CN107302538B - Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things - Google Patents

Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things Download PDF

Info

Publication number
CN107302538B
CN107302538B CN201710573347.9A CN201710573347A CN107302538B CN 107302538 B CN107302538 B CN 107302538B CN 201710573347 A CN201710573347 A CN 201710573347A CN 107302538 B CN107302538 B CN 107302538B
Authority
CN
China
Prior art keywords
repeater
internet
data packet
things
encryption unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710573347.9A
Other languages
Chinese (zh)
Other versions
CN107302538A (en
Inventor
杜光东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenglu IoT Communication Technology Co Ltd
Original Assignee
Shenzhen Shenglu IoT Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shenglu IoT Communication Technology Co Ltd filed Critical Shenzhen Shenglu IoT Communication Technology Co Ltd
Priority to CN201710573347.9A priority Critical patent/CN107302538B/en
Publication of CN107302538A publication Critical patent/CN107302538A/en
Application granted granted Critical
Publication of CN107302538B publication Critical patent/CN107302538B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/12Network-specific arrangements or communication protocols supporting networked applications adapted for proprietary or special purpose networking environments, e.g. medical networks, sensor networks, networks in a car or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Abstract

The application discloses a sub-equipment encryption method and a sub-equipment encryption device for data received by an AP (access point) of the Internet of things, wherein the method comprises the following steps: the Internet of things access point receives a data packet sent by the repeater; the access point of the Internet of things extracts the MAC address of the repeater of the data packet, the serial number of the repeater is identified to the repeater according to the MAC address, and a first encryption unit corresponding to the repeater is inquired in a pre-configured repeater and encryption unit mapping table according to the serial number of the repeater; the Internet of things access point calls the first encryption unit to encrypt the data packet; and the access point of the Internet of things sends the encrypted data packet to the gateway. The technical scheme provided by the invention has the advantages of high safety and high user experience.

Description

Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things
Technical Field
The application relates to the field of communication, in particular to a sub-device encryption method and device for data received by an AP (access point) of the Internet of things.
Background
The Internet of things is an important component of a new generation of information technology and is also an important development stage of the 'informatization' era. Its english name is: "Internet of things (IoT)". As the name implies, the Internet of things is the Internet with connected objects. This has two layers: firstly, the core and the foundation of the internet of things are still the internet, and the internet is an extended and expanded network on the basis of the internet; and secondly, the user side extends and expands to any article to perform information exchange and communication, namely, the article information. The internet of things is widely applied to network fusion through communication perception technologies such as intelligent perception, identification technology and pervasive computing, and is also called as the third wave of development of the world information industry after computers and the internet. The internet of things is an application expansion of the internet, and is not a network, but a business and an application. Therefore, the application innovation is the core of the development of the internet of things, and the innovation 2.0 taking the user experience as the core is the soul of the development of the internet of things.
The internet of things solves the problems of interconnection among objects and data exchange among the objects, the existing internet of things accesses the internet based on an Access Point (AP) of the internet of things during networking, and after the AP of the existing internet of things receives data of a repeater, the data of the repeater cannot be separately encrypted, so that the existing safety is not high.
Disclosure of Invention
The application provides a sub-equipment encryption method for data received by an AP (access point) of the Internet of things. The safety of the data of the Internet of things can be improved, and the user experience is improved.
In a first aspect, a sub-device encryption method for data received by an AP of the internet of things is provided, where the method includes the following steps:
the Internet of things access point receives a data packet sent by the repeater;
the access point of the Internet of things extracts the MAC address of the repeater of the data packet, the serial number of the repeater is identified to the repeater according to the MAC address, and a first encryption unit corresponding to the repeater is inquired in a pre-configured repeater and encryption unit mapping table according to the serial number of the repeater;
the Internet of things access point calls the first encryption unit to encrypt the data packet;
and the access point of the Internet of things sends the encrypted data packet to the gateway.
Optionally, before the internet of things access point sends the encrypted data packet to the gateway, the method may further include:
and if the first encryption unit fails to encrypt the data packet, calling the standby encryption unit of the first encryption unit to encrypt the data packet.
Optionally, the identifying the repeater according to the MAC address to obtain the serial number of the repeater specifically includes:
and extracting the MAC address of the repeater in the data packet, and comparing the MAC address with the stored MAC address and a repeater mapping table to obtain the serial number of the repeater corresponding to the MAC address.
Optionally, the invoking, by the access point of the internet of things, the first encryption unit to encrypt the data packet specifically includes:
the internet of things access point extracts a set digit number from the MAC address of the repeater as a secret key, and the first encryption unit encrypts the data packet by adopting the secret key.
Optionally, the set number of bits is 4, 6 or 8.
In a second aspect, a sub-device encryption apparatus for receiving data by an AP of the internet of things is provided, the apparatus including:
a receiving unit, configured to receive a data packet sent by a relay;
the processing unit is used for extracting the MAC address of the repeater of the data packet, identifying the repeater according to the MAC address to obtain the serial number of the repeater, and inquiring a first encryption unit corresponding to the repeater in a pre-configured repeater and encryption unit mapping table according to the serial number of the repeater; calling the first encryption unit to encrypt the data packet;
and the sending unit is used for sending the data packet after the encryption processing to the gateway.
Optionally, the processing unit is further configured to invoke the standby encryption unit of the first encryption unit to encrypt the data packet if the first encryption unit fails to encrypt the data packet.
Optionally, the processing unit is further configured to extract a MAC address of the relay in the data packet, and compare the MAC address with the stored MAC address and a relay mapping table to obtain a serial number of the relay corresponding to the MAC address.
Optionally, the processing unit is further configured to extract a set digit number from the MAC address of the relay as a key, and the first encryption unit encrypts the data packet by using the key.
Optionally, the set number of bits is 4, 6 or 8.
In a third aspect, a computer-readable storage medium is provided, which is characterized by storing a computer program for electronic data exchange, wherein the computer program causes a computer to execute the method provided in the first aspect.
According to the technical scheme provided by the invention, after the internet of things terminal sends the data packet to the AP, the AP selects the encryption unit corresponding to the repeater according to the serial number of the repeater, and encrypts the data through the encryption unit.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic flow chart diagram of an AP-based data routing method;
fig. 2 is a transmission flow chart of a terminal of the internet of things sending a data packet to an AP;
FIG. 3 is a flowchart of a sub-device encryption method for data received by an AP of the Internet of things
FIG. 4 is a schematic diagram of a technical scenario provided by an embodiment of the present application;
