CN107070998B - A kind of safe Internet of Things communications protocol and method - Google Patents
A kind of safe Internet of Things communications protocol and method Download PDFInfo
- Publication number
- CN107070998B CN107070998B CN201710167462.6A CN201710167462A CN107070998B CN 107070998 B CN107070998 B CN 107070998B CN 201710167462 A CN201710167462 A CN 201710167462A CN 107070998 B CN107070998 B CN 107070998B
- Authority
- CN
- China
- Prior art keywords
- server
- tcp
- internet
- https
- etcd
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/142—Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The problems such as communication security, heartbeat packet be excessive, data field encryption is not flexible, the communications protocol and method of a safety are proposed for current Internet of Things.This method logs in by dynamic random number Hash verification mode and safely negotiates symmetric key and TCP access address, and agreement can be used flexibly selectively to data field encryption, and the heartbeat packet of agreement only 2 byte.Process provides a kind of safe Internet of Things communications protocol and method, can easily be applied to Internet of Things distributed structure/architecture, message push system etc..
Description
Technical field
The present invention relates to communication fields, and in particular to is applied to the field of Internet of Things communication, mobile terminal message communicating.
Background technique
The method of the present invention is related to the contents such as HTTPS, TCP, symmetric cryptography and protocol analysis.It is logged in and is obtained by HTTPS
Symmetric key, token and TCP server address, then connect TCP server, are verified by custom protocol, finally opened
The process of the message communication of beginning encryption.
A kind of platform of internet of things communication protocols for thering is CN103747004A Fan Jian et al. to propose with the most similar method of the present invention
The implementation method of view includes the following steps: design platform communication protocol enumeration type;Set Platform communication protocol contents;Sequence
Change Platform communication agreement;Protocol analysis.It solves that platform of internet of things transmitted data amount is big, establishes one's own system, is difficult to be compatible with other
System and it is difficult to the defects of extending.But have in terms of security performance to be hoisted.
Summary of the invention
Current Internet of Things communications protocol is usually to be packaged after message sequence with protocol header, is then sent directly to network
In.This mode results in the dangerous of communication, and the data of transmission should be re-fed into internet after the coding of safety.And
The method of the present invention overcomes this disadvantage, is logged in by HTTPS and obtains symmetric key, token and TCP server address, then connected
TCP server is verified by custom protocol, finally starts the process of the message communication of encryption, and providing a kind of safety can
The communication protocol leaned on.
Fig. 1 is the flow diagram of the protocol realization.It is main include log in HTTPS server, obtain AES key and token,
TCP server is logged in, connection is maintained and transmits and receives four steps of data packet.
Existing Internet of Things protocol safety is guaranteed by TLS, this makes each heartbeat packet, does not need encryption
Message etc. all must operation encryption and decryption, can not neatly selective encryption, therefore server has very big calculating pressure, and
After heartbeat packet encryption, several crossed joints have been reformed into, and heartbeat packet exactly occupies most flows of entire communication system, this
It will lead to flow and turn over several times of even tens times, very waste bandwidth.Present invention employs the login authentication modes of great safety
It to exchange AES key and token, and is communicated using easy binary protocol, heartbeat packet only 2 byte, so that TCP flow amount is big
It is big to reduce, and encryption data field can be neatly selected, there is the equally high level safety of TLS.In addition, the present invention is non-
Often it is suitable for distributed structure/architecture.
Detailed description of the invention
Fig. 1 flow diagram;
Fig. 2 TCP access verifying flow chart;
Fig. 3 aggregated structure figure;
Fig. 4 logical architecture figure.
Specific embodiment
Present invention will now be described in further detail with reference to the embodiments and the accompanying drawings
One, it logs in
HTTPS server is logged in by account number cipher first, concrete mode is two steps: the first step is sent out to HTTPS server
GET request is sent, parameter is account number, and server records and return a random number, and second step POST submission form has userID word
Section is account number, and pwd field is (random number+account number+password cryptographic Hash) cryptographic Hash, and server is read at random from record
Number reads password from database, verifies login after carrying out identical calculations.
Two, symmetric key and TCP access address are obtained
After login authentication, HTTPS server inquire TCP server list, randomly select one, and generate AES key,
Token returns to client, and client-side information (account number, token, AES key etc.) is sent to and is chosen by message queue
TCP server.TCP server list generating mode are as follows: by etcd service discovery, after each TCP server starting, all can
It is registered to etcd, HTTPS server can receive list update in real time, if having TCP server failure or obtaining heartbeat packet
Time-out is then removed from the list the address.Message queue uses NATS, generates the random of oneself after each TCP server starting
Name is simultaneously registered to etcd, the theme of oneself title is then subscribed to NATS, HTTPS server learns each TCP by etcd
Thus the title of server realizes the transmission of distribution subscription message.
