CN109218021A - A kind of safe internet of things data communication means of new generation - Google Patents

A kind of safe internet of things data communication means of new generation Download PDF

Info

Publication number
CN109218021A
CN109218021A CN201811242087.8A CN201811242087A CN109218021A CN 109218021 A CN109218021 A CN 109218021A CN 201811242087 A CN201811242087 A CN 201811242087A CN 109218021 A CN109218021 A CN 109218021A
Authority
CN
China
Prior art keywords
interface
title
privacy
message
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811242087.8A
Other languages
Chinese (zh)
Other versions
CN109218021B (en
Inventor
王晓喃
窦正雄
李燕丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Keyi Information Technology Co ltd
Original Assignee
Changshu Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changshu Institute of Technology filed Critical Changshu Institute of Technology
Priority to CN201811242087.8A priority Critical patent/CN109218021B/en
Publication of CN109218021A publication Critical patent/CN109218021A/en
Application granted granted Critical
Publication of CN109218021B publication Critical patent/CN109218021B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/12Shortest path evaluation
    • H04L45/123Evaluation of link metrics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of safe internet of things data communication means of new generation, and stating Internet of Things includes more than two routers, more than two servers and more than two nodes;A kind of data are by a title unique identification;Node is divided into consumption node and production node;Consuming node is to have permission the node for obtaining a kind of data;Producing node is the node for having permission publication and updating a kind of data;In the present invention, node can quick obtaining data, considerably reduce data communication delays, improve data communication quality.Present invention can apply to the numerous areas such as traffic prosecution and agricultural engineerization, are with a wide range of applications.

Description

A kind of safe internet of things data communication means of new generation
Technical field
The present invention relates to a kind of communication means more particularly to a kind of safe internet of things data communication parties of new generation Method.
Background technique
Forwarding and routing by intermediate node are communicated between node in Internet of Things of new generation to realize, therefore, are realized It is exactly to reduce data transfer delay that Internet of Things of new generation, which needs one of the key technology solved, to allow users to quick obtaining Network service.With the development of technology of Internet of things of new generation, Internet of Things of new generation can become future network and provide one kind of service Mode.
Currently, the implementation pattern of Internet of Things of new generation is to be realized by broadcasting, therefore delay and cost are all bigger, drop Low network service performance.Therefore, how to reduce Internet of Things of new generation and provide the delay serviced and cost as Recent study Hot issue.
Summary of the invention
Goal of the invention: a kind of safe the technical problem to be solved by the present invention is in view of the deficiencies of the prior art, provide Internet of things data communication means of new generation.
Technical solution: the invention discloses a kind of safe internet of things data communication means of new generation, which is characterized in that institute Stating Internet of Things includes more than two routers, more than two servers and more than two nodes;
A kind of data are by a title unique identification;Node is divided into consumption node and production node;Consumption node is to have the right Limit obtains a kind of node of data, such as obtains TV play video data;Node is produced to have permission publication and updating a kind of number According to node, such as publication and update TV play video data;
One production node is authorized to publication and updates the data of more than one types, and a type of data can be by two The publication of production node and update of a above authorization;
The consumption node and production nodal information of the data of one type can only be stored in the server of an authorization, and one A server can authorize the consumption node for saving a kind of or more than two categorical datas and production nodal information;
One consumption node is authorized to the data for obtaining more than one Class Types;
The corresponding private key of a type of data and a public key, public key be the title of the mark data, private key the Tripartite's authentication agency issues, such as e-business certification authorized organization (CA, Certificate Authority);
When a consumption node, which is authorized to, obtains a type of data, the private key and public affairs of the type data can be obtained Key consumes node using the public key of private key encryption the type data of the type data and obtains encrypted title, encrypted Title is known as privacy title, and Encryption Algorithm can use any rivest, shamir, adelman, such as RSA;When a production node quilt When authorization issues and updates a type of data, the private key and public key of the type data can be obtained, production node utilizes should The public key of private key encryption the type data of categorical data obtains the privacy title of the data;It is saved when a server is authorized to When a kind of consumption node of categorical data and production nodal information, the private key and public key of the type data, the service can be obtained Device obtains the privacy title of the data using the public key of private key encryption the type data of the type data;
One production node, consumption node and server save a key list respectively;One cipher key list items is by private key, public affairs Key and privacy title are constituted;
One production node executes operations described below: the production for oneself having permission each type data of publication and update Node creates a cipher key list items, and the private key thresholding of the cipher key list items is the private key of the type data, and public key thresholding is that mark should The title of categorical data, privacy title thresholding are the privacy title of the type data;
One consumption node executes operations described below for oneself having permission each type data of acquisition: the consumption node is created A cipher key list items are built, the private key thresholding of the cipher key list items is the private key of the type data, and public key thresholding is mark the type number According to title, privacy title thresholding be the type data privacy title;
If a server has permission the consumption node for saving a kind of categorical data and the information for producing node, execute Operations described below: the server creates a cipher key list items, and the private key thresholding of the cipher key list items is the private key of the type data, public key Thresholding is to identify the title of the type data, and privacy title thresholding is the privacy title of the type data;
One node or server configure an interface, the more than two interfaces of configuration of routers, the interface It is divided into Upstream Interface and downstream interface;One Upstream Interface is connected with a router, a downstream interface and a node or Person's server is connected;
For one interface by an interface ID unique identification, the interface that an interface ID is x is abbreviated as interface x;
Node is communicated by message, and a kind of message is by type of message unique identification;
Value of message types is as follows:
Type of message title Value of message types
Server gives out information 1
Consume message 2
Produce message 3
Request message 4
Response message 5
PUSH message 6
Each router safeguards that a server table, a server list item include the domain interface ID, privacy title-domain and life Order period region;Server is given out information by sending server come safeguard service device table, and a server gives out information comprising disappearing Cease type and privacy name set;Server S 1 is connected with router R1, and is periodically executed operations described below with safeguard service device table:
Step 101: starting;
Step 102: server S 1 constructs a key title lumped parameter PNS1, checks cipher key list items and by each key Privacy title thresholding in list item is added in parameter PNS1, is sent a server and is given out information, which gives out information Value of message types be 1, privacy name set thresholding be parameter PNS1 value;
Step 103: router R1 is received after the server gives out information from downstream interface f1 and is checked server table;For Each element E1 in the key name set that the server gives out information, router R1 execute operations described below: if there is one A server list item, the interface ID of the server list item are equal to f1, and privacy title is equal to element E1 and life cycle is not less than most The difference of big Lifetime values M1 and threshold value T1, then follow the steps 113, no to then follow the steps 104;Maximum lifetime value M1 and threshold Value T1 is preset, and M1 is much larger than T1, such as M1 can be 1s with value, and T1 value is 100ms;
Step 104: router R1 judges whether there is a server list item, and the interface ID of the server list item is equal to f1 And privacy title is equal to element E1, it is no to then follow the steps 106 if it is thening follow the steps 105;
Step 105: router R1 selects a server list item, and the interface ID of the server list item is equal to f1 and privacy name Claim to be equal to element E1, sets maximum lifetime value for the life cycle of the server list item, execute step 107;
Step 106: router R1 creates a server list item, and the interface ID of the server list item is equal to f1, privacy name Claim to be equal to element E1, life cycle is set as maximum lifetime value;
Step 107: router R1 gives out information from the server that the forwarding of each Upstream Interface receives;
Step 108: router receives after the server gives out information from Upstream Interface f2 and checks server table;For this Each element E2 in the key name set that server gives out information, the router execute operations described below: if there is one Server list item, the interface ID of the server list item are equal to f2, and privacy title is equal to element E2 and life cycle is not less than maximum The difference of Lifetime values M1 and threshold value T1, then follow the steps 113, no to then follow the steps 109;
Step 109: receiving the router that the server gives out information from Upstream Interface f2 and judge whether there is a clothes It being engaged in device list item, the interface ID of the server list item is equal to f2 and privacy title is equal to element E2, if it is thening follow the steps 110, It is no to then follow the steps 111;
Step 110: the router that the server gives out information, which is received, from Upstream Interface f2 selects a server list item, The interface ID of the server list item is equal to f2 and privacy title is equal to element E2, sets the life cycle of the server list item to Maximum lifetime value executes step 112;
Step 111: the router that the server gives out information, which is received, from Upstream Interface f2 creates a server list item, The interface ID of the server list item is equal to f2, and privacy title is equal to element E2, and life cycle is set as maximum lifetime value;
Step 112: receiving router that the server gives out information from other than interface f2 from Upstream Interface f2 The server that each Upstream Interface forwarding receives gives out information, and executes step 108;
Step 113: terminating.
Server can be established to the routed path of oneself by the above process, since each router only handles first A server received gives out information, and is given out information according to the server and is established to the routed path of server, therefore really Protected router reach the server path performance be it is optimal, to reduce data communication cost and delay.
In the method for the invention, a server safeguards a consumption schedule, and each consumption list item is gathered by interface ID, hidden Private title and life cycle are constituted;It consumes node and consumption schedule is safeguarded by consumption message;One consumption message includes type of message, Interface ID set and privacy title;Consumption node CS1 is periodically executed operations described below maintenance consumption schedule:
Step 201: starting;
Step 202: consumption node CS1 checks key list, for each cipher key list items, consumes node CS1 and executes following behaviour Make: consumption node CS1 sends a consumption message, and the value of message types of the consumption message is 2, and interface ID collection is combined into sky, privacy Title is equal to the privacy title of the cipher key list items;
Step 203: judgement is that server or router from interface f3 receive the consumption message, then if it is server Step 205 is executed, it is no to then follow the steps 204;
Step 204: after router receives the consumption message from interface f3, interface f3 being added to connecing for the consumption message In mouth ID set and as the last one element;The router selects a server list item, the privacy name of the server list item Claim the privacy title for being equal to the consumption message, the interface identified from the interface ID thresholding of the server list item forwards the consumption to disappear Breath executes step 203;
Step 205: after server receives the consumption message, checking consumption schedule, if there is a consumption list item, this disappears The privacy title and interface ID set thresholding for taking list item are respectively equal to the privacy title and interface ID set thresholding of the consumption message, Then maximum value is set by the life cycle of the consumption list item;Otherwise, which creates a consumption list item, the consumption list item Privacy title and interface ID set thresholding be respectively equal to the consumption message privacy title and interface ID set thresholding, Life Cycle Phase is set as maximum value;
Step 206: terminating.
Consumer establishes the routed path that server reaches oneself by the above process, since consumer reaches server Routed path is realized by server table, and server table constructs the optimal routing road that server reaches each router Diameter, therefore it is also optimal that server, which reaches the performance of the routed path of consumer, to reduce the generation that consumer obtains data Valence and delay.
In the method for the invention, a consumption node and production node save a tables of data respectively;Each tables of data Item includes privacy title, data field and timestamp;One server safeguards a production table, and each production list item is by interface ID collection Conjunction, privacy title, timestamp and life cycle are constituted;It produces node and passes through production message maintenance production table;One production message Comprising type of message, interface ID set and privacy title and timestamp;Production node P1 is periodically executed operations described below maintenance production Table:
Step 301: starting;
Step 302: production node P1 checks key list, for each cipher key list items, produces node P1 and executes operations described below: It produces node P1 and selects a data table items, the privacy title of the data table items is equal to the privacy title of the cipher key list items, sends One production message, the value of message types of the production message are 3, and interface ID collection is combined into sky, and privacy title and timestamp are respectively etc. In the privacy title and timestamp of the data table items;
Step 303: judgement is that server or router from interface x1 receive the production message, then if it is router Step 305 is executed, it is no to then follow the steps 304;
Step 304: after router receives the production message from interface x1, interface x1 being added to connecing for the production message In mouth ID set and as the last one element;The router selects a server list item, the privacy name of the server list item Claim the privacy title for being equal to the production message, the interface identified from the interface ID thresholding of the server list item forwards the production to disappear Breath executes step 303;
Step 305: after server receives the production message, production table is checked, if there is a production list item, the life The privacy title and interface ID set thresholding for producing list item are respectively equal to the privacy title and interface ID set thresholding of the production message, Then it is the timestamp thresholding of the production message by the time stamp setting of the production list item, sets maximum value for life cycle;It is no Then, which creates a production list item, and privacy title and interface ID the set thresholding of the production list item are respectively equal to the life The privacy title and interface ID for producing message gather thresholding, and time stamp setting is the timestamp thresholding of the production message, by Life Cycle Phase is set as maximum value;
Step 306: terminating.
The producer establishes the routed path that server reaches oneself by the above process, while server also saves production Person issues the newest time of perhaps more new data in this way, consumer can be from the production section for issuing or updating latest data Point obtains data, it is ensured that the real-time and validity of data;In addition, the routed path that the producer reaches server is based on server Table realizes that, since server table constructs optimal routed path that server reaches each router, server reaches The performance of the routed path of the producer is also optimal, to reduce propelling data and obtain the cost and delay of data.
In the method for the invention, consumption node obtains data, request message and sound using request message and response message Answer message by type of message, interface ID set, privacy title and load are constituted;Acquisition title is had permission in consumption node CS1 The data that NA1 is identified, under conditions of the entitled PNA1 of the privacy of title NA1, consumption node CS1 passes through following processes acquisition name The data for claiming NA1 to be identified:
Step 401: starting;
Step 402: consumption node CS1 sends request message, and the value of message types of the request message is 4, interface ID set For sky, the entitled PNA1 of privacy is loaded as sky;
Step 403: judgement is that server or router from interface y1 receive the request message, then if it is server Step 405 is executed, it is no to then follow the steps 404;
Step 404: after router receives the request message from interface y1, interface y1 being added to connecing for the request message In mouth ID set and as the last one element;The router selects a server list item, the privacy name of the server list item Claim the privacy title for being equal to the request message, which is forwarded by the interface that the interface ID thresholding of the server list item is identified Message executes step 403;
Step 405: after server receives the request message, selecting a consumption list item, the privacy name of the consumption list item Identical and timestamp is referred to as newest with the privacy title of the request message, one interface ID lumped parameter a1 of the server construction, The interface ID that the value of parameter a1 is equal to the request message gathers, and sets the consumption schedule for the interface ID set of the request message The interface ID set of item, load are set as parameter a1, send the request message;
Step 406: if node receives the request message, then follow the steps 410, it is no to then follow the steps 407;
Step 407: if router receives the request message from downstream interface, thening follow the steps 409, otherwise execute step Rapid 408;
Step 408: router receives the request message from Upstream Interface y2, and interface y2 is added to the request message and is born In the parameter a1 of load and as the last one element;
Step 409: the router for receiving request message selects the last one element in request message interface ID set The interface of mark deletes the last one element from request message interface ID set, sends the request from the interface chosen and disappear Breath executes step 406;
Step 410: the node for receiving request message selects a data table items, and the privacy title of the data table items is equal to The privacy title of the request message, selects a cipher key list items, and the privacy title of the cipher key list items is equal to the hidden of the request message Private title;The node obtains encrypted data using the data field value in the public key encryption of the cipher key list items data table items; The node sends a response message, and the value of message types of the response message is 5, and interface ID set is equal to the request message and loads In parameter a1, privacy title is equal to the privacy title of the request message, loads as in encrypted data and the data table items Timestamp;
Step 411: judgement is that node or router receive the response message, thens follow the steps 413 if it is node, It is no to then follow the steps 412;
Step 412: after router receives the response message, selecting the last one member in response message interface ID set The interface of element mark deletes the last one element from response message interface ID set, sends the response from the interface chosen Message executes step 411;
Step 413: node selects a cipher key list items after receiving response message, and the privacy title of the cipher key list items is equal to The privacy title of the response message is decrypted the data encrypted in response message load using the private key of the cipher key list items and is solved Data after close;The node judges whether there is a data table items, and the privacy title of the data table items is equal to the response message Privacy title, if it does, the node then by the data thresholding of the data table items be updated to decryption after data, by timestamp The timestamp being set as in response message load;Otherwise, which creates a data table items, the privacy name of the data table items Claim the privacy title for being equal to the response message, data thresholding is equal to the data after decryption, and time stamp setting is negative for the response message Timestamp in load;
Step 414: terminating.
Data needed for consumption node obtains by the above process, since data communication is realized using consumption schedule and production table, And consumption schedule establishes the optimal path that consumption node reaches server, production table establishes production node and reaches the optimal of server Path, therefore consuming node can be by optimal path from production node acquisition data, to effectively reduce data communication Delay and cost;It is issued or the newest time of more new data in addition, server saves the producer, in this way, consumer can To obtain data from the production node for issuing or updating latest data, the real-time and validity of data are ensured that, into One step reduces the cost and delay that consumption node obtains data.
In the method for the invention, production node is using PUSH message publication and more new data, and PUSH message is by message class Type, interface ID set, privacy title and load are constituted;Have permission what publication was identified with more newname NA1 in production node P1 Data, under conditions of the entitled PNA1 of the privacy of title NA1, if production node P1 publication or have updated is marked by title NA1 The data of knowledge then execute following processes:
Step 501: starting;
Step 502: production node P1 selects a data table items, and the privacy title of the data table items is equal to PNA1, selection The privacy title of one cipher key list items, the cipher key list items is equal to PNA1;Produce the public key encryption that node P1 uses the cipher key list items Data field value in the data table items obtains encrypted data;The node sends a PUSH message, which disappears Ceasing types value is 6, and interface ID set is equal to sky, and privacy title is equal to PNA1, loads as encrypted data and the data table items In timestamp;
Step 503: if server receives the PUSH message, then follow the steps 505, it is no to then follow the steps 504;
Step 504: after router receives the PUSH message from interface z1, interface z1 being added to connecing for the PUSH message In mouth ID set and as the last one element, which selects a server list item, the privacy name of the server list item Claim the privacy title for being equal to the PUSH message, which is forwarded by the interface that the interface ID thresholding of the server list item is identified Message executes step 503;
Step 505: after server receives the PUSH message, selecting a consumption list item, the privacy name of the consumption list item Claim and interface ID set is respectively equal to the privacy title of the PUSH message and interface ID gathers, more by the timestamp of the consumption list item It is newly the timestamp in PUSH message load, sets maximum value for life cycle;The server selects all privacy titles Thresholding is equal to the consumption list item of the PUSH message privacy title, and for each consumption list item chosen, which executes following Operation: the server gathers the interface ID that the interface ID set of the PUSH message is updated to the consumption list item, sends the push Message;
Step 506: after node receives the PUSH message, step 508 is executed, it is no to then follow the steps 507;
Step 507: after router receives the PUSH message, selecting the last one member in PUSH message interface ID set The interface of element mark deletes the last one element from PUSH message interface ID set, sends the push from the interface chosen Message executes step 506;
Step 508: node selects a cipher key list items after receiving PUSH message, and the privacy title of the cipher key list items is equal to The privacy title of the PUSH message is decrypted the data encrypted in PUSH message load using the private key of the cipher key list items and is solved Data after close;The node checks whether that, there are a data table items, the privacy title of the data table items is equal to the PUSH message Privacy title, if it does, the node then by the data thresholding of the data table items be updated to decryption after data, by timestamp The timestamp being set as in PUSH message load;Otherwise, which creates a data table items, the privacy name of the data table items Claim the privacy title for being equal to the PUSH message, data thresholding is equal to the data after decryption, and time stamp setting is negative for the PUSH message Timestamp in load;
Step 509: terminating.
It produces node and gives publication or the data-pushing updated to consumption node, above-mentioned data-pushing mistake by the above process Cheng Liyong produces table and consumption schedule is realized, production table establishes the optimal path that production node reaches server, and consumption schedule is established Consumption node reaches the optimal path of server, therefore produces node and push data into consumption node by optimal path, To effectively reduce the delay and cost of data-pushing;Meanwhile above-mentioned push process ensures that consumer can be fast at the first time Speed obtains the data of newest publication or update, it is ensured that the real-time and validity of data.
The utility model has the advantages that the present invention provides a kind of safe internet of things data communication means of new generation, and in the present invention, section Point can quick obtaining data, considerably reduce data communication delays, improve data communication quality.Present invention can apply to The numerous areas such as traffic prosecution and agricultural engineerization, are with a wide range of applications.
Detailed description of the invention
The present invention is done with reference to the accompanying drawings and detailed description and is further illustrated, of the invention is above-mentioned And/or otherwise advantage will become apparent.
Fig. 1 is safeguard service device table flow diagram of the present invention.
Fig. 2 is maintenance consumption schedule flow diagram of the present invention.
Fig. 3 is that maintenance of the present invention produces table flow diagram.
Fig. 4 is acquisition data flow diagram of the present invention.
Fig. 5 is that data of the present invention update flow diagram.
Specific embodiment:
The present invention provides a kind of safe internet of things data communication means of new generation, and in the present invention, node can be fast Speed obtains data, considerably reduces data communication delays, improves data communication quality.Present invention can apply to traffics The numerous areas such as prosecution and agricultural engineerization, are with a wide range of applications.
Fig. 1 is safeguard service device table flow diagram of the present invention.The Internet of Things includes more than two routings Device, more than two servers and more than two nodes;
A kind of data are by a title unique identification;Node is divided into consumption node and production node;Consumption node is to have the right Limit obtains a kind of node of data, such as obtains TV play video data;Node is produced to have permission publication and updating a kind of number According to node, such as publication and update TV play video data;
One production node is authorized to publication and updates the data of more than one types, and a type of data can be by two The publication of production node and update of a above authorization;
The consumption node and production nodal information of the data of one type can only be stored in the server of an authorization, and one A server can authorize the consumption node for saving a kind of or more than two categorical datas and production nodal information;
One consumption node is authorized to the data for obtaining more than one Class Types;
The corresponding private key of a type of data and a public key, public key be the title of the mark data, private key the Tripartite's authentication agency issues, such as e-business certification authorized organization (CA, Certificate Authority);
When a consumption node, which is authorized to, obtains a type of data, the private key and public affairs of the type data can be obtained Key consumes node using the public key of private key encryption the type data of the type data and obtains encrypted title, encrypted Title is known as privacy title, and Encryption Algorithm can use any rivest, shamir, adelman, such as RSA;When a production node quilt When authorization issues and updates a type of data, the private key and public key of the type data can be obtained, production node utilizes should The public key of private key encryption the type data of categorical data obtains the privacy title of the data;It is saved when a server is authorized to When a kind of consumption node of categorical data and production nodal information, the private key and public key of the type data, the service can be obtained Device obtains the privacy title of the data using the public key of private key encryption the type data of the type data;
One production node, consumption node and server save a key list respectively;One cipher key list items is by private key, public affairs Key and privacy title are constituted;
One production node executes operations described below: the production for oneself having permission each type data of publication and update Node creates a cipher key list items, and the private key thresholding of the cipher key list items is the private key of the type data, and public key thresholding is that mark should The title of categorical data, privacy title thresholding are the privacy title of the type data;
One consumption node executes operations described below for oneself having permission each type data of acquisition: the consumption node is created A cipher key list items are built, the private key thresholding of the cipher key list items is the private key of the type data, and public key thresholding is mark the type number According to title, privacy title thresholding be the type data privacy title;
If a server has permission the consumption node for saving a kind of categorical data and the information for producing node, execute Operations described below: the server creates a cipher key list items, and the private key thresholding of the cipher key list items is the private key of the type data, public key Thresholding is to identify the title of the type data, and privacy title thresholding is the privacy title of the type data;
One node or server configure an interface, the more than two interfaces of configuration of routers, the interface It is divided into Upstream Interface and downstream interface;One Upstream Interface is connected with a router, a downstream interface and a node or Person's server is connected;
For one interface by an interface ID unique identification, the interface that an interface ID is x is abbreviated as interface x;
Node is communicated by message, and a kind of message is by type of message unique identification;
Value of message types is as follows:
Type of message title Value of message types
Server gives out information 1
Consume message 2
Produce message 3
Request message 4
Response message 5
PUSH message 6
Each router safeguards that a server table, a server list item include the domain interface ID, privacy title-domain and life Order period region;Server is given out information by sending server come safeguard service device table, and a server gives out information comprising disappearing Cease type and privacy name set;Server S 1 is connected with router R1, and is periodically executed operations described below with safeguard service device table:
Step 101: starting;
Step 102: server S 1 constructs a key title lumped parameter PNS1, checks cipher key list items and by each key Privacy title thresholding in list item is added in parameter PNS1, is sent a server and is given out information, which gives out information Value of message types be 1, privacy name set thresholding be parameter PNS1 value;
Step 103: router R1 is received after the server gives out information from downstream interface f1 and is checked server table;For Each element E1 in the key name set that the server gives out information, router R1 execute operations described below: if there is one A server list item, the interface ID of the server list item are equal to f1, and privacy title is equal to element E1 and life cycle is not less than most The difference of big Lifetime values M1 and threshold value T1, then follow the steps 113, no to then follow the steps 104;Maximum lifetime value M1 and threshold Value T1 is preset, and M1 is much larger than T1, such as M1 can be 1s with value, and T1 value is 100ms;
Step 104: router R1 judges whether there is a server list item, and the interface ID of the server list item is equal to f1 And privacy title is equal to element E1, it is no to then follow the steps 106 if it is thening follow the steps 105;
Step 105: router R1 selects a server list item, and the interface ID of the server list item is equal to f1 and privacy name Claim to be equal to element E1, sets maximum lifetime value for the life cycle of the server list item, execute step 107;
Step 106: router R1 creates a server list item, and the interface ID of the server list item is equal to f1, privacy name Claim to be equal to element E1, life cycle is set as maximum lifetime value;
Step 107: router R1 gives out information from the server that the forwarding of each Upstream Interface receives;
Step 108: router receives after the server gives out information from Upstream Interface f2 and checks server table;For this Each element E2 in the key name set that server gives out information, the router execute operations described below: if there is one Server list item, the interface ID of the server list item are equal to f2, and privacy title is equal to element E2 and life cycle is not less than maximum The difference of Lifetime values M1 and threshold value T1, then follow the steps 113, no to then follow the steps 109;
Step 109: receiving the router that the server gives out information from Upstream Interface f2 and judge whether there is a clothes It being engaged in device list item, the interface ID of the server list item is equal to f2 and privacy title is equal to element E2, if it is thening follow the steps 110, It is no to then follow the steps 111;
Step 110: the router that the server gives out information, which is received, from Upstream Interface f2 selects a server list item, The interface ID of the server list item is equal to f2 and privacy title is equal to element E2, sets the life cycle of the server list item to Maximum lifetime value executes step 112;
Step 111: the router that the server gives out information, which is received, from Upstream Interface f2 creates a server list item, The interface ID of the server list item is equal to f2, and privacy title is equal to element E2, and life cycle is set as maximum lifetime value;
Step 112: receiving router that the server gives out information from other than interface f2 from Upstream Interface f2 The server that each Upstream Interface forwarding receives gives out information, and executes step 108;
Step 113: terminating.
Server can be established to the routed path of oneself by the above process, since each router only handles first A server received gives out information, and is given out information according to the server and is established to the routed path of server, therefore really Protected router reach the server path performance be it is optimal, to reduce data communication cost and delay.
Fig. 2 is maintenance consumption schedule flow diagram of the present invention.One server safeguards a consumption schedule, each disappears Expense list item is gathered by interface ID, and privacy title and life cycle are constituted;It consumes node and consumption schedule is safeguarded by consumption message;One Consuming message includes type of message, interface ID set and privacy title;Consumption node CS1 is periodically executed operations described below maintenance consumption Table:
Step 201: starting;
Step 202: consumption node CS1 checks key list, for each cipher key list items, consumes node CS1 and executes following behaviour Make: consumption node CS1 sends a consumption message, and the value of message types of the consumption message is 2, and interface ID collection is combined into sky, privacy Title is equal to the privacy title of the cipher key list items;
Step 203: judgement is that server or router from interface f3 receive the consumption message, then if it is server Step 205 is executed, it is no to then follow the steps 204;
Step 204: after router receives the consumption message from interface f3, interface f3 being added to connecing for the consumption message In mouth ID set and as the last one element;The router selects a server list item, the privacy name of the server list item Claim the privacy title for being equal to the consumption message, the interface identified from the interface ID thresholding of the server list item forwards the consumption to disappear Breath executes step 203;
Step 205: after server receives the consumption message, checking consumption schedule, if there is a consumption list item, this disappears The privacy title and interface ID set thresholding for taking list item are respectively equal to the privacy title and interface ID set thresholding of the consumption message, Then maximum value is set by the life cycle of the consumption list item;Otherwise, which creates a consumption list item, the consumption list item Privacy title and interface ID set thresholding be respectively equal to the consumption message privacy title and interface ID set thresholding, Life Cycle Phase is set as maximum value;
Step 206: terminating.
Consumer establishes the routed path that server reaches oneself by the above process, since consumer reaches server Routed path is realized by server table, and server table constructs the optimal routing road that server reaches each router Diameter, therefore it is also optimal that server, which reaches the performance of the routed path of consumer, to reduce the generation that consumer obtains data Valence and delay.
Fig. 3 is that maintenance of the present invention produces table flow diagram.One consumption node and production node save respectively One tables of data;Each data table items include privacy title, data field and timestamp;One server safeguards a production table, Each production list item is made of interface ID set, privacy title, timestamp and life cycle;It produces node and passes through production message dimension Probationer nurse produces table;One production message includes type of message, interface ID set and privacy title and timestamp;It is regular to produce node P1 It executes operations described below and safeguards consumption schedule:
Step 301: starting;
Step 302: production node P1 checks key list, for each cipher key list items, produces node P1 and executes operations described below: It produces node P1 and selects a data table items, the privacy title of the data table items is equal to the privacy title of the cipher key list items, sends One production message, the value of message types of the production message are 3, and interface ID collection is combined into sky, and privacy title and timestamp are respectively etc. In the privacy title and timestamp of the data table items;
Step 303: judgement is that server or router from interface x1 receive the production message, then if it is router Step 305 is executed, it is no to then follow the steps 304;
Step 304: after router receives the production message from interface x1, interface x1 being added to connecing for the production message In mouth ID set and as the last one element;The router selects a server list item, the privacy name of the server list item Claim the privacy title for being equal to the production message, the interface identified from the interface ID thresholding of the server list item forwards the production to disappear Breath executes step 303;
Step 305: after server receives the production message, production table is checked, if there is a production list item, the life The privacy title and interface ID set thresholding for producing list item are respectively equal to the privacy title and interface ID set thresholding of the production message, Then it is the timestamp thresholding of the production message by the time stamp setting of the production list item, sets maximum value for life cycle;It is no Then, which creates a production list item, and privacy title and interface ID the set thresholding of the production list item are respectively equal to the life The privacy title and interface ID for producing message gather thresholding, and time stamp setting is the timestamp thresholding of the production message, by Life Cycle Phase is set as maximum value;
Step 306: terminating.
The producer establishes the routed path that server reaches oneself by the above process, while server also saves production Person issues the newest time of perhaps more new data in this way, consumer can be from the production section for issuing or updating latest data Point obtains data, it is ensured that the real-time and validity of data;In addition, the routed path that the producer reaches server is based on server Table realizes that, since server table constructs optimal routed path that server reaches each router, server reaches The performance of the routed path of the producer is also optimal, to reduce propelling data and obtain the cost and delay of data.
Fig. 4 is acquisition data flow diagram of the present invention.Consumption node is obtained using request message and response message Evidence, request message and response message fetch by type of message, interface ID set, privacy title and load are constituted;It is saved in consumption Point CS1, which has permission, obtains the data that title NA1 is identified, and under conditions of the entitled PNA1 of the privacy of title NA1, consumes node CS1 obtains the data that title NA1 is identified by following processes:
Step 401: starting;
Step 402: consumption node CS1 sends request message, and the value of message types of the request message is 4, interface ID set For sky, the entitled PNA1 of privacy is loaded as sky;
Step 403: judgement is that server or router from interface y1 receive the request message, then if it is server Step 405 is executed, it is no to then follow the steps 404;
Step 404: after router receives the request message from interface y1, interface y1 being added to connecing for the request message In mouth ID set and as the last one element;The router selects a server list item, the privacy name of the server list item Claim the privacy title for being equal to the request message, which is forwarded by the interface that the interface ID thresholding of the server list item is identified Message executes step 403;
Step 405: after server receives the request message, selecting a consumption list item, the privacy name of the consumption list item Identical and timestamp is referred to as newest with the privacy title of the request message, one interface ID lumped parameter a1 of the server construction, The interface ID that the value of parameter a1 is equal to the request message gathers, and sets the consumption schedule for the interface ID set of the request message The interface ID set of item, load are set as parameter a1, send the request message;
Step 406: if node receives the request message, then follow the steps 410, it is no to then follow the steps 407;
Step 407: if router receives the request message from downstream interface, thening follow the steps 409, otherwise execute step Rapid 408;
Step 408: router receives the request message from Upstream Interface y2, and interface y2 is added to the request message and is born In the parameter a1 of load and as the last one element;
Step 409: the router for receiving request message selects the last one element in request message interface ID set The interface of mark deletes the last one element from request message interface ID set, sends the request from the interface chosen and disappear Breath executes step 406;
Step 410: the node for receiving request message selects a data table items, and the privacy title of the data table items is equal to The privacy title of the request message, selects a cipher key list items, and the privacy title of the cipher key list items is equal to the hidden of the request message Private title;The node obtains encrypted data using the data field value in the public key encryption of the cipher key list items data table items; The node sends a response message, and the value of message types of the response message is 5, and interface ID set is equal to the request message and loads In parameter a1, privacy title is equal to the privacy title of the request message, loads as in encrypted data and the data table items Timestamp;
Step 411: judgement is that node or router receive the response message, thens follow the steps 413 if it is node, It is no to then follow the steps 412;
Step 412: after router receives the response message, selecting the last one member in response message interface ID set The interface of element mark deletes the last one element from response message interface ID set, sends the response from the interface chosen Message executes step 411;
Step 413: node selects a cipher key list items after receiving response message, and the privacy title of the cipher key list items is equal to The privacy title of the response message is decrypted the data encrypted in response message load using the private key of the cipher key list items and is solved Data after close;The node judges whether there is a data table items, and the privacy title of the data table items is equal to the response message Privacy title, if it does, the node then by the data thresholding of the data table items be updated to decryption after data, by timestamp The timestamp being set as in response message load;Otherwise, which creates a data table items, the privacy name of the data table items Claim the privacy title for being equal to the response message, data thresholding is equal to the data after decryption, and time stamp setting is negative for the response message Timestamp in load;
Step 414: terminating.
Data needed for consumption node obtains by the above process, since data communication is realized using consumption schedule and production table, And consumption schedule establishes the optimal path that consumption node reaches server, production table establishes production node and reaches the optimal of server Path, therefore consuming node can be by optimal path from production node acquisition data, to effectively reduce data communication Delay and cost;It is issued or the newest time of more new data in addition, server saves the producer, in this way, consumer can To obtain data from the production node for issuing or updating latest data, the real-time and validity of data are ensured that, into One step reduces the cost and delay that consumption node obtains data.
Fig. 5 is that data of the present invention update flow diagram.It produces node and number is issued and updated using PUSH message According to PUSH message is made of type of message, interface ID set, privacy title and load;Production node P1 have permission publication and The data that more newname NA1 is identified, under conditions of the entitled PNA1 of the privacy of title NA1, if production node P1 publication or Person has updated the data identified by title NA1, then executes following processes:
Step 501: starting;
Step 502: production node P1 selects a data table items, and the privacy title of the data table items is equal to PNA1, selection The privacy title of one cipher key list items, the cipher key list items is equal to PNA1;Produce the public key encryption that node P1 uses the cipher key list items Data field value in the data table items obtains encrypted data;The node sends a PUSH message, which disappears Ceasing types value is 6, and interface ID set is equal to sky, and privacy title is equal to PNA1, loads as encrypted data and the data table items In timestamp;
Step 503: if server receives the PUSH message, then follow the steps 505, it is no to then follow the steps 504;
Step 504: after router receives the PUSH message from interface z1, interface z1 being added to connecing for the PUSH message In mouth ID set and as the last one element, which selects a server list item, the privacy name of the server list item Claim the privacy title for being equal to the PUSH message, which is forwarded by the interface that the interface ID thresholding of the server list item is identified Message executes step 503;
Step 505: after server receives the PUSH message, selecting a consumption list item, the privacy name of the consumption list item Claim and interface ID set is respectively equal to the privacy title of the PUSH message and interface ID gathers, more by the timestamp of the consumption list item It is newly the timestamp in PUSH message load, sets maximum value for life cycle;The server selects all privacy titles Thresholding is equal to the consumption list item of the PUSH message privacy title, and for each consumption list item chosen, which executes following Operation: the server gathers the interface ID that the interface ID set of the PUSH message is updated to the consumption list item, sends the push Message;
Step 506: after node receives the PUSH message, step 508 is executed, it is no to then follow the steps 507;
Step 507: after router receives the PUSH message, selecting the last one member in PUSH message interface ID set The interface of element mark deletes the last one element from PUSH message interface ID set, sends the push from the interface chosen Message executes step 506;
Step 508: node selects a cipher key list items after receiving PUSH message, and the privacy title of the cipher key list items is equal to The privacy title of the PUSH message is decrypted the data encrypted in PUSH message load using the private key of the cipher key list items and is solved Data after close;The node checks whether that, there are a data table items, the privacy title of the data table items is equal to the PUSH message Privacy title, if it does, the node then by the data thresholding of the data table items be updated to decryption after data, by timestamp The timestamp being set as in PUSH message load;Otherwise, which creates a data table items, the privacy name of the data table items Claim the privacy title for being equal to the PUSH message, data thresholding is equal to the data after decryption, and time stamp setting is negative for the PUSH message Timestamp in load;
Step 509: terminating.
It produces node and gives publication or the data-pushing updated to consumption node, above-mentioned data-pushing mistake by the above process Cheng Liyong produces table and consumption schedule is realized, production table establishes the optimal path that production node reaches server, and consumption schedule is established Consumption node reaches the optimal path of server, therefore produces node and push data into consumption node by optimal path, To effectively reduce the delay and cost of data-pushing;Meanwhile above-mentioned push process ensures that consumer can be fast at the first time Speed obtains the data of newest publication or update, it is ensured that the real-time and validity of data.
Embodiment 1
Based on the simulation parameter of table 1, the present embodiment simulates the internet of things data of new generation of one of present invention safety Communication means, performance evaluation are as follows: when volume of transmitted data increases, data communication delays increase, when volume of transmitted data is reduced, Data communication delays are reduced, and data communication average retardation is 1205ms.
1 simulation parameter of table
The present invention provides a kind of thinkings of safe internet of things data communication means of new generation, implement the technical side There are many method and approach of case, the above is only a preferred embodiment of the present invention, it is noted that for the art For those of ordinary skill, various improvements and modifications may be made without departing from the principle of the present invention, these improvement It also should be regarded as protection scope of the present invention with retouching.The available prior art of each component part being not known in the present embodiment is subject to It realizes.

Claims (5)

1. a kind of safe internet of things data communication means of new generation, which is characterized in that the Internet of Things includes more than two Router, more than two servers and more than two nodes;
A kind of data are by a title unique identification;Node is divided into consumption node and production node;Consumption node is to have permission to obtain Take a kind of node of data;Producing node is the node for having permission publication and updating a kind of data;
One production node is authorized to publication and updates the data of more than one types, a type of data can by two with On authorization production node publication and update;
The consumption node and production nodal information of the data of one type can only be stored in the server of an authorization, a clothes Business device can authorize the consumption node for saving a kind of or more than two categorical datas and production nodal information;
One consumption node is authorized to the data for obtaining more than one Class Types;
The corresponding private key of a type of data and a public key, public key are the title for identifying the data, and private key is third party Authentication agency issues;
When a consumption node, which is authorized to, obtains a type of data, the private key and public key of the type data can be obtained, It consumes node and obtains encrypted title, encrypted title using the public key of private key encryption the type data of the type data Referred to as privacy title;When a production node is authorized to publication and updates a type of data, the type number can be obtained According to private key and public key, produce node and using the public key of private key encryption the type data of the type data obtain the hidden of the data Private title;When a server is authorized to the consumption node and production nodal information for saving a kind of categorical data, can obtain The public key of the private key and public key of the type data, private key encryption the type data of server by utilizing the type data is somebody's turn to do The privacy title of data;
One production node, consumption node and server save a key list respectively;One cipher key list items by private key, public key and Privacy title is constituted;
One production node executes operations described below: the production node for oneself having permission each type data of publication and update A cipher key list items are created, the private key thresholding of the cipher key list items is the private key of the type data, and public key thresholding is mark the type The title of data, privacy title thresholding are the privacy title of the type data;
One consumption node executes operations described below: consumption node creation one for oneself having permission each type data of acquisition A cipher key list items, the private key thresholding of the cipher key list items are the private key of the type data, and public key thresholding is mark the type data Title, privacy title thresholding are the privacy title of the type data;
If a server has permission the consumption node for saving a kind of categorical data and the information for producing node, execute following Operation: the server creates a cipher key list items, and the private key thresholding of the cipher key list items is the private key of the type data, public key thresholding For the title for identifying the type data, privacy title thresholding is the privacy title of the type data;
One node or server configure an interface, the more than two interfaces of configuration of routers, and the interface is divided into Upstream Interface and downstream interface;One Upstream Interface is connected with a router, a downstream interface and a node or clothes Business device is connected;
For one interface by an interface ID unique identification, the interface that an interface ID is x is abbreviated as interface x;
Node is communicated by message, and a kind of message is by type of message unique identification;
Value of message types is as follows:
Type of message title Value of message types Server gives out information 1 Consume message 2 Produce message 3 Request message 4 Response message 5 PUSH message 6
Each router safeguards that a server table, a server list item include the domain interface ID, privacy title-domain and Life Cycle Phase domain;Server is given out information by sending server come safeguard service device table, and a server gives out information comprising message class Type and privacy name set;Server S 1 is connected with router R1, and is periodically executed operations described below with safeguard service device table:
Step 101: starting;
Step 102: server S 1 constructs a key title lumped parameter PNS1, checks cipher key list items and by each cipher key list items In privacy title thresholding be added in parameter PNS1, send a server and give out information, what which gave out information disappears Ceasing types value is 1, and privacy name set thresholding is the value of parameter PNS1;
Step 103: router R1 is received after the server gives out information from downstream interface f1 and is checked server table;For the clothes Each element E1 in key name set that business device gives out information, router R1 execute operations described below: taking if there is one Business device list item, the interface ID of the server list item are equal to f1, and privacy title is equal to element E1 and life cycle is not less than maximum life The difference for ordering periodic quantity M1 and threshold value T1, thens follow the steps 113, no to then follow the steps 104;Maximum lifetime value M1 and threshold value T1 It presets;
Step 104: router R1 judges whether there is a server list item, and the interface ID of the server list item is equal to f1 and hidden Private title is equal to element E1, no to then follow the steps 106 if it is thening follow the steps 105;
Step 105: router R1 selects a server list item, and the interface ID of the server list item is equal to f1 and privacy title etc. In element E1, maximum lifetime value is set by the life cycle of the server list item, executes step 107;
Step 106: router R1 creates a server list item, and the interface ID of the server list item is equal to f1, privacy title etc. In element E1, life cycle is set as maximum lifetime value;
Step 107: router R1 gives out information from the server that the forwarding of each Upstream Interface receives;
Step 108: router receives after the server gives out information from Upstream Interface f2 and checks server table;For the service Each element E2 in the key name set that device gives out information, the router execute operations described below: servicing if there is one Device list item, the interface ID of the server list item are equal to f2, and privacy title is equal to element E2 and life cycle is not less than maximum life The difference of periodic quantity M1 and threshold value T1, then follow the steps 113, no to then follow the steps 109;
Step 109: receiving the router that the server gives out information from Upstream Interface f2 and judge whether there is a server List item, the interface ID of the server list item is equal to f2 and privacy title is equal to element E2, if it is thening follow the steps 110, otherwise Execute step 111;
Step 110: receiving the router that the server gives out information from Upstream Interface f2 and select a server list item, the clothes The interface ID of business device list item is equal to f2 and privacy title is equal to element E2, sets maximum for the life cycle of the server list item Lifetime values execute step 112;
Step 111: receiving the router that the server gives out information from Upstream Interface f2 and create a server list item, the clothes The interface ID of business device list item is equal to f2, and privacy title is equal to element E2, and life cycle is set as maximum lifetime value;
Step 112: receiving router that the server gives out information from each of other than interface f2 from Upstream Interface f2 The server that Upstream Interface forwarding receives gives out information, and executes step 108;
Step 113: terminating.
2. a kind of safe internet of things data communication means of new generation according to claim 1, which is characterized in that a clothes Business device safeguards that a consumption schedule, each consumption list item are gathered by interface ID, and privacy title and life cycle are constituted;It is logical to consume node Cross consumption message maintenance consumption schedule;One consumption message includes type of message, interface ID set and privacy title;Consume node CS1 is periodically executed operations described below maintenance consumption schedule:
Step 201: starting;
Step 202: consumption node CS1 checks key list, for each cipher key list items, consumes node CS1 and executes operations described below: disappearing Take node CS1 and send a consumption message, the value of message types of the consumption message is 2, and interface ID collection is combined into sky, privacy title etc. In the privacy title of the cipher key list items;
Step 203: judgement is that server or router from interface f3 receive the consumption message, is then executed if it is server Step 205, no to then follow the steps 204;
Step 204: after router receives the consumption message from interface f3, interface f3 being added to the interface ID of the consumption message In set and as the last one element;The router selects a server list item, privacy title of the server list item etc. In the privacy title of the consumption message, the interface identified from the interface ID thresholding of the server list item forwards the consumption message, Execute step 203;
Step 205: after server receives the consumption message, consumption schedule is checked, if there is a consumption list item, the consumption schedule Privacy title and interface ID the set thresholding of item are respectively equal to the privacy title and interface ID set thresholding of the consumption message, then will The life cycle of the consumption list item is set as maximum value;Otherwise, the server create a consumption list item, the consumption list item it is hidden Private title and interface ID set thresholding are respectively equal to the privacy title of the consumption message and interface ID set thresholding, life cycle are set It is set to maximum value;
Step 206: terminating.
3. a kind of safe internet of things data communication means of new generation according to claim 2, which is characterized in that one disappears Expense node and production node save a tables of data respectively;Each data table items include privacy title, data field and timestamp;One A server safeguards a production table, and each production list item is by interface ID set, privacy title, timestamp and life cycle structure At;It produces node and passes through production message maintenance production table;One production message includes type of message, interface ID set and privacy name Title and timestamp;Production node P1 is periodically executed operations described below maintenance production table:
Step 301: starting;
Step 302: production node P1 checks key list, for each cipher key list items, produces node P1 and executes operations described below: production Node P1 selects a data table items, and the privacy title of the data table items is equal to the privacy title of the cipher key list items, sends one Message is produced, the value of message types of the production message is 3, and interface ID collection is combined into sky, and privacy title and timestamp respectively equal to should The privacy title and timestamp of data table items;
Step 303: judgement is that server or router from interface x1 receive the production message, is then executed if it is router Step 305, no to then follow the steps 304;
Step 304: after router receives the production message from interface x1, interface x1 being added to the interface ID of the production message In set and as the last one element;The router selects a server list item, privacy title of the server list item etc. In the privacy title of the production message, the interface identified from the interface ID thresholding of the server list item forwards the production message, Execute step 303;
Step 305: after server receives the production message, production table is checked, if there is a production list item, the production table Privacy title and interface ID the set thresholding of item are respectively equal to the privacy title and interface ID set thresholding of the production message, then will The time stamp setting of the production list item is the timestamp thresholding of the production message, sets maximum value for life cycle;Otherwise, should Server creates a production list item, and privacy title and interface ID the set thresholding of the production list item are respectively equal to the production message Privacy title and interface ID gather thresholding, time stamp setting be the production message timestamp thresholding, life cycle is arranged For maximum value;
Step 306: terminating.
4. a kind of safe internet of things data communication means of new generation according to claim 3, which is characterized in that consumption section Point obtains data, request message and response message by type of message using request message and response message, and interface ID set is hidden Private title and load are constituted;The data for obtaining title NA1 and being identified, the privacy title of title NA1 are had permission in consumption node CS1 Under conditions of PNA1, consumption node CS1 obtains the data that title NA1 is identified by following processes:
Step 401: starting;
Step 402: consumption node CS1 sends request message, and the value of message types of the request message is 4, and interface ID collection is combined into sky, The entitled PNA1 of privacy, loads as sky;
Step 403: judgement is that server or router from interface y1 receive the request message, is then executed if it is server Step 405, no to then follow the steps 404;
Step 404: after router receives the request message from interface y1, interface y1 being added to the interface ID of the request message In set and as the last one element;The router selects a server list item, privacy title of the server list item etc. In the privacy title of the request message, the request is forwarded to disappear by the interface that the interface ID thresholding of the server list item is identified Breath executes step 403;
Step 405: after server receives the request message, select a consumption list item, the privacy title of the consumption list item with The privacy title of the request message is identical and timestamp is newest, one interface ID lumped parameter a1 of the server construction, the ginseng The interface ID that the value of number a1 is equal to the request message gathers, and sets the consumption list item for the interface ID set of the request message Interface ID set, load are set as parameter a1, send the request message;
Step 406: if node receives the request message, then follow the steps 410, it is no to then follow the steps 407;
Step 407: if router receives the request message from downstream interface, then follow the steps 409, it is no to then follow the steps 408;
Step 408: router receives the request message from Upstream Interface y2, and interface y2 is added to request message load In parameter a1 and as the last one element;
Step 409: the router for receiving request message selects the last one component identification in request message interface ID set Interface, from the request message interface ID set in delete the last one element, send the request message from the interface chosen, hold Row step 406;
Step 410: the node for receiving request message selects a data table items, and the privacy title of the data table items is asked equal to this The privacy title for seeking message, selects a cipher key list items, and the privacy title of the cipher key list items is equal to the privacy name of the request message Claim;The node obtains encrypted data using the data field value in the public key encryption of the cipher key list items data table items;The section Point sends a response message, and the value of message types of the response message is 5, and interface ID set is equal in request message load Parameter a1, privacy title are equal to the privacy title of the request message, load in encrypted data and the data table items when Between stab;
Step 411: judgement is that node or router receive the response message, thens follow the steps 413 if it is node, otherwise Execute step 412;
Step 412: after router receives the response message, selecting the last one element mark in response message interface ID set The interface of knowledge deletes the last one element from response message interface ID set, sends the response message from the interface chosen, Execute step 411;
Step 413: node selects a cipher key list items after receiving response message, and the privacy title of the cipher key list items is equal to the sound The privacy title for answering message is decrypted after the data that encrypt obtain decryption in response message load using the private key of the cipher key list items Data;The node judges whether there is a data table items, and the privacy title of the data table items is equal to the hidden of the response message Private title, if it does, the data thresholding of the data table items is then updated to the data after decryption by the node, by time stamp setting For the timestamp in response message load;Otherwise, which creates a data table items, privacy title of the data table items etc. In the privacy title of the response message, data thresholding is equal to the data after decryption, and time stamp setting is in response message load Timestamp;
Step 414: terminating.
5. a kind of safe internet of things data communication means of new generation according to claim 3, which is characterized in that production section Point is using PUSH message publication and more new data, and PUSH message is by type of message, interface ID set, privacy title and load structure At;The data that publication and more newname NA1 are identified are had permission in production node P1, the entitled PNA1's of the privacy of title NA1 Under the conditions of, if production node P1 is issued or had updated the data identified by title NA1, execute following processes:
Step 501: starting;
Step 502: production node P1 selects a data table items, and the privacy title of the data table items is equal to PNA1, selects one The privacy title of cipher key list items, the cipher key list items is equal to PNA1;It produces node P1 and uses the public key encryption of the cipher key list items number Encrypted data are obtained according to the data field value in list item;The node sends a PUSH message, the message class of the PUSH message Offset is 6, and interface ID set is equal to sky, and privacy title is equal to PNA1, is loaded as in encrypted data and the data table items Timestamp;
Step 503: if server receives the PUSH message, then follow the steps 505, it is no to then follow the steps 504;
Step 504: after router receives the PUSH message from interface z1, interface z1 being added to the interface ID of the PUSH message In set and as the last one element, which selects a server list item, privacy title of the server list item etc. In the privacy title of the PUSH message, the push is forwarded to disappear by the interface that the interface ID thresholding of the server list item is identified Breath executes step 503;
Step 505: after server receives the PUSH message, select a consumption list item, the privacy title of the consumption list item and Interface ID set is respectively equal to the privacy title of the PUSH message and interface ID set, the update of time stamp by the consumption list item are Timestamp in PUSH message load, sets maximum value for life cycle;The server selects all privacy title thresholdings Equal to the consumption list item of the PUSH message privacy title, for each consumption list item chosen, which executes operations described below: The server gathers the interface ID that the interface ID set of the PUSH message is updated to the consumption list item, sends the PUSH message;
Step 506: after node receives the PUSH message, step 508 is executed, it is no to then follow the steps 507;
Step 507: after router receives the PUSH message, selecting the last one element mark in PUSH message interface ID set The interface of knowledge deletes the last one element from PUSH message interface ID set, sends the PUSH message from the interface chosen, Execute step 506;
Step 508: node selects a cipher key list items after receiving PUSH message, and the privacy title of the cipher key list items is pushed away equal to this The privacy title for sending message is decrypted after the data that encrypt obtain decryption in PUSH message load using the private key of the cipher key list items Data;The node checks whether that, there are a data table items, the privacy title of the data table items is equal to the hidden of the PUSH message Private title, if it does, the data thresholding of the data table items is then updated to the data after decryption by the node, by time stamp setting For the timestamp in PUSH message load;Otherwise, which creates a data table items, privacy title of the data table items etc. In the privacy title of the PUSH message, data thresholding is equal to the data after decryption, and time stamp setting is in PUSH message load Timestamp;
Step 509: terminating.
CN201811242087.8A 2018-10-24 2018-10-24 Safe new-generation Internet of things data communication method Active CN109218021B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811242087.8A CN109218021B (en) 2018-10-24 2018-10-24 Safe new-generation Internet of things data communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811242087.8A CN109218021B (en) 2018-10-24 2018-10-24 Safe new-generation Internet of things data communication method

Publications (2)

Publication Number Publication Date
CN109218021A true CN109218021A (en) 2019-01-15
CN109218021B CN109218021B (en) 2021-02-05

Family

ID=64996364

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811242087.8A Active CN109218021B (en) 2018-10-24 2018-10-24 Safe new-generation Internet of things data communication method

Country Status (1)

Country Link
CN (1) CN109218021B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109768932A (en) * 2019-03-04 2019-05-17 常熟理工学院 A kind of implementation method for naming data network
CN110380971A (en) * 2019-06-11 2019-10-25 常熟理工学院 A kind of network data communication method based on buffering
CN111556172A (en) * 2020-06-16 2020-08-18 常熟理工学院 Implementation method of intelligent medical care monitoring system based on biological characteristics
CN112491825A (en) * 2020-11-13 2021-03-12 常熟理工学院 Safe Internet of things system implementation method
CN114237179A (en) * 2021-12-16 2022-03-25 常熟华庆汽车部件有限公司 Implementation method of flexible coating automatic control system based on industrial Internet of things

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108347381A (en) * 2018-03-21 2018-07-31 常熟理工学院 A kind of a new generation's data network communications method
CN108494595A (en) * 2018-03-21 2018-09-04 常熟理工学院 A kind of efficient big data network implementation approach of new generation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108347381A (en) * 2018-03-21 2018-07-31 常熟理工学院 A kind of a new generation's data network communications method
CN108494595A (en) * 2018-03-21 2018-09-04 常熟理工学院 A kind of efficient big data network implementation approach of new generation

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
XIAONAN WANG等: "《Multicast for 6LoWPAN Wireless Sensor Networks》", 《IEEE SENSORS JOURNAL》 *
王晓喃: "《基于6LoWPAN无线传感器网络的农业环境实时监控系统》", 《农业工程学报》 *
王晓喃等: "《6LOWPAN无线传感器网络路由研究》", 《铁道学报》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109768932A (en) * 2019-03-04 2019-05-17 常熟理工学院 A kind of implementation method for naming data network
CN109768932B (en) * 2019-03-04 2020-12-11 常熟理工学院 Method for implementing named data network
CN110380971A (en) * 2019-06-11 2019-10-25 常熟理工学院 A kind of network data communication method based on buffering
CN111556172A (en) * 2020-06-16 2020-08-18 常熟理工学院 Implementation method of intelligent medical care monitoring system based on biological characteristics
CN112491825A (en) * 2020-11-13 2021-03-12 常熟理工学院 Safe Internet of things system implementation method
CN112491825B (en) * 2020-11-13 2021-11-09 常熟理工学院 Safe Internet of things system implementation method
CN114237179A (en) * 2021-12-16 2022-03-25 常熟华庆汽车部件有限公司 Implementation method of flexible coating automatic control system based on industrial Internet of things
CN114237179B (en) * 2021-12-16 2023-09-08 常熟华庆汽车部件有限公司 Implementation method of flexible coating automatic control system based on industrial Internet of things

Also Published As

Publication number Publication date
CN109218021B (en) 2021-02-05

Similar Documents

Publication Publication Date Title
Chaudhary et al. SDN-enabled multi-attribute-based secure communication for smart grid in IIoT environment
CN109218021A (en) A kind of safe internet of things data communication means of new generation
WO2021203733A1 (en) Power edge gateway device and device-based sensor data uplink storage method
Zhang et al. Exploiting multimedia services in mobile social networks from security and privacy perspectives
CN104022894B (en) Manage method, the method for configuration application parameter of application configuration parameter concentratedly
Burke et al. Secure sensing over named data networking
Rebollo-Monedero et al. Query profile obfuscation by means of optimal query exchange between users
US8887243B2 (en) Integrated security platform
CN105262591B (en) A kind of network service implementation method based on data
Zhang et al. Preserving privacy against external and internal threats in WSN data aggregation
Xi et al. A trust management scheme based on behavior feedback for opportunistic networks
Ngai et al. An authentication service against dishonest users in mobile ad hoc networks
CN104580246B (en) Dynamic and intelligent safe key is produced and managing and control system and method under WiFi environment
CN103731819B (en) A kind of authentication method of wireless sensor network node
CN110462600A (en) System, method and apparatus for networked media distribution
Avoussoukpo et al. Securing and facilitating communication within opportunistic networks: a holistic survey
CN109309622A (en) A kind of dynamic data publication and network communication implementation method
CN105553979A (en) Encryption publishing method for privacy information in smart power grid
CN113988318A (en) Federal learning method, apparatus, electronic device, and medium
Xiao et al. GlobalView: building global view with log files in a distributed/networked system for accountability
Gao et al. Practical deanonymization attack in Ethereum based on P2P network analysis
Subramanian et al. Reliable broadcast in unknown fixed-identity networks
CN114079632A (en) Credible inter-domain routing method and system based on block chain
Nithyanand et al. Fuzzy privacy preserving peer-to-peer reputation management
Xu et al. Authentication scheme for cluster-structured ad hoc network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20221228

Address after: 230000 B-2705, wo Yuan Garden, 81 Ganquan Road, Shushan District, Hefei, Anhui.

Patentee after: HEFEI LONGZHIYUN PHARMACEUTICAL TECHNOLOGY Co.,Ltd.

Address before: 215500 Changshu Institute of Technology (southeast campus), Changshu City, Suzhou City, Jiangsu Province

Patentee before: CHANGSHU INSTITUTE OF TECHNOLOGY

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230109

Address after: Room 3478, Floor 1, Building 2, No. 57, Tangnan Street, Yuepu Town, Baoshan District, Shanghai, 200000

Patentee after: Shanghai Keyi Information Technology Co.,Ltd.

Address before: 230000 B-2705, wo Yuan Garden, 81 Ganquan Road, Shushan District, Hefei, Anhui.

Patentee before: HEFEI LONGZHIYUN PHARMACEUTICAL TECHNOLOGY Co.,Ltd.