FIG. 5 is a schematic diagram of a mapping relationship provided in an embodiment of the present application;
fig. 6 is a schematic flowchart of a sub-device encryption method for receiving data by an AP of the internet of things according to another embodiment of the present application;
fig. 7 is a schematic structural diagram of a sub-device encryption device for receiving data by an AP of the internet of things provided by the present application;
fig. 8 is a schematic diagram of a hardware structure of a gateway provided in the present application.
Detailed Description
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel, concurrently, or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
The term "computer device" or "computer" in this context refers to an intelligent electronic device that can execute predetermined processes such as numerical calculation and/or logic calculation by running predetermined programs or instructions, and may include a processor and a memory, wherein the processor executes a pre-stored instruction stored in the memory to execute the predetermined processes, or the predetermined processes are executed by hardware such as ASIC, FPGA, DSP, or a combination thereof. Computer devices include, but are not limited to, servers, personal computers, laptops, tablets, smart phones, and the like.
The methods discussed below, some of which are illustrated by flow diagrams, may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware or microcode, the program code or code segments to perform the necessary tasks may be stored in a machine or computer readable medium such as a storage medium. The processor(s) may perform the necessary tasks.
Specific structural and functional details disclosed herein are merely representative and are provided for purposes of describing example embodiments of the present invention. The present invention may, however, be embodied in many alternate forms and should not be construed as limited to only the embodiments set forth herein.
It will be understood that, although the terms first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element may be termed a second element, and, similarly, a second element may be termed a first element, without departing from the scope of example embodiments. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used herein, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be noted that, in some alternative implementations, the functions/acts noted may occur out of the order noted in the figures. For example, two figures shown in succession may, in fact, be executed substantially concurrently, or the figures may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
The present invention is described in further detail below with reference to the attached drawing figures.
According to one aspect of the invention, an uplink data sending method of an AP of the Internet of things is provided. The method is applied to an internet of things network shown in fig. 1, and as shown in fig. 1, the internet of things network includes: the internet of things terminal 10, the internet of things access point AP20, the gateway 30, and the repeater 40 may have different expression forms according to different situations, for example, the internet of things terminal may specifically be: the mobile phone, the tablet computer, the computer, and the like may also include other devices with networking functions, such as a smart television, a smart air conditioner, a smart water bottle, or some terminal devices of the internet of things, the terminal 10 of the internet of things is connected with the repeater 40 in a wireless manner, the repeater 40 is connected with the AP20, and the AP20 is connected with the gateway 30 in another manner (i.e., a connection manner different from the wireless manner) to access the internet, where the wireless manner includes but is not limited to: the other mode may be an LTE or wired mode, and the gateway may specifically be a mobile base station, a mobile relay station, an exchange, and other devices. Fig. 1 is a wired example, and for convenience of representation, only one solid line is shown here.
The gateway 30 may be a Personal Computer (PC) according to the size of the internet of things, and may also be a plurality of PCs, servers or server groups in practical applications, and the specific embodiment of the present invention is not limited to the specific representation form of the gateway 30.
Referring to fig. 2, fig. 2 is a transmission flow chart of data reception of the AP of the internet of things, and as shown in fig. 2, the flow includes:
step S201, the terminal 10 of the Internet of things sends a data packet to be sent to the repeater 40 in a wireless mode;
step S202, the repeater sends the data packet to the AP 20;
step S203, the AP20 forwards the data packet to the gateway 30;
step S204, the gateway 30 transmits the data packet to the internet.
As shown in fig. 1 and fig. 2, if a secret is leaked between the AP20 and the gateway 30 during actual transmission of a data packet, the transmitted data packet is not subjected to the corresponding encryption processing, so that leakage of data is easily caused, and a security problem is easily caused.
Referring to fig. 3, fig. 3 is a sub-device encryption method for receiving data by an AP of the internet of things according to the present invention, where the method is implemented under a network architecture shown in fig. 4, as shown in fig. 4, one AP20 may be connected to a plurality of repeaters, and a plurality of access terminals of the internet of things may be connected to the repeaters, where the AP may specifically be a mobile phone that opens a hot spot, a personal computer or a router that provides wireless connection, and the method is shown in fig. 3, and includes the following steps:
step S301, the terminal of the Internet of things sends a data packet to the repeater, and the repeater sends the data packet to the AP;
the internet of things terminal in step S301 may specifically be: the mobile phone, the tablet computer, the computer and the like can also include other devices with networking functions, such as a smart television, a smart air conditioner, a smart water bottle, a smart lamp, a smart switch or some smart devices of the internet of things.
In the step S301, the data packet may be sent by the internet of things terminal to the relay in a wireless connection manner, where the wireless connection manner includes but is not limited to: wireless modes such as bluetooth, Wireless Fidelity (WIFI) and Zigbee, wherein the WIFI needs to comply with the standard of ieee802.11b.
It should be noted that the internet of things and the relay are only for the wireless relay, because the internet of things has a large number of devices to access, and for the relay, if the relay is connected by wire, the number of terminals to access is limited, and for the home, the terminals are connected by wire, which is not imaginable for the wiring of the home user, and in addition, the cost of the wire is very high, so the connection between the terminal of the internet of things and the relay in the technical solution of the present invention is only limited to wireless connection.
Step S302, the AP20 receives a data packet sent by a relay, the AP20 extracts the MAC address of the relay of the data packet, identifies the relay according to the MAC address to obtain the serial number of the relay, and queries the first encryption unit corresponding to the relay in a pre-configured relay and encryption unit mapping table according to the serial number of the relay.
Each manufacturer of the type of the internet of things terminal in the step S302 may set according to its own condition, for example, the internet of things terminal may specifically include: intelligent electric light, intelligent TV, intelligent cleaning equipment, intelligent sleep equipment, intelligent supervisory equipment etc. the form of its performance can be various, for intelligent electric light for example, this intelligent electric light includes but not limited to: intelligence desk lamp, intelligence ceiling lamp, equipment such as intelligence wall lamp, for example to intelligent television, it can be three stars brand intelligent television, of course it also can be sharp brand intelligent television, for example to intelligent cleaning equipment, it can be, intelligence robot of sweeping the floor, of course it can also include equipment such as intelligent dust catcher, intelligent garbage disposer, for example to intelligent sleep equipment, it can be: for example, for an intelligent monitoring device, the intelligent monitoring device may be an intelligent sphygmomanometer, an intelligent thermometer, or the like, and the specific form, number, or type of the internet of things terminal is not limited in the present invention.
The mapping table of the repeater and the encryption unit in the above steps is shown in fig. 5, and the above mapping may be a one-to-one mapping, or may be a one-to-many mapping.
The AP20 configures multiple mapping tables between the repeater and the encryption unit, where mapping relationships between the repeater and the encryption unit in each mapping table are different, the AP20 receives an update instruction sent by the gateway, where the update instruction includes an identifier of the updated mapping table and an update time, and the AP20 adopts the updated mapping table when the update time arrives. Optionally, after the update time is reached, the AP20 may start the original mapping table and the updated mapping table to call two encryption units, encrypt the data by using the two encryption units respectively to obtain a first encrypted data packet and a second encrypted data packet, and send the first encrypted data packet and the second encrypted data packet to the gateway, and the AP20 receives a response message of the first encrypted data packet returned by the gateway and starts a mapping relationship corresponding to the first encryption unit of the first encrypted data packet.
The technical scheme is that the mapping relation is updated and maintained, so that the safety can be improved, the safety is influenced because the fixed mapping relation is high in possibility of disclosure, the mapping relation is regularly updated and maintained, all the mapping relations are timely disclosed, but the updating and the maintenance are controlled by a gateway, so that the corresponding data packet cannot be decrypted even if the time for starting the mapping relation is unknown, and the safety is improved.
The AP20 configures a plurality of key tables, each key table corresponds to one encryption unit, each key table comprises a plurality of keys, the AP20 extracts a key identifier carried in a message received from a gateway, and selects the key corresponding to the identifier to encrypt data by using the corresponding encryption unit.
For example, the first secret key package includes 10 secret keys, and extracts a secret key identifier carried in the message, for example, the extracted secret key is the 5 th secret key, and the first encryption module is adopted, and then the 5 th secret key is used to encrypt data by using the first encryption module. The choice of implementing multiple keys here improves security.
The encryption unit in step S302 may be a hardware encryption unit disposed in the AP, and includes an encryption algorithm preset by a manufacturer, and in practical applications, the encryption unit may also be a software encryption unit disposed in the AP.
The above encryption algorithms include, but are not limited to: 3DES, MD5, RSA, etc., although the invention is not limited to a particular encryption algorithm.
Step S303, AP20 calls the first encryption unit to encrypt the data packet;
the implementation method of the step S303 may specifically be:
for example, if the first encryption unit is a 3DES encryption unit, the AP20 calls the 3DES encryption unit to perform 3DES encryption processing on the packet. For example, the first encryption unit is an RAS encryption unit, the AP20 calls the RAS encryption unit to perform RAS encryption processing on the data packet. For example, the first encryption unit is an MD5 encryption unit, the AP20 calls the MD5 encryption unit to perform MD5 encryption processing on the data packet.
The specific manner of the encryption process can be referred to in the related description of 3DES, RSA and MD5, and will not be described herein.
The implementation method of the step S303 may specifically be:
the AP20 invokes the first encryption unit to encrypt the data packet, if the encryption is successful, the subsequent step S304 is performed, and if the encryption is unsuccessful, invokes the spare encryption unit of the first encryption unit to encrypt the data packet, and adds the identifier of the spare encryption unit to the packet header extension field of the encrypted data packet.
Step S304, the AP20 transmits the encrypted packet to the gateway.