Three, it accesses TCP server and verifies
Specific verification mode are as follows: the 0th byte is 0x31 (fixed, to indicate access verifying), is next the data after sequence
Data={ UID, Cipher }, wherein Cipher=Base64&AES (Token), UID are account number.Then connect one ' n ' line feed
Symbol.And then send a ping heartbeat packet: 0x3F+ ' n '.Server parsing take out data, and in second step from message team
It arranges the account number relevant information subscribed to similarly to be calculated, verifies Cipher, if being proved to be successful, then server returns to pong
Heartbeat packet 0x3E+ ' n ', otherwise disconnect.Specific operation process is as shown in Figure 2.
Four, it maintains TCP connection and sends and receives messages
It maintains connection: needing to regularly send ping heartbeat packet after being proved to be successful to need after telling other side, other side to receive
Pong heartbeat packet is responded immediately to, is disconnected if not receiving reply more than certain number.Each received message packet length
It will be recorded, be used to dynamic adjustment and receive buffer area, be such as the data packet of very little, then each buffer area can all halve, directly
To 32 byte of minimum value, 4096 byte of maximum value on the contrary.
The each data packet received can be resolved, and be disconnected if parsing wrong (such as order mistake etc.).It sends
It is as follows with received data packet:
Server send: 0x32+Base64&AES& serialize (message)+' n ', client end response: 0x32+Base64&
AES& serialize (response receives)+' n '.
Client send: 0x33+Base64&AES& serialize (message)+' n ', server response: 0x33+Base64&
AES& serialize (response results)+' n '.
System that the present invention is described in further detail can be as shown in Figure 3.
One, design agreement order and field, connectivity verification send and receive messages, heartbeat packet etc..
Two, mode is serialized using protobuf.
Three, using MD5 hash algorithm.
Four, HTTPS server is write using go language.
Five, TCP server is write using go language.
Six, deployment and starting etcd service discovery and nats message queue.
Seven, postgresql database, redis caching are disposed.
Eight, Android client app is write.
Nine, gateway client is write, is put on orange pi lite and runs.
Ten, it is logged in using app, sends message, can be received in gateway.
Concrete implementation technology and method, as shown in Figure 4.
Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited to above-mentioned
Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow
Ring substantive content of the invention.
Claims (3)
1. a kind of safe Internet of Things means of communication, it is characterised in that: combined using dynamic random number Hash coding and HTTPS
Mode carries out login authentication and obtains AES key, then carries out selective encryption by key pair TCP data packet respective field;
The method specifically includes the following steps: one, log in;Two, symmetric key and TCP access address are obtained;Three, it accesses
TCP server is simultaneously verified;Four, it maintains TCP connection and sends and receives messages;
Step 1 includes: to log in HTTPS server by account number cipher, and concrete mode is two steps: the first step is to HTTPS server
GET request is sent, parameter is account number, and server records and return a random number, and second step POST submission form has userID
Field is account number, and pwd field is random number, the cryptographic Hash of account number and password, and server reads random number from record, from data
Password is read in library, verifies login after carrying out identical calculations;
After step 2 includes: login authentication, HTTPS server inquires TCP server list, randomly selects one, and generate AES
Key, token return to client, and client-side information are sent to the TCP server chosen by message queue;TCP clothes
Business device list generating mode are as follows: by etcd service discovery, after each TCP server starting, can all be registered to etcd, HTTPS
Server can receive list update in real time, if having TCP server failure or obtaining heartbeat packet time-out, delete from list
Except the address;Message queue uses NATS, generates the random name of oneself after each TCP server starting and registers to etcd,
Then the theme of oneself title is subscribed to NATS, HTTPS server learns the title of each TCP server by etcd, thus
To realize the transmission of distribution subscription message.
2. the Internet of Things means of communication according to claim 1, it is characterised in that: heartbeat packet only 2 byte.
3. the Internet of Things means of communication according to claim 1, it is characterised in that: use distributed structure/architecture, taken with etcd
Business discovery, nats do message queue.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710167462.6A CN107070998B (en) | 2017-03-20 | 2017-03-20 | A kind of safe Internet of Things communications protocol and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710167462.6A CN107070998B (en) | 2017-03-20 | 2017-03-20 | A kind of safe Internet of Things communications protocol and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107070998A CN107070998A (en) | 2017-08-18 |
| CN107070998B true CN107070998B (en) | 2019-11-29 |
Family
ID=59620209
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710167462.6A Expired - Fee Related CN107070998B (en) | 2017-03-20 | 2017-03-20 | A kind of safe Internet of Things communications protocol and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107070998B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109802928B (en) * | 2017-11-17 | 2021-09-17 | 中兴通讯股份有限公司 | SSL/TLS proxy method, device, equipment and storage medium |
| CN108830994A (en) * | 2018-06-23 | 2018-11-16 | 辽宁工程技术大学 | A kind of high security hotel check-in system based on cloud commercial affairs block chain |
| CN110730063B (en) * | 2018-07-16 | 2022-11-11 | 中国电信股份有限公司 | Security verification method and system, internet of things platform, terminal and readable storage medium |
| CN110336807A (en) * | 2019-06-28 | 2019-10-15 | 苏州浪潮智能科技有限公司 | A kind of identity identifying method based on Web service, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546175A (en) * | 2011-03-18 | 2012-07-04 | 贾松仁 | Anti-counterfeiting device and anti-counterfeiting method |
| CN103220257A (en) * | 2012-01-19 | 2013-07-24 | 中国石油天然气集团公司 | Communication method of computer, network host and communication system |
| CN106411893A (en) * | 2016-09-30 | 2017-02-15 | 成都知道创宇信息技术有限公司 | Hypertext transfer protocol secure (HTTPS) service deployment method |
| CN106453269A (en) * | 2016-09-21 | 2017-02-22 | 东软集团股份有限公司 | Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7360075B2 (en) * | 2001-02-12 | 2008-04-15 | Aventail Corporation, A Wholly Owned Subsidiary Of Sonicwall, Inc. | Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols |
-
2017
- 2017-03-20 CN CN201710167462.6A patent/CN107070998B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546175A (en) * | 2011-03-18 | 2012-07-04 | 贾松仁 | Anti-counterfeiting device and anti-counterfeiting method |
| CN103220257A (en) * | 2012-01-19 | 2013-07-24 | 中国石油天然气集团公司 | Communication method of computer, network host and communication system |
| CN106453269A (en) * | 2016-09-21 | 2017-02-22 | 东软集团股份有限公司 | Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system |
| CN106411893A (en) * | 2016-09-30 | 2017-02-15 | 成都知道创宇信息技术有限公司 | Hypertext transfer protocol secure (HTTPS) service deployment method |
Non-Patent Citations (1)
| Title |
|---|
| WebApi接口安全认证--HTTP之摘要认证;zrj_software;《https://zrj-software.iteye.com/blog/2163487》;20141205;第1-6页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107070998A (en) | 2017-08-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107070998B (en) | A kind of safe Internet of Things communications protocol and method | |
| US20230421394A1 (en) | Secure authentication of remote equipment | |
| CN106850191B (en) | Encryption and decryption method and device for communication protocol of distributed storage system | |
| CN105208024B (en) | Without using the data safe transmission method and system of HTTPS, client and server-side | |
| WO2019178942A1 (en) | Method and system for performing ssl handshake | |
| CN103503408A (en) | System and method for providing access credentials | |
| CA2662166A1 (en) | Method and system for establishing real-time authenticated and secured communications channels in a public network | |
| CN107181770A (en) | Method of data synchronization and system | |
| CN112422560A (en) | Lightweight substation secure communication method and system based on secure socket layer | |
| CN111541776A (en) | Safe communication device and system based on Internet of things equipment | |
| EP3614292A1 (en) | File transfer system comprising an upload, storage and download device | |
| CN107294913A (en) | Safety communicating method, service end and client based on HTTP | |
| CN109995739A (en) | A kind of information transferring method, client, server and storage medium | |
| CN113507358A (en) | Communication system, authentication method, electronic device, and storage medium | |
| KR20240112239A (en) | Method, apparatus and system for connecting VPN secured session based on quantum technology | |
| CN108650096A (en) | A kind of industrial field bus control system | |
| CN108616350A (en) | A kind of HTTP-Digest class AKA identity authorization systems and method based on pool of symmetric keys | |
| CN117858035A (en) | Data processing method, device, computer equipment and medium for remote assistance | |
| CN110351086B (en) | Method and system for processing and transmitting encrypted information in robot group | |
| CN116112458B (en) | Communication method, device, equipment and storage medium | |
| CN106375177A (en) | Message transmission method and apparatus | |
| Pattaranantakul et al. | Efficient key management protocol for secure RTMP video streaming toward trusted quantum network | |
| CN110417804A (en) | A kind of bidirectional identity authentication encryption communication method and system suitable for chip microcontroller | |
| CN116095033A (en) | Social communication method, device, equipment and storage medium | |
| CN108989486A (en) | A kind of communication means and communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20191129 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |