CN107708112A - A kind of encryption method suitable for MQTT SN agreements - Google Patents

A kind of encryption method suitable for MQTT SN agreements Download PDF

Info

Publication number
CN107708112A
CN107708112A CN201711064653.6A CN201711064653A CN107708112A CN 107708112 A CN107708112 A CN 107708112A CN 201711064653 A CN201711064653 A CN 201711064653A CN 107708112 A CN107708112 A CN 107708112A
Authority
CN
China
Prior art keywords
proxy server
encrypted payload
abe
private key
publishing side
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711064653.6A
Other languages
Chinese (zh)
Inventor
王浩
李勇
王平
马展
吴亚洲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201711064653.6A priority Critical patent/CN107708112A/en
Publication of CN107708112A publication Critical patent/CN107708112A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Abstract

The present invention relates to a kind of encryption method suitable for MQTT SN agreements, belong to the communications field.This method enables publishing side, proxy server and one or more subscription ends to complete coded communication using the design of the AES based on attribute of hash algorithm, Ciphertext policy.Proxy server completes the authentication at publish/subscribe end, completes the registration at publish/subscribe end, and generates system common parameter;Publishing side completes the encryption to plaintext load using the AES based on attribute of Ciphertext policy;Encrypted payload is sent to proxy server by publishing side, and proxy server is transmitted to one or more subscription ends;Subscription end is completed the decryption to encrypted payload, obtained in plain text to proxy server application private key.The present invention realizes authentication, data integrity verifying, the data confidentiality protection to MQTT SN protocol issuances/subscription end, solves the safety problem that MQTT SN agreements face in application of higher wireless sensor network well.

Description

A kind of encryption method suitable for MQTT-SN agreements
Technical field
The invention belongs to the communications field, and in particular to a kind of encryption method suitable for MQTT-SN agreements.
Background technology
MQTT-SN (Message Queuing Telemetry Transport for Sensor Networks) agreement It is that a kind of publish/subscribe formula message transmission protocol of the lightweight of Design of Wireless Sensor Network based on agency is aimed at by IBM.Its Purpose of design mainly for a large amount of computing capabilitys it is limited and be operated in low bandwidth, the wireless sensor network of unreliable network provides A kind of opening, simplify, lightweight and the communication means easily realized.There are the small, lightweight of agreement consumption, power consumption low etc. to adapt to In the distinguishing feature of wireless sensor network, and have been widely used for the limited ring of the calculating such as wireless senser and storage resource In border.
MQTT-SN protocol data ciphering process is related to 3 kinds of entities:Publishing side, subscription end end and proxy server.
Publishing side:That is message issuer, after being registered to proxy server, by by data according to subject classification Mode, the load after encryption is sent to proxy server.
Subscription end:That is message subscribing person, after being registered to proxy server, initiate to subscribe to request, taken by acting on behalf of The load of theme encryption ordered by business device acquisition.
Proxy server:As third party is trusted, give tacit consent on condition that safe and reliable.Major function is to publish/subscribe End carries out authentication;Generate the common parameter needed for publish/subscribe end, the private key needed for generation subscription end decryption;Receive hair The encrypted payload of cloth end issue is simultaneously transmitted to corresponding subscription end.
MQTT-SN agreements use the publish/subscribe pattern based on agency, and publishing side is not joined directly together with subscription end, by Proxy server realizes the filtering forwarding of message, it is achieved thereby that the decoupling of publisher and subscriber.MQTT-SN protocol message lattice Formula is divided into " fixed heading ", " variable heading " and " payload " three parts, in order to keep the lightweight of agreement, MQTT-SN agreements partly do not do safe handling to its " payload " in itself.Again due to environment where wireless sensor network Complexity, directly using MQTT-SN agreements cause wireless sensor network to face threat in secure context.It is in wireless sensing The application of device network is faced with following safety problem:
(1) authentication question:Publishing side and subscription end certification is not implemented, it is impossible to the legitimacy of safety assurance information source.
(2) data confidentiality problem:It cannot be guaranteed that the payload of publishing side issue is sightless for outside.
(3) data integrity issues:It cannot be guaranteed that the message of issue is not unauthenticated by one, the especially section of malice Point is changed.
The content of the invention
In view of this, it is an object of the invention to provide a kind of encryption method suitable for MQTT-SN agreements, by having Effect load data is encrypted using the encryption mechanism (CP-ABE) based on attribute of Ciphertext policy, is improved data and is being passed Security during defeated, the security feature of existing MQTT-SN agreements is enhanced, while to the wireless sensing of MQTT-SN deployment The security tool of device network has a certain upgrade.
To reach above-mentioned purpose, the present invention provides following technical scheme:
A kind of encryption method suitable for MQTT-SN agreements, this method comprise the following steps:
S1:Initial phase:Initial phase is publishing side and subscription end registration, and proxy server generates and sending system The process of common parameter;Publishing side, subscription end and the pre-configured initial key K of proxy server, publish/subscribe end is to agency service Device is registered, and the legitimacy of proxy server checking publish/subscribe end identity, proxy server generates according to CP-ABE algorithms System public parameter PK and master key MSK, and open parameter PK is sent to registered publish/subscribe end;
S2:Encrypting stage:Encrypting stage is the process that publishing side payload to be issued is encrypted pretreatment;Hair Access structure is formulated first in cloth endThen common parameter PK, the access structure generated according to proxy serverAnd theme pair The payload data answered, encrypted payload CT is generated using CP-ABE AESs;
S3:Launch phase:Launch phase is that encrypted payload CT is sent to proxy server by publishing side, and proxy server exists Receive the process that corresponding subscriber is transmitted to after encrypted payload CT;Encrypted payload CT is sent to proxy server by publishing side; Proxy server verifies the legitimacy of the encrypted payload after the encrypted payload CT of publishing side transmission is received, that is, judges to add Whether close load is to reset message, if by distorting;Finally, after confirming that encrypted payload CT is legal, forward it to corresponding Subscription end;
S4:Decryption phase:Decryption phase is subscription end after the encrypted payload CT of proxy server transmission is received, to generation The private key needed for server application decryption is managed, then encrypted payload CT is decrypted the process of extraction civilization;Subscription end is connecing After receiving encrypted payload CT, initiate private key generation request to proxy server and attribute set A is providedi, proxy server according to System common parameter PK, attribute set AiAnd then master key MSK will using CP-ABE private keys generating algorithm generation private key SK The private key SK of generation is sent to corresponding subscription end;Subscription end is according to the common parameter PK, private key SK and encrypted payload of system CT, plaintext load data is obtained using CP-ABE decipherment algorithms;If attribute set AiMeet the access structure of ciphertextThen can Successful decryption ciphertext, obtains clear data.
Further, the encryption method uses " 0X1E " as new type of message " SPUBLISH ", effective load of issue Lotus uses CP-ABE algorithm for encryption.
Further, the proxy server completes the authentication at publish/subscribe end, completes the registration of publish/subscribe end, and Generation system common parameter;
The publishing side completes the encryption to plaintext load using CP-ABE algorithms, then encrypted payload is sent into the generation Server is managed, then proxy server relays to one or more subscription ends;
The subscription end is completed the decryption to encrypted payload using private key, obtained in plain text to proxy server application private key.
Further, the step S1 is specially:
S101:Publish/subscribe client sends registration request to the proxy server, there is provided authentication information;
S102:Proxy server verifies the legitimacy of the publish/subscribe client identity, if authentication success, Return is succeeded in registration response, and carries out next step operation;
S103:Proxy server performs CP-ABE algorithms generation system common parameter PK and master key MSK, and by system Common parameter PK is sent to the publish/subscribe client.
Further, the step S2 is specially:
S201:Publishing side formulates access strategy
S202:Publishing side utilizes access strategyLoad information data corresponding to open parameter PK and theme, using CP- ABE AESs generation encrypted payload CT.
Further, the step S3 is specially:
S301:Encrypted payload CT and message authentication code MAC are sent to proxy server by publishing side;
S302:The legitimacy of proxy server checking publishing side issue data, if message is legal, performs and grasps in next step Make;Otherwise, issue flow is terminated;
S303:If subscription end is successfully received encrypted payload CT, issue success response is returned;If it is unsuccessfully received Encrypted payload CT, return to issue failure response.
Further, the step S4 is specially:
S401:Subscription end is after the encrypted payload CT that the proxy server is sent is received, to the proxy server Send private key generation request;
S402:Proxy server judges whether the message is to reset message;If being judged as resetting message, returning to private key please Seek failure response;Otherwise, the proxy server performs operates in next step;
S403:Proxy server utilizes attribute set Ai, system common parameter PK and master key MSK it is private using CP-ABE Private key SK corresponding to key generating algorithm generation attributeABE, and by the private key SK of generationABEThe subscription end is sent to, and returns to private Key asks success response;
S404:Subscription end is receiving the private key SK of proxy server transmissionABEAfterwards, system common parameter PK, private key are utilized SKABEAnd encrypted payload CT decrypts to obtain plaintext load data using CP-ABE decipherment algorithms.
The beneficial effects of the present invention are:The novelty of the present invention is the encryption mechanism based on attribute of Ciphertext policy (CP-ABE) MQTT-SN communication process is introduced, realizes broadcast enciphering communication.Publishing side need not obtain subscription before encryption Hold list, it is not necessary to understand the quantity and identity of subscription end, it is more flexible and convenient, and the identity of subscription end can not be revealed, very well Ground protects the privacy of subscription end.The certification to publish/subscribe end is realized in initial phase, solves MQTT-SN agreements Suitable for the authentication question of wireless sensor network;The encryption to clear data is realized in encrypting stage, solves MQTT-SN Agreement is applied to the data confidentiality problem of wireless sensor network;Data integrity verifying is realized in launch phase, is solved MQTT-SN agreements are applied to the data integrity issues of wireless sensor network.The present invention solves MQTT-SN associations well The safety problem faced in application of higher wireless sensor network is discussed, is had to the security of the wireless sensor network of MQTT-SN deployment It has a certain upgrade.
Brief description of the drawings
In order that the purpose of the present invention, technical scheme and beneficial effect are clearer, the present invention provides drawings described below and carried out Explanation:
Fig. 1 schematic flow sheets of the present invention;
Publish/subscribe end register flow path schematic diagram in Fig. 2 present invention;
Publishing side construction accesses tree construction schematic diagram in Fig. 3 present invention;
Encrypted payload issues schematic flow sheet in Fig. 4 present invention;
Subscription end decrypts schematic flow sheet in Fig. 5 present invention.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described in detail.
The present invention uses " 0X1E " to represent that the load data of issue is added using CP-ABE algorithms as new type of message Close, overall procedure is as shown in figure 1, specifically include initialization, encryption, issue, decryption four-stage.
1. initial phase:
Before publish/subscribe client carries out proper communication, it is necessary first to initialized, i.e. publish/subscribe client End completes to register in proxy server, establishes and connects with proxy server.Register flow path is as shown in Figure 2.
Step 1-1:Publish/subscribe client sends registration request to proxy server, that is, provides authentication information.Hair Cloth end submit authentication information form be:IDpi||MACpi.In formula, IDpiRepresent publishing side pi identity.MACpi= hash(IDpi, K), represent that key K is pre-configured key, specifically using message authentication code caused by the hash algorithm that key is K The hash algorithm of use does not provide.
Subscription end submit authentication information form be:IDsi||MACsi.In formula, IDsiRepresent subscription end si identity Mark.MACsi=hash (IDsi, K), represent that using message authentication code caused by the hash algorithm that key is K, key K be prewired Key is put, the hash algorithm specifically used does not provide.
Step 1-2:Proxy server verifies the legitimacy of publish/subscribe client identity.(ordered by taking publishing side certification as an example It is consistent to read end authentication method), proxy server calculates MAC after the authentication information of publishing side is receivedpi *=hash (IDpi, K), the then authentication code MAC with receivingpiCompare.If unequal, registration failure response is returned, terminates registration flow Journey;If equal, certification success, response of succeeding in registration is returned to, and carry out next step operation.
Step 1-3:Proxy server performs CP-ABE algorithms generation system common parameter PK and master key MSK, and will System common parameter PK is sent to publish/subscribe client.
2. encrypting stage
Publishing side before giving out information, it is necessary to first to wanting load corresponding to issuing subject to be encrypted, idiographic flow It is as follows.
Step 2-1:Publishing side formulates access strategyIt is illustrated in figure 3 a kind of of structure and accesses tree construction example.
Access strategy mentioned by step 2-1Be by a series of attribute sets and certain logic rules (with or, the cloth such as non- Your structure) the n members of structure access tree construction.Each non-leaf nodes for accessing tree is a thresholding, uses KxRepresent, 0<=Kx< =num (x), num (x) represent its child nodes number.Work as KxDuring=num (x), non-leaf nodes represents and door;Work as Kx<num(x) When, non-leaf nodes represents OR gate;Each leaf node for accessing tree represents an attribute.Wherein specific object is advised with logic It is then self-defined by publishing side, if for example, publishing side is temperature sensor, its access strategy formulatedIn specific object can be with Sensor including subscribing to temperature data theme has attribute.
Step 2-2:Publishing side utilizes access strategyPayload information data corresponding to open parameter PK and theme, Encrypted payload is generated using CP-ABE AESs
3. launch phase
As shown in figure 4, encrypted payload CT is sent to proxy server by publishing side, proxy server is receiving encryption load Its legitimacy is verified after lotus CT, is then forwarded to corresponding subscriber, idiographic flow is as shown below.
Step 3-1:Encrypted payload CT is sent to proxy server by publishing side, and message format is:IDpi||Npi||CT|| MAC.In formula, MAC=hash (Npi| | CT), represent the message authentication code generated using hash algorithm, NpiFor caused by publishing side Random number.
Step 3-2:The random number N received twice before and after proxy server contrastpi, judge whether the message is that playback disappears Breath.If the front and rear random number that receives twice is equal, it is judged as resetting message, abandons the encryption data bag and return to issue failure Response, launch phase terminate;If the front and rear random number that receives twice is unequal, non-playback message is represented, proxy server performs Operate in next step.
Step 3-3:Proxy server calculates MAC*=hash (Npi| | CT), the then message authentication code MAC with receiving Compare.If unequal, abandon the encryption data bag and return to issue failure response;If equal, issue success response is returned, and Encrypted payload CT is forwarded to corresponding subscription end.
Step 3-4:If subscription end is successfully received encrypted payload CT, issue success response is returned;If connect not successfully Encrypted payload CT is received, returns to issue failure response.
4. decryption phase:
Subscription end can not directly decrypt to obtain payload after the encrypted payload CT of proxy server transmission is received, Private key generation request must be initiated to proxy server, then decrypts plaintext load data using obtained private key, specific stream Journey is as shown in Figure 5.
Step 4-1:Subscription end is sent private after the encrypted payload CT of proxy server transmission is received to proxy server Key generation request, adds its attribute set Ai, private key generation request message format be:IDsi||Nsi||Ai.In formula, NsiTo subscribe to Random number caused by end.
In the attribute set A that step 4-1 is referred toiSubscription end i attribute information is represented, can be the feature letter of subscription end Breath, positional information, identity etc., it is global set U={ A1, A2..., AnA subset (specific this hair of attribute information It is bright not provide, self-defined by user).Global set U represents the set of all subscription end attributes.
Subscription end all need not send private key generation request after encrypted payload CT is received each time to proxy server, such as Its attribute set of fruit AiDo not change, then operation is decrypted in the private key for asking to obtain using first time private key;If it belongs to Property set AiChange, then after receiving encrypted payload CT, send private key generation request to proxy server again.
Step 4-2:The random number N received twice before and after proxy server contrastsi, judge whether the message is that playback disappears Breath.If being judged as resetting message, private key request failure response is returned;Otherwise, proxy server performs operates in next step.
Step 4-3:Proxy server utilizes attribute set Ai, system common parameter PK and master key MSK use CP- Private key SK corresponding to ABE private keys generating algorithm generation attributeABE=Keygen (PK, Ai, MSK), and by the private key SK of generationABEHair Corresponding subscription end is given, and returns to private key request success response.
Step 4-4:Subscription end is receiving the private key SK of proxy server transmissionABEAfterwards, using system common parameter PK, Private key SKABEAnd encrypted payload CT using CP-ABE decipherment algorithms decrypt to obtain plaintext load data=Decrypt (PK, SKABE,CT)。
, can successful decryption if the attribute set of subscription end meets the access strategy that publishing side is formulated in step 4-4. Attribute set meets that an access tree construction can be defined as:If T is the access tree using r as root node, TxIt is using x as root node T subtree.If Tx(S)=1, then declared attribute set S meets access structure Tx.If node x is leaf node, when and Only when the attribute att (x) of leaf node x associations is attribute set S element, Tx(S)=1.If node x is non-leaf nodes When, at least KxIndividual child node z meets Tz(S) when=1, Tx(S)=1.
Finally illustrate, preferred embodiment above is merely illustrative of the technical solution of the present invention and unrestricted, although logical Cross above preferred embodiment the present invention is described in detail, it is to be understood by those skilled in the art that can be Various changes are made to it in form and in details, without departing from claims of the present invention limited range.

Claims (7)

  1. A kind of 1. encryption method suitable for MQTT-SN agreements, it is characterised in that:This method comprises the following steps:
    S1:Initial phase:Initial phase is publishing side and subscription end registration, and simultaneously sending system is public for proxy server generation The process of parameter;Publishing side, subscription end and the pre-configured initial key K of proxy server, publish/subscribe end is entered to proxy server Row registration, the legitimacy of proxy server checking publish/subscribe end identity, proxy server generate system according to CP-ABE algorithms Open parameter PK and master key MSK, and open parameter PK is sent to registered publish/subscribe end;
    S2:Encrypting stage:Encrypting stage is the process that publishing side payload to be issued is encrypted pretreatment;Publishing side Access structure is formulated firstThen common parameter PK, the access structure generated according to proxy serverAnd corresponding to theme Payload data, encrypted payload CT is generated using CP-ABE AESs;
    S3:Launch phase:Launch phase is that encrypted payload CT is sent to proxy server by publishing side, and proxy server is receiving The process of corresponding subscriber is transmitted to after to encrypted payload CT;Encrypted payload CT is sent to proxy server by publishing side;Agency Server verifies the legitimacy of the encrypted payload after the encrypted payload CT of publishing side transmission is received, that is, judges that the encryption carries Whether lotus is to reset message, if by distorting;Finally, after confirming that encrypted payload CT is legal, forward it to and order accordingly Read end;
    S4:Decryption phase:Decryption phase is subscription end after the encrypted payload CT of proxy server transmission is received, and is taken to agency The private key being engaged in needed for device application decryption, then encrypted payload CT is decrypted the process of extraction civilization;Subscription end is receiving After encrypted payload CT, initiate private key generation request to proxy server and attribute set A is providedi, proxy server is according to system Common parameter PK, attribute set AiAnd then master key MSK will be generated using CP-ABE private keys generating algorithm generation private key SK Private key SK be sent to corresponding subscription end;Subscription end is adopted according to the common parameter PK, private key SK and encrypted payload CT of system Plaintext load data is obtained with CP-ABE decipherment algorithms;If attribute set AiMeet the access structure of ciphertextThen can successfully it solve Ciphertext, obtain clear data.
  2. A kind of 2. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The encryption Method uses " 0X1E " to use CP-ABE algorithm for encryption as new type of message " SPUBLISH ", the payload of issue.
  3. A kind of 3. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The agency Server completes the authentication at publish/subscribe end, completes the registration of publish/subscribe end, and generate system common parameter;
    The publishing side completes the encryption to plaintext load using CP-ABE algorithms, then encrypted payload is sent into the agency and taken Be engaged in device, then proxy server relay to one or more subscription ends;
    The subscription end is completed the decryption to encrypted payload using private key, obtained in plain text to proxy server application private key.
  4. A kind of 4. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The step S1 is specially:
    S101:Publish/subscribe client sends registration request to the proxy server, there is provided authentication information;
    S102:Proxy server verifies the legitimacy of the publish/subscribe client identity, if authentication success, is returned Succeed in registration response, and carry out next step operation;
    S103:Proxy server performs CP-ABE algorithms generation system common parameter PK and master key MSK, and system is public Parameter PK is sent to the publish/subscribe client.
  5. A kind of 5. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The step S2 is specially:
    S201:Publishing side formulates access strategy
    S202:Publishing side utilizes access strategyLoad information data corresponding to open parameter PK and theme, using CP-ABE AES generation encrypted payload CT.
  6. A kind of 6. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The step S3 is specially:
    S301:Encrypted payload CT and message authentication code MAC are sent to proxy server by publishing side;
    S302:The legitimacy of proxy server checking publishing side issue data, if message is legal, performs and operates in next step; Otherwise, issue flow is terminated;
    S303:If subscription end is successfully received encrypted payload CT, issue success response is returned;If it is unsuccessfully received encryption Load CT, return to issue failure response.
  7. A kind of 7. encryption method suitable for MQTT-SN agreements according to claim 1, it is characterised in that:The step S4 is specially:
    S401:Subscription end is sent after the encrypted payload CT that the proxy server is sent is received to the proxy server Private key generation request;
    S402:Proxy server judges whether the message is to reset message;If being judged as resetting message, return to private key request and lose Lose response;Otherwise, the proxy server performs operates in next step;
    S403:Proxy server utilizes attribute set Ai, system common parameter PK and master key MSK given birth to using CP-ABE private keys Into private key SK corresponding to algorithm generation attributeABE, and by the private key SK of generationABEThe subscription end is sent to, and returns to private key and asks Ask success response;
    S404:Subscription end is receiving the private key SK of proxy server transmissionABEAfterwards, system common parameter PK, private key SK are utilizedABE And encrypted payload CT decrypts to obtain plaintext load data using CP-ABE decipherment algorithms.
CN201711064653.6A 2017-11-02 2017-11-02 A kind of encryption method suitable for MQTT SN agreements Pending CN107708112A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711064653.6A CN107708112A (en) 2017-11-02 2017-11-02 A kind of encryption method suitable for MQTT SN agreements

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711064653.6A CN107708112A (en) 2017-11-02 2017-11-02 A kind of encryption method suitable for MQTT SN agreements

Publications (1)

Publication Number Publication Date
CN107708112A true CN107708112A (en) 2018-02-16

Family

ID=61177655

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711064653.6A Pending CN107708112A (en) 2017-11-02 2017-11-02 A kind of encryption method suitable for MQTT SN agreements

Country Status (1)

Country Link
CN (1) CN107708112A (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040098A (en) * 2018-08-23 2018-12-18 四川长虹电器股份有限公司 A method of MQTT protocol authentication is realized based on JWT
CN109088723A (en) * 2018-10-26 2018-12-25 四川长虹电器股份有限公司 A kind of long-range control method based on MQTT agreement
CN109639642A (en) * 2018-11-12 2019-04-16 平安科技(深圳)有限公司 Safety certifying method, device and storage medium based on MQTT
CN109962968A (en) * 2018-11-21 2019-07-02 东莞市云创网络科技有限公司 With city information publication and distribution system
CN110138860A (en) * 2019-05-16 2019-08-16 广州云智易物联网有限公司 A kind of data communication method and device based on Internet of Things
CN110602690A (en) * 2019-08-23 2019-12-20 华为技术有限公司 Encryption method and device applied to ZigBee system
CN110675684A (en) * 2019-09-27 2020-01-10 陕西天竞智能操作工程有限责任公司 Intelligent drilling system and equipment
CN110740150A (en) * 2018-07-20 2020-01-31 阿里巴巴集团控股有限公司 Message interaction method and device
WO2020063048A1 (en) * 2018-09-29 2020-04-02 深圳前海达闼云端智能科技有限公司 Pon network and communication method therefor, olt, mqtt-sn gateway, onu, and mqtt server
CN111131426A (en) * 2019-12-19 2020-05-08 浙江百应科技有限公司 MQTT data interaction based method, terminal and server
CN113098969A (en) * 2021-04-09 2021-07-09 薪得付信息技术(上海)有限公司 Data distribution method, device and system and electronic equipment
CN113271283A (en) * 2020-02-14 2021-08-17 宁波吉利汽车研究开发有限公司 Message access method and system
CN113726896A (en) * 2021-09-01 2021-11-30 看屋(上海)信息科技有限公司 Task distribution system based on commercial intelligent real estate industry
CN114500070A (en) * 2022-02-10 2022-05-13 上海蓝长自动化科技有限公司 MQTT protocol secure communication method based on secret sharing algorithm
CN115086380A (en) * 2022-07-25 2022-09-20 苏州思萃工业互联网技术研究所有限公司 Data transmission system and method based on energy management platform
CN115776390A (en) * 2022-11-04 2023-03-10 哈尔滨工程大学 MQTT protocol identity authentication and data encryption method based on state password
US11658949B2 (en) 2019-10-07 2023-05-23 British Telecommunications Public Limited Company Secure publish-subscribe communication methods and apparatus

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104378386A (en) * 2014-12-09 2015-02-25 浪潮电子信息产业股份有限公司 Method for cloud data confidentiality protection and access control
US20160014095A1 (en) * 2014-07-14 2016-01-14 William Timothy Strayer Policy-based access control in content networks
CN107294718A (en) * 2017-08-09 2017-10-24 长安大学 Voidable key strategy is based on encryption attribute method in a kind of master pattern

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160014095A1 (en) * 2014-07-14 2016-01-14 William Timothy Strayer Policy-based access control in content networks
CN104378386A (en) * 2014-12-09 2015-02-25 浪潮电子信息产业股份有限公司 Method for cloud data confidentiality protection and access control
CN107294718A (en) * 2017-08-09 2017-10-24 长安大学 Voidable key strategy is based on encryption attribute method in a kind of master pattern

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MEENA SINGH: "《Secure MQTT for Internet of Things (IoT)》", 《2015 FIFTH INTERNATIONAL CONFERENCE ON COMMUNICATION SYSTEMS AND NETWORK TECHNOLOGIES》 *

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740150A (en) * 2018-07-20 2020-01-31 阿里巴巴集团控股有限公司 Message interaction method and device
CN109040098A (en) * 2018-08-23 2018-12-18 四川长虹电器股份有限公司 A method of MQTT protocol authentication is realized based on JWT
WO2020063048A1 (en) * 2018-09-29 2020-04-02 深圳前海达闼云端智能科技有限公司 Pon network and communication method therefor, olt, mqtt-sn gateway, onu, and mqtt server
CN109088723A (en) * 2018-10-26 2018-12-25 四川长虹电器股份有限公司 A kind of long-range control method based on MQTT agreement
CN109088723B (en) * 2018-10-26 2021-08-06 四川长虹电器股份有限公司 Remote control method based on MQTT protocol
CN109639642A (en) * 2018-11-12 2019-04-16 平安科技(深圳)有限公司 Safety certifying method, device and storage medium based on MQTT
CN109639642B (en) * 2018-11-12 2022-04-12 平安科技(深圳)有限公司 MQTT-based security authentication method, device and storage medium
CN109962968A (en) * 2018-11-21 2019-07-02 东莞市云创网络科技有限公司 With city information publication and distribution system
CN110138860A (en) * 2019-05-16 2019-08-16 广州云智易物联网有限公司 A kind of data communication method and device based on Internet of Things
CN110138860B (en) * 2019-05-16 2022-02-22 广州云智易物联网有限公司 Data communication method and device based on Internet of things
CN110602690A (en) * 2019-08-23 2019-12-20 华为技术有限公司 Encryption method and device applied to ZigBee system
CN110602690B (en) * 2019-08-23 2022-01-14 华为技术有限公司 Encryption method and device applied to ZigBee system
CN110675684A (en) * 2019-09-27 2020-01-10 陕西天竞智能操作工程有限责任公司 Intelligent drilling system and equipment
US11658949B2 (en) 2019-10-07 2023-05-23 British Telecommunications Public Limited Company Secure publish-subscribe communication methods and apparatus
CN111131426B (en) * 2019-12-19 2022-05-10 浙江百应科技有限公司 MQTT data interaction based method, terminal and server
CN111131426A (en) * 2019-12-19 2020-05-08 浙江百应科技有限公司 MQTT data interaction based method, terminal and server
CN113271283A (en) * 2020-02-14 2021-08-17 宁波吉利汽车研究开发有限公司 Message access method and system
CN113271283B (en) * 2020-02-14 2022-11-04 宁波吉利汽车研究开发有限公司 Message access method and system
CN113098969B (en) * 2021-04-09 2022-12-20 薪得付信息技术(上海)有限公司 Data distribution method, device and system and electronic equipment
CN113098969A (en) * 2021-04-09 2021-07-09 薪得付信息技术(上海)有限公司 Data distribution method, device and system and electronic equipment
CN113726896A (en) * 2021-09-01 2021-11-30 看屋(上海)信息科技有限公司 Task distribution system based on commercial intelligent real estate industry
CN113726896B (en) * 2021-09-01 2022-09-27 看屋(上海)信息科技有限公司 Task distribution system based on commercial intelligent real estate industry
CN114500070A (en) * 2022-02-10 2022-05-13 上海蓝长自动化科技有限公司 MQTT protocol secure communication method based on secret sharing algorithm
CN115086380A (en) * 2022-07-25 2022-09-20 苏州思萃工业互联网技术研究所有限公司 Data transmission system and method based on energy management platform
CN115776390A (en) * 2022-11-04 2023-03-10 哈尔滨工程大学 MQTT protocol identity authentication and data encryption method based on state password
CN115776390B (en) * 2022-11-04 2024-04-09 哈尔滨工程大学 MQTT protocol identity authentication and data encryption method based on national secret

Similar Documents

Publication Publication Date Title
CN107708112A (en) A kind of encryption method suitable for MQTT SN agreements
US11978044B2 (en) Client authentication using split key signing on a blockchain platform
US11677729B2 (en) Secure multi-party protocol
US11271730B2 (en) Systems and methods for deployment, management and use of dynamic cipher key systems
US8059818B2 (en) Accessing protected data on network storage from multiple devices
CN106104562B (en) System and method for securely storing and recovering confidential data
CN108599925B (en) Improved AKA identity authentication system and method based on quantum communication network
AU2003202511B2 (en) Methods for authenticating potential members invited to join a group
US20170033925A1 (en) Methods and apparatus for implementing a communications system secured using one-time pads
US20030084292A1 (en) Using atomic messaging to increase the security of transferring data across a network
US20020087862A1 (en) Trusted intermediary
TW201215070A (en) Key Management Systems and methods for shared secret ciphers
CN114503507A (en) Secure publish-subscribe communications method and apparatus
Shen et al. Toward data privacy preservation with ciphertext update and key rotation for IoT
CN114143117B (en) Data processing method and device
CN106790037A (en) The instant communication method and system of a kind of User space encryption
TW201537937A (en) Unified identity authentication platform and authentication method thereof
Rizzardi et al. Analysis on functionalities and security features of Internet of Things related protocols
CN111756528A (en) Quantum session key distribution method and device and communication architecture
Kumar et al. Blockchain-enabled secure communication for unmanned aerial vehicle (UAV) networks
KR20130039745A (en) System and method for authentication interworking
CN107959725A (en) The Publish-subscribe class service agreement of consideration privacy of user based on elliptic curve
Lu et al. Asymmetric Cryptography Among Different 5G Core Networks
US20220200792A1 (en) Selective data disclosure via a block chain
CN113918971A (en) Block chain based message transmission method, device, equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180216