The implementation method of the step S304 may be:
the data packet after encryption processing is sent to the gateway in another way, for example, the terminal of the internet of things is connected with the AP through WIFI, then the AP20 may send the data packet to the gateway in a wired way, and certainly in practical applications, the AP20 may also send the data packet after encryption processing to the gateway through Long Term Evolution (LTE). Of course, the LTE or limited manner and the manner in which the terminal of the internet of things is connected with the AP through WIFI are only for illustration, and the present invention is not limited to the specific manner of the connection.
According to the method provided by fig. 3, the AP selects the encryption unit corresponding to the repeater according to the serial number of the repeater, and encrypts data through the encryption unit, for the internet of things, the repeater does not need to configure encryption, and all encryption settings are in the AP.
Referring to fig. 6, fig. 6 shows a sub-device encryption method for receiving data by an AP of the internet of things, where the method is implemented under a network architecture shown in fig. 4, as shown in fig. 4, one AP20 may be connected to a plurality of repeaters, and a plurality of access terminals of the internet of things may be connected to the repeaters, where the AP may specifically be a mobile phone that opens a hot spot, a personal computer or a router that provides wireless connection, and the method is shown in fig. 6, and includes the following steps:
step S601, the terminal of the Internet of things sends a data packet to the repeater;
the internet of things terminal in step S601 may specifically be: the mobile phone, the tablet computer, the computer and the like can also include other devices with networking functions, such as a smart television, a smart air conditioner, a smart water bottle, a smart lamp, a smart switch or some smart devices of the internet of things.
In the step S601, the mode that the terminal of the internet of things sends the data packet to the relay may be sending the data packet in a wireless connection mode, where the wireless mode includes but is not limited to: wireless modes such as bluetooth, Wireless Fidelity (WIFI) and Zigbee, wherein the WIFI needs to comply with the standard of ieee802.11b.
It should be noted that the internet of things and the relay are only for the wireless relay, because the internet of things has a large number of devices to access, and for the relay, if the relay is connected by wire, the number of terminals to access is limited, and for the home, the terminals are connected by wire, which is not imaginable for the wiring of the home user, and in addition, the cost of the wire is very high, so the connection between the terminal of the internet of things and the relay in the technical solution of the present invention is only limited to wireless connection.
Step S602, the AP20 receives a data packet sent by a relay, the AP20 extracts a MAC address of the relay of the data packet, identifies the relay according to the MAC address to obtain a serial number of the relay, and queries a first encryption unit corresponding to the relay in a pre-configured relay and encryption unit mapping table according to the serial number of the relay.
Each manufacturer of the type of the internet of things terminal in the step S602 may set according to its own condition, for example, the internet of things terminal may specifically include: intelligent electric light, intelligent TV, intelligent cleaning equipment, intelligent sleep equipment, intelligent supervisory equipment etc. the form of its performance can be various, for intelligent electric light for example, this intelligent electric light includes but not limited to: intelligence desk lamp, intelligence ceiling lamp, equipment such as intelligence wall lamp, for example to intelligent television, it can be three stars brand intelligent television, of course it also can be sharp brand intelligent television, for example to intelligent cleaning equipment, it can be, intelligence robot of sweeping the floor, of course it can also include equipment such as intelligent dust catcher, intelligent garbage disposer, for example to intelligent sleep equipment, it can be: for example, for an intelligent monitoring device, the intelligent monitoring device may be an intelligent sphygmomanometer, an intelligent thermometer, or the like, and the specific form, number, or type of the internet of things terminal is not limited in the present invention.
The mapping table of the repeater and the encryption unit in the above steps is shown in fig. 5, and the above mapping may be a one-to-one mapping, or may be a one-to-many mapping.
The encryption unit in step S602 may be a hardware encryption unit disposed in the AP, and includes an encryption algorithm preset by a manufacturer, and in practical applications, the encryption unit may also be a software encryption unit disposed in the AP.
The above encryption algorithms include, but are not limited to: 3DES, MD5, RSA, etc., although the invention is not limited to a particular encryption algorithm.
Step S603, the AP20 calls the first encryption unit to encrypt the data packet;
the implementation method of the step S603 may specifically be:
the AP20 extracts the MAC address of the relay in the packet, compares the MAC address with the stored MAC address and the relay mapping table to obtain the serial number of the relay corresponding to the MAC address, extracts a set digit number from the MAC address of the relay as a key, and the first encryption unit encrypts the packet using the key.
The setting number may be 4, 6 or 8, because the MAC address has a value of 48 bits, i.e. 48 bits, and thus, when the setting number is taken, the setting number must be divided by 48 bits, otherwise, the bit number of the private key is inconsistent. Of course, in practical application, the number of the extracted set digits may be converted into a 10-system number, and then the 10-system number is used as the private key. Of course, the 10-ary number may be replaced by a 16-ary number. The number of the set digit extracted may be extracted sequentially, for example, the first 8 digits are extracted for the first time, and the second 9-17 digits are extracted for the second time, or other digit extraction methods may be used, and the specific embodiment of the present invention is not limited to the specific extraction method of the digit number.
The implementation method of the step S603 may specifically be:
for example, if the first encryption unit is a 3DES encryption unit, the AP20 calls the 3DES encryption unit to perform 3DES encryption processing on the packet. For example, the first encryption unit is an RAS encryption unit, the AP20 calls the RAS encryption unit to perform RAS encryption processing on the data packet. For example, the first encryption unit is an MD5 encryption unit, the AP20 calls the MD5 encryption unit to perform MD5 encryption processing on the data packet.
The specific manner of the encryption process can be referred to in the related description of 3DES, RSA and MD5, and will not be described herein.
The implementation method of the step S603 may specifically be:
the AP20 invokes the first encryption unit to encrypt the data packet, if the encryption is successful, the subsequent step S304 is performed, and if the encryption is unsuccessful, invokes the spare encryption unit of the first encryption unit to encrypt the data packet, and adds the identifier of the spare encryption unit to the packet header extension field of the encrypted data packet.
Step S604 and AP20 send the encrypted packet to the gateway.
The implementation method of the step S604 may be:
the data packet after encryption processing is sent to the gateway in another way, for example, the terminal of the internet of things is connected with the AP through WIFI, then the AP20 may send the data packet to the gateway in a wired way, and certainly in practical applications, the AP20 may also send the data packet after encryption processing to the gateway through Long Term Evolution (LTE). Of course, the LTE or limited manner and the manner in which the terminal of the internet of things is connected with the AP through WIFI are only for illustration, and the present invention is not limited to the specific manner of the connection.
According to the method provided by fig. 6, the AP selects the encryption unit corresponding to the repeater according to the serial number of the repeater, and encrypts data through the encryption unit, for the internet of things, the repeater does not need to configure encryption, and all encryption settings are in the AP.
Referring to fig. 7, fig. 7 is a sub-device encryption apparatus 700 for receiving data by an AP in the internet of things, the apparatus including:
a receiving unit 701, configured to receive a data packet sent by a relay;
a processing unit 702, configured to extract a MAC address of a relay in the data packet, identify the relay according to the MAC address to obtain a serial number of the relay, and query a first encryption unit corresponding to the relay in a pre-configured relay and encryption unit mapping table according to the serial number of the relay; calling the first encryption unit to encrypt the data packet;
a sending unit 703, configured to send the encrypted data packet to the gateway.
Optionally, the processing unit 702 is further configured to invoke the standby encryption unit of the first encryption unit to encrypt the data packet if the first encryption unit fails to encrypt the data packet.
Optionally, the processing unit 702 is further configured to extract a MAC address of the relay in the data packet, and compare the MAC address with the stored MAC address and a relay mapping table to obtain a serial number of the relay corresponding to the MAC address.
Optionally, the processing unit 702 is further configured to extract a set digit number from the MAC address of the relay as a key, and the first encryption unit encrypts the data packet by using the key.
Optionally, the set number of bits is 4, 6 or 8.
Referring to fig. 8, fig. 8 is a diagram of an internet of things access point 800 provided in the present invention, where the internet of things access point may be a node deployed in an internet system, and the internet system may further include: the internet of things access point 800 includes but is not limited to: as shown in fig. 8, the internet of things access point 800 includes: a processor 801, a memory 802, a transceiver 803, and a bus 804. The transceiver 803 is used for transceiving data with external devices (e.g., other devices in the interconnected system, including but not limited to repeaters, core network devices, etc.). The number of processors 801 in the internet of things access point 800 may be one or more. In some embodiments of the present application, the processor 801, the memory 802, and the transceiver 803 may be connected by a bus system or other means. Regarding the meaning and examples of the terms related to this embodiment, reference may be made to the embodiment corresponding to fig. 3 or fig. 6, which is not described herein again.
Wherein the memory 802 may have program code stored therein. The processor 801 is configured to call up program code stored in the memory 802 for performing the following operations:
the transceiver 803 is configured to receive a data packet sent by the terminal of the internet of things;
the processor 801 is configured to extract a MAC address of a relay of the data packet, identify the relay according to the MAC address to obtain a serial number of the relay, and query a first encryption unit corresponding to the relay in a pre-configured relay and encryption unit mapping table according to the serial number of the relay; and calling the first encryption unit to encrypt the data packet.
The transceiver 803 is further configured to send the encrypted data packet to the gateway.
Optionally, the processor 801, the transceiver 803, may also be used to perform steps and refinements of steps and alternatives as in the embodiment shown in fig. 3 or fig. 6.
It should be noted that the processor 801 may be a single processing element or may be a general term for a plurality of processing elements. For example, the Processing element may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement embodiments of the present Application, such as: one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs).
The memory 803 may be a single storage device or a combination of multiple storage elements, and is used for storing executable program codes or parameters, data, and the like required by the running device of the application program. And the memory 903 may include a Random Access Memory (RAM) or a non-volatile memory (non-volatile memory), such as a magnetic disk memory, a Flash memory (Flash), and the like.
The bus 804 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 8, but this is not intended to represent only one bus or type of bus.
The user equipment may also include input and output devices coupled to bus 804 for interfacing with the processor 801 and other components via the bus. The input and output device can provide an input interface for an operator so that the operator can select a control item through the input interface, and can also be other interfaces through which other equipment can be externally connected.
It should be noted that, for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts or combinations, but those skilled in the art should understand that the present application is not limited by the order of acts described, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The content downloading method, the related device and the system provided by the embodiment of the present application are described in detail above, a specific example is applied in the present application to explain the principle and the implementation of the present application, and the description of the above embodiment is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A sub-equipment encryption method for receiving data by an Access Point (AP) of the Internet of things is characterized by comprising the following steps:
the Internet of things access point receives a data packet sent by the repeater;
the access point of the Internet of things extracts the MAC address of the repeater of the data packet, the serial number of the repeater is identified to the repeater according to the MAC address, and a first encryption unit corresponding to the repeater is inquired in a pre-configured repeater and encryption unit mapping table according to the serial number of the repeater; the method comprises the steps that the access point of the Internet of things is provided with a plurality of mapping tables between repeaters and encryption units, the mapping relation between the repeaters and the encryption units of each mapping table is different, the access point of the Internet of things receives an updating instruction sent by a gateway, the updating instruction comprises an updated mapping table identifier and updating time, and when the updating time is up, the access point of the Internet of things realizes the query of a first encryption unit by adopting the mapping table corresponding to the mapping table identifier;
the Internet of things access point calls the first encryption unit to encrypt the data packet;
and the access point of the Internet of things sends the encrypted data packet to the gateway.
2. The method of claim 1, wherein before the internet of things access point sends the encrypted data packet to a gateway, the method further comprises:
and if the first encryption unit fails to encrypt the data packet, calling the standby encryption unit of the first encryption unit to encrypt the data packet.
3. The method of claim 1, wherein the identifying the repeater according to the MAC address to obtain the serial number of the repeater specifically comprises:
and extracting the MAC address of the repeater in the data packet, and comparing the MAC address with the stored MAC address and a repeater mapping table to obtain the serial number of the repeater corresponding to the MAC address.
4. The method according to claim 3, wherein the invoking of the first encryption unit by the internet of things access point to encrypt the data packet specifically includes:
the internet of things access point extracts a set digit number from the MAC address of the repeater as a secret key, and the first encryption unit encrypts the data packet by adopting the secret key.
5. The method of claim 4, wherein the set number of bits is 4, 6, or 8.
6. A sub-equipment encryption device for receiving data by an AP (access point) of the Internet of things is characterized in that a plurality of mapping tables between a repeater and an encryption unit are configured in advance, and the mapping relation between the repeater and the encryption unit of each mapping table is different, and the device comprises:
a receiving unit, configured to receive a data packet sent by a relay;
the processing unit is used for extracting the MAC address of the repeater of the data packet, identifying the repeater according to the MAC address to obtain the serial number of the repeater, and inquiring a first encryption unit corresponding to the repeater in a pre-configured repeater and encryption unit mapping table according to the serial number of the repeater; the gateway is further configured to receive an update instruction sent by the gateway, where the update instruction includes an updated mapping table identifier and update time, and when the update time arrives, the first encryption unit is queried by using the mapping table corresponding to the mapping table identifier; calling the first encryption unit to encrypt the data packet;
and the sending unit is used for sending the data packet after the encryption processing to the gateway.
7. The apparatus according to claim 6, wherein the processing unit is further configured to invoke the spare encryption unit of the first encryption unit to encrypt the data packet if the first encryption unit fails to encrypt the data packet.
8. The apparatus of claim 6, wherein the processing unit is further configured to extract a MAC address of the relay in the data packet, and compare the MAC address with a stored MAC address and a relay mapping table to obtain a serial number of the relay corresponding to the MAC address.
9. The apparatus according to claim 6, wherein the processing unit is further configured to extract a set digit number from the MAC address of the repeater as a key, and the first encryption unit encrypts the packet using the key.
10. A computer-readable storage medium, characterized in that it stores a computer program for electronic data exchange, wherein the computer program causes a computer to perform the method according to any one of claims 1-5.
CN201710573347.9A 2017-07-14 2017-07-14 Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things Active CN107302538B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710573347.9A CN107302538B (en) 2017-07-14 2017-07-14 Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710573347.9A CN107302538B (en) 2017-07-14 2017-07-14 Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things
PCT/CN2017/100766 WO2019010796A1 (en) 2017-07-14 2017-09-06 Sub-device encryption method and device for receiving data of internet of things ap

Publications (2)

Publication Number Publication Date
CN107302538A CN107302538A (en) 2017-10-27
CN107302538B true CN107302538B (en) 2020-07-03

Family

ID=60133939

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710573347.9A Active CN107302538B (en) 2017-07-14 2017-07-14 Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things

Country Status (2)

Country Link
CN (1) CN107302538B (en)
WO (1) WO2019010796A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102694753A (en) * 2011-03-25 2012-09-26 国基电子(上海)有限公司 Gateway equipment capable of carrying out encryption transmission on data, system and method thereof
CN105307167A (en) * 2014-06-18 2016-02-03 松下知识产权经营株式会社 Wireless relay device and wireless relay method
CN106604275A (en) * 2017-01-22 2017-04-26 武汉慧通云信息科技有限公司 Information transmission, encryption and decryption method and system based on mobile internet

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4594081B2 (en) * 2002-05-09 2010-12-08 オニシックス グループ エルエー エルエルシー Centralized management system for encryption

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102694753A (en) * 2011-03-25 2012-09-26 国基电子(上海)有限公司 Gateway equipment capable of carrying out encryption transmission on data, system and method thereof
CN105307167A (en) * 2014-06-18 2016-02-03 松下知识产权经营株式会社 Wireless relay device and wireless relay method
CN106604275A (en) * 2017-01-22 2017-04-26 武汉慧通云信息科技有限公司 Information transmission, encryption and decryption method and system based on mobile internet

Also Published As

Publication number Publication date
WO2019010796A1 (en) 2019-01-17
CN107302538A (en) 2017-10-27

Similar Documents

Publication Publication Date Title
US9445286B2 (en) Protocol version negotiation method, mobile terminal, base station and communications system
CN105376048A (en) Method and system for connecting terminal with display equipment
EP3318048A1 (en) Bluetooth low energy address resolving
CN103458057A (en) Resource acquiring method, device and server
EP3007515B1 (en) Method, terminal, client and system for accessing wireless network
CN103974376A (en) Network connection assisting system and method
CN108353442B (en) Delegating a second network using a network
CN105392185B (en) A kind of networking method of smart machine, apparatus and system
CN104540089A (en) Method, device and system for carrying out Bluetooth pairing on master device and slave device
CN105245521A (en) Protocol format conversion method and device and interface platform
US20160029214A1 (en) Home control gateway and home control network connection method thereof
WO2018053894A1 (en) Internet-of-things access point handover method and device based on transmission rate
CN105451367A (en) Wireless network connection method, device and system
CN104918296A (en) Network connection assistance system and method
CN107360566B (en) Type-based uplink data encryption control method and device for Internet of things terminal
CN107302538B (en) Sub-equipment encryption method and device for data received by AP (Access Point) of Internet of things
CN107493571B (en) Type-based uplink data encryption control method and device for Internet of things repeater
CN106488483B (en) Method for configuring WIFI gateway equipment and corresponding gateway equipment
CN107483203B (en) Time-interval encryption method and device for data received by Internet of things access point
WO2018053895A1 (en) Type-based uplink data encryption control method and device for internet-of-things access point
WO2019015037A1 (en) Internet of things access point-based method and device for selective encryption
WO2018114792A1 (en) Commissioning device of one or more installed lighting devices
CN107612715B (en) Data backup method and device for Internet of things repeater
CN107547516A (en) The encryption method at times and device of internet-of-things terminal data
WO2019019282A1 (en) Method for internet of things terminal to sequentially encrypt data, and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant