CN108429737A - A kind of data transmission method based on NB-IOT networks - Google Patents
A kind of data transmission method based on NB-IOT networks Download PDFInfo
- Publication number
- CN108429737A CN108429737A CN201810140162.3A CN201810140162A CN108429737A CN 108429737 A CN108429737 A CN 108429737A CN 201810140162 A CN201810140162 A CN 201810140162A CN 108429737 A CN108429737 A CN 108429737A
- Authority
- CN
- China
- Prior art keywords
- data
- iot
- algorithms
- key
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Electromagnetism (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of data transmission methods based on NB IOT networks, include at least following steps:To obtain the first data, first data include at least finger print data, resident's China second-generation identity card data, numerical ciphers and/or MF card data for acquisition;First data switch to the second data through hexadecimal code;By the second data described in hardware encryption mechanism and software cryptography encryption mechanism to obtain encrypted data packet and generate matched key;By data packet described in NB IOT network shares to connect NB IOT networks at least one destination node, the destination node include at least the NB IOT network platforms, preset NB IOT modules door lock and with the matched control device of the door lock;Key described in the destination node acquisition request is to use the secret key decryption data packet.
Description
Technical field
The present invention relates to technical field of data transmission more particularly to a kind of data transmission methods based on NB-IOT networks.
Background technology
In recent years, with the development of wireless terminal, more and more data will be sent by network.For example, data pass through
One end is transferred to the process of the other end and storage, storage may equipment by radio communication communication module storage.But it uses
User data is typically secret, and may include highly sensitive information, various numbers and/or card number etc..When from transmission
When data are to equipment, for security reasons, the data to be transmitted must be encrypted (enciphering) before sending, and encryption can make
It is more difficult to the eavesdropping of signaling and user data.Transmitting terminal Encryption Algorithm to the data encryption to be transmitted and encryption data from
Transmitting terminal is transferred to receiving terminal, in receiving terminal with identical Encryption Algorithm to the data deciphering of transmission.Both ends are added using identical
Close algorithm, however, protection in the prior art is usually very weak and is easy to be cracked.Occur many data in the prior art
Transmission method, but without based on this methods by protenchyma networking mode transmission data of NB-IOT.
Invention content
The present invention is directed to the shortcomings that existing way, a kind of data transmission method based on NB-IOT networks is proposed, to solve
The above problem certainly of the existing technology.
According to an aspect of the invention, there is provided a kind of data transmission method based on NB-IOT networks, includes at least
Following steps:
To obtain the first data, first data include at least finger print data, resident's China second-generation identity card data, number for acquisition
Word password and/or MF card data;First data switch to the second data through hexadecimal code;By hardware encryption mechanism and
Software cryptography mechanism is encrypted second data to obtain encrypted data packet and generate matched key;
Pass through data packet described in NB-IOT network shares at least one destination node for connecting NB-IOT networks, the mesh
Mark node includes at least the NB-IOT network platforms, presets the door lock of NB-IOT modules and filled with the matched control of the door lock
It sets, the control device is associated at least one door lock for presetting NB-IOT modules in advance;
The destination node acquisition request simultaneously obtains the key to decrypt second data.
Further, described that first data are switched into the second data through hexadecimal code, refer to:
When first data are finger print data, using 498 hexadecimal coding rules by the finger print data
Switch to the second data of hexadecimal code;
When first data be finger print data other than data when, using 12 hexadecimal coding rules respectively will
Data other than the finger print data switch to the second data of hexadecimal code;
Accordingly each finger print data includes the data packets of two 249 hexadecimal codes, and phase to second data
Each identity card data, numerical ciphers and MF cards data are answered respectively to include the data packet of two 8 hexadecimal codes, and
Each data packet in second data carries different numbers.
Further, described be encrypted by hardware encryption mechanism and the second data of software cryptography mechanism pair is added with obtaining
Close data packet simultaneously generates matched key, refers to, by hardware encryption mechanism and software cryptography mechanism to second data
It is encrypted twice to obtain encrypted data packet and generate matched key;
The hardware encryption mechanism is elliptic curve cipher encryption mechanism, and the software cryptography mechanism is to be asked completely based on NP
Topic rear quantum-key distribution algorithm, the encryption key distribution algorithm based on quantum communications, RC4 algorithms, tls protocol, DTLS agreements,
First combinational algorithm or the second combinational algorithm;
First combinational algorithm includes the combination of AES-192 algorithms, 3DES algorithms and SHA-3 algorithms, the AES-192
The combination of algorithm, 3DES algorithms and SHA-3 algorithms refers to, in encryption data, AES-192 algorithms, 3DES algorithms and SHA-3 are calculated
Method carries out Tertiary infilling to obtain encrypted data packet to data;
Second combinational algorithm includes the combination of AES-256 algorithms and SM4 algorithms, the AES-256 algorithms and SM4
The combination of algorithm refers to, in encryption data, AES-256 algorithms and SM4 algorithms are encrypted data twice to obtain encryption
Data packet.
Further, the identity card data refer to the physics card number and/or TYPE Type B card objects of resident's China second-generation identity card
Manage sequence number.
Further, after key described in destination node acquisition request is to use the secret key decryption data packet, the NB-
The IOT network platforms and/or control device send instructions to door lock by NB-IOT networks, the NB-IOT network moulds in the door lock
The instruction that group receives the NB-IOT network platforms by NB-IOT networks and/or control device is sent.
Further, the NB-IOT network platforms, which are recorded and stored, receives the NB-IOT network platforms and/or control
The record for the instruction that device is sent.
Further, the NB-IOT network modules by NB-IOT networks receive the NB-IOT network platforms and/or
The instruction that control device is sent refers to that the NB-IOT network modules receive the NB-IOT networks by NB-IOT networks and put down
Whether platform and/or control device transmission allow resident's China second-generation identity card, fingerprint, MF cards and/or numerical ciphers switch to preset NB-
The instruction of the door lock of IOT modules.
Further, the instruction of the door lock for whether allowing resident's China second-generation identity card switch to preset NB-IOT modules,
Refer to, if allow the physics card number of resident's China second-generation identity card and/or TYPE Type B card physical serial numbers to switch and preset NB-
The instruction of the door lock of IOT modules.
Further, the NB-IOT network platforms record and store the door lock and obtain the record of data packet and use institute
State the record of secret key decryption data packet.
Further, the NB-IOT modules refer to SN-12NB-IOT communication modules.
Compared with prior art, the beneficial effects of the invention are as follows:
1, by selecting hardware encryption mechanism and software cryptography encryption mechanism data, because software cryptography mechanism diversity and
It includes the characteristic of Encryption Algorithm can ensure the safeties of data;Number is transmitted by NB-IOT protenchyma networking modes again
According to and decrypt method, can ensure that encryption data is remotely sent to safely destination node to a certain extent;
2, the NB-IOT network modules of door lock connect related platform and/or control by the narrowbands NB-IOT Internet of Things respectively
Device interaction data, so that the transmission of data is safer, more convenient;
3, the reception record storage of data and instruction, convenient for tracking and maintenance in the future.
The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description
Obviously, or practice through the invention is recognized.
Description of the drawings
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, wherein:
Fig. 1 is a kind of data transmission method flow chart based on NB-IOT networks in the embodiment of the present invention;
Fig. 2 is the rear quantum-key distribution algorithm flow chart based on np complete problem of the embodiment of the present invention;
Fig. 3 is the Hash tree schematic diagram in the embodiment of the present invention;
Fig. 4 is the Hash tree limb schematic diagram in the embodiment of the present invention;
Fig. 5 is the structure chart of mobile phone when device is mobile phone in the embodiment of the present invention.
Specific implementation mode
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described.
In some flows of description in description and claims of this specification and above-mentioned attached drawing, contain according to
Multiple operations that particular order occurs, but it should be clearly understood that these operations can not be what appears in this article suitable according to its
Sequence is executed or is executed parallel, and the serial number such as 101,102 etc. of operation is only used for distinguishing each different operation, serial number
It itself does not represent and any executes sequence.In addition, these flows may include more or fewer operations, and these operations can
To execute or execute parallel in order.It should be noted that the descriptions such as " first " herein, " second ", are for distinguishing not
Same message, equipment, module etc., does not represent sequencing, does not also limit " first " and " second " and be different type.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiment is only a part of example of the present invention, is implemented instead of all the embodiments.It is based on
Embodiment in the present invention, the every other implementation that those skilled in the art are obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology
Term and scientific terminology), there is meaning identical with the general understanding of the those of ordinary skill in fields of the present invention.Also answer
It should be appreciated that those terms such as defined in the general dictionary, it should be understood that have in the context of the prior art
The consistent meaning of meaning otherwise will not containing with idealization or too formal and unless by specific definitions as here
Justice is explained.
Embodiment
As shown in Figure 1, providing a kind of data transmission method based on NB-IOT networks of the embodiment of the present invention, this method
Including step S101-S103:
To obtain the first data, the first data include at least finger print data, resident's China second-generation identity card data, number for S101 acquisitions
Word password and/or MF card data;First data switch to the second data through hexadecimal code;Pass through hardware encryption mechanism and software
The second data of encryption mechanism pair are encrypted to obtain encrypted data packet and generate matched key;
First data are switched into the second data through hexadecimal code, refer to, when the first data are finger print data, are used
Finger print data is switched to the second data of hexadecimal code by 498 hexadecimal coding rules;When the first data are fingerprint
When data other than data, using 12 hexadecimal coding rules respectively by the data other than finger print data switch to 16 into
Make the second data of coding.
Accordingly each finger print data includes the data packets of two 249 hexadecimal codes to second data, and corresponding every
One identity card data, numerical ciphers and MF cards data respectively include the data packet of two 8 hexadecimal codes, and the second number
Each data packet in carries different numbers.
Specifically, the first data to be switched to the second data of hexadecimal code, refer to, when the first data are finger print data
When, finger print data is switched to the second data of hexadecimal code using 498 hexadecimal coding rules;
Second data include the data packet of two 249 hexadecimal codes, and two data bands have different numbers.
Further, the second data that the first data are switched to hexadecimal code refer to, when the first data are identity card
When data, numerical ciphers and/or MF card data, using 12 hexadecimal coding rules respectively by identity card data, number
Password and/or MF card data switch to the second data of hexadecimal code;
Wherein, accordingly each identity card data, numerical ciphers and MF cards data include respectively two 8 ten to the second data
The data packet of senary coding, it is described in detail below:
When the first data are identity card data, the second data include the data packet of two 8 hexadecimal codes, two
Data packet carries different numbers;
And/or when the first data are numerical ciphers, the second data include the data packet of two 8 hexadecimal codes, two
A data band has different numbers;
And/or when the first data are MF card data, the second data include the data packet of two 8 hexadecimal codes,
Two data bands have different numbers;
The number of each data packet is different.
It is encrypted by hardware encryption mechanism and the second data of software cryptography mechanism pair to obtain encrypted data packet simultaneously
Matched key is generated, refers to, is encrypted twice by hardware encryption mechanism and the second data of software cryptography mechanism pair to obtain
It takes encrypted data packet and generates matched key;
Hardware encryption mechanism is elliptic curve cipher encryption mechanism, and software cryptography mechanism is the rear amount based on np complete problem
Sub-key allocation algorithm, the encryption key distribution algorithm based on quantum communications, RC4 algorithms, tls protocol, DTLS agreements, the first combination
Algorithm or the second combinational algorithm;
First combinational algorithm includes the combination of AES-192 algorithms, 3DES algorithms and SHA-3 algorithms, AES-192 algorithms,
The combination of 3DES algorithms and SHA-3 algorithms refers to, in encryption data, AES-192 algorithms, 3DES algorithms and SHA-3 algorithms pair
Data carry out Tertiary infilling to obtain encrypted data packet;
AES-192 algorithms, 3DES algorithms and SHA-3 algorithms carry out Tertiary infilling to obtain encrypted data packet to data
Mode is:1, AES-192 algorithms, 3DES algorithms and SHA-3 algorithms carry out Tertiary infilling to obtain encrypted number to data successively
According to packet;2, AES-192 algorithms, SHA-3 algorithms and 3DES algorithms carry out Tertiary infilling to obtain encrypted data to data successively
Packet;3,3DES algorithms, AES-192 algorithms and SHA-3 algorithms carry out Tertiary infilling to obtain encrypted data to data successively
Packet;4,3DES algorithms, SHA-3 algorithms and AES-192 algorithms carry out Tertiary infilling to obtain encrypted data packet to data successively;
5, SHA-3 algorithms, AES-192 algorithms and 3DES algorithms carry out Tertiary infilling to obtain encrypted data packet to data successively;6、
SHA-3 algorithms, 3DES algorithms and AES-192 algorithms carry out Tertiary infilling to obtain encrypted data packet to data successively.
Second combinational algorithm includes the combination of AES-256 algorithms and SM4 algorithms, the combination of AES-256 algorithms and SM4 algorithms
Refer to that AES-256 algorithms and SM4 algorithms are encrypted data twice to obtain encrypted data packet.
AES-256 algorithms encrypt data with SM4 algorithms twice:1、
AES-256 algorithms successively encrypt in a manner of obtaining encrypted data packet data with SM4 algorithms twice;2, SM4 algorithms
Data are encrypted twice in a manner of obtaining encrypted data packet successively with AES-256 algorithms.
Rear quantum-key distribution algorithm based on np complete problem needs based on quantum communications, and electrooptic modulator is profit
The modulator made of certain electro-optic crystal electrooptic effects.For electrooptic effect i.e. when applying voltages on electro-optic crystal, electric light is brilliant
The refractive index of body will change, and as a result cause the variation of the light wave characteristic by the crystal, realize phase to optical signal, width
The modulation of degree, intensity and polarization state.
Key generator changes optical signal, optical signal is allowed to carry the upper random number information by generating a series of random numbers.
Key random rearrangement sequence:Use random rearrangement sequence algorithm.Algorithm uses time-based method for reordering, is connect by transmission and estimation
Time receiving carves, and defines table according to the rearranged form of moment Hash, and a list item is 1280 numbers, and tool is determined by the number
Weight discharge method.Rearranged form defines the digital table that table is exactly the fixed length of anticipation definition, which can use and replace hardware chip
Method modification.According to certain a line for being hashing onto the table constantly.The number of each row is different.When by sending and estimate reception
It carves, and according to moment Hash, is tabled look-up with the cryptographic Hash, as soon as list item is 1280 numbers, this number determines tool
The rearrangement method of body.Rearranged form defines the digital table that table is exactly the fixed length of anticipation definition, which can use and replace hardware core
The method of piece is changed.According to certain a line for being hashing onto the table constantly.The number of each row is different.When by sending and estimate reception
It carves, and according to moment Hash, is tabled look-up with the cryptographic Hash, as soon as list item is 1280 numbers, this number determines tool
The rearrangement method of body.
Key is transferred to receiving terminal by quantum communication port from transmitting terminal, if intermediate measured by person of peeping, quantum
State can change, and cannot restore key in receiving terminal.And the information that person of peeping obtains due to be by random rearrangement sequence,
So person of peeping can not obtain prime information.Even if person of peeping has peeped repeatedly, rule can not be found, so cannot crack.
Further, since receiving terminal finds leakage of information, it will send out alarm signal, ensure system safety.
Receiving terminal also preserves a same rearranged form and defines table, is placed in order and key recovery device, works as receiving terminal
It after receiving optical signal, is first tabled look-up with the cryptographic Hash transmitted in optical signal, defining table according still further to the mode of retaking docks collection of letters weight
Sequence.And the key of recovery sequence and the key of oneself are put together verification, if the verification passes, then it represents that signal is not broken
It is bad.It can start to measure optical signal, obtain information.
It is basic design of cryptosystems with the corresponding quantum calculation np problem of np problem.The method that we use is based on Kazakhstan
Uncommon algorithm signature.Specific method is:Merkle signature schemes implement.Merkle signature schemes are proved by academia,
The algorithm that quantum computer cracks can be resisted.The algorithm is mainly divided into three steps:
1. generating key:The method for generating key is to use Hash tree as shown in Figure 3.Hash tree is by calculating public key
The cryptographic Hash H (Yi) of Yi is then further continued for calculating the cryptographic Hash of H (Yi) upwards, until only remaining next node, as shown in Figure 4.
Hash tree nodal values are to can serve as key.
2. generating signature:Signer selects a key pair (Xi, Yi), and information M is signed with One-time signature, then
The additional information of increase to M, it was demonstrated that M is strictly the data crossed by the key signature.Auth [0], auth as shown below
[1]。
3. signature verification:After recipient receives M information, verify whether M is signed by disposable proof scheme with public key Yi
It crosses.If the verification passes, then recipient calculates A0=H (Yi), A1=H (A0 | auth0), A2=H (A1 | auth1) ... An, such as
All Ai of fruit meet with public key, then signature is effective.
Elliptic curve cipher encryption mechanism specifically refer to elliptic curve encryption algorithm (Elliptic Curve Cryptography,
ECC it is) a kind of public encryption system, was initially proposed in 1985 by Koblitz and two people of Miller, Fundamentals of Mathematics is to utilize
Rational point on elliptic curve constitutes the dyscalculia of Elliptic discrete logarithm in Abel modules.
RC4 algorithms refer to symmetric cryptography (being also private key encryption) algorithm, mean that encryption and decryption use same key
Encryption Algorithm.Sometimes it is called conventional cipher algorithm, being exactly encryption key can calculate from decruption key, while decrypt close
Key can also be calculated from encryption key.And in most of symmetry algorithm, encryption key and decruption key are identical
, so also referred to as this Encryption Algorithm is secret-key algorithm or single key algorithm.Its main feature is that algorithm is simple, the speed of service
Soon, and key length is variable, and variable range is 1-256 bytes (8-2048 bits), in the premise of nowadays technical support
Under, when key length is 128 bit, method search key is less feasible by force, it is possible to predict the key model of RC4
Enclose the attack appointed and can so resist force search key in considerable time from now on.
Safe transmission layer protocol (TLS) is used to provide confidentiality and data integrity between two communication application programs.
TLS record protocols are a kind of layered protocols.Information in each layer may include the fields such as length, description and content.Record association
View support information transmission, by data sectional to can process block, compressed data, using MAC, encryption and transmit result etc..Docking
The data received are decrypted, verify, decompress, recombinate, and then transfer them to higher level client.
There are two fundamental characteristics for the connection safety tool that TLS record protocols provide:
Privately owned-- symmetric cryptography is to data encryption (DES, RC4 etc.).Key pair caused by symmetric cryptography each connects
It is all unique to connect, and this key is negotiated based on another agreement (such as Handshake Protocol).Record protocol, which can not also be encrypted, to be made
With.
Reliably-- information transmission includes carrying out information integrity inspection using the MAC of key.Secure Hash function (SHA,
MD5 etc.) it is calculated for MAC.Record protocol can also operate in the case of no MAC, but generally be only used for this pattern,
There is another agreement that record protocol transmission is used and negotiates security parameter.
DTLS (Datagram Transport Layer Security) i.e. data packet transport layer security protocols.The most
Apparent selection is one general channel safety agreement of design, it can use datagram transmission, just as the TLS on TCP.This
One agreement of sample can be realized in the user space, be easily installed in this way, but enough flexibly and general, can it is many towards
The application program of datagram provides safety.
AES encryption algorithm be in cryptography Advanced Encryption Standard (Advanced Encryption Standard,
AES), also known as Rijndael enciphered methods are a kind of block encryption standards that U.S. Federal Government uses.This standard is used for substituting
Original DES is analyzed and widely the whole world is used in many ways.The basic demand of AES is, using symmetric block ciphers body
The minimum support of system, key length is 128,192,256, and block length 128, it is real that algorithm should be easy to various hardware and softwares
It is existing, and there is very high safety, be highly resistant to from preceding known attack, such as linear attack, interpolation attack, differential attack and
Related-key attack etc..
3DES (or being Triple DES) is triple data encryption algorithm (TDEA, Triple Data Encryption
Algorithm) the common name of block encryption.It is the equal of to each data block using des encryption algorithm three times.Due to computer
The key length of the enhancing of operational capability, master DES passwords becomes easy by Brute Force;3DES is to be designed to provide for one
Kind relatively simple method avoids similar attack by increasing the key length of DES, rather than design a kind of completely new
Block cipher algorithm.
3DES can both use three keys, can also use two keys.There are three notable advantages for it:First it
Key length is 168, is fully able to resist exhaustive attack;Followed by quite safe, which encrypts than any other
Algorithm will be grown by the time analyzed;Third, the bottom Encryption Algorithm due to 3DES is identical as DES, so many existing
DES software and hardwares product can conveniently realize 3DES, therefore easy to use.
SHA3 brief introductions:Due in recent years to the common Hash functions of tradition such as MD4, MD5, SHA0, SHA1, RIPENMD etc.
Successful attack, American National Standard technical research institute (NIST) have held 2 password Hash, in 2005 in 2006 and have ground respectively
Beg for meeting;It was announced simultaneously in 2007 and collects new next-generation password hash algorithm, candidate hash function in the world
It must realize well.Even if it should consume minimum resource and hash a large amount of Message-text.Many candidate algorithms are actually nothing
Method reaches this requirement.Candidate algorithm must guard safety.It should resist known attack, while keep a big safety
Coefficient.Keccak is a good selection of SHA-3 standards.It is rapid, and bit distribution is uniform, and anti-collision is good.
DTLS agreements are designed to ensure the safety of application communication data.Reliable session establishment DTLS must provide one
A mechanism comes certification opposite end, carries out reliable key foundation, negotiating algorithm closes parameter and transmits.Since it is unreliable that DTLS is operated in completely
Datagram communication on, it is necessary to realize retransmission mechanism to ensure the reliable delivery of handshaking information
SM4 cryptographic algorithms are a grouping algorithms, and algorithm design letter is bought, and structure has feature, safe and efficient.SM4 algorithms
Algorithm structure:Data packet length is 128 bits, and key length is 128 bits.Encryption Algorithm is equal with key schedule
Take 32 wheel iteration structures.SM4 cryptographic algorithms carry out data processing using byte (8) and byte (32) as unit.SM4 is close
Code algorithm is pairing operation, therefore decipherment algorithm is identical as the structure of Encryption Algorithm, and only the use sequence of round key is on the contrary, solution
Close round key is the backward of encryption round key.The safety of SM4:SM4 cryptographic algorithms are abundant by China's profession Cipher mechanism
Analysis test can resist the existing attacks such as differential attack, linear attack, therefore be safe.
Identity card data refer to the physics card number and/or TYPE Type B card physical serial numbers of resident's China second-generation identity card.
By NB-IOT network shares data packet to the destination node for connecting NB-IOT networks, destination node at least wraps S102
Include the NB-IOT network platforms, preset NB-IOT modules door lock and with the matched control device of door lock, the control device is advance
It is associated at least one door lock for presetting NB-IOT modules;NB-IOT modules refer to SN-12 NB-IOT communication modules.
After destination node acquisition request key is to use secret key decryption data packet, the NB-IOT network platforms and/or
Control device sends instructions to the door lock for presetting NB-IOT modules by NB-IOT networks, presets the door lock of NB-IOT modules
In NB-IOT network modules pass through NB-IOT networks and receive the instruction that the NB-IOT network platforms and/or control device are sent.
Mobile phone, tablet computer, PDA (Personal Digital are may be mounted at the matched control device of door lock
Assistant, personal digital assistant), POS (Point of Sales, point-of-sale terminal), the arbitrary terminal device such as vehicle-mounted computer,
By taking terminal is mobile phone as an example:
Fig. 5 shows the block diagram with the part-structure of the relevant mobile phone of terminal provided in an embodiment of the present invention.Reference chart
5, mobile phone includes:Radio frequency (Radio Frequency, RF) circuit 1510, memory 1520, input unit 1530, display unit
1540, sensor 1550, voicefrequency circuit 1560, Wireless Fidelity (wireless fidelity, WiFi) module 1570, processor
The components such as 1580 and battery 1590.It will be understood by those skilled in the art that handset structure shown in Fig. 5 is not constituted pair
The restriction of mobile phone may include either combining certain components or different component cloth than illustrating more or fewer components
It sets.
The finger that NB-IOT network modules receive the NB-IOT network platforms by NB-IOT networks and/or control device is sent
Enable, refer to, NB-IOT network modules by NB-IOT networks receive the NB-IOT network platforms and/or control device send whether
Resident's China second-generation identity card, fingerprint, MF cards and/or numerical ciphers are allowed to switch the instruction for the door lock for presetting NB-IOT modules.
Two generation resident's China second-generation identity cards have some personal associated electrical information of storage, these information to be required for passing through spy
Fixed soft hardware equipment could be read, these soft hardware equipments generally have in places such as public security bureau, hotel, hotels.And resident
China second-generation identity card physics card number is the data that must could be read by these soft hardware equipments, the main work of these data
Be distinguish resident's China second-generation identity card it is true and false.Certainly, in order to ensure during key issues not to be illegal interception, it is also necessary to
Key encryption technology is used, typical key encryption technology has elliptic curve encryption algorithm (ECC), is a kind of public encryption system,
Its Fundamentals of Mathematics is that the dyscalculia of Elliptic discrete logarithm in Abel modules is constituted using the rational point on elliptic curve.It is ellipse
Circular curve cipher system is in the public key system being currently known, to a kind of highest system of the provided encryption intensity of every bit.Solution
The best algorithm of discrete logarithm problem on elliptic curve is Pollard rho methods, and time complexity is complete exponential order
's.
Allow resident's China second-generation identity card to switch the instruction for the door lock for presetting NB-IOT modules, refer to, allows two generation of resident
Physics card number and/or TYPE Type B card the physical serial numbers switch of identity card preset the instruction of the door lock of NB-IOT modules.
The NB-IOT network platforms record and store the note for the instruction for receiving the NB-IOT network platforms and/or control device transmission
Record and the record for using the secret key decryption data packet.
S103 destination node acquisition request keys are to use the secret key decryption data packet.
The NB-IOT network platforms record and store door lock and obtain the record of data packet and use the secret key decryption data packet
Record.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of module and related work unit, can refer to corresponding processes in the foregoing method embodiment, herein no longer
It repeats.
In embodiment provided herein, it should be understood that disclosed method and platform or device or module or
Unit may be implemented in other ways.For example, embodiment of the method described above is only schematical, for example, institute
The division of module is stated, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple moulds
Block or component can be combined or can be integrated into another system, or some features can be ignored or not executed.The conduct
The unit that separating component illustrates may or may not be physically separated, the component shown as unit can be or
Person may not be physical unit, you can be located at a place, or may be distributed over multiple network units.It can root
According to actual needs, some or all of the units may be selected to achieve the purpose of the solution of this embodiment.
The above is only some embodiments of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (10)
1. a kind of data transmission method based on NB-IOT networks, which is characterized in that include at least following steps:
To obtain the first data, it is close that first data include at least finger print data, resident's China second-generation identity card data, number for acquisition
Code and/or MF card data;First data switch to the second data through hexadecimal code;Pass through hardware encryption mechanism and software
Encryption mechanism is encrypted second data to obtain encrypted data packet and generate matched key;
Pass through data packet described in NB-IOT network shares at least one destination node for connecting NB-IOT networks, the target section
Point including at least the NB-IOT network platforms, preset NB-IOT modules door lock and with the matched control device of the door lock, institute
It states control device and is associated at least one door lock for presetting NB-IOT modules in advance;
Key described in the destination node acquisition request is to use the secret key decryption data packet.
2. according to the method described in claim 1, it is characterized in that, described switch to second by the first data through hexadecimal code
Data refer to:
When first data are finger print data, the finger print data is switched to using 498 hexadecimal coding rules
Second data of hexadecimal code;
It, respectively will be described using 12 hexadecimal coding rules when data other than first data are finger print data
Data other than finger print data switch to the second data of hexadecimal code;
Accordingly each finger print data includes the data packets of two 249 hexadecimal codes to second data, and corresponding every
One identity card data, numerical ciphers and MF cards data respectively include the data packet of two 8 hexadecimal codes, and the second number
Each data packet in carries different numbers.
3. according to the method described in claim 1, it is characterized in that, described pass through hardware encryption mechanism and software cryptography mechanism pair
Second data are encrypted to obtain encrypted data packet and generate matched key, refer to, by hardware encryption mechanism and soft
Part encryption mechanism is encrypted second data twice to obtain encrypted data packet and generate matched key;
The hardware encryption mechanism is elliptic curve cipher encryption mechanism, and the software cryptography mechanism is based on np complete problem
Afterwards quantum-key distribution algorithm, the encryption key distribution algorithm based on quantum communications, RC4 algorithms, tls protocol, DTLS agreements, first group
Hop algorithm or the second combinational algorithm;
First combinational algorithm includes the combination of AES-192 algorithms, 3DES algorithms and SHA-3 algorithms, and the AES-192 is calculated
The combination of method, 3DES algorithms and SHA-3 algorithms refers to, in encryption data, AES-192 algorithms, 3DES algorithms and SHA-3 algorithms
Tertiary infilling is carried out to obtain encrypted data packet to data;
Second combinational algorithm includes the combination of AES-256 algorithms and SM4 algorithms, the AES-256 algorithms and SM4 algorithms
Combination refers to that AES-256 algorithms and SM4 algorithms are encrypted data twice to obtain encrypted data packet.
4. according to the method described in claim 1, it is characterized in that, the identity card data refer to, resident's China second-generation identity card
Physics card number and/or TYPE Type B card physical serial numbers.
5. according to the method described in claim 1, it is characterized in that, further include, key described in destination node acquisition request so that
After the secret key decryption data packet, the NB-IOT network platforms and/or control device are referred to by the transmission of NB-IOT networks
It enables to the door lock for presetting NB-IOT modules, the NB-IOT network modules in the door lock for presetting NB-IOT modules pass through
The instruction that NB-IOT networks receive the NB-IOT network platforms and/or control device is sent.
6. according to the method described in claim 5, it is characterized in that, the NB-IOT network platforms are recorded and are stored described in reception
The record for the instruction that the NB-IOT network platforms and/or control device are sent.
7. according to the method described in claim 5, it is characterized in that, the NB-IOT network modules are received by NB-IOT networks
The instruction that the NB-IOT network platforms and/or control device are sent, refers to that the NB-IOT network modules pass through NB-IOT nets
Network receives the NB-IOT network platforms and/or control device transmission whether allow resident's China second-generation identity card, fingerprint, MF cards and/
Or numerical ciphers switch presets the instruction of the door lock of NB-IOT modules.
8. according to the method described in claim 6, it is characterized in that, whether described allow resident's China second-generation identity card switch to preset
The instruction of the door lock of NB-IOT modules refers to, if allows the physics card number and/or TYPE Type B card objects of resident's China second-generation identity card
Reason sequence number switch presets the instruction of the door lock of NB-IOT modules.
9. according to the method described in claim 1, it is characterized in that, the NB-IOT network platforms record and store the door lock
Obtain the record of data packet and the record using the secret key decryption data packet.
10. according to the method described in claim 1 to 9 any one, which is characterized in that the NB-IOT modules refer to SN-
12NB-IOT communication modules.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810140162.3A CN108429737A (en) | 2018-02-11 | 2018-02-11 | A kind of data transmission method based on NB-IOT networks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810140162.3A CN108429737A (en) | 2018-02-11 | 2018-02-11 | A kind of data transmission method based on NB-IOT networks |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108429737A true CN108429737A (en) | 2018-08-21 |
Family
ID=63156869
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810140162.3A Pending CN108429737A (en) | 2018-02-11 | 2018-02-11 | A kind of data transmission method based on NB-IOT networks |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108429737A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109858268A (en) * | 2019-02-15 | 2019-06-07 | 深圳云程科技有限公司 | A kind of encrypting fingerprint NB module system |
CN111832042A (en) * | 2020-06-23 | 2020-10-27 | 武汉菲奥达物联科技有限公司 | Apartment student data security management method and device |
CN113015158A (en) * | 2019-12-20 | 2021-06-22 | 西门子(中国)有限公司 | Method and apparatus for enhancing security of wireless network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105809524A (en) * | 2014-12-31 | 2016-07-27 | 航天信息股份有限公司 | Online tax declaration terminal, receiving terminal, tax declaration system, and tax declaration method |
CN106683252A (en) * | 2017-03-09 | 2017-05-17 | 徐东哲 | Community intelligent passing control system and method based on narrow band Internet of Things |
US20170242674A1 (en) * | 2016-02-19 | 2017-08-24 | Atif Hussein | Internet-of-things device blank |
CN107230272A (en) * | 2017-07-23 | 2017-10-03 | 福建强闽信息科技有限公司 | Intelligent key and passive intelligent lock core and its application method based on arrowband Internet of Things |
CN107230139A (en) * | 2017-06-01 | 2017-10-03 | 天网互联科技(深圳)有限公司 | A kind of unattended Management System on Public Rooms based on arrowband Internet of Things |
-
2018
- 2018-02-11 CN CN201810140162.3A patent/CN108429737A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105809524A (en) * | 2014-12-31 | 2016-07-27 | 航天信息股份有限公司 | Online tax declaration terminal, receiving terminal, tax declaration system, and tax declaration method |
US20170242674A1 (en) * | 2016-02-19 | 2017-08-24 | Atif Hussein | Internet-of-things device blank |
CN106683252A (en) * | 2017-03-09 | 2017-05-17 | 徐东哲 | Community intelligent passing control system and method based on narrow band Internet of Things |
CN107230139A (en) * | 2017-06-01 | 2017-10-03 | 天网互联科技(深圳)有限公司 | A kind of unattended Management System on Public Rooms based on arrowband Internet of Things |
CN107230272A (en) * | 2017-07-23 | 2017-10-03 | 福建强闽信息科技有限公司 | Intelligent key and passive intelligent lock core and its application method based on arrowband Internet of Things |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109858268A (en) * | 2019-02-15 | 2019-06-07 | 深圳云程科技有限公司 | A kind of encrypting fingerprint NB module system |
CN113015158A (en) * | 2019-12-20 | 2021-06-22 | 西门子(中国)有限公司 | Method and apparatus for enhancing security of wireless network |
CN113015158B (en) * | 2019-12-20 | 2023-08-04 | 西门子(中国)有限公司 | Method and apparatus for enhancing wireless network security |
CN111832042A (en) * | 2020-06-23 | 2020-10-27 | 武汉菲奥达物联科技有限公司 | Apartment student data security management method and device |
CN111832042B (en) * | 2020-06-23 | 2024-02-13 | 武汉菲奥达物联科技有限公司 | Apartment student data safety management method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108429735A (en) | A kind of data ciphering method | |
EP3987711B1 (en) | Authenticated lattice-based key agreement or key encapsulation | |
CN111224974A (en) | Method, system, electronic device and storage medium for network communication content encryption | |
CN104219054B (en) | A kind of Point-to-Point Data Transmission method based on NFC | |
AU2010266760A1 (en) | Method for generating an encryption/decryption key | |
CN108429737A (en) | A kind of data transmission method based on NB-IOT networks | |
CN104935553A (en) | Unified identity authentication platform and authentication method | |
CN107493168A (en) | Quanta identity authentication method and its application process during quantum key distribution | |
CN101707767A (en) | Data transmission method and devices | |
Chakrabarti et al. | A novel approach towards realizing optimum data transfer and Automatic Variable Key (AVK) in cryptography | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN110519052A (en) | Data interactive method and device based on Internet of Things operating system | |
CN109194701A (en) | A kind of data processing method and device | |
CN111988301A (en) | Secure communication method for preventing client from hacker violence attack | |
WO2008059475A1 (en) | Secure communication | |
Schmidbauer et al. | Challenging channels: Encrypted covert channels within challenge-response authentication | |
Zegers et al. | A lightweight encryption and secure protocol for smartphone cloud | |
Wu et al. | Attack and countermeasure on interlock-based device pairing schemes | |
CN108429736A (en) | A kind of data decryption method | |
Ding et al. | A lightweight and secure communication protocol for the IoT environment | |
CN109889329A (en) | Anti- quantum calculation wired home quantum communications method and system based on quantum key card | |
CN114499857A (en) | Method for realizing data correctness and consistency in big data quantum encryption and decryption | |
Balitanas et al. | Crossed crypto-scheme in WPA PSK mode | |
US7231048B2 (en) | Key sharing system, public key cryptosystem, signature system, key sharing apparatus, encryption apparatus, decryption apparatus, signature apparatus, authentication apparatus, key sharing method, encryption method, decryption method, signature method, authentication method, and programs | |
CN106357403A (en) | Device and method for encryption protection of link communication and safety message processing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180821 |