-19 | 2013-07-24 | 中国石油天然气集团公司 | Communication method of computer, network host and communication system |
| CN106411893A (en) * | 2016-09-30 | 2017-02-15 | 成都知道创宇信息技术有限公司 | Hypertext transfer protocol secure (HTTPS) service deployment method |
| CN106453269A (en) * | 2016-09-21 | 2017-02-22 | 东软集团股份有限公司 | Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system |
-
2017
- 2017-03-20 CN CN201710167462.6A patent/CN107070998B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080104390A1 (en) * | 2001-02-12 | 2008-05-01 | Vanheyningen Marc D | Method & Apparatus for Providing Secure Streaming Data Transmission Facilities Using Unreliable Protocols |
| CN102546175A (en) * | 2011-03-18 | 2012-07-04 | 贾松仁 | Anti-counterfeiting device and anti-counterfeiting method |
| CN103220257A (en) * | 2012-01-19 | 2013-07-24 | 中国石油天然气集团公司 | Communication method of computer, network host and communication system |
| CN106453269A (en) * | 2016-09-21 | 2017-02-22 | 东软集团股份有限公司 | Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system |
| CN106411893A (en) * | 2016-09-30 | 2017-02-15 | 成都知道创宇信息技术有限公司 | Hypertext transfer protocol secure (HTTPS) service deployment method |
Non-Patent Citations (1)
| Title |
|---|
| ZRJ_SOFTWARE: "WebApi接口安全认证--HTTP之摘要认证", 《HTTPS://ZRJ-SOFTWARE.ITEYE.COM/BLOG/2163487》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109802928A (en) * | 2017-11-17 | 2019-05-24 | 中兴通讯股份有限公司 | A kind of SSL/TLS Proxy Method, device, equipment and storage medium |
| CN109802928B (en) * | 2017-11-17 | 2021-09-17 | 中兴通讯股份有限公司 | SSL/TLS proxy method, device, equipment and storage medium |
| CN108830994A (en) * | 2018-06-23 | 2018-11-16 | 辽宁工程技术大学 | A kind of high security hotel check-in system based on cloud commercial affairs block chain |
| CN110730063A (en) * | 2018-07-16 | 2020-01-24 | 中国电信股份有限公司 | Security verification method and system, Internet of things platform, terminal and readable storage medium |
| CN110730063B (en) * | 2018-07-16 | 2022-11-11 | 中国电信股份有限公司 | Security verification method and system, internet of things platform, terminal and readable storage medium |
| CN110336807A (en) * | 2019-06-28 | 2019-10-15 | 苏州浪潮智能科技有限公司 | A kind of identity identifying method based on Web service, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107070998B (en) | 2019-11-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102347870B (en) | A kind of flow rate security detection method, equipment and system | |
| Garman et al. | Dancing on the lip of the volcano: Chosen ciphertext attacks on apple {iMessage} | |
| WO2019036019A1 (en) | Systems and methods for implementing data communications with security tokens | |
| CN109088870A (en) | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform | |
| CN107070998A (en) | A kind of safe Internet of Things communications protocol and method | |
| WO2019178942A1 (en) | Method and system for performing ssl handshake | |
| WO2011076008A1 (en) | System and method for transmitting files between wapi teminal and application sever | |
| CN112637136A (en) | Encrypted communication method and system | |
| CN101558599A (en) | Client device, mail system, program, and recording medium | |
| CN113489586B (en) | VPN network system compatible with quantum key negotiation | |
| CN112422560A (en) | Lightweight substation secure communication method and system based on secure socket layer | |
| Kivinen | Minimal internet key exchange version 2 (ikev2) initiator implementation | |
| CN113572766A (en) | Power data transmission method and system | |
| KR101448866B1 (en) | Security apparatus for decrypting data encrypted according to the web security protocol and operating method thereof | |
| CN110417804B (en) | Bidirectional identity authentication encryption communication method and system suitable for single-chip microcomputer implementation | |
| CN112583807A (en) | Verification method, verification device, electronic equipment and storage medium | |
| CN110351086B (en) | Method and system for processing and transmitting encrypted information in robot group | |
| Pattaranantakul et al. | Efficient key management protocol for secure RTMP video streaming toward trusted quantum network | |
| CN115459913A (en) | Quantum key cloud platform-based link transparent encryption method and system | |
| CN113746807A (en) | Block chain node point support cryptographic algorithm communication detection method | |
| CN114614984A (en) | Time-sensitive network secure communication method based on state cryptographic algorithm | |
| CN114386020A (en) | Quick secondary identity authentication method and system based on quantum security | |
| FI113924B (en) | Procedure, arrangement and apparatus for demonstrating the authenticity of data traffic | |
| CN114826748A (en) | Audio and video stream data encryption method and device based on RTP, UDP and IP protocols | |
| CN113810422A (en) | Emqx browser architecture-based secure connection method for data of internet of things platform device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20191129 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |