CN109150902B - Encryption device based on home gateway system and encryption method thereof - Google Patents
Encryption device based on home gateway system and encryption method thereof Download PDFInfo
- Publication number
- CN109150902B CN109150902B CN201811112828.0A CN201811112828A CN109150902B CN 109150902 B CN109150902 B CN 109150902B CN 201811112828 A CN201811112828 A CN 201811112828A CN 109150902 B CN109150902 B CN 109150902B
- Authority
- CN
- China
- Prior art keywords
- encryption
- data
- key
- module
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses an encryption device based on a home gateway system, which comprises an internal data transmission module, a data transmission module and a data transmission module, wherein the internal data transmission module is used for internal data transmission of a home network; the external data transmission module is used for data transmission between the home network and the external network; the first-stage encryption module extracts a key from the key management module and encrypts data in the home network; the second-stage encryption module is used for generating a secret key according to an encryption result of the first-stage encryption module and encrypting data between the home network and the external network; and the key management module is used for managing the key. The invention can improve the defects of the prior art and improve the data transmission safety of the home gateway.
Description
Technical Field
The invention relates to the technical field of network communication safety, in particular to an encryption device based on a home gateway system and an encryption method thereof.
Background
With the development of network technology, more and more concepts of smart home are appearing in people's daily life. In the face of increasingly complicated smart home products, a common way to perform integrated management on the smart home products is to adopt a home gateway technology. The home gateway can network various household appliances and equipment in a home, and provide various rich, diversified, personalized, convenient, comfortable, safe and efficient services for people through the network. Data transmission of smart home products needs to pass through the home gateway, so the data security of the home gateway is very important.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an encryption device based on a home gateway system and an encryption method thereof, which can solve the defects of the prior art and improve the security of home gateway data transmission.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows.
An encryption device based on a home gateway system comprises,
the internal data transmission module is used for transmitting the internal data of the home network;
the external data transmission module is used for data transmission between the home network and the external network;
the first-stage encryption module extracts a key from the key management module and encrypts data in the home network;
the second-stage encryption module is used for generating a secret key according to an encryption result of the first-stage encryption module and encrypting data between the home network and the external network;
and the key management module is used for managing the key.
An encryption method of the encryption device based on the home gateway system includes the following steps:
the data inside the network is encrypted by the encryption device,
after receiving data to be sent, the internal data transmission module establishes communication connection with the first-level encryption module; the first-stage encryption module extracts a key from the key management module and encrypts data in the home network; the key management module updates the key database according to the key access condition;
the encryption of data between the networks is carried out,
after receiving data to be sent, the external data transmission module establishes communication connection with the second-season encryption module; generating a key according to the encryption result of the first-stage encryption module, and encrypting data between the home network and the external network; and the key management module updates the key database according to the key generation condition.
Preferably, in the process of encrypting data in the network, the data sensitivity is in direct proportion to the data encryption priority.
Preferably, the data is decomposed before being encrypted, comprising the steps of,
A. the dimension D of the decomposition is set up,
wherein T is the historical average value of the total amount of data, K is the data category amount,
represents rounding up;
B. establishing a functional relation between the data sensitivity S and each dimension sensitivity component S,
wherein f is a correlation function of each dimension sensitivity component s and each dimension data consistency u;
C. decomposing the data according to the sensitivity component s of each dimension;
and after the data are decomposed, the decomposed data are encrypted and then are processed.
Preferably, the key management module updating the key database based on the key access comprises the steps of,
A. establishing an associated data set using keys of different data components in the same data;
B. when the same key is taken again, it is guaranteed that it is not used simultaneously with all other keys in the existing associated data set.
Preferably, in the inter-network data encryption process, the association degree between the data to be encrypted and the encryption result of the first-level encryption module for generating the key is in direct proportion to the data encryption priority.
Preferably, the generating of the key according to the encryption result of the first-level encryption module includes the steps of,
A. selecting an encryption result linearly related to the data to be encrypted as standby data;
B. respectively calculating an encryption result and a hash value of a key used for obtaining the encryption result;
C. b, normalizing the hash value calculated in the step B, wherein the processing result is used as a first variable of the secret key;
D. combining the transmission path addresses of the encryption results of the first-stage encryption module, and then performing normalization processing, wherein the processing result is used as a second variable of the secret key;
E. and respectively carrying out Fourier-Mellin transformation on the first variable and the second variable of the key to obtain corresponding feature matrixes, and extracting feature vectors which are linearly independent from each other in the feature matrixes to form the key.
Preferably, the existing key is twice encrypted using the newly generated key, and the encrypted result is substituted for the existing key.
Adopt the beneficial effect that above-mentioned technical scheme brought to lie in: the invention specially designs a set of data encryption system aiming at the data transmission characteristics of the home gateway. The system is divided into two parts, which are specially corresponding to internal data and external data. For internal data, a one-time encryption mode is adopted due to high security. By decomposing and encrypting the data, the encryption operation amount can be effectively reduced. For external data, a key is generated by using an encryption result of the first-stage encryption module, and the key security is improved by using the uncertainty of the encryption result, so that the encryption level of the external data is improved. The key is generated through the hash value of the encryption process parameter and the data transmission path address, the reliability of the key is improved by using a double random mode, and the data source is safe and reliable and has strong stability. In the encryption process, the security of the secret key can be effectively improved by updating the secret key database in two stages, and the security of the encryption process is greatly improved under the condition of not increasing the number of the secret keys.
Drawings
FIG. 1 is a system schematic of one embodiment of the present invention.
In the figure: 1. an internal data transmission module; 2. an external data transmission module; 3. a first-level encryption module; 4. a second level encryption module; 5. and a key management module.
Detailed Description
The standard parts used in the invention can be purchased from the market, the special-shaped parts can be customized according to the description and the description of the attached drawings, and the specific connection mode of each part adopts the conventional means of mature bolts, rivets, welding, sticking and the like in the prior art, and the detailed description is not repeated.
Referring to fig. 1, one embodiment of the present invention includes,
the internal data transmission module 1 is used for transmitting data inside the home network;
the external data transmission module 2 is used for data transmission between the home network and the external network;
the first-stage encryption module 3 extracts a key from the key management module 5 and encrypts data in the home network;
the second-stage encryption module 4 generates a key according to the encryption result of the first-stage encryption module 3, and encrypts data between the home network and the external network;
and the key management module 5 is used for managing the key.
An encryption method of the encryption device based on the home gateway system includes the following steps:
the data inside the network is encrypted by the encryption device,
after receiving data to be sent, the internal data transmission module 1 establishes communication connection with the first-level encryption module 3; the first-stage encryption module 3 extracts a key from the key management module 5 and encrypts data in the home network; the key management module 5 updates the key database according to the key access condition;
the encryption of data between the networks is carried out,
after receiving data to be sent, the external data transmission module 2 establishes communication connection with the second-season encryption module 4; generating a key according to the encryption result of the first-stage encryption module 3, and encrypting data between the home network and the external network; the key management module 5 updates the key database according to the key generation condition.
In the process of encrypting data in the network, the data sensitivity is in direct proportion to the data encryption priority.
The method for decomposing the data before encryption comprises the following steps,
A. the dimension D of the decomposition is set up,
wherein T is the historical average value of the total amount of data, K is the data category amount,
represents rounding up;
B. establishing a functional relation between the data sensitivity S and each dimension sensitivity component S,
wherein f is a correlation function of each dimension sensitivity component s and each dimension data consistency u;
C. decomposing the data according to the sensitivity component s of each dimension;
and after the data are decomposed, the decomposed data are encrypted and then are processed.
The updating of the key database by the key management module 5 in response to a key access comprises the following steps,
A. establishing an associated data set using keys of different data components in the same data;
B. when the same key is taken again, it is guaranteed that it is not used simultaneously with all other keys in the existing associated data set.
In the inter-network data encryption process, the association degree of the data to be encrypted and the encryption result of the first-stage encryption module 3 for generating the key is in direct proportion to the data encryption priority.
Generating a key based on the encryption result of the first-stage encryption module 3 includes the steps of,
A. selecting an encryption result linearly related to the data to be encrypted as standby data;
B. respectively calculating an encryption result and a hash value of a key used for obtaining the encryption result;
C. b, normalizing the hash value calculated in the step B, wherein the processing result is used as a first variable of the secret key;
D. combining the transmission path addresses of the encryption result of the first-stage encryption module 3, and then performing normalization processing, wherein the processing result is used as a second variable of the secret key;
E. Fourier-Mellin transformation is respectively carried out on the first variable and the second variable of the key to obtain corresponding feature matrixes, and feature vectors which are linearly independent of each other in the feature matrixes are extracted to form the key;
the key is generated by splicing the feature vectors, the feature vectors are randomly and repeatedly spliced in the splicing process, and feature marking is carried out on the repeatedly spliced positions. Through repeated splicing, the number of the keys can be increased, more importantly, the keys can be subjected to security detection through the characteristic marks of repeated splicing, and the keys are prevented from being tampered.
And performing secondary encryption on the existing key by using the newly generated key, and replacing the existing key by using the encrypted result.
In the description of the present invention, it is to be understood that the terms "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, are merely for convenience of description of the present invention, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (4)
1. An encryption method of an encryption device based on a home gateway system, the encryption device based on the home gateway system comprising,
the internal data transmission module (1) is used for transmitting data inside the home network;
the external data transmission module (2) is used for data transmission between the home network and the external network;
the first-stage encryption module (3) extracts a key in the key management module (5) and encrypts data in the home network;
the second-stage encryption module (4) generates a key according to the encryption result of the first-stage encryption module (3) and encrypts data between the home network and the external network;
a key management module (5) for managing keys;
the method is characterized by comprising the following steps:
the method for decomposing the data before encryption comprises the following steps,
A. the dimension D of the decomposition is set up,
wherein T is the historical average value of the total amount of data, K is the data category amount,
represents rounding up;
B. establishing a functional relation between the data sensitivity S and each dimension sensitivity component S,
wherein f is a correlation function of each dimension sensitivity component s and each dimension data consistency u;
C. decomposing the data according to the sensitivity component s of each dimension;
after the data are decomposed, the decomposed data are encrypted and then are encrypted;
the data inside the network is encrypted by the encryption device,
after receiving data to be sent, the internal data transmission module (1) establishes communication connection with the first-level encryption module (3); the first-stage encryption module (3) extracts a key from the key management module (5) and encrypts data inside the home network; the key management module (5) updates the key database according to the key use condition; in the process of encrypting data in the network, the data sensitivity is in direct proportion to the data encryption priority;
the encryption of data between the networks is carried out,
after receiving data to be sent, the external data transmission module (2) establishes communication connection with the second-season encryption module (4); generating a key according to the encryption result of the first-stage encryption module (3) to encrypt data between the home network and the external network; the key management module (5) updates the key database according to the key generation condition;
the generation of the key from the result of the encryption by the first-level encryption module (3) comprises the following steps,
A. selecting an encryption result linearly related to the data to be encrypted as standby data;
B. respectively calculating an encryption result and a hash value of a key used for obtaining the encryption result;
C. b, normalizing the hash value calculated in the step B, wherein the processing result is used as a first variable of the secret key;
D. combining the transmission path addresses of the encryption result of the first-stage encryption module (3), and then performing normalization processing, wherein the processing result is used as a second variable of the secret key;
E. and respectively carrying out Fourier-Mellin transformation on the first variable and the second variable of the key to obtain corresponding feature matrixes, and extracting feature vectors which are linearly independent from each other in the feature matrixes to form the key.
2. The encryption method of an encryption device based on a home gateway system according to claim 1, wherein: the key management module (5) updating the key database according to the key access situation comprises the following steps,
A. establishing an associated data set using keys of different data components in the same data;
B. when the same key is taken again, it is guaranteed that it is not used simultaneously with all other keys in the existing associated data set.
3. The encryption method of an encryption device based on a home gateway system according to claim 1, wherein: in the process of data encryption between networks, the association degree of data to be encrypted and the encryption result of the first-stage encryption module (3) for generating the key is in direct proportion to the data encryption priority.
4. The encryption method of an encryption device based on a home gateway system according to claim 3, wherein: and performing secondary encryption on the existing key by using the newly generated key, and replacing the existing key by using the encrypted result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811112828.0A CN109150902B (en) | 2018-09-25 | 2018-09-25 | Encryption device based on home gateway system and encryption method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811112828.0A CN109150902B (en) | 2018-09-25 | 2018-09-25 | Encryption device based on home gateway system and encryption method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109150902A CN109150902A (en) | 2019-01-04 |
| CN109150902B true CN109150902B (en) | 2021-03-30 |
Family
ID=64823279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811112828.0A Active CN109150902B (en) | 2018-09-25 | 2018-09-25 | Encryption device based on home gateway system and encryption method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109150902B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115440107B (en) * | 2022-10-26 | 2024-07-23 | 北京千种幻影科技有限公司 | Intelligent driving training system and method for deaf-mute based on VR virtual reality |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247391A (en) * | 2007-12-28 | 2008-08-20 | 上海电力学院 | OPC safety proxy system and proxy method thereof |
| CN102710628A (en) * | 2012-05-25 | 2012-10-03 | 东莞中山大学研究院 | Home-gateway based cloud security encryption method and system |
| CN103067166A (en) * | 2011-10-19 | 2013-04-24 | 海尔集团公司 | Grading mixing encryption method and device of intelligent family system |
| CN107018070A (en) * | 2016-01-28 | 2017-08-04 | 南水北调中线干线工程建设管理局 | A kind of isomery multimode gateway equipment and its transmission method and application |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106416172B (en) * | 2014-03-24 | 2020-03-27 | 诺基亚技术有限公司 | Method and apparatus for content management |
-
2018
- 2018-09-25 CN CN201811112828.0A patent/CN109150902B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247391A (en) * | 2007-12-28 | 2008-08-20 | 上海电力学院 | OPC safety proxy system and proxy method thereof |
| CN103067166A (en) * | 2011-10-19 | 2013-04-24 | 海尔集团公司 | Grading mixing encryption method and device of intelligent family system |
| CN102710628A (en) * | 2012-05-25 | 2012-10-03 | 东莞中山大学研究院 | Home-gateway based cloud security encryption method and system |
| CN107018070A (en) * | 2016-01-28 | 2017-08-04 | 南水北调中线干线工程建设管理局 | A kind of isomery multimode gateway equipment and its transmission method and application |
Non-Patent Citations (1)
| Title |
|---|
| 构建融合智慧物业、智慧家庭安防、 智能家居功能的家庭网关系统;秦永春;《中国有线电视》;20180627(第5期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109150902A (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108428141B (en) | Food traceability information management system based on ERP system and block chain | |
| CN101465735B (en) | Network user identification verification method, server and client terminal | |
| CN102572314B (en) | Image sensor and payment authentication method | |
| CN104486075B (en) | A kind of verification method of intelligent substation ICD model file digital signature | |
| CN103838875B (en) | A kind of information acquisition system and its method based on Quick Response Code | |
| CN104580246B (en) | Dynamic and intelligent safe key is produced and managing and control system and method under WiFi environment | |
| CN104574593A (en) | Virtual key based on Bluetooth communication as well as anti-theft lock system and application method thereof | |
| CN103905469B (en) | Security control system and method applied to smart grid wireless sensing network and cloud computing | |
| CN102571357A (en) | Signature realization method and signature realization device | |
| CN111431841B (en) | Internet of things security sensing system and Internet of things data security transmission method | |
| EP3972315B1 (en) | Network device identification | |
| CN105512518A (en) | Cipher algorithm identification method and system based on only-ciphertext | |
| CN106650478A (en) | Data operation management device and method | |
| CN113704780A (en) | Model-driven-based power distribution network user side information adaptive encryption method | |
| CN117056961A (en) | Privacy information retrieval method and computer readable storage medium | |
| CN109150902B (en) | Encryption device based on home gateway system and encryption method thereof | |
| CN115277040B (en) | Medical health data storage and sharing method and system based on blockchain technology | |
| CN112272090B (en) | Key generation method and device | |
| CN115776413B (en) | Iris encryption-based data transmission method and system | |
| CN102158856A (en) | Mobile terminal identification code authentication system and method, server and terminal | |
| CN108696865A (en) | A kind of radio sensing network node safety certifying method | |
| CN105872013A (en) | Cloud computing system | |
| CN115643085A (en) | Internet of things equipment safety protection method and system | |
| CN102291716A (en) | Wireless Internet surfing card client and mobile terminal | |
| CN112839044B (en) | Audio processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210309 Address after: Room 202, 2nd floor, Qilu Software Park building, south head, Xinyu Road, high tech Zone, Jinan City, Shandong Province Applicant after: Shandong Weiping Information Security Evaluation Technology Co.,Ltd. Address before: 110326 huaniubao village, Hutai Town, Xinmin City, Shenyang City, Liaoning Province Applicant before: Zhang Lijiang |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |