CN107276751A - A kind of Internet of Things data filter method and system based on filtering gateway - Google Patents
A kind of Internet of Things data filter method and system based on filtering gateway Download PDFInfo
- Publication number
- CN107276751A CN107276751A CN201710473278.4A CN201710473278A CN107276751A CN 107276751 A CN107276751 A CN 107276751A CN 201710473278 A CN201710473278 A CN 201710473278A CN 107276751 A CN107276751 A CN 107276751A
- Authority
- CN
- China
- Prior art keywords
- terminal device
- access node
- sent
- data
- filtering gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention discloses a kind of Internet of Things data filter method based on filtering gateway and system, and this method includes:Terminal device sends authorization requests by access node to filtering gateway;Authorization requests are sent to convergence unit by filtering gateway, and the response message for converging unit return is sent into access node;Response message is sent to terminal device by access node;Terminal device gathered data when reaching acquisition time, and be foundation with device id number, signed based on signature generating algorithm generation encrypted signature information with the data to collection, to obtain data message and be sent to access node;Access node is by data message forwarding to filtering gateway;Filtering gateway is foundation with device id number, and signature verification information is generated based on built-in signature generating algorithm, to verify whether the signature of data message is correct, if correctly, convergence unit is given by data message forwarding;For filtering the data message that unauthorized terminal device is sent, the security of data transfer is improved.
Description
Technical field
The present invention relates to internet of things field, and in particular to a kind of Internet of Things data filter method based on filtering gateway
And system.
Background technology
By the device class of each node under environment of internet of things, include respectively:Terminal device, access node and money order
Member, wherein, filtering gateway is also included under some application environments, terminal device can be dew cell, illuminating lamp, condition monitoring
Device, baking box etc..The data of terminal device collection are sent to access node by wireless network, and access node is sent out by internet
Convergence unit is given, convergence unit completes data analysis, terminal device monitoring etc..Because data are transmitted in multiple links, hold
Data leak is easily caused, attacker can also pretend authorization terminal equipment easily and carry out data transmission, and cause Internet of Things data to pass
Defeated potential safety hazard.
The content of the invention
The embodiment of the invention discloses a kind of Internet of Things data filter method based on filtering gateway and system, for solving
The potential safety hazard of existing data transmission of internet of things, to improve the security of data transfer.
First aspect present invention discloses a kind of Internet of Things data filter method based on filtering gateway, it may include:
Terminal device sends authorization requests by access node to filtering gateway, and the authorization requests carry the terminal and set
Standby equipment identities mark (Identity, abbreviation ID) number, device type and Internet protocol address (Internet
Protocol, abbreviation IP);
The authorization requests are sent to the convergence unit by the filtering gateway, and receive the convergence unit return
Be used for authorize the terminal device response message and be sent to the access node, the response message include the signature
Generating algorithm and acquisition time;
The response message is sent to the terminal device by the access node;
Terminal device gathered data when reaching the acquisition time, obtains the device id of the terminal device
Number, it is foundation with the device id number, based on the signature generating algorithm generation encrypted signature information, and is added according to the signature
Confidential information is signed to the data of collection, to obtain data message, and the data message is sent into access node, described
Data message carries the device id number;
The data message forwarding is given the filtering gateway by the access node;
The filtering gateway obtains the device id number from the data message, is foundation, base with the device id number
Signature verification information is generated in the built-in signature generating algorithm;
Whether the signature of filtering gateway data message according to the signature verification Information Authentication is correct;
The filtering gateway converges the data message forwarding to described when the signature for verifying the data message is correct
Poly- unit.
As an alternative embodiment, in first aspect present invention, the filtering gateway is by the authorization requests
The convergence unit is sent to, and receives the response message for authorizing the terminal device of the convergence unit return simultaneously
The access node is sent to, including:
The authorization requests are sent to the convergence unit by the filtering gateway, and receive the convergence unit true
When the device type that the fixed authorization requests are carried belongs to its device type interested, being used for of returning authorize the terminal to set
Standby response message, and the response message is sent to the access node.
As an alternative embodiment, in first aspect present invention, the access node is by the response message
Being sent to the terminal device includes:
The access node is by the signature generating algorithm of the response message and the acquisition time, and write-in is described
Terminal device.
As an alternative embodiment, in first aspect present invention, it is characterised in that the access node is by institute
State data message forwarding includes to the filtering gateway:
The access node determines the thing for sending the data message by frequency-hopping mode from object transmission frequency range
Manage the frequency domain position of resource block;
The access node it is determined that Physical Resource Block frequency domain position corresponding to running time-frequency resource on, to the filtering
Gateway sends the data message.
As an alternative embodiment, in first aspect present invention, the response message also includes the collection
Time point corresponding working condition, terminal device gathered data when reaching the acquisition time, including:
The terminal device monitors the system time of the terminal device in real time, and institute is reached monitoring the system time
When stating acquisition time, the working condition of the terminal device is switched into the acquisition time corresponding working condition, and
Gathered data.
