CN108429737A - A kind of data transmission method based on NB-IOT networks - Google Patents

A kind of data transmission method based on NB-IOT networks Download PDF

Info

Publication number
CN108429737A
CN108429737A CN201810140162.3A CN201810140162A CN108429737A CN 108429737 A CN108429737 A CN 108429737A CN 201810140162 A CN201810140162 A CN 201810140162A CN 108429737 A CN108429737 A CN 108429737A
Authority
CN
China
Prior art keywords
data
iot
algorithms
key
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810140162.3A
Other languages
Chinese (zh)
Inventor
陈柱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong One Home Internet Technology Co Ltd
Original Assignee
Guangdong One Home Internet Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong One Home Internet Technology Co Ltd filed Critical Guangdong One Home Internet Technology Co Ltd
Priority to CN201810140162.3A priority Critical patent/CN108429737A/en
Publication of CN108429737A publication Critical patent/CN108429737A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Electromagnetism (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of data transmission methods based on NB IOT networks, include at least following steps:To obtain the first data, first data include at least finger print data, resident's China second-generation identity card data, numerical ciphers and/or MF card data for acquisition;First data switch to the second data through hexadecimal code;By the second data described in hardware encryption mechanism and software cryptography encryption mechanism to obtain encrypted data packet and generate matched key;By data packet described in NB IOT network shares to connect NB IOT networks at least one destination node, the destination node include at least the NB IOT network platforms, preset NB IOT modules door lock and with the matched control device of the door lock;Key described in the destination node acquisition request is to use the secret key decryption data packet.

Description

A kind of data transmission method based on NB-IOT networks
Technical field
The present invention relates to technical field of data transmission more particularly to a kind of data transmission methods based on NB-IOT networks.
Background technology
In recent years, with the development of wireless terminal, more and more data will be sent by network.For example, data pass through One end is transferred to the process of the other end and storage, storage may equipment by radio communication communication module storage.But it uses User data is typically secret, and may include highly sensitive information, various numbers and/or card number etc..When from transmission When data are to equipment, for security reasons, the data to be transmitted must be encrypted (enciphering) before sending, and encryption can make It is more difficult to the eavesdropping of signaling and user data.Transmitting terminal Encryption Algorithm to the data encryption to be transmitted and encryption data from Transmitting terminal is transferred to receiving terminal, in receiving terminal with identical Encryption Algorithm to the data deciphering of transmission.Both ends are added using identical Close algorithm, however, protection in the prior art is usually very weak and is easy to be cracked.Occur many data in the prior art Transmission method, but without based on this methods by protenchyma networking mode transmission data of NB-IOT.
Invention content
The present invention is directed to the shortcomings that existing way, a kind of data transmission method based on NB-IOT networks is proposed, to solve The above problem certainly of the existing technology.
According to an aspect of the invention, there is provided a kind of data transmission method based on NB-IOT networks, includes at least Following steps:
To obtain the first data, first data include at least finger print data, resident's China second-generation identity card data, number for acquisition Word password and/or MF card data;First data switch to the second data through hexadecimal code;By hardware encryption mechanism and Software cryptography mechanism is encrypted second data to obtain encrypted data packet and generate matched key;
Pass through data packet described in NB-IOT network shares at least one destination node for connecting NB-IOT networks, the mesh Mark node includes at least the NB-IOT network platforms, presets the door lock of NB-IOT modules and filled with the matched control of the door lock It sets, the control device is associated at least one door lock for presetting NB-IOT modules in advance;
The destination node acquisition request simultaneously obtains the key to decrypt second data.
Further, described that first data are switched into the second data through hexadecimal code, refer to:
When first data are finger print data, using 498 hexadecimal coding rules by the finger print data Switch to the second data of hexadecimal code;
When first data be finger print data other than data when, using 12 hexadecimal coding rules respectively will Data other than the finger print data switch to the second data of hexadecimal code;
Accordingly each finger print data includes the data packets of two 249 hexadecimal codes, and phase to second data Each identity card data, numerical ciphers and MF cards data are answered respectively to include the data packet of two 8 hexadecimal codes, and Each data packet in second data carries different numbers.
Further, described be encrypted by hardware encryption mechanism and the second data of software cryptography mechanism pair is added with obtaining Close data packet simultaneously generates matched key, refers to, by hardware encryption mechanism and software cryptography mechanism to second data It is encrypted twice to obtain encrypted data packet and generate matched key;
The hardware encryption mechanism is elliptic curve cipher encryption mechanism, and the software cryptography mechanism is to be asked completely based on NP Topic rear quantum-key distribution algorithm, the encryption key distribution algorithm based on quantum communications, RC4 algorithms, tls protocol, DTLS agreements, First combinational algorithm or the second combinational algorithm;
First combinational algorithm includes the combination of AES-192 algorithms, 3DES algorithms and SHA-3 algorithms, the AES-192 The combination of algorithm, 3DES algorithms and SHA-3 algorithms refers to, in encryption data, AES-192 algorithms, 3DES algorithms and SHA-3 are calculated Method carries out Tertiary infilling to obtain encrypted data packet to data;
Second combinational algorithm includes the combination of AES-256 algorithms and SM4 algorithms, the AES-256 algorithms and SM4 The combination of algorithm refers to, in encryption data, AES-256 algorithms and SM4 algorithms are encrypted data twice to obtain encryption Data packet.
Further, the identity card data refer to the physics card number and/or TYPE Type B card objects of resident's China second-generation identity card Manage sequence number.
Further, after key described in destination node acquisition request is to use the secret key decryption data packet, the NB- The IOT network platforms and/or control device send instructions to door lock by NB-IOT networks, the NB-IOT network moulds in the door lock The instruction that group receives the NB-IOT network platforms by NB-IOT networks and/or control device is sent.
Further, the NB-IOT network platforms, which are recorded and stored, receives the NB-IOT network platforms and/or control The record for the instruction that device is sent.
Further, the NB-IOT network modules by NB-IOT networks receive the NB-IOT network platforms and/or The instruction that control device is sent refers to that the NB-IOT network modules receive the NB-IOT networks by NB-IOT networks and put down Whether platform and/or control device transmission allow resident's China second-generation identity card, fingerprint, MF cards and/or numerical ciphers switch to preset NB- The instruction of the door lock of IOT modules.
Further, the instruction of the door lock for whether allowing resident's China second-generation identity card switch to preset NB-IOT modules, Refer to, if allow the physics card number of resident's China second-generation identity card and/or TYPE Type B card physical serial numbers to switch and preset NB- The instruction of the door lock of IOT modules.
Further, the NB-IOT network platforms record and store the door lock and obtain the record of data packet and use institute State the record of secret key decryption data packet.
Further, the NB-IOT modules refer to SN-12NB-IOT communication modules.
Compared with prior art, the beneficial effects of the invention are as follows:
1, by selecting hardware encryption mechanism and software cryptography encryption mechanism data, because software cryptography mechanism diversity and It includes the characteristic of Encryption Algorithm can ensure the safeties of data;Number is transmitted by NB-IOT protenchyma networking modes again According to and decrypt method, can ensure that encryption data is remotely sent to safely destination node to a certain extent;
2, the NB-IOT network modules of door lock connect related platform and/or control by the narrowbands NB-IOT Internet of Things respectively Device interaction data, so that the transmission of data is safer, more convenient;
3, the reception record storage of data and instruction, convenient for tracking and maintenance in the future.
The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description Obviously, or practice through the invention is recognized.
Description of the drawings
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments Obviously and it is readily appreciated that, wherein:
Fig. 1 is a kind of data transmission method flow chart based on NB-IOT networks in the embodiment of the present invention;
Fig. 2 is the rear quantum-key distribution algorithm flow chart based on np complete problem of the embodiment of the present invention;
Fig. 3 is the Hash tree schematic diagram in the embodiment of the present invention;
Fig. 4 is the Hash tree limb schematic diagram in the embodiment of the present invention;
Fig. 5 is the structure chart of mobile phone when device is mobile phone in the embodiment of the present invention.
Specific implementation mode
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described.
In some flows of description in description and claims of this specification and above-mentioned attached drawing, contain according to Multiple operations that particular order occurs, but it should be clearly understood that these operations can not be what appears in this article suitable according to its Sequence is executed or is executed parallel, and the serial number such as 101,102 etc. of operation is only used for distinguishing each different operation, serial number It itself does not represent and any executes sequence.In addition, these flows may include more or fewer operations, and these operations can To execute or execute parallel in order.It should be noted that the descriptions such as " first " herein, " second ", are for distinguishing not Same message, equipment, module etc., does not represent sequencing, does not also limit " first " and " second " and be different type.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiment is only a part of example of the present invention, is implemented instead of all the embodiments.It is based on Embodiment in the present invention, the every other implementation that those skilled in the art are obtained without creative efforts Example, shall fall within the protection scope of the present invention.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology Term and scientific terminology), there is meaning identical with the general understanding of the those of ordinary skill in fields of the present invention.Also answer It should be appreciated that those terms such as defined in the general dictionary, it should be understood that have in the context of the prior art The consistent meaning of meaning otherwise will not containing with idealization or too formal and unless by specific definitions as here Justice is explained.
Embodiment
As shown in Figure 1, providing a kind of data transmission method based on NB-IOT networks of the embodiment of the present invention, this method Including step S101-S103:
To obtain the first data, the first data include at least finger print data, resident's China second-generation identity card data, number for S101 acquisitions Word password and/or MF card data;First data switch to the second data through hexadecimal code;Pass through hardware encryption mechanism and software The second data of encryption mechanism pair are encrypted to obtain encrypted data packet and generate matched key;
First data are switched into the second data through hexadecimal code, refer to, when the first data are finger print data, are used Finger print data is switched to the second data of hexadecimal code by 498 hexadecimal coding rules;When the first data are fingerprint When data other than data, using 12 hexadecimal coding rules respectively by the data other than finger print data switch to 16 into Make the second data of coding.
Accordingly each finger print data includes the data packets of two 249 hexadecimal codes to second data, and corresponding every One identity card data, numerical ciphers and MF cards data respectively include the data packet of two 8 hexadecimal codes, and the second number Each data packet in carries different numbers.
Specifically, the first data to be switched to the second data of hexadecimal code, refer to, when the first data are finger print data When, finger print data is switched to the second data of hexadecimal code using 498 hexadecimal coding rules;
Second data include the data packet of two 249 hexadecimal codes, and two data bands have different numbers.
Further, the second data that the first data are switched to hexadecimal code refer to, when the first data are identity card When data, numerical ciphers and/or MF card data, using 12 hexadecimal coding rules respectively by identity card data, number Password and/or MF card data switch to the second data of hexadecimal code;
Wherein, accordingly each identity card data, numerical ciphers and MF cards data include respectively two 8 ten to the second data The data packet of senary coding, it is described in detail below:
When the first data are identity card data, the second data include the data packet of two 8 hexadecimal codes, two Data packet carries different numbers;
And/or when the first data are numerical ciphers, the second data include the data packet of two 8 hexadecimal codes, two A data band has different numbers;
And/or when the first data are MF card data, the second data include the data packet of two 8 hexadecimal codes, Two data bands have different numbers;
The number of each data packet is different.
It is encrypted by hardware encryption mechanism and the second data of software cryptography mechanism pair to obtain encrypted data packet simultaneously Matched key is generated, refers to, is encrypted twice by hardware encryption mechanism and the second data of software cryptography mechanism pair to obtain It takes encrypted data packet and generates matched key;
Hardware encryption mechanism is elliptic curve cipher encryption mechanism, and software cryptography mechanism is the rear amount based on np complete problem Sub-key allocation algorithm, the encryption key distribution algorithm based on quantum communications, RC4 algorithms, tls protocol, DTLS agreements, the first combination Algorithm or the second combinational algorithm;
First combinational algorithm includes the combination of AES-192 algorithms, 3DES algorithms and SHA-3 algorithms, AES-192 algorithms, The combination of 3DES algorithms and SHA-3 algorithms refers to, in encryption data, AES-192 algorithms, 3DES algorithms and SHA-3 algorithms pair Data carry out Tertiary infilling to obtain encrypted data packet;
AES-192 algorithms, 3DES algorithms and SHA-3 algorithms carry out Tertiary infilling to obtain encrypted data packet to data Mode is:1, AES-192 algorithms, 3DES algorithms and SHA-3 algorithms carry out Tertiary infilling to obtain encrypted number to data successively According to packet;2, AES-192 algorithms, SHA-3 algorithms and 3DES algorithms carry out Tertiary infilling to obtain encrypted data to data successively Packet;3,3DES algorithms, AES-192 algorithms and SHA-3 algorithms carry out Tertiary infilling to obtain encrypted data to data successively Packet;4,3DES algorithms, SHA-3 algorithms and AES-192 algorithms carry out Tertiary infilling to obtain encrypted data packet to data successively; 5, SHA-3 algorithms, AES-192 algorithms and 3DES algorithms carry out Tertiary infilling to obtain encrypted data packet to data successively;6、 SHA-3 algorithms, 3DES algorithms and AES-192 algorithms carry out Tertiary infilling to obtain encrypted data packet to data successively.
Second combinational algorithm includes the combination of AES-256 algorithms and SM4 algorithms, the combination of AES-256 algorithms and SM4 algorithms Refer to that AES-256 algorithms and SM4 algorithms are encrypted data twice to obtain encrypted data packet.
AES-256 algorithms encrypt data with SM4 algorithms twice:1、 AES-256 algorithms successively encrypt in a manner of obtaining encrypted data packet data with SM4 algorithms twice;2, SM4 algorithms Data are encrypted twice in a manner of obtaining encrypted data packet successively with AES-256 algorithms.
Rear quantum-key distribution algorithm based on np complete problem needs based on quantum communications, and electrooptic modulator is profit The modulator made of certain electro-optic crystal electrooptic effects.For electrooptic effect i.e. when applying voltages on electro-optic crystal, electric light is brilliant The refractive index of body will change, and as a result cause the variation of the light wave characteristic by the crystal, realize phase to optical signal, width The modulation of degree, intensity and polarization state.
Key generator changes optical signal, optical signal is allowed to carry the upper random number information by generating a series of random numbers. Key random rearrangement sequence:Use random rearrangement sequence algorithm.Algorithm uses time-based method for reordering, is connect by transmission and estimation Time receiving carves, and defines table according to the rearranged form of moment Hash, and a list item is 1280 numbers, and tool is determined by the number Weight discharge method.Rearranged form defines the digital table that table is exactly the fixed length of anticipation definition, which can use and replace hardware chip Method modification.According to certain a line for being hashing onto the table constantly.The number of each row is different.When by sending and estimate reception It carves, and according to moment Hash, is tabled look-up with the cryptographic Hash, as soon as list item is 1280 numbers, this number determines tool The rearrangement method of body.Rearranged form defines the digital table that table is exactly the fixed length of anticipation definition, which can use and replace hardware core The method of piece is changed.According to certain a line for being hashing onto the table constantly.The number of each row is different.When by sending and estimate reception It carves, and according to moment Hash, is tabled look-up with the cryptographic Hash, as soon as list item is 1280 numbers, this number determines tool The rearrangement method of body.
Key is transferred to receiving terminal by quantum communication port from transmitting terminal, if intermediate measured by person of peeping, quantum State can change, and cannot restore key in receiving terminal.And the information that person of peeping obtains due to be by random rearrangement sequence, So person of peeping can not obtain prime information.Even if person of peeping has peeped repeatedly, rule can not be found, so cannot crack. Further, since receiving terminal finds leakage of information, it will send out alarm signal, ensure system safety.
Receiving terminal also preserves a same rearranged form and defines table, is placed in order and key recovery device, works as receiving terminal It after receiving optical signal, is first tabled look-up with the cryptographic Hash transmitted in optical signal, defining table according still further to the mode of retaking docks collection of letters weight Sequence.And the key of recovery sequence and the key of oneself are put together verification, if the verification passes, then it represents that signal is not broken It is bad.It can start to measure optical signal, obtain information.
It is basic design of cryptosystems with the corresponding quantum calculation np problem of np problem.The method that we use is based on Kazakhstan Uncommon algorithm signature.Specific method is:Merkle signature schemes implement.Merkle signature schemes are proved by academia, The algorithm that quantum computer cracks can be resisted.The algorithm is mainly divided into three steps:
1. generating key:The method for generating key is to use Hash tree as shown in Figure 3.Hash tree is by calculating public key The cryptographic Hash H (Yi) of Yi is then further continued for calculating the cryptographic Hash of H (Yi) upwards, until only remaining next node, as shown in Figure 4. Hash tree nodal values are to can serve as key.
2. generating signature:Signer selects a key pair (Xi, Yi), and information M is signed with One-time signature, then The additional information of increase to M, it was demonstrated that M is strictly the data crossed by the key signature.Auth [0], auth as shown below [1]。
3. signature verification:After recipient receives M information, verify whether M is signed by disposable proof scheme with public key Yi It crosses.If the verification passes, then recipient calculates A0=H (Yi), A1=H (A0 | auth0), A2=H (A1 | auth1) ... An, such as All Ai of fruit meet with public key, then signature is effective.
Elliptic curve cipher encryption mechanism specifically refer to elliptic curve encryption algorithm (Elliptic Curve Cryptography, ECC it is) a kind of public encryption system, was initially proposed in 1985 by Koblitz and two people of Miller, Fundamentals of Mathematics is to utilize Rational point on elliptic curve constitutes the dyscalculia of Elliptic discrete logarithm in Abel modules.
RC4 algorithms refer to symmetric cryptography (being also private key encryption) algorithm, mean that encryption and decryption use same key Encryption Algorithm.Sometimes it is called conventional cipher algorithm, being exactly encryption key can calculate from decruption key, while decrypt close Key can also be calculated from encryption key.And in most of symmetry algorithm, encryption key and decruption key are identical , so also referred to as this Encryption Algorithm is secret-key algorithm or single key algorithm.Its main feature is that algorithm is simple, the speed of service Soon, and key length is variable, and variable range is 1-256 bytes (8-2048 bits), in the premise of nowadays technical support Under, when key length is 128 bit, method search key is less feasible by force, it is possible to predict the key model of RC4 Enclose the attack appointed and can so resist force search key in considerable time from now on.
Safe transmission layer protocol (TLS) is used to provide confidentiality and data integrity between two communication application programs. TLS record protocols are a kind of layered protocols.Information in each layer may include the fields such as length, description and content.Record association View support information transmission, by data sectional to can process block, compressed data, using MAC, encryption and transmit result etc..Docking The data received are decrypted, verify, decompress, recombinate, and then transfer them to higher level client.
There are two fundamental characteristics for the connection safety tool that TLS record protocols provide:
Privately owned-- symmetric cryptography is to data encryption (DES, RC4 etc.).Key pair caused by symmetric cryptography each connects It is all unique to connect, and this key is negotiated based on another agreement (such as Handshake Protocol).Record protocol, which can not also be encrypted, to be made With.
Reliably-- information transmission includes carrying out information integrity inspection using the MAC of key.Secure Hash function (SHA, MD5 etc.) it is calculated for MAC.Record protocol can also operate in the case of no MAC, but generally be only used for this pattern, There is another agreement that record protocol transmission is used and negotiates security parameter.
DTLS (Datagram Transport Layer Security) i.e. data packet transport layer security protocols.The most Apparent selection is one general channel safety agreement of design, it can use datagram transmission, just as the TLS on TCP.This One agreement of sample can be realized in the user space, be easily installed in this way, but enough flexibly and general, can it is many towards The application program of datagram provides safety.
AES encryption algorithm be in cryptography Advanced Encryption Standard (Advanced Encryption Standard, AES), also known as Rijndael enciphered methods are a kind of block encryption standards that U.S. Federal Government uses.This standard is used for substituting Original DES is analyzed and widely the whole world is used in many ways.The basic demand of AES is, using symmetric block ciphers body The minimum support of system, key length is 128,192,256, and block length 128, it is real that algorithm should be easy to various hardware and softwares It is existing, and there is very high safety, be highly resistant to from preceding known attack, such as linear attack, interpolation attack, differential attack and Related-key attack etc..
3DES (or being Triple DES) is triple data encryption algorithm (TDEA, Triple Data Encryption Algorithm) the common name of block encryption.It is the equal of to each data block using des encryption algorithm three times.Due to computer The key length of the enhancing of operational capability, master DES passwords becomes easy by Brute Force;3DES is to be designed to provide for one Kind relatively simple method avoids similar attack by increasing the key length of DES, rather than design a kind of completely new Block cipher algorithm.
3DES can both use three keys, can also use two keys.There are three notable advantages for it:First it Key length is 168, is fully able to resist exhaustive attack;Followed by quite safe, which encrypts than any other Algorithm will be grown by the time analyzed;Third, the bottom Encryption Algorithm due to 3DES is identical as DES, so many existing DES software and hardwares product can conveniently realize 3DES, therefore easy to use.
SHA3 brief introductions:Due in recent years to the common Hash functions of tradition such as MD4, MD5, SHA0, SHA1, RIPENMD etc. Successful attack, American National Standard technical research institute (NIST) have held 2 password Hash, in 2005 in 2006 and have ground respectively Beg for meeting;It was announced simultaneously in 2007 and collects new next-generation password hash algorithm, candidate hash function in the world It must realize well.Even if it should consume minimum resource and hash a large amount of Message-text.Many candidate algorithms are actually nothing Method reaches this requirement.Candidate algorithm must guard safety.It should resist known attack, while keep a big safety Coefficient.Keccak is a good selection of SHA-3 standards.It is rapid, and bit distribution is uniform, and anti-collision is good.
DTLS agreements are designed to ensure the safety of application communication data.Reliable session establishment DTLS must provide one A mechanism comes certification opposite end, carries out reliable key foundation, negotiating algorithm closes parameter and transmits.Since it is unreliable that DTLS is operated in completely Datagram communication on, it is necessary to realize retransmission mechanism to ensure the reliable delivery of handshaking information
SM4 cryptographic algorithms are a grouping algorithms, and algorithm design letter is bought, and structure has feature, safe and efficient.SM4 algorithms Algorithm structure:Data packet length is 128 bits, and key length is 128 bits.Encryption Algorithm is equal with key schedule Take 32 wheel iteration structures.SM4 cryptographic algorithms carry out data processing using byte (8) and byte (32) as unit.SM4 is close Code algorithm is pairing operation, therefore decipherment algorithm is identical as the structure of Encryption Algorithm, and only the use sequence of round key is on the contrary, solution Close round key is the backward of encryption round key.The safety of SM4:SM4 cryptographic algorithms are abundant by China's profession Cipher mechanism Analysis test can resist the existing attacks such as differential attack, linear attack, therefore be safe.
Identity card data refer to the physics card number and/or TYPE Type B card physical serial numbers of resident's China second-generation identity card.
By NB-IOT network shares data packet to the destination node for connecting NB-IOT networks, destination node at least wraps S102 Include the NB-IOT network platforms, preset NB-IOT modules door lock and with the matched control device of door lock, the control device is advance It is associated at least one door lock for presetting NB-IOT modules;NB-IOT modules refer to SN-12 NB-IOT communication modules.
After destination node acquisition request key is to use secret key decryption data packet, the NB-IOT network platforms and/or Control device sends instructions to the door lock for presetting NB-IOT modules by NB-IOT networks, presets the door lock of NB-IOT modules In NB-IOT network modules pass through NB-IOT networks and receive the instruction that the NB-IOT network platforms and/or control device are sent.
Mobile phone, tablet computer, PDA (Personal Digital are may be mounted at the matched control device of door lock Assistant, personal digital assistant), POS (Point of Sales, point-of-sale terminal), the arbitrary terminal device such as vehicle-mounted computer, By taking terminal is mobile phone as an example:
Fig. 5 shows the block diagram with the part-structure of the relevant mobile phone of terminal provided in an embodiment of the present invention.Reference chart 5, mobile phone includes:Radio frequency (Radio Frequency, RF) circuit 1510, memory 1520, input unit 1530, display unit 1540, sensor 1550, voicefrequency circuit 1560, Wireless Fidelity (wireless fidelity, WiFi) module 1570, processor The components such as 1580 and battery 1590.It will be understood by those skilled in the art that handset structure shown in Fig. 5 is not constituted pair The restriction of mobile phone may include either combining certain components or different component cloth than illustrating more or fewer components It sets.
The finger that NB-IOT network modules receive the NB-IOT network platforms by NB-IOT networks and/or control device is sent Enable, refer to, NB-IOT network modules by NB-IOT networks receive the NB-IOT network platforms and/or control device send whether Resident's China second-generation identity card, fingerprint, MF cards and/or numerical ciphers are allowed to switch the instruction for the door lock for presetting NB-IOT modules.
Two generation resident's China second-generation identity cards have some personal associated electrical information of storage, these information to be required for passing through spy Fixed soft hardware equipment could be read, these soft hardware equipments generally have in places such as public security bureau, hotel, hotels.And resident China second-generation identity card physics card number is the data that must could be read by these soft hardware equipments, the main work of these data Be distinguish resident's China second-generation identity card it is true and false.Certainly, in order to ensure during key issues not to be illegal interception, it is also necessary to Key encryption technology is used, typical key encryption technology has elliptic curve encryption algorithm (ECC), is a kind of public encryption system, Its Fundamentals of Mathematics is that the dyscalculia of Elliptic discrete logarithm in Abel modules is constituted using the rational point on elliptic curve.It is ellipse Circular curve cipher system is in the public key system being currently known, to a kind of highest system of the provided encryption intensity of every bit.Solution The best algorithm of discrete logarithm problem on elliptic curve is Pollard rho methods, and time complexity is complete exponential order 's.
Allow resident's China second-generation identity card to switch the instruction for the door lock for presetting NB-IOT modules, refer to, allows two generation of resident Physics card number and/or TYPE Type B card the physical serial numbers switch of identity card preset the instruction of the door lock of NB-IOT modules.
The NB-IOT network platforms record and store the note for the instruction for receiving the NB-IOT network platforms and/or control device transmission Record and the record for using the secret key decryption data packet.
S103 destination node acquisition request keys are to use the secret key decryption data packet.
The NB-IOT network platforms record and store door lock and obtain the record of data packet and use the secret key decryption data packet Record.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of module and related work unit, can refer to corresponding processes in the foregoing method embodiment, herein no longer It repeats.
In embodiment provided herein, it should be understood that disclosed method and platform or device or module or Unit may be implemented in other ways.For example, embodiment of the method described above is only schematical, for example, institute The division of module is stated, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple moulds Block or component can be combined or can be integrated into another system, or some features can be ignored or not executed.The conduct The unit that separating component illustrates may or may not be physically separated, the component shown as unit can be or Person may not be physical unit, you can be located at a place, or may be distributed over multiple network units.It can root According to actual needs, some or all of the units may be selected to achieve the purpose of the solution of this embodiment.
The above is only some embodiments of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (10)

1. a kind of data transmission method based on NB-IOT networks, which is characterized in that include at least following steps:
To obtain the first data, it is close that first data include at least finger print data, resident's China second-generation identity card data, number for acquisition Code and/or MF card data;First data switch to the second data through hexadecimal code;Pass through hardware encryption mechanism and software Encryption mechanism is encrypted second data to obtain encrypted data packet and generate matched key;
Pass through data packet described in NB-IOT network shares at least one destination node for connecting NB-IOT networks, the target section Point including at least the NB-IOT network platforms, preset NB-IOT modules door lock and with the matched control device of the door lock, institute It states control device and is associated at least one door lock for presetting NB-IOT modules in advance;
Key described in the destination node acquisition request is to use the secret key decryption data packet.
2. according to the method described in claim 1, it is characterized in that, described switch to second by the first data through hexadecimal code Data refer to:
When first data are finger print data, the finger print data is switched to using 498 hexadecimal coding rules Second data of hexadecimal code;
It, respectively will be described using 12 hexadecimal coding rules when data other than first data are finger print data Data other than finger print data switch to the second data of hexadecimal code;
Accordingly each finger print data includes the data packets of two 249 hexadecimal codes to second data, and corresponding every One identity card data, numerical ciphers and MF cards data respectively include the data packet of two 8 hexadecimal codes, and the second number Each data packet in carries different numbers.
3. according to the method described in claim 1, it is characterized in that, described pass through hardware encryption mechanism and software cryptography mechanism pair Second data are encrypted to obtain encrypted data packet and generate matched key, refer to, by hardware encryption mechanism and soft Part encryption mechanism is encrypted second data twice to obtain encrypted data packet and generate matched key;
The hardware encryption mechanism is elliptic curve cipher encryption mechanism, and the software cryptography mechanism is based on np complete problem Afterwards quantum-key distribution algorithm, the encryption key distribution algorithm based on quantum communications, RC4 algorithms, tls protocol, DTLS agreements, first group Hop algorithm or the second combinational algorithm;
First combinational algorithm includes the combination of AES-192 algorithms, 3DES algorithms and SHA-3 algorithms, and the AES-192 is calculated The combination of method, 3DES algorithms and SHA-3 algorithms refers to, in encryption data, AES-192 algorithms, 3DES algorithms and SHA-3 algorithms Tertiary infilling is carried out to obtain encrypted data packet to data;
Second combinational algorithm includes the combination of AES-256 algorithms and SM4 algorithms, the AES-256 algorithms and SM4 algorithms Combination refers to that AES-256 algorithms and SM4 algorithms are encrypted data twice to obtain encrypted data packet.
4. according to the method described in claim 1, it is characterized in that, the identity card data refer to, resident's China second-generation identity card Physics card number and/or TYPE Type B card physical serial numbers.
5. according to the method described in claim 1, it is characterized in that, further include, key described in destination node acquisition request so that After the secret key decryption data packet, the NB-IOT network platforms and/or control device are referred to by the transmission of NB-IOT networks It enables to the door lock for presetting NB-IOT modules, the NB-IOT network modules in the door lock for presetting NB-IOT modules pass through The instruction that NB-IOT networks receive the NB-IOT network platforms and/or control device is sent.
6. according to the method described in claim 5, it is characterized in that, the NB-IOT network platforms are recorded and are stored described in reception The record for the instruction that the NB-IOT network platforms and/or control device are sent.
7. according to the method described in claim 5, it is characterized in that, the NB-IOT network modules are received by NB-IOT networks The instruction that the NB-IOT network platforms and/or control device are sent, refers to that the NB-IOT network modules pass through NB-IOT nets Network receives the NB-IOT network platforms and/or control device transmission whether allow resident's China second-generation identity card, fingerprint, MF cards and/ Or numerical ciphers switch presets the instruction of the door lock of NB-IOT modules.
8. according to the method described in claim 6, it is characterized in that, whether described allow resident's China second-generation identity card switch to preset The instruction of the door lock of NB-IOT modules refers to, if allows the physics card number and/or TYPE Type B card objects of resident's China second-generation identity card Reason sequence number switch presets the instruction of the door lock of NB-IOT modules.
9. according to the method described in claim 1, it is characterized in that, the NB-IOT network platforms record and store the door lock Obtain the record of data packet and the record using the secret key decryption data packet.
10. according to the method described in claim 1 to 9 any one, which is characterized in that the NB-IOT modules refer to SN- 12NB-IOT communication modules.
CN201810140162.3A 2018-02-11 2018-02-11 A kind of data transmission method based on NB-IOT networks Pending CN108429737A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810140162.3A CN108429737A (en) 2018-02-11 2018-02-11 A kind of data transmission method based on NB-IOT networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810140162.3A CN108429737A (en) 2018-02-11 2018-02-11 A kind of data transmission method based on NB-IOT networks

Publications (1)

Publication Number Publication Date
CN108429737A true CN108429737A (en) 2018-08-21

Family

ID=63156869

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810140162.3A Pending CN108429737A (en) 2018-02-11 2018-02-11 A kind of data transmission method based on NB-IOT networks

Country Status (1)

Country Link
CN (1) CN108429737A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109858268A (en) * 2019-02-15 2019-06-07 深圳云程科技有限公司 A kind of encrypting fingerprint NB module system
CN111832042A (en) * 2020-06-23 2020-10-27 武汉菲奥达物联科技有限公司 Apartment student data security management method and device
CN113015158A (en) * 2019-12-20 2021-06-22 西门子(中国)有限公司 Method and apparatus for enhancing security of wireless network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105809524A (en) * 2014-12-31 2016-07-27 航天信息股份有限公司 Online tax declaration terminal, receiving terminal, tax declaration system, and tax declaration method
CN106683252A (en) * 2017-03-09 2017-05-17 徐东哲 Community intelligent passing control system and method based on narrow band Internet of Things
US20170242674A1 (en) * 2016-02-19 2017-08-24 Atif Hussein Internet-of-things device blank
CN107230272A (en) * 2017-07-23 2017-10-03 福建强闽信息科技有限公司 Intelligent key and passive intelligent lock core and its application method based on arrowband Internet of Things
CN107230139A (en) * 2017-06-01 2017-10-03 天网互联科技(深圳)有限公司 A kind of unattended Management System on Public Rooms based on arrowband Internet of Things

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105809524A (en) * 2014-12-31 2016-07-27 航天信息股份有限公司 Online tax declaration terminal, receiving terminal, tax declaration system, and tax declaration method
US20170242674A1 (en) * 2016-02-19 2017-08-24 Atif Hussein Internet-of-things device blank
CN106683252A (en) * 2017-03-09 2017-05-17 徐东哲 Community intelligent passing control system and method based on narrow band Internet of Things
CN107230139A (en) * 2017-06-01 2017-10-03 天网互联科技(深圳)有限公司 A kind of unattended Management System on Public Rooms based on arrowband Internet of Things
CN107230272A (en) * 2017-07-23 2017-10-03 福建强闽信息科技有限公司 Intelligent key and passive intelligent lock core and its application method based on arrowband Internet of Things

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109858268A (en) * 2019-02-15 2019-06-07 深圳云程科技有限公司 A kind of encrypting fingerprint NB module system
CN113015158A (en) * 2019-12-20 2021-06-22 西门子(中国)有限公司 Method and apparatus for enhancing security of wireless network
CN113015158B (en) * 2019-12-20 2023-08-04 西门子(中国)有限公司 Method and apparatus for enhancing wireless network security
CN111832042A (en) * 2020-06-23 2020-10-27 武汉菲奥达物联科技有限公司 Apartment student data security management method and device
CN111832042B (en) * 2020-06-23 2024-02-13 武汉菲奥达物联科技有限公司 Apartment student data safety management method and device

Similar Documents

Publication Publication Date Title
CN108429735A (en) A kind of data ciphering method
EP3987711B1 (en) Authenticated lattice-based key agreement or key encapsulation
CN111224974A (en) Method, system, electronic device and storage medium for network communication content encryption
CN104219054B (en) A kind of Point-to-Point Data Transmission method based on NFC
AU2010266760A1 (en) Method for generating an encryption/decryption key
CN108429737A (en) A kind of data transmission method based on NB-IOT networks
CN104935553A (en) Unified identity authentication platform and authentication method
CN107493168A (en) Quanta identity authentication method and its application process during quantum key distribution
CN101707767A (en) Data transmission method and devices
Chakrabarti et al. A novel approach towards realizing optimum data transfer and Automatic Variable Key (AVK) in cryptography
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN110519052A (en) Data interactive method and device based on Internet of Things operating system
CN109194701A (en) A kind of data processing method and device
CN111988301A (en) Secure communication method for preventing client from hacker violence attack
WO2008059475A1 (en) Secure communication
Schmidbauer et al. Challenging channels: Encrypted covert channels within challenge-response authentication
Zegers et al. A lightweight encryption and secure protocol for smartphone cloud
Wu et al. Attack and countermeasure on interlock-based device pairing schemes
CN108429736A (en) A kind of data decryption method
Ding et al. A lightweight and secure communication protocol for the IoT environment
CN109889329A (en) Anti- quantum calculation wired home quantum communications method and system based on quantum key card
CN114499857A (en) Method for realizing data correctness and consistency in big data quantum encryption and decryption
Balitanas et al. Crossed crypto-scheme in WPA PSK mode
US7231048B2 (en) Key sharing system, public key cryptosystem, signature system, key sharing apparatus, encryption apparatus, decryption apparatus, signature apparatus, authentication apparatus, key sharing method, encryption method, decryption method, signature method, authentication method, and programs
CN106357403A (en) Device and method for encryption protection of link communication and safety message processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180821