CN107708112A - A kind of encryption method suitable for MQTT SN agreements - Google Patents
A kind of encryption method suitable for MQTT SN agreements Download PDFInfo
- Publication number
- CN107708112A CN107708112A CN201711064653.6A CN201711064653A CN107708112A CN 107708112 A CN107708112 A CN 107708112A CN 201711064653 A CN201711064653 A CN 201711064653A CN 107708112 A CN107708112 A CN 107708112A
- Authority
- CN
- China
- Prior art keywords
- proxy server
- encrypted payload
- abe
- private key
- publishing side
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/26—Special purpose or proprietary protocols or architectures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Abstract
The present invention relates to a kind of encryption method suitable for MQTT SN agreements, belong to the communications field.This method enables publishing side, proxy server and one or more subscription ends to complete coded communication using the design of the AES based on attribute of hash algorithm, Ciphertext policy.Proxy server completes the authentication at publish/subscribe end, completes the registration at publish/subscribe end, and generates system common parameter;Publishing side completes the encryption to plaintext load using the AES based on attribute of Ciphertext policy;Encrypted payload is sent to proxy server by publishing side, and proxy server is transmitted to one or more subscription ends;Subscription end is completed the decryption to encrypted payload, obtained in plain text to proxy server application private key.The present invention realizes authentication, data integrity verifying, the data confidentiality protection to MQTT SN protocol issuances/subscription end, solves the safety problem that MQTT SN agreements face in application of higher wireless sensor network well.
Description
Technical field
The invention belongs to the communications field, and in particular to a kind of encryption method suitable for MQTT-SN agreements.
Background technology
MQTT-SN (Message Queuing Telemetry Transport for Sensor Networks) agreement
It is that a kind of publish/subscribe formula message transmission protocol of the lightweight of Design of Wireless Sensor Network based on agency is aimed at by IBM.Its
Purpose of design mainly for a large amount of computing capabilitys it is limited and be operated in low bandwidth, the wireless sensor network of unreliable network provides
A kind of opening, simplify, lightweight and the communication means easily realized.There are the small, lightweight of agreement consumption, power consumption low etc. to adapt to
In the distinguishing feature of wireless sensor network, and have been widely used for the limited ring of the calculating such as wireless senser and storage resource
In border.
MQTT-SN protocol data ciphering process is related to 3 kinds of entities:Publishing side, subscription end end and proxy server.
Publishing side:That is message issuer, after being registered to proxy server, by by data according to subject classification
Mode, the load after encryption is sent to proxy server.
Subscription end:That is message subscribing person, after being registered to proxy server, initiate to subscribe to request, taken by acting on behalf of
The load of theme encryption ordered by business device acquisition.
Proxy server:As third party is trusted, give tacit consent on condition that safe and reliable.Major function is to publish/subscribe
End carries out authentication;Generate the common parameter needed for publish/subscribe end, the private key needed for generation subscription end decryption;Receive hair
The encrypted payload of cloth end issue is simultaneously transmitted to corresponding subscription end.
MQTT-SN agreements use the publish/subscribe pattern based on agency, and publishing side is not joined directly together with subscription end, by
Proxy server realizes the filtering forwarding of message, it is achieved thereby that the decoupling of publisher and subscriber.MQTT-SN protocol message lattice
Formula is divided into " fixed heading ", " variable heading " and " payload " three parts, in order to keep the lightweight of agreement,
MQTT-SN agreements partly do not do safe handling to its " payload " in itself.Again due to environment where wireless sensor network
Complexity, directly using MQTT-SN agreements cause wireless sensor network to face threat in secure context.It is in wireless sensing
The application of device network is faced with following safety problem:
(1) authentication question:Publishing side and subscription end certification is not implemented, it is impossible to the legitimacy of safety assurance information source.
(2) data confidentiality problem:It cannot be guaranteed that the payload of publishing side issue is sightless for outside.
(3) data integrity issues:It cannot be guaranteed that the message of issue is not unauthenticated by one, the especially section of malice
Point is changed.
The content of the invention
In view of this, it is an object of the invention to provide a kind of encryption method suitable for MQTT-SN agreements, by having
Effect load data is encrypted using the encryption mechanism (CP-ABE) based on attribute of Ciphertext policy, is improved data and is being passed
Security during defeated, the security feature of existing MQTT-SN agreements is enhanced, while to the wireless sensing of MQTT-SN deployment
The security tool of device network has a certain upgrade.
To reach above-mentioned purpose, the present invention provides following technical scheme:
A kind of encryption method suitable for MQTT-SN agreements, this method comprise the following steps:
S1:Initial phase:Initial phase is publishing side and subscription end registration, and proxy server generates and sending system
The process of common parameter;Publishing side, subscription end and the pre-configured initial key K of proxy server, publish/subscribe end is to agency service
Device is registered, and the legitimacy of proxy server checking publish/subscribe end identity, proxy server generates according to CP-ABE algorithms
System public parameter PK and master key MSK, and open parameter PK is sent to registered publish/subscribe end;
S2:Encrypting stage:Encrypting stage is the process that publishing side payload to be issued is encrypted pretreatment;Hair
Access structure is formulated first in cloth endThen common parameter PK, the access structure generated according to proxy serverAnd theme pair
The payload data answered, encrypted payload CT is generated using CP-ABE AESs;
S3:Launch phase:Launch phase is that encrypted payload CT is sent to proxy server by publishing side, and proxy server exists
Receive the process that corresponding subscriber is transmitted to after encrypted payload CT;Encrypted payload CT is sent to proxy server by publishing side;
Proxy server verifies the legitimacy of the encrypted payload after the encrypted payload CT of publishing side transmission is received, that is, judges to add
Whether close load is to reset message, if by distorting;Finally, after confirming that encrypted payload CT is legal, forward it to corresponding
Subscription end;
S4:Decryption phase:Decryption phase is subscription end after the encrypted payload CT of proxy server transmission is received, to generation
The private key needed for server application decryption is managed, then encrypted payload CT is decrypted the process of extraction civilization;Subscription end is connecing
After receiving encrypted payload CT, initiate private key generation request to proxy server and attribute set A is providedi, proxy server according to
System common parameter PK, attribute set AiAnd then master key MSK will using CP-ABE private keys generating algorithm generation private key SK
The private key SK of generation is sent to corresponding subscription end;Subscription end is according to the common parameter PK, private key SK and encrypted payload of system
CT, plaintext load data is obtained using CP-ABE decipherment algorithms;If attribute set AiMeet the access structure of ciphertextThen can
Successful decryption ciphertext, obtains clear data.
Further, the encryption method uses " 0X1E " as new type of message " SPUBLISH ", effective load of issue
Lotus uses CP-ABE algorithm for encryption.
Further, the proxy server completes the authentication at publish/subscribe end, completes the registration of publish/subscribe end, and
Generation system common parameter;
The publishing side completes the encryption to plaintext load using CP-ABE algorithms, then encrypted payload is sent into the generation
Server is managed, then proxy server relays to one or more subscription ends;
The subscription end is completed the decryption to encrypted payload using private key, obtained in plain text to proxy server application private key.
Further, the step S1 is specially:
S101:Publish/subscribe client sends registration request to the proxy server, there is provided authentication information;
S102:Proxy server verifies the legitimacy of the publish/subscribe client identity, if authentication success,
Return is succeeded in registration response, and carries out next step operation;
S103:Proxy server performs CP-ABE algorithms generation system common parameter PK and master key MSK, and by system
Common parameter PK is sent to the publish/subscribe client.
Further, the step S2 is specially:
S201:Publishing side formulates access strategy
S202:Publishing side utilizes access strategyLoad information data corresponding to open parameter PK and theme, using CP-
ABE AESs generation encrypted payload CT.
Further, the step S3 is specially:
S301:Encrypted payload CT and message authentication code MAC are sent to proxy server by publishing side;
S302:The legitimacy of proxy server checking publishing side issue data, if message is legal, performs and grasps in next step
Make;Otherwise, issue flow is terminated;
S303:If subscription end is successfully received encrypted payload CT, issue success response is returned;If it is unsuccessfully received
Encrypted payload CT, return to issue failure response.
Further, the step S4 is specially:
S401:Subscription end is after the encrypted payload CT that the proxy server is sent is received, to the proxy server
Send private key generation request;
S402:Proxy server judges whether the message is to reset message;If being judged as resetting message, returning to private key please
Seek failure response;Otherwise, the proxy server performs operates in next step;
S403:Proxy server utilizes attribute set Ai, system common parameter PK and master key MSK it is private using CP-ABE
Private key SK corresponding to key generating algorithm generation attributeABE, and by the private key SK of generationABEThe subscription end is sent to, and returns to private
Key asks success response;
S404:Subscription end is receiving the private key SK of proxy server transmissionABEAfterwards, system common parameter PK, private key are utilized
SKABEAnd encrypted payload CT decrypts to obtain plaintext load data using CP-ABE decipherment algorithms.
The beneficial effects of the present invention are:The novelty of the present invention is the encryption mechanism based on attribute of Ciphertext policy
(CP-ABE) MQTT-SN communication process is introduced, realizes broadcast enciphering communication.Publishing side need not obtain subscription before encryption
Hold list, it is not necessary to understand the quantity and identity of subscription end, it is more flexible and convenient, and the identity of subscription end can not be revealed, very well
Ground protects the privacy of subscription end.The certification to publish/subscribe end is realized in initial phase, solves MQTT-SN agreements
Suitable for the authentication question of wireless sensor network;The encryption to clear data is realized in encrypting stage, solves MQTT-SN
Agreement is applied to the data confidentiality problem of wireless sensor network;Data integrity verifying is realized in launch phase, is solved
MQTT-SN agreements are applied to the data integrity issues of wireless sensor network.The present invention solves MQTT-SN associations well
The safety problem faced in application of higher wireless sensor network is discussed, is had to the security of the wireless sensor network of MQTT-SN deployment
It has a certain upgrade.
Brief description of the drawings
In order that the purpose of the present invention, technical scheme and beneficial effect are clearer, the present invention provides drawings described below and carried out
Explanation:
Fig. 1 schematic flow sheets of the present invention;
Publish/subscribe end register flow path schematic diagram in Fig. 2 present invention;
Publishing side construction accesses tree construction schematic diagram in Fig. 3 present invention;
Encrypted payload issues schematic flow sheet in Fig. 4 present invention;
Subscription end decrypts schematic flow sheet in Fig. 5 present invention.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described in detail.
The present invention uses " 0X1E " to represent that the load data of issue is added using CP-ABE algorithms as new type of message
Close, overall procedure is as shown in figure 1, specifically include initialization, encryption, issue, decryption four-stage.
1. initial phase:
Before publish/subscribe client carries out proper communication, it is necessary first to initialized, i.e. publish/subscribe client
End completes to register in proxy server, establishes and connects with proxy server.Register flow path is as shown in Figure 2.
Step 1-1:Publish/subscribe client sends registration request to proxy server, that is, provides authentication information.Hair
Cloth end submit authentication information form be:IDpi||MACpi.In formula, IDpiRepresent publishing side pi identity.MACpi=
hash(IDpi, K), represent that key K is pre-configured key, specifically using message authentication code caused by the hash algorithm that key is K
The hash algorithm of use does not provide.
Subscription end submit authentication information form be:IDsi||MACsi.In formula, IDsiRepresent subscription end si identity
Mark.MACsi=hash (IDsi, K), represent that using message authentication code caused by the hash algorithm that key is K, key K be prewired
Key is put, the hash algorithm specifically used does not provide.
Step 1-2:Proxy server verifies the legitimacy of publish/subscribe client identity.(ordered by taking publishing side certification as an example
It is consistent to read end authentication method), proxy server calculates MAC after the authentication information of publishing side is receivedpi *=hash
(IDpi, K), the then authentication code MAC with receivingpiCompare.If unequal, registration failure response is returned, terminates registration flow
Journey;If equal, certification success, response of succeeding in registration is returned to, and carry out next step operation.
Step 1-3:Proxy server performs CP-ABE algorithms generation system common parameter PK and master key MSK, and will
System common parameter PK is sent to publish/subscribe client.
2. encrypting stage
Publishing side before giving out information, it is necessary to first to wanting load corresponding to issuing subject to be encrypted, idiographic flow
It is as follows.
Step 2-1:Publishing side formulates access strategyIt is illustrated in figure 3 a kind of of structure and accesses tree construction example.
Access strategy mentioned by step 2-1Be by a series of attribute sets and certain logic rules (with or, the cloth such as non-
Your structure) the n members of structure access tree construction.Each non-leaf nodes for accessing tree is a thresholding, uses KxRepresent, 0<=Kx<
=num (x), num (x) represent its child nodes number.Work as KxDuring=num (x), non-leaf nodes represents and door;Work as Kx<num(x)
When, non-leaf nodes represents OR gate;Each leaf node for accessing tree represents an attribute.Wherein specific object is advised with logic
It is then self-defined by publishing side, if for example, publishing side is temperature sensor, its access strategy formulatedIn specific object can be with
Sensor including subscribing to temperature data theme has attribute.
Step 2-2:Publishing side utilizes access strategyPayload information data corresponding to open parameter PK and theme,
Encrypted payload is generated using CP-ABE AESs
3. launch phase
As shown in figure 4, encrypted payload CT is sent to proxy server by publishing side, proxy server is receiving encryption load
Its legitimacy is verified after lotus CT, is then forwarded to corresponding subscriber, idiographic flow is as shown below.
Step 3-1:Encrypted payload CT is sent to proxy server by publishing side, and message format is:IDpi||Npi||CT||
MAC.In formula, MAC=hash (Npi| | CT), represent the message authentication code generated using hash algorithm, NpiFor caused by publishing side
Random number.
Step 3-2:The random number N received twice before and after proxy server contrastpi, judge whether the message is that playback disappears
Breath.If the front and rear random number that receives twice is equal, it is judged as resetting message, abandons the encryption data bag and return to issue failure
Response, launch phase terminate;If the front and rear random number that receives twice is unequal, non-playback message is represented, proxy server performs
Operate in next step.
Step 3-3:Proxy server calculates MAC*=hash (Npi| | CT), the then message authentication code MAC with receiving
Compare.If unequal, abandon the encryption data bag and return to issue failure response;If equal, issue success response is returned, and
Encrypted payload CT is forwarded to corresponding subscription end.
Step 3-4:If subscription end is successfully received encrypted payload CT, issue success response is returned;If connect not successfully
Encrypted payload CT is received, returns to issue failure response.
4. decryption phase:
Subscription end can not directly decrypt to obtain payload after the encrypted payload CT of proxy server transmission is received,
Private key generation request must be initiated to proxy server, then decrypts plaintext load data using obtained private key, specific stream
Journey is as shown in Figure 5.
Step 4-1:Subscription end is sent private after the encrypted payload CT of proxy server transmission is received to proxy server
Key generation request, adds its attribute set Ai, private key generation request message format be:IDsi||Nsi||Ai.In formula, NsiTo subscribe to
Random number caused by end.
In the attribute set A that step 4-1 is referred toiSubscription end i attribute information is represented, can be the feature letter of subscription end
Breath, positional information, identity etc., it is global set U={ A1, A2..., AnA subset (specific this hair of attribute information
It is bright not provide, self-defined by user).Global set U represents the set of all subscription end attributes.
Subscription end all need not send private key generation request after encrypted payload CT is received each time to proxy server, such as
Its attribute set of fruit AiDo not change, then operation is decrypted in the private key for asking to obtain using first time private key;If it belongs to
Property set AiChange, then after receiving encrypted payload CT, send private key generation request to proxy server again.
Step 4-2:The random number N received twice before and after proxy server contrastsi, judge whether the message is that playback disappears
Breath.If being judged as resetting message, private key request failure response is returned;Otherwise, proxy server performs operates in next step.
Step 4-3:Proxy server utilizes attribute set Ai, system common parameter PK and master key MSK use CP-
Private key SK corresponding to ABE private keys generating algorithm generation attributeABE=Keygen (PK, Ai, MSK), and by the private key SK of generationABEHair
Corresponding subscription end is given, and returns to private key request success response.
Step 4-4:Subscription end is receiving the private key SK of proxy server transmissionABEAfterwards, using system common parameter PK,
Private key SKABEAnd encrypted payload CT using CP-ABE decipherment algorithms decrypt to obtain plaintext load data=Decrypt (PK,
SKABE,CT)。
, can successful decryption if the attribute set of subscription end meets the access strategy that publishing side is formulated in step 4-4.
Attribute set meets that an access tree construction can be defined as:If T is the access tree using r as root node, TxIt is using x as root node
T subtree.If Tx(S)=1, then declared attribute set S meets access structure Tx.If node x is leaf node, when and
Only when the attribute att (x) of leaf node x associations is attribute set S element, Tx(S)=1.If node x is non-leaf nodes
When, at least KxIndividual child node z meets Tz(S) when=1, Tx(S)=1.
Finally illustrate, preferred embodiment above is merely illustrative of the technical solution of the present invention and unrestricted, although logical
Cross above preferred embodiment the present invention is described in detail, it is to be understood by those skilled in the art that can be
Various changes are made to it in form and in details, without departing from claims of the present invention limited range.
Claims (7)
- A kind of 1. encryption method suitable for MQTT-SN agreements, it is characterised in that:This method comprises the following steps:S1:Initial phase:Initial phase is publishing side and subscription end registration, and simultaneously sending system is public for proxy server generation The process of parameter;Publishing side, subscription end and the pre-configured initial key K of proxy server, publish/subscribe end is entered to proxy server Row registration, the legitimacy of proxy server checking publish/subscribe end identity, proxy server generate system according to CP-ABE algorithms Open parameter PK and master key MSK, and open parameter PK is sent to registered publish/subscribe end;S2:Encrypting stage:Encrypting stage is the process that publishing side payload to be issued is encrypted pretreatment;Publishing side Access structure is formulated firstThen common parameter PK, the access structure generated according to proxy serverAnd corresponding to theme Payload data, encrypted payload CT is generated using CP-ABE AESs;S3:Launch phase:Launch phase is that encrypted payload CT is sent to proxy server by publishing side, and proxy server is receiving The process of corresponding subscriber is transmitted to after to encrypted payload CT;Encrypted payload CT is sent to proxy server by publishing side;Agency Server verifies the legitimacy of the encrypted payload after the encrypted payload CT of publishing side transmission is received, that is, judges that the encryption carries Whether lotus is to reset message, if by distorting;Finally, after confirming that encrypted payload CT is legal, forward it to and order accordingly Read end;S4:Decryption phase:Decryption phase is subscription end after the encrypted payload CT of proxy server transmission is received, and is taken to agency The private key being engaged in needed for device application decryption, then encrypted payload CT is decrypted the process of extraction civilization;Subscription end is receiving After encrypted payload CT, initiate private key generation request to proxy server and attribute set A is providedi, proxy server is according to system Common parameter PK, attribute set AiAnd then master key MSK will be generated using CP-ABE private keys generating algorithm generation private key SK Private key SK be sent to corresponding subscription end;Subscription end is adopted according to the common parameter PK, private key SK and encrypted payload CT of system Plaintext load data is obtained with CP-ABE decipherment algorithms;If attribute set AiMeet the access structure of ciphertextThen can successfully it solve Ciphertext, obtain clear data.
- A kind of 2. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The encryption Method uses " 0X1E " to use CP-ABE algorithm for encryption as new type of message " SPUBLISH ", the payload of issue.
- A kind of 3. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The agency Server completes the authentication at publish/subscribe end, completes the registration of publish/subscribe end, and generate system common parameter;The publishing side completes the encryption to plaintext load using CP-ABE algorithms, then encrypted payload is sent into the agency and taken Be engaged in device, then proxy server relay to one or more subscription ends;The subscription end is completed the decryption to encrypted payload using private key, obtained in plain text to proxy server application private key.
- A kind of 4. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The step S1 is specially:S101:Publish/subscribe client sends registration request to the proxy server, there is provided authentication information;S102:Proxy server verifies the legitimacy of the publish/subscribe client identity, if authentication success, is returned Succeed in registration response, and carry out next step operation;S103:Proxy server performs CP-ABE algorithms generation system common parameter PK and master key MSK, and system is public Parameter PK is sent to the publish/subscribe client.
- A kind of 5. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The step S2 is specially:S201:Publishing side formulates access strategyS202:Publishing side utilizes access strategyLoad information data corresponding to open parameter PK and theme, using CP-ABE AES generation encrypted payload CT.
- A kind of 6. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The step S3 is specially:S301:Encrypted payload CT and message authentication code MAC are sent to proxy server by publishing side;S302:The legitimacy of proxy server checking publishing side issue data, if message is legal, performs and operates in next step; Otherwise, issue flow is terminated;S303:If subscription end is successfully received encrypted payload CT, issue success response is returned;If it is unsuccessfully received encryption Load CT, return to issue failure response.
- A kind of 7. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The step S4 is specially:S401:Subscription end is sent after the encrypted payload CT that the proxy server is sent is received to the proxy server Private key generation request;S402:Proxy server judges whether the message is to reset message;If being judged as resetting message, return to private key request and lose Lose response;Otherwise, the proxy server performs operates in next step;S403:Proxy server utilizes attribute set Ai, system common parameter PK and master key MSK given birth to using CP-ABE private keys Into private key SK corresponding to algorithm generation attributeABE, and by the private key SK of generationABEThe subscription end is sent to, and returns to private key and asks Ask success response;S404:Subscription end is receiving the private key SK of proxy server transmissionABEAfterwards, system common parameter PK, private key SK are utilizedABE And encrypted payload CT decrypts to obtain plaintext load data using CP-ABE decipherment algorithms.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711064653.6A CN107708112A (en) | 2017-11-02 | 2017-11-02 | A kind of encryption method suitable for MQTT SN agreements |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711064653.6A CN107708112A (en) | 2017-11-02 | 2017-11-02 | A kind of encryption method suitable for MQTT SN agreements |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107708112A true CN107708112A (en) | 2018-02-16 |
Family
ID=61177655
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711064653.6A Pending CN107708112A (en) | 2017-11-02 | 2017-11-02 | A kind of encryption method suitable for MQTT SN agreements |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107708112A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040098A (en) * | 2018-08-23 | 2018-12-18 | 四川长虹电器股份有限公司 | A method of MQTT protocol authentication is realized based on JWT |
CN109088723A (en) * | 2018-10-26 | 2018-12-25 | 四川长虹电器股份有限公司 | A kind of long-range control method based on MQTT agreement |
CN109639642A (en) * | 2018-11-12 | 2019-04-16 | 平安科技(深圳)有限公司 | Safety certifying method, device and storage medium based on MQTT |
CN109962968A (en) * | 2018-11-21 | 2019-07-02 | 东莞市云创网络科技有限公司 | With city information publication and distribution system |
CN110138860A (en) * | 2019-05-16 | 2019-08-16 | 广州云智易物联网有限公司 | A kind of data communication method and device based on Internet of Things |
CN110602690A (en) * | 2019-08-23 | 2019-12-20 | 华为技术有限公司 | Encryption method and device applied to ZigBee system |
CN110675684A (en) * | 2019-09-27 | 2020-01-10 | 陕西天竞智能操作工程有限责任公司 | Intelligent drilling system and equipment |
CN110740150A (en) * | 2018-07-20 | 2020-01-31 | 阿里巴巴集团控股有限公司 | Message interaction method and device |
WO2020063048A1 (en) * | 2018-09-29 | 2020-04-02 | 深圳前海达闼云端智能科技有限公司 | Pon network and communication method therefor, olt, mqtt-sn gateway, onu, and mqtt server |
CN111131426A (en) * | 2019-12-19 | 2020-05-08 | 浙江百应科技有限公司 | MQTT data interaction based method, terminal and server |
CN113098969A (en) * | 2021-04-09 | 2021-07-09 | 薪得付信息技术(上海)有限公司 | Data distribution method, device and system and electronic equipment |
CN113271283A (en) * | 2020-02-14 | 2021-08-17 | 宁波吉利汽车研究开发有限公司 | Message access method and system |
CN113726896A (en) * | 2021-09-01 | 2021-11-30 | 看屋(上海)信息科技有限公司 | Task distribution system based on commercial intelligent real estate industry |
CN114500070A (en) * | 2022-02-10 | 2022-05-13 | 上海蓝长自动化科技有限公司 | MQTT protocol secure communication method based on secret sharing algorithm |
CN115086380A (en) * | 2022-07-25 | 2022-09-20 | 苏州思萃工业互联网技术研究所有限公司 | Data transmission system and method based on energy management platform |
CN115776390A (en) * | 2022-11-04 | 2023-03-10 | 哈尔滨工程大学 | MQTT protocol identity authentication and data encryption method based on state password |
US11658949B2 (en) | 2019-10-07 | 2023-05-23 | British Telecommunications Public Limited Company | Secure publish-subscribe communication methods and apparatus |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104378386A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for cloud data confidentiality protection and access control |
US20160014095A1 (en) * | 2014-07-14 | 2016-01-14 | William Timothy Strayer | Policy-based access control in content networks |
CN107294718A (en) * | 2017-08-09 | 2017-10-24 | 长安大学 | Voidable key strategy is based on encryption attribute method in a kind of master pattern |
-
2017
- 2017-11-02 CN CN201711064653.6A patent/CN107708112A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160014095A1 (en) * | 2014-07-14 | 2016-01-14 | William Timothy Strayer | Policy-based access control in content networks |
CN104378386A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for cloud data confidentiality protection and access control |
CN107294718A (en) * | 2017-08-09 | 2017-10-24 | 长安大学 | Voidable key strategy is based on encryption attribute method in a kind of master pattern |
Non-Patent Citations (1)
Title |
---|
MEENA SINGH: "《Secure MQTT for Internet of Things (IoT)》", 《2015 FIFTH INTERNATIONAL CONFERENCE ON COMMUNICATION SYSTEMS AND NETWORK TECHNOLOGIES》 * |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110740150A (en) * | 2018-07-20 | 2020-01-31 | 阿里巴巴集团控股有限公司 | Message interaction method and device |
CN109040098A (en) * | 2018-08-23 | 2018-12-18 | 四川长虹电器股份有限公司 | A method of MQTT protocol authentication is realized based on JWT |
WO2020063048A1 (en) * | 2018-09-29 | 2020-04-02 | 深圳前海达闼云端智能科技有限公司 | Pon network and communication method therefor, olt, mqtt-sn gateway, onu, and mqtt server |
CN109088723A (en) * | 2018-10-26 | 2018-12-25 | 四川长虹电器股份有限公司 | A kind of long-range control method based on MQTT agreement |
CN109088723B (en) * | 2018-10-26 | 2021-08-06 | 四川长虹电器股份有限公司 | Remote control method based on MQTT protocol |
CN109639642A (en) * | 2018-11-12 | 2019-04-16 | 平安科技(深圳)有限公司 | Safety certifying method, device and storage medium based on MQTT |
CN109639642B (en) * | 2018-11-12 | 2022-04-12 | 平安科技(深圳)有限公司 | MQTT-based security authentication method, device and storage medium |
CN109962968A (en) * | 2018-11-21 | 2019-07-02 | 东莞市云创网络科技有限公司 | With city information publication and distribution system |
CN110138860A (en) * | 2019-05-16 | 2019-08-16 | 广州云智易物联网有限公司 | A kind of data communication method and device based on Internet of Things |
CN110138860B (en) * | 2019-05-16 | 2022-02-22 | 广州云智易物联网有限公司 | Data communication method and device based on Internet of things |
CN110602690A (en) * | 2019-08-23 | 2019-12-20 | 华为技术有限公司 | Encryption method and device applied to ZigBee system |
CN110602690B (en) * | 2019-08-23 | 2022-01-14 | 华为技术有限公司 | Encryption method and device applied to ZigBee system |
CN110675684A (en) * | 2019-09-27 | 2020-01-10 | 陕西天竞智能操作工程有限责任公司 | Intelligent drilling system and equipment |
US11658949B2 (en) | 2019-10-07 | 2023-05-23 | British Telecommunications Public Limited Company | Secure publish-subscribe communication methods and apparatus |
CN111131426B (en) * | 2019-12-19 | 2022-05-10 | 浙江百应科技有限公司 | MQTT data interaction based method, terminal and server |
CN111131426A (en) * | 2019-12-19 | 2020-05-08 | 浙江百应科技有限公司 | MQTT data interaction based method, terminal and server |
CN113271283A (en) * | 2020-02-14 | 2021-08-17 | 宁波吉利汽车研究开发有限公司 | Message access method and system |
CN113271283B (en) * | 2020-02-14 | 2022-11-04 | 宁波吉利汽车研究开发有限公司 | Message access method and system |
CN113098969B (en) * | 2021-04-09 | 2022-12-20 | 薪得付信息技术(上海)有限公司 | Data distribution method, device and system and electronic equipment |
CN113098969A (en) * | 2021-04-09 | 2021-07-09 | 薪得付信息技术(上海)有限公司 | Data distribution method, device and system and electronic equipment |
CN113726896A (en) * | 2021-09-01 | 2021-11-30 | 看屋(上海)信息科技有限公司 | Task distribution system based on commercial intelligent real estate industry |
CN113726896B (en) * | 2021-09-01 | 2022-09-27 | 看屋(上海)信息科技有限公司 | Task distribution system based on commercial intelligent real estate industry |
CN114500070A (en) * | 2022-02-10 | 2022-05-13 | 上海蓝长自动化科技有限公司 | MQTT protocol secure communication method based on secret sharing algorithm |
CN115086380A (en) * | 2022-07-25 | 2022-09-20 | 苏州思萃工业互联网技术研究所有限公司 | Data transmission system and method based on energy management platform |
CN115776390A (en) * | 2022-11-04 | 2023-03-10 | 哈尔滨工程大学 | MQTT protocol identity authentication and data encryption method based on state password |
CN115776390B (en) * | 2022-11-04 | 2024-04-09 | 哈尔滨工程大学 | MQTT protocol identity authentication and data encryption method based on national secret |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107708112A (en) | A kind of encryption method suitable for MQTT SN agreements | |
US11978044B2 (en) | Client authentication using split key signing on a blockchain platform | |
US11677729B2 (en) | Secure multi-party protocol | |
US11271730B2 (en) | Systems and methods for deployment, management and use of dynamic cipher key systems | |
US8059818B2 (en) | Accessing protected data on network storage from multiple devices | |
CN106104562B (en) | System and method for securely storing and recovering confidential data | |
CN108599925B (en) | Improved AKA identity authentication system and method based on quantum communication network | |
AU2003202511B2 (en) | Methods for authenticating potential members invited to join a group | |
US20170033925A1 (en) | Methods and apparatus for implementing a communications system secured using one-time pads | |
US20030084292A1 (en) | Using atomic messaging to increase the security of transferring data across a network | |
US20020087862A1 (en) | Trusted intermediary | |
TW201215070A (en) | Key Management Systems and methods for shared secret ciphers | |
CN114503507A (en) | Secure publish-subscribe communications method and apparatus | |
Shen et al. | Toward data privacy preservation with ciphertext update and key rotation for IoT | |
CN114143117B (en) | Data processing method and device | |
CN106790037A (en) | The instant communication method and system of a kind of User space encryption | |
TW201537937A (en) | Unified identity authentication platform and authentication method thereof | |
Rizzardi et al. | Analysis on functionalities and security features of Internet of Things related protocols | |
CN111756528A (en) | Quantum session key distribution method and device and communication architecture | |
Kumar et al. | Blockchain-enabled secure communication for unmanned aerial vehicle (UAV) networks | |
KR20130039745A (en) | System and method for authentication interworking | |
CN107959725A (en) | The Publish-subscribe class service agreement of consideration privacy of user based on elliptic curve | |
Lu et al. | Asymmetric Cryptography Among Different 5G Core Networks | |
US20220200792A1 (en) | Selective data disclosure via a block chain | |
CN113918971A (en) | Block chain based message transmission method, device, equipment and readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180216 |