Second aspect of the present invention discloses a kind of Internet of Things data filtration system based on filtering gateway, it may include:
Terminal device, for sending authorization requests to filtering gateway by access node, the authorization requests carry described
Equipment identities mark ID, device type and the Internet protocol address IP of terminal device;
The filtering gateway, for the authorization requests to be sent into the convergence unit, and receives the money order
What member was returned is used to authorize the response message of the terminal device and is sent to the access node, and the response message includes institute
State signature generating algorithm and acquisition time;
The access node, for the response message to be sent into the terminal device;
The terminal device is additionally operable to the gathered data when reaching the acquisition time, obtains setting for the terminal device
It is standby No. ID, it is foundation with the device id number, based on the signature generating algorithm generation encrypted signature information, and according to the label
Name encryption information is signed to the data of collection, to obtain data message, and the data message is sent into access node,
The data message carries the device id number;
The access node is additionally operable to the data message forwarding to the filtering gateway;
The filtering gateway is additionally operable to from the data message obtain the device id number, with the device id number be according to
According to based on built-in signature generating algorithm generation signature verification information;
Whether the signature that the filtering gateway is additionally operable to the data message according to the signature verification Information Authentication is correct;
The filtering gateway is additionally operable to, when the signature for verifying the data message is correct, the data message forwarding be given
The convergence unit.
As an alternative embodiment, in second aspect of the present invention, the filtering gateway is used to authorize described
Request is sent to the convergence unit, and being used for of receiving that the convergence unit returns authorizes the response of the terminal device to disappear
The mode for ceasing and being sent to the access node is specially:
The filtering gateway is used to the authorization requests being sent to the convergence unit, and receives the convergence unit
When it is determined that the device type that the authorization requests are carried belongs to its device type interested, being used for of returning authorize the end
The response message of end equipment, and the response message is sent to the access node.
As an alternative embodiment, in second aspect of the present invention, the access node is used for the response
The mode that message is sent to the terminal device is specially:
The access node was used for the signature generating algorithm of the response message and the acquisition time, write-in
The terminal device.
As an alternative embodiment, in second aspect of the present invention, the access node is additionally operable to the number
The mode for being transmitted to the filtering gateway according to message is specially:
The access node is additionally operable to determine to be used to send the datagram from object transmission frequency range by frequency-hopping mode
Text Physical Resource Block frequency domain position, it is determined that Physical Resource Block frequency domain position corresponding to running time-frequency resource on, to institute
State filtering gateway and send the data message.
As an alternative embodiment, in second aspect of the present invention, the response message also includes the collection
Time point corresponding working condition, the mode that the terminal device is additionally operable to the gathered data when reaching the acquisition time has
Body is:
The terminal device is additionally operable to monitor the system time of the terminal device in real time, is monitoring the system time
When reaching the acquisition time, the working condition of the terminal device is switched into the acquisition time corresponding work shape
State, and gathered data.
Compared with prior art, the embodiment of the present invention has the advantages that:
In embodiments of the present invention, terminal device sends authorization requests by access node, filtering gateway to convergence unit,
The authorization requests Portable device ID, device type and IP address;When converging the unit mandate terminal device, responded returning
Message, the response message includes signature generating algorithm and acquisition time.Terminal device is gathered when reaching the acquisition time
Data, obtain device id number, are foundation with the device id number, then right based on signature generating algorithm generation encrypted signature information
The data of collection are signed, and obtain data message, and the data message is sent into access node.Access node is being received
After data message, by data message forwarding to filtering gateway, filtering gateway obtains device id number from data message, with the equipment
No. ID is foundation, generates signature verification information based on the signature generating algorithm being built in filtering gateway, is tested according to the signature
Whether the signature demonstrate,proved in Information Authentication data message is correct, if correctly, data message is sent into convergence unit.It can see
Go out, implement the embodiment of the present invention, filtering gateway can carry out signature verification to the data message that terminal device is sent one step ahead, with
The data message that unauthorized terminal device is sent is filtered, to improve the security of data transfer;Further, convergence can also be mitigated
The processing load of unit.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, below by using required in embodiment
Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for ability
For the those of ordinary skill of domain, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other attached
Figure.
Fig. 1 is Internet of Things framework schematic diagram disclosed in some embodiments of the invention;
Fig. 2 is the schematic flow sheet of the Internet of Things data filter method based on filtering gateway disclosed in the embodiment of the present invention;
Fig. 3 is another flow signal of the Internet of Things data filter method based on filtering gateway disclosed in the embodiment of the present invention
Figure;
Fig. 4 is the structural representation of the Internet of Things data filtration system based on filtering gateway disclosed in the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on this
Embodiment in invention, the every other reality that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example is applied, the scope of protection of the invention is belonged to.
It should be noted that the term " comprising " and " having " of the embodiment of the present invention and their any deformation, it is intended that
Be to cover it is non-exclusive include, for example, containing process, method, system, product or the equipment of series of steps or unit not
Be necessarily limited to those steps or the unit clearly listed, but may include not list clearly or for these processes, side
The intrinsic other steps of method, product or equipment or unit.
It is unauthorized for filtering the embodiment of the invention discloses a kind of Internet of Things data filter method based on filtering gateway
The data message that terminal device is sent, to improve the security of data transfer;Further, the processing of convergence unit can also be mitigated
Burden.The embodiment of the present invention also accordingly discloses a kind of Internet of Things data filtration system based on filtering gateway.
Before technical solution of the present invention is introduced, Internet of Things framework disclosed in some embodiments of the invention is simply first introduced,
Fig. 1 is Internet of Things framework schematic diagram disclosed in some embodiments of the invention, it is necessary to which explanation, Fig. 1 is only some realities of the invention
Apply Internet of Things framework schematic diagram disclosed in example, it is other obtained schematic diagram is optimized or deformed on the basis of Fig. 1 to belong to
Protection scope of the present invention, no longer illustrates one by one herein.Internet of Things framework shown in Fig. 1, which is divided by function, can include terminal
Mechanical floor, access node layer and three layers of convergence-level.Wherein, terminal device layer can include the terminal device of magnanimity scale,
Such as hygrometer, smoke detector, ventilation equipment, rain sensor, irrigation valve etc.;Access node layer can include network connection
Substantial amounts of access node, access node can include the equipment such as router, repeater, access point, and the embodiment of the present invention is not limited
It is fixed;Access node can use the Networking protocol of any standard, and access node can be real between different network formats
Existing data parsing;Convergence-level can include filtering gateway and convergence unit, wherein, filtering gateway can pass through internet and forwarding
Each forward node of node layer directly or indirectly communicates connection (being not entirely shown in figure);Converging unit can be by filtering
Gateway to forward node layer each forward node carry out top management so that realize data transmission frequencies, network topology and
The control of other networking functions;Convergence unit not only can be analyzed and be determined to the Internet of Things data that magnanimity terminal equipment is produced
Plan, information or configurating terminal device parameter can also be obtained by sending instructions, and (now the transmission of data is pointed to terminal and set
It is standby);Convergence unit may be incorporated into miscellaneous service, from big data to social networks, even from social tool " thumb up " to weather
Share.In the Internet of Things framework shown in Fig. 1, each forward node can be in its own wireless network coverage
Magnanimity terminal equipment provides Internet of Things data transmitting-receiving service, wherein, in each forward node own wireless network coverage
Each terminal device can be built-in with wireless communication module, this allows each forward node to pass through wireless network communication
Mode is communicated wirelessly with each terminal device in own wireless network coverage.In the Internet of Things rack shown in Fig. 1
In structure, the wireless communication module built in terminal device can input frequency 470MHz, lower frequency 510MHz in production, this
Communication frequency band can be defined as 470MHz~510MHz by sample wireless communication module automatically, to meet the rule of Chinese SRRC standards
It is fixed;Or, frequency 868MHz can also be inputted, lower frequency 908MHz, such wireless communication module can be automatically by communication frequency
Section is defined as 868MHz~908MHz, to meet the regulation of European etsi standard;Or, frequency 918MHz can be inputted, under
Communication frequency band can be defined as 918MHz~928MHz by frequency 928MHz, such wireless communication module automatically, to meet the U.S.
The regulation of FCC standards;Or, the communication frequency band of wireless communication module can also be defined as meeting Japanese ARIB standards or Canada
The regulation of IC standards, the embodiment of the present invention is not construed as limiting.In the Internet of Things framework shown in Fig. 1, terminal device can be using frequency
Divide multiplexing (Frequency Division Multiple Access, FDMA), frequency hopping (Frequency-Hopping Spread
Spectrum, FHSS), dynamic Time Division multiplexing (Dynamic Time Division Multiple Access, DTDMA), keep out of the way
Multiplexing (CSMA) method that is combined solves interference problem.
Based on the Internet of Things framework shown in Fig. 1, below in conjunction with specific embodiment, technical solution of the present invention is carried out detailed
Explanation.
Referring to Fig. 2, Fig. 2 is the stream of the Internet of Things data filter method based on filtering gateway disclosed in the embodiment of the present invention
Journey schematic diagram;As shown in Fig. 2 a kind of Internet of Things data filter method based on filtering gateway may include:
201st, terminal device sends authorization requests, the authorization requests carried terminal equipment by access node to filtering gateway
Device id number, device type and IP address.
Wherein, terminal device when opening and accessing wireless network or after restarting or in authorized content first
(including after the following signature generating algorithm term of validity is reached), terminal device can send authorization requests to convergence unit, to obtain
It must authorize.
As an alternative embodiment, access node real-time sense in its wireless network coverage, is being intercepted
To during new terminal device access, trigger the terminal device and send authorization requests.
Further, access node real-time broadcast in its wireless network coverage intercepts message, and its wireless network covers
Terminal device in the range of lid receive intercept message when, message is intercepted to this and responded, to send response message, the sound
Message Portable device type, device id number and IP address etc. are answered, access node is after response message is received, according to device id number
Or IP address etc. determines there is new terminal device access.By the embodiment, terminal device can be realized in access network
When send authorization requests.
202nd, authorization requests are sent to convergence unit by filtering gateway, and receive convergence unit return be used for authorize
The response message of terminal device is simultaneously sent to access node, and response message includes signature generating algorithm and acquisition time.
As an alternative embodiment, authorization requests are sent to convergence unit by the filtering gateway, and reception should
Convergence unit return for authorization terminal equipment response message and be sent to access node, including:
Authorization requests are sent to convergence unit by the filtering gateway, and receive convergence unit it is determined that authorization requests are carried
Device type when belonging to its device type interested, the response message for authorization terminal equipment that returns, and will respond
Message is sent to access node.
Specifically, convergence unit extracts the equipment class of the terminal device when receiving authorization requests from authorization requests
Type, whether be oneself interested device type, if during oneself device type interested, entering one if judging the device type
Step confirms to its device id number and ID addresses, after confirming successfully, returns to response message.In this embodiment, converge
Unit can be configured for its terminal device interested, be generated with providing signature when these equipment are used to transmit data
Algorithm, improves the security of data transfer.
203rd, response message is sent to terminal device by access node.
As an alternative embodiment, access node by response message after terminal device is sent to, monitoring in real time
The term of validity of signature generating algorithm in response message, when the term of validity for generating algorithm of signing is reached, will notify terminal device,
Authorization requests are sent to convergence unit with triggering terminal equipment again, to obtain sub-authorization again.By the embodiment, realize
After generating algorithm of the signing term of validity is reached, triggering terminal equipment is gone to obtain and authorized again.
Specifically included as an alternative embodiment, response message is sent to terminal device by access node:Access
Node obtains object transmission frequency range, it is then determined that the running time-frequency resource corresponding to object transmission frequency range, to terminal on running time-frequency resource
Equipment sends the response message.In this embodiment, response message is sent to terminal device using time division way, can reduced
Interference, improves efficiency of transmission.
204th, terminal device gathered data when reaching acquisition time, obtains the device id number of terminal device, with equipment
No. ID is foundation, based on signature generating algorithm generation encrypted signature information, and the data of collection is entered according to encrypted signature information
Row signature, to obtain data message, and is sent to access node, data message Portable device ID by data message.
205th, access node by data message forwarding to filtering gateway.
As an alternative embodiment, access node specifically includes data message forwarding to filtering gateway:Access
Node determines the frequency domain position of the Physical Resource Block for sending datagram by frequency-hopping mode from object transmission frequency range;Should
Access node it is determined that Physical Resource Block frequency domain position corresponding to running time-frequency resource on, sent datagram to filtering gateway
Text.In this embodiment, when access node and filtering gateway communicate, using frequency division manner, interference can be reduced, transmission is improved
Efficiency.
206th, filtering gateway obtains device id number from data message, is foundation with device id number, based on built-in signature
Generating algorithm generates signature verification information.
As an alternative embodiment, before step 201 of the present invention is performed, convergence unit issues signature generation and calculated
Method is to filtering gateway, and filtering gateway receives signature generating algorithm and preserved.
207th, whether filtering gateway is correct according to the signature of signature verification Information Authentication data message.Wherein, in checking just
When really, step 208 is turned to;In authentication failed, then the data message is abandoned, terminate flow.
Wherein, if signature verification information is matched with the encrypted signature information signed for data message, checking is correct, if
Mismatch, then authentication failed.
208th, data message forwarding is given convergence unit by filtering gateway.
In embodiments of the present invention, terminal device sends authorization requests by access node, filtering gateway to convergence unit,
The authorization requests Portable device ID, device type and IP address;When converging the unit mandate terminal device, responded returning
Message, the response message includes signature generating algorithm and acquisition time.Terminal device is gathered when reaching the acquisition time
Data, obtain device id number, are foundation with the device id number, then right based on signature generating algorithm generation encrypted signature information
The data of collection are signed, and obtain data message, and the data message is sent into access node.Access node is being received
After data message, by data message forwarding to filtering gateway, filtering gateway obtains device id number from data message, with the equipment
No. ID is foundation, generates signature verification information based on the signature generating algorithm being built in filtering gateway, is tested according to the signature
Whether the signature demonstrate,proved in Information Authentication data message is correct, if correctly, data message is sent into convergence unit.It can see
Go out, implement the embodiment of the present invention, filtering gateway can carry out signature verification to the data message that terminal device is sent one step ahead, with
The data message that unauthorized terminal device is sent is filtered, to improve the security of data transfer;Further, convergence can also be mitigated
The processing load of unit.
Embodiment two
Referring to Fig. 3, Fig. 3 is the another of the Internet of Things data filter method based on filtering gateway disclosed in the embodiment of the present invention
One schematic flow sheet;As shown in figure 3, a kind of Internet of Things data filter method based on filtering gateway may include:
301st, terminal device sends authorization requests, the authorization requests carried terminal equipment by access node to filtering gateway
Device id number, device type and IP address.
Wherein, convergence unit (can be provided with the terminal for gathering significant data for its device type interested
The device type of equipment), it is necessary to strengthen the safety for the data that this kind of terminal device is sent.And then, in embodiments of the present invention, converge
Poly- unit can be directed to these terminal devices, set corresponding signature generating algorithm, and the signature generating algorithm uses device type
As the factor, encrypted signature information is generated.
As another optional embodiment, authorization requests can also carry positional information, and convergence unit is directed to it
Positional information (positional information that can be provided with the terminal device for gathering significant data) interested is, it is necessary to strengthen this kind of
The safety for the data that terminal device is sent.And then, in embodiments of the present invention, convergence unit can be directed to these terminal devices,
Corresponding signature generating algorithm is set, and the signature generating algorithm, as the factor, generates encrypted signature information using device type.
302nd, authorization requests are sent to convergence unit by filtering gateway, and being used for of receiving that convergence unit returns authorizes end
The response message of end equipment is simultaneously sent to access node, the response message include signature generating algorithm, acquisition time and this adopt
Collect time point corresponding working condition.
As an alternative embodiment, convergence unit can specify the acquisition time of gathered data to terminal device
Point, and acquisition time will send jointly to terminal device in the response message, when so as to terminal device it can be set to gather
Between point.
Further, working condition of the convergence unit also by designated terminal equipment in acquisition time gathered data, this
The working condition that inventive embodiments are provided can the working condition including terminal device can (terminal device be not including resting state
Be activated, and wireless network is also at closed mode), state of activation and close wireless network, state of activation and open wireless network
Network.Under normal circumstances, terminal device in a dormant state, can discharge wireless network resource, can also allow terminal device to obtain
Rest and reorganize, improve its service life, and in the dormant state, consumption of the terminal device to the energy content of battery is also smaller, so as to
Enough improve the endurance of battery.In embodiments of the present invention, can be by " state of activation and the closing wireless network of terminal device
Network " is set to working condition during gathered data.
As an alternative embodiment, filtering gateway is sent to after access node by response message, screen pack
The term of validity for the signature generating algorithm for monitoring the response message in real time is closed, when the term of validity of the signature generating algorithm is reached, to
Converge unit and send request message, to ask generating algorithm of effectively signing, and by the effective signature generating algorithm asked
It is sent to access node.
303rd, response message is sent to terminal device by access node.
Wherein, access node is receiving the signature generating algorithm that issues of convergence unit and after acquisition time, will signed
Generating algorithm writes the terminal device.
Disappear as an alternative embodiment, access node will also be broadcasted to intercept in its wireless network coverage
Breath, with real-time sense terminal device not online for a long time, with real-time update routing table.
304th, the system time of terminal device real-time monitoring terminal equipment, acquisition time is reached monitoring system time
When, the working condition of terminal device is switched into acquisition time corresponding working condition, and gathered data.
In embodiments of the present invention, terminal device switches to working condition when system time reaches acquisition time
Acquisition time corresponding working condition, starts gathered data, until having gathered data.Terminal device after data have been gathered,
Working condition is switched into resting state from acquisition time corresponding working condition, to be again introduced into rest and reorganization, release wireless network
Network resource.
305th, terminal device obtains the device id number of terminal device, is foundation with device id number, based on signature generating algorithm
Encrypted signature information is generated, and the data of collection are signed according to encrypted signature information, to obtain data message, and by number
Access node, data message Portable device ID are sent to according to message.
306th, access node by data message forwarding to filtering gateway.
307th, filtering gateway obtains device id number from data message, is foundation with device id number, based on built-in signature
Generating algorithm generates signature verification information.
As an alternative embodiment, data message also carries device type or positional information, filtering gateway
The device type or positional information are extracted from data message, device type or positional information matching money order is being determined
During member interested device type or positional information, device id number is further obtained, is foundation with device id number, based on built-in
Signature generating algorithm generation signature verification information, to signature verify.
308th, whether filtering gateway is correct according to the signature of signature verification Information Authentication data message.Wherein, in checking just
When really, step 308 is turned to;In authentication failed, then the data message is abandoned, terminate flow.
309th, data message forwarding is given convergence unit by filtering gateway.
In embodiments of the present invention, convergence unit designated terminal equipment is used for the signature generation calculation for generating encrypted signature information
Method, the acquisition time of gathered data and acquisition time corresponding working condition, terminal device are reached in acquisition time
When, it is switched to assigned work state and is operated, be then foundation with device id number, is added based on signature generating algorithm generation signature
The data collected are signed by confidential information, are obtained data message, are then reported to filtering gateway, filtering gateway is set with this
Standby No. ID is foundation, signature verification information is generated based on the signature generating algorithm being built in filtering gateway, according to the signature
Whether the signature in checking information checking data message is correct, if correctly, data message is sent into convergence unit.It can see
Go out, implement the embodiment of the present invention, filtering gateway can carry out signature verification to the data message that terminal device is sent one step ahead, with
The data message that unauthorized terminal device is sent is filtered, to improve the security of data transfer;Further, convergence can also be mitigated
The processing load of unit.
Embodiment three
Referring to Fig. 4, Fig. 4 is the knot of the Internet of Things data filtration system based on filtering gateway disclosed in the embodiment of the present invention
Structure schematic diagram;As shown in figure 4, a kind of Internet of Things data filtration system based on filtering gateway may include:
Terminal device 410, for sending authorization requests to filtering gateway 430 by access node 420, authorization requests are carried
Equipment identities mark ID, device type and the Internet protocol address IP of terminal device 410;
Filtering gateway 430, for authorization requests to be sent into convergence unit 440, and receives what convergence unit 440 was returned
For authorization terminal equipment 410 response message and be sent to access node 420, response message includes signature and generating algorithm and adopted
Collect time point;
Access node 420, for response message to be sent into terminal device 410;
Terminal device 410 is additionally operable to the gathered data when reaching acquisition time, obtains the device id of terminal device 410
Number, it is foundation with device id number, based on signature generating algorithm generation encrypted signature information, and according to encrypted signature information to collection
Data signed, to obtain data message, and data message is sent to access node 420, data message Portable device
No. ID;
Access node 420 is additionally operable to data message forwarding to filtering gateway 430;
Filtering gateway 430 is additionally operable to from data message obtain device id number, is foundation with device id number, based on built-in
Generating algorithm of signing generation signature verification information;
Whether filtering gateway 430 is additionally operable to correct according to the signature of signature verification Information Authentication data message;
Filtering gateway 430 is additionally operable to, when the signature for verifying data message is correct, convergence unit be given by data message forwarding
440。
As an alternative embodiment, terminal device 410 is when opening first and accessing wireless network or in weight
It is new start after or authorized content (including after the following signature generating algorithm term of validity is reached), terminal device 410 can be to
Converge unit 440 and send authorization requests, to be authorized.
As an alternative embodiment, the real-time sense in its wireless network coverage of access node 420, is being detectd
When hearing that new terminal device 410 is accessed, trigger the terminal device 410 and send authorization requests.
Further, the real-time broadcast in its wireless network coverage of access node 420 intercepts message, its wireless network
Terminal device 410 in coverage receive intercept message when, message is intercepted to this and responded, is disappeared with sending response
Breath, response message Portable device type, device id number and the IP address etc., access node 420 is after response message is received, root
Determine there is new terminal device access according to device id number or IP address etc..By the embodiment, terminal device can be realized
410 send authorization requests in access network.
As an alternative embodiment, filtering gateway 430 is used to authorization requests being sent to convergence unit 440, with
And receive that convergence unit 440 returns for authorization terminal equipment 410 response message and be sent to the mode of access node 420
Specially:
Filtering gateway 430 be used for by authorization requests be sent to convergence unit 440, and receive convergence unit 440 it is determined that
When the device type that authorization requests are carried belongs to its device type interested, the sound for authorization terminal equipment 410 that returns
Message is answered, and response message is sent to access node 420.
Unit 440 is converged when receiving authorization requests, the equipment class of the terminal device 410 is extracted from authorization requests
Type, whether be oneself interested device type, if during oneself device type interested, entering one if judging the device type
Step confirms to its device id number and ID addresses, after confirming successfully, returns to response message.In this embodiment, converge
Unit 440 can be configured for its terminal device 410 interested, to provide label when these equipment are used to transmit data
Name generating algorithm, improves the security of data transfer.
As an alternative embodiment, access node 420 is used for the side that response message is sent to terminal device 410
Formula is specially:
Access node 420 is used to, by the signature generating algorithm of response message and acquisition time, write terminal device 410.
As an alternative embodiment, access node 420 by response message after terminal device 410 is sent to, it is real
When monitoring response message in signature generating algorithm the term of validity, when the term of validity for generating algorithm of signing is reached, will notify whole
End equipment 410, sends authorization requests, to obtain sub-authorization again to convergence unit 440 again with triggering terminal equipment 410.Pass through
The embodiment, realizes after the signature generating algorithm term of validity is reached, triggering terminal equipment 410 is gone to obtain and authorized again.
As an alternative embodiment, access node 420 is additionally operable to data message forwarding to filtering gateway 430
Mode is specially:
Access node 420 is additionally operable to determine the thing for sending datagram from object transmission frequency range by frequency-hopping mode
Manage resource block frequency domain position, it is determined that Physical Resource Block frequency domain position corresponding to running time-frequency resource on, to filtering gateway
430 send datagram.
As an alternative embodiment, above-mentioned response message also includes acquisition time corresponding working condition, eventually
The mode that end equipment 410 is additionally operable to the gathered data when reaching acquisition time is specially:
Terminal device 410 is additionally operable to the system time of real-time monitoring terminal equipment 410, is adopted monitoring system time arrival
When collecting time point, the working condition of terminal device 410 is switched into acquisition time corresponding working condition, and gathered data.
As an alternative embodiment, filtering gateway 430 is after response message to be sent to access node 420,
Filtering gateway 430 monitors the term of validity of the signature generating algorithm of the response message in real time, in the term of validity of the signature generating algorithm
During arrival, request message is sent to convergence unit 440, to ask generating algorithm of effectively signing, and it is effective by what is asked
Signature generating algorithm is sent to access node 420.
Implement above-mentioned embodiment, filtering gateway 430 can be carried out to the data message that terminal device 410 is sent one step ahead
Signature verification, to filter the data message that unauthorized terminal device is sent, to improve the security of data transfer;Further,
Also the processing load of convergence unit 440 can be mitigated.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
To instruct the hardware of correlation to complete by program, the program can be stored in a computer-readable recording medium, storage
Medium include read-only storage (Read-Only Memory, ROM), random access memory (Random Access Memory,
RAM), programmable read only memory (Programmable Read-only Memory, PROM), erasable programmable is read-only deposits
Reservoir (Erasable Programmable Read Only Memory, EPROM), disposable programmable read-only storage (One-
Time Programmable Read-Only Memory, OTPROM), the electronics formula of erasing can make carbon copies read-only storage
(Electrically-Erasable Programmable Read-Only Memory, EEPROM), read-only optical disc (Compact
Disc Read-Only Memory, CD-ROM) or other disk storages, magnetic disk storage, magnetic tape storage or can
For carrying or any other computer-readable medium of data storage.
A kind of Internet of Things data filter method and system based on filtering gateway disclosed in the embodiment of the present invention are entered above
Go and be discussed in detail, specific case used herein is set forth to the principle and embodiment of the present invention, and the above is implemented
The explanation of example is only intended to the method and its core concept for helping to understand the present invention;Simultaneously for the general technology people of this area
Member, according to the thought of the present invention, will change in specific embodiments and applications, in summary, this explanation
Book content should not be construed as limiting the invention.
Claims (10)
1. a kind of Internet of Things data filter method based on filtering gateway, it is characterised in that including:
Terminal device sends authorization requests by access node to filtering gateway, and the authorization requests carry the terminal device
Equipment identities mark ID, device type and Internet protocol address IP;
The authorization requests are sent to the convergence unit by the filtering gateway, and receive the use that the convergence unit is returned
In the response message for authorizing the terminal device and the access node is sent to, the response message includes the signature generation
Algorithm and acquisition time;
The response message is sent to the terminal device by the access node;
Terminal device gathered data when reaching the acquisition time, obtains the device id number of the terminal device, with
The device id number is foundation, based on the signature generating algorithm generation encrypted signature information, and is believed according to the encrypted signature
Cease and the data of collection are signed, to obtain data message, and the data message is sent to access node, the data
Message carries the device id number;
The data message forwarding is given the filtering gateway by the access node;
The filtering gateway obtains the device id number from the data message, is foundation with the device id number, based on interior
The signature generating algorithm generation signature verification information put;
Whether the signature of filtering gateway data message according to the signature verification Information Authentication is correct;
The data message forwarding is given the money order by the filtering gateway when the signature for verifying the data message is correct
Member.
2. according to the method described in claim 1, it is characterised in that the authorization requests are sent to described by the filtering gateway
Unit is converged, and receives being used to authorize the response message of the terminal device and being sent to described for the convergence unit return
Access node, including:
The authorization requests are sent to the convergence unit by the filtering gateway, and receive the convergence unit it is determined that institute
When the device type for stating authorization requests carrying belongs to its device type interested, being used for of returning authorize the terminal device
Response message, and the response message is sent to the access node.
3. according to the method described in claim 1, it is characterised in that the response message is sent to described by the access node
Terminal device includes:
The signature generating algorithm of the response message and the acquisition time are write the terminal by the access node
Equipment.
4. the method according to any one of claims 1 to 3, it is characterised in that the access node is by the data message
Being transmitted to the filtering gateway includes:
The access node determines that the physics for sending the data message is provided by frequency-hopping mode from object transmission frequency range
The frequency domain position of source block;
The access node it is determined that Physical Resource Block frequency domain position corresponding to running time-frequency resource on, to the filtering gateway
Send the data message.
5. according to the method described in claim 1, it is characterised in that the response message also includes acquisition time correspondence
Working condition, terminal device gathered data when reaching the acquisition time, including:
The terminal device monitors the system time of the terminal device in real time, is adopted monitoring described in the system time arrival
When collecting time point, the working condition of the terminal device is switched into the acquisition time corresponding working condition, and gather
Data.
6. a kind of Internet of Things data filtration system based on filtering gateway, it is characterised in that including:
Terminal device, for sending authorization requests to filtering gateway by access node, the authorization requests carry the terminal
Equipment identities mark ID, device type and the Internet protocol address IP of equipment;
The filtering gateway, for the authorization requests to be sent into the convergence unit, and the reception convergence unit is returned
That returns is used to authorize the response message of the terminal device and is sent to the access node, and the response message includes the label
Name generating algorithm and acquisition time;
The access node, for the response message to be sent into the terminal device;
The terminal device is additionally operable to the gathered data when reaching the acquisition time, obtains the device id of the terminal device
Number, it is foundation with the device id number, based on the signature generating algorithm generation encrypted signature information, and is added according to the signature
Confidential information is signed to the data of collection, to obtain data message, and the data message is sent into access node, described
Data message carries the device id number;
The access node is additionally operable to the data message forwarding to the filtering gateway;
The filtering gateway is additionally operable to from the data message obtain the device id number, is foundation with the device id number,
Signature verification information is generated based on the built-in signature generating algorithm;
Whether the signature that the filtering gateway is additionally operable to the data message according to the signature verification Information Authentication is correct;
The filtering gateway is additionally operable to when the signature for verifying the data message is correct, by the data message forwarding to described
Converge unit.
7. system according to claim 6, it is characterised in that the filtering gateway is used to the authorization requests being sent to
The convergence unit, and receive being used to authorize the response message of the terminal device and being sent to for the convergence unit return
The mode of the access node is specially:
The filtering gateway is used to the authorization requests being sent to the convergence unit, and receives the convergence unit true
When the device type that the fixed authorization requests are carried belongs to its device type interested, being used for of returning authorize the terminal to set
Standby response message, and the response message is sent to the access node.
8. system according to claim 6, it is characterised in that the access node is used to the response message being sent to
The mode of the terminal device is specially:
The access node was used for the signature generating algorithm of the response message and the acquisition time, and write-in is described
Terminal device.
9. the system according to any one of claim 6~8, it is characterised in that the access node is additionally operable to the number
The mode for being transmitted to the filtering gateway according to message is specially:
The access node is additionally operable to determine from object transmission frequency range for sending the data message by frequency-hopping mode
The frequency domain position of Physical Resource Block, it is determined that Physical Resource Block frequency domain position corresponding to running time-frequency resource on, to the mistake
Filter screen, which is closed, sends the data message.
10. system according to claim 6, it is characterised in that the response message also includes the acquisition time pair
The working condition answered, the mode that the terminal device is additionally operable to the gathered data when reaching the acquisition time is specially:
The terminal device is additionally operable to monitor the system time of the terminal device in real time, is reached monitoring the system time
During the acquisition time, the working condition of the terminal device is switched into the acquisition time corresponding working condition,
And gathered data.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710473278.4A CN107276751A (en) | 2017-06-21 | 2017-06-21 | A kind of Internet of Things data filter method and system based on filtering gateway |
| PCT/CN2017/100007 WO2018233044A1 (en) | 2017-06-21 | 2017-08-31 | Filter gateway based internet of things data filtering method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710473278.4A CN107276751A (en) | 2017-06-21 | 2017-06-21 | A kind of Internet of Things data filter method and system based on filtering gateway |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107276751A true CN107276751A (en) | 2017-10-20 |
Family
ID=60068180
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710473278.4A Pending CN107276751A (en) | 2017-06-21 | 2017-06-21 | A kind of Internet of Things data filter method and system based on filtering gateway |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107276751A (en) |
| WO (1) | WO2018233044A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109067566A (en) * | 2018-07-09 | 2018-12-21 | 北京奇安信科技有限公司 | A kind of method, terminal and the monitoring equipment of the screenshot under silent mode |
| CN111586125A (en) * | 2020-04-28 | 2020-08-25 | 济南浪潮高新科技投资发展有限公司 | Internet of things system |
| CN113286296A (en) * | 2021-05-24 | 2021-08-20 | 广东电网有限责任公司广州供电局 | Data processing method and device of wireless sensor network and computer equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
| CN103401687A (en) * | 2013-08-01 | 2013-11-20 | 广州大学 | System and method for realizing wireless sensor network node data authentication |
| CN104168249A (en) * | 2013-05-16 | 2014-11-26 | 中国电信股份有限公司 | Method, apparatus and system for realizing data signature |
| US20160352732A1 (en) * | 2015-05-31 | 2016-12-01 | Massachusetts lnstitute of Technology | System and Method for Continuous Authentication in Internet of Things |
| CN106656999A (en) * | 2016-11-10 | 2017-05-10 | 济南浪潮高新科技投资发展有限公司 | Secure transmission authentication method and device of IoT (Internet of Things) terminal equipment |
| CN106686004A (en) * | 2017-02-28 | 2017-05-17 | 飞天诚信科技股份有限公司 | Login authentication method and system |
| CN106851636A (en) * | 2017-01-10 | 2017-06-13 | 南京邮电大学 | A kind of dynamic key false data filter method for being applied to wireless sensor network |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101895888A (en) * | 2010-07-30 | 2010-11-24 | 中国移动通信集团重庆有限公司 | Sensor authentication method, device and sensor authentication system |
| KR101238637B1 (en) * | 2011-07-07 | 2013-03-04 | 전북대학교산학협력단 | Signature based node-ID qualification method in sensor networks |
| CN103945378B (en) * | 2013-01-21 | 2018-11-30 | 中兴通讯股份有限公司 | A kind of authentication method and equipment middleware of terminal collaboration |
| CN106793005B (en) * | 2016-11-14 | 2020-05-12 | 深圳市唯传科技有限公司 | Roaming communication method and system of Internet of things equipment based on LoRa |
-
2017
- 2017-06-21 CN CN201710473278.4A patent/CN107276751A/en active Pending
- 2017-08-31 WO PCT/CN2017/100007 patent/WO2018233044A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101969438A (en) * | 2010-10-25 | 2011-02-09 | 胡祥义 | Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things |
| CN104168249A (en) * | 2013-05-16 | 2014-11-26 | 中国电信股份有限公司 | Method, apparatus and system for realizing data signature |
| CN103401687A (en) * | 2013-08-01 | 2013-11-20 | 广州大学 | System and method for realizing wireless sensor network node data authentication |
| US20160352732A1 (en) * | 2015-05-31 | 2016-12-01 | Massachusetts lnstitute of Technology | System and Method for Continuous Authentication in Internet of Things |
| CN106656999A (en) * | 2016-11-10 | 2017-05-10 | 济南浪潮高新科技投资发展有限公司 | Secure transmission authentication method and device of IoT (Internet of Things) terminal equipment |
| CN106851636A (en) * | 2017-01-10 | 2017-06-13 | 南京邮电大学 | A kind of dynamic key false data filter method for being applied to wireless sensor network |
| CN106686004A (en) * | 2017-02-28 | 2017-05-17 | 飞天诚信科技股份有限公司 | Login authentication method and system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109067566A (en) * | 2018-07-09 | 2018-12-21 | 北京奇安信科技有限公司 | A kind of method, terminal and the monitoring equipment of the screenshot under silent mode |
| CN109067566B (en) * | 2018-07-09 | 2021-08-17 | 奇安信科技集团股份有限公司 | Method, terminal and monitoring equipment for screenshot in silent mode |
| CN111586125A (en) * | 2020-04-28 | 2020-08-25 | 济南浪潮高新科技投资发展有限公司 | Internet of things system |
| CN113286296A (en) * | 2021-05-24 | 2021-08-20 | 广东电网有限责任公司广州供电局 | Data processing method and device of wireless sensor network and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018233044A1 (en) | 2018-12-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107276751A (en) | A kind of Internet of Things data filter method and system based on filtering gateway | |
| CN106164991B (en) | Correlation of sensory input to identify unauthorized persons | |
| CN107085870A (en) | Accessed using encryption method regulation vehicle | |
| CN103179100B (en) | A kind of method and apparatus preventing domain name system Tunnel Attack | |
| CN106657380B (en) | A kind of unmanned plane monitoring and managing method and system based on cloud platform | |
| CN108809953A (en) | A kind of method and device of the anonymous Identity certification based on block chain | |
| CN102202302A (en) | Method for joining network combining network and wireless sensor network (WSN) terminal | |
| CN105451219B (en) | Data integration method and device | |
| Jan et al. | Lmas-shs: A lightweight mutual authentication scheme for smart home surveillance | |
| CN107249173B (en) | A kind of method for handover control and system of Internet of Things communication pattern | |
| CN107396416A (en) | A kind of communication control method and system based on data type | |
| CN107302544A (en) | Certificate request method, wireless access control equipment and wireless access point device | |
| Boom et al. | Denial of service vulnerabilities in IEEE 802.16 wireless networks | |
| CN109890009A (en) | A kind of vehicle communication system | |
| CN107248993A (en) | A kind of location-based Internet of Things data encryption method and system | |
| CN107196958A (en) | The encryption method and system of a kind of data transmission of internet of things | |
| Zhao et al. | Challenges and opportunities for securing intelligent transportation system | |
| CN107197030A (en) | A kind of control method and system of internet-of-things terminal equipment working state | |
| CN104579639B (en) | The realization of multi-party collaborative authorization secret key and move the system of controlled in wireless with it | |
| CN106304052A (en) | A kind of method of secure communication, device, terminal and client identification module card | |
| CN107423089A (en) | A kind of terminal device automatically updating method and forward node based on forward node | |
| CN107249171A (en) | The transfer control method and system of a kind of Internet of Things data | |
| CN106878020A (en) | Network system, the authentication method of the network equipment and device | |
| CN107360097A (en) | A kind of Internet of Things routing table update method and system of combination convergence unit information | |
| CN102916982A (en) | Network equipment identity authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171020 |