CN109587178A - A kind of intelligent appliance encryption control system and method based on MQTT - Google Patents
A kind of intelligent appliance encryption control system and method based on MQTT Download PDFInfo
- Publication number
- CN109587178A CN109587178A CN201910065245.5A CN201910065245A CN109587178A CN 109587178 A CN109587178 A CN 109587178A CN 201910065245 A CN201910065245 A CN 201910065245A CN 109587178 A CN109587178 A CN 109587178A
- Authority
- CN
- China
- Prior art keywords
- key
- equipment
- encrypted
- issuing subject
- characterizes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The present invention provides a kind of intelligent appliance encryption control system and method based on MQTT, the system includes: equipment end, control terminal, proxy server and cloud business server, equipment issuing subject is arranged in equipment end, and booking reader's issuing subject, key is generated, and key is encrypted, encrypted key is sent to cloud business server, it is encrypted using key pair equipment message, the encrypted equipment message for carrying equipment issuing subject is published to proxy server;User's issuing subject is arranged in control terminal, and the corresponding equipment issuing subject of equipment end for subscribing to concern, encrypted key is obtained from cloud business server, and key is decrypted, it is instructed using key control extension, the encrypted control instruction for carrying user's issuing subject is published to proxy server.Scheme provided by the invention is realized encryption and is given out information based on what MQTT was transmitted, ensure that the safety to give out information.
Description
Technical field
The present invention relates to network communication technology field, in particular to a kind of intelligent appliance encryption control system based on MQTT
And method.
Background technique
Message queue telemetering transmission (Message Queuing Telemetry Transport, MQTT) is an open source
Publish/subscribe of the lightweight based on agency message transmission protocol, it can pass through seldom code and bandwidth and equipment connects
It connects, gives user's active push content, rather than gone to obtain oneself desired content by various methods by user oneself.MQTT's
Transformat is very smart small, and without application message head, it is ensured that the reliability of message transmission.The technology has been applied at present
In the calculating such as wireless sensor and storage resource constrained environment.
Currently, either equipment end or control terminal gives out information and publish, do not add to giving out information
Close, cause to give out information the possibility being tampered.
Summary of the invention
The embodiment of the invention provides a kind of intelligent appliance encryption control system and method based on MQTT, realizes encryption
Based on giving out information for MQTT transmission, the safety to give out information ensure that.
A kind of intelligent appliance encryption control system based on MQTT, comprising: equipment end, control terminal, proxy server and
Cloud business server, wherein
The equipment end, the control terminal pass through MQTT agreement respectively and connect with the proxy server;
The equipment end generates key, and will be described for equipment issuing subject, and booking reader's issuing subject to be arranged
Key is encrypted by rivest, shamir, adelman, and encrypted key is sent to the cloud business server, using described
Key pair equipment message is encrypted, and the encrypted equipment message for carrying the equipment issuing subject is published to institute
State proxy server;
The cloud business server, for storing the encrypted key;
The control terminal, for user's issuing subject to be arranged, and the corresponding equipment publication of equipment end for subscribing to concern
Theme obtains the encrypted key from the cloud business server, and the key is decrypted, using described close
The encrypted control instruction for carrying user's issuing subject is published to the agency and taken by the instruction of key control extension
Business device;
The proxy server, for adding for the equipment issuing subject will to be carried according to the equipment issuing subject
The equipment message after close is sent to the corresponding control terminal, according to user's issuing subject, will carry the use
The encrypted control instruction of family issuing subject is sent to the corresponding equipment end.
Preferably,
The equipment end is further used for default n × m character list and cipher code renewal time interval, from n × m word
It accords with and randomly chooses k character in every a line of table, and k character input key being randomly selected in every a line is generated into letter
Number, generates a key, long when reaching the cipher code renewal time interval in the presence of current key, regenerate one it is new
Key replaces the current key using the new key, and current key storage is recycled table to preset key
In, and the new key is encrypted, wherein n characterizes the line number of the character list, and m characterizes the columns of the character list;
The cloud business server, be further used for replacing using the encrypted new key it is original described plus
Key after close.
Preferably,
The equipment end encrypts the equipment message for utilizing following encryption formula;
Encrypt formula:
C=E (K, P)
Wherein, C characterizes encrypted equipment message;E () characterizes AES encryption function;K characterizes the key;Described in P characterization
Equipment message.
Preferably,
The equipment end is decrypted for receiving the encrypted control instruction using the key pair, is solving
After close failure, original key is called from the key recycling table, the encrypted control instruction is decrypted again.
Preferably,
The control terminal is decrypted for receiving the encrypted facility information using the key pair, is solving
After close failure, the new key is obtained from the cloud business server, utilizes the institute after the new key pair encryption
Facility information is stated to be decrypted.
Preferably,
The control terminal is further used for that the encrypted equipment message is decrypted using following decryption formula;
Decrypt formula:
P=D (Y, C)
Wherein, P characterizes the equipment message;D () characterizes AES decryption function;C characterizes encrypted equipment message;Y characterization
The key that the control terminal is got from the cloud business server.
Preferably,
The equipment issuing subject includes: the sequence number of the first distribution indicator and equipment end;
User's issuing subject includes: the sequence of an equipment end of the second distribution indicator and control terminal concern
Number.
A kind of intelligent appliance control extension method based on MQTT, comprising:
Equipment end, control terminal pass through MQTT agreement respectively and connect with proxy server;
Equipment issuing subject, and booking reader's issuing subject are set in equipment end, generate key, and the key is passed through
Rivest, shamir, adelman is encrypted, and encrypted key is sent to cloud business server;
The cloud business server stores the encrypted key;
User's issuing subject is set in the control terminal, and the corresponding equipment publication master of the equipment end for subscribing to concern
Topic obtains the encrypted key from the cloud business server, and the key is decrypted;
It is instructed using the key control extension, the encrypted control for carrying user's issuing subject is referred to
Order is published to the proxy server;
The proxy server will carry the encrypted of user's issuing subject according to user's issuing subject
The control instruction is sent to the corresponding equipment end;
The equipment end is encrypted using the key pair equipment message, will carry adding for the equipment issuing subject
The equipment message after close is published to the proxy server;
The proxy server will carry the encrypted of the equipment issuing subject according to the equipment issuing subject
The equipment message is sent to the corresponding control terminal.
Preferably, the above-mentioned intelligent appliance control extension method based on MQTT further comprises:
N × m character list and cipher code renewal time interval are preset in the equipment end;
The generation key, comprising: k character is randomly choosed from every a line of n × m character list, and will be each
K character input key-function being randomly selected in row, generates a key, and length reaches institute in the presence of current key
When stating cipher code renewal time interval, a new key is regenerated, replaces the current key using the new key, and
By current key storage into preset key recycling table, wherein n characterizes the line number of the character list, and m characterizes the word
Accord with the columns of table.
Preferably,
The equipment end is encrypted using the key pair equipment message, comprising:
The equipment end utilizes following encryption formula, encrypts to the equipment message;
Encrypt formula:
C=E (K, P)
Wherein, C characterizes encrypted equipment message;E () characterizes AES encryption function;K characterizes the key;Described in P characterization
Equipment message.
Preferably, the above-mentioned intelligent appliance control extension method based on MQTT further comprises: under the control terminal utilizes
Decryption formula is stated, the encrypted equipment message is decrypted;
Decrypt formula:
P=D (Y, C)
Wherein, P characterizes the equipment message;D () characterizes AES decryption function;C characterizes encrypted equipment message;Y characterization
The key that the control terminal is got from the cloud business server.
Preferably, the above-mentioned intelligent appliance control extension method based on MQTT further comprises: the equipment end utilizes institute
It states key pair and receives the encrypted control instruction and be decrypted, after decryption failure, adjusted from the key recycling table
With original key, the encrypted control instruction is decrypted again;
Preferably, the above-mentioned intelligent appliance control extension method based on MQTT further comprises: the control terminal utilizes institute
It states key pair and receives the encrypted facility information and be decrypted, after decryption failure, from the cloud business server
It is middle to obtain the new key, it is decrypted using the facility information after the new key pair encryption.
The embodiment of the invention provides a kind of intelligent appliance encryption control system and method based on MQTT should be based on MQTT
Intelligent appliance encryption control system include: equipment end, control terminal, proxy server and cloud business server, wherein set
Standby end, control terminal pass through MQTT respectively and connect with proxy server;Equipment end for equipment issuing subject to be arranged, and subscribes to use
Family issuing subject generates key, and key is encrypted by rivest, shamir, adelman, and encrypted key is sent to cloud
Service server is encrypted using key pair equipment message, will carry the encrypted equipment message of equipment issuing subject
It is published to proxy server;Cloud business server, for storing encrypted key;Control terminal, for user's publication to be arranged
Theme, and the corresponding equipment issuing subject of equipment end for subscribing to concern obtain encrypted key from cloud business server, and
Key is decrypted, is instructed using key control extension, the encrypted control instruction for carrying user's issuing subject is sent out
Cloth is to proxy server;Proxy server, for the encrypted of equipment issuing subject will to be carried according to equipment issuing subject
Equipment message is sent to corresponding control terminal, according to user's issuing subject, will carry the encrypted control of user's issuing subject
System instruction is sent to corresponding equipment end, and above-mentioned realize is encrypted for control instruction and equipment message, and used in encrypting
Key is that equipment end generates, and only just key can be decrypted with the related control terminal of equipment end, to ensure that hair
The safety of cloth message, that is, control instruction and equipment message.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is the structural representation of the intelligent appliance encryption control system provided by one embodiment of the present invention based on MQTT
Figure;
Fig. 2 is a kind of process of intelligent appliance control extension method based on MQTT provided by one embodiment of the present invention
Figure;
Fig. 3 is a kind of process for intelligent appliance control extension method based on MQTT that another embodiment of the present invention provides
Figure.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
As shown in Figure 1, the embodiment of the invention provides a kind of intelligent appliance encryption control system based on MQTT, this is based on
The intelligent appliance encryption control system of MQTT may include: equipment end 101, control terminal 102, proxy server 103 and cloud
Service server 104, wherein
Equipment end 101, control terminal 102 are connect by MQTT agreement with proxy server 103 respectively;
Equipment end 101 generates key, and key is led to for equipment issuing subject, and booking reader's issuing subject to be arranged
It crosses rivest, shamir, adelman to be encrypted, encrypted key is sent to cloud business server 104, disappears using key pair equipment
Breath is encrypted, and the encrypted equipment message for carrying equipment issuing subject is published to proxy server 103;
Cloud business server 104, for storing encrypted key;
Control terminal 102 for user's issuing subject to be arranged, and subscribes to the corresponding equipment of the equipment end 101 publication master of concern
Topic, obtains encrypted key from cloud business server 104, and key is decrypted, and is instructed using key control extension,
The encrypted control instruction for carrying user's issuing subject is published to proxy server 103;
Proxy server 103, for the encrypted equipment of equipment issuing subject will to be carried according to equipment issuing subject
Message is sent to corresponding control terminal 102, according to user's issuing subject, will carry the encrypted control of user's issuing subject
Instruction is sent to corresponding equipment end 101.
Wherein, equipment end and control terminal can be multiple;Control terminal can pay close attention to multiple equipment end.Equipment end can be Intelligent air
Tune, intelligent TV set, intelligent washing machine etc..The control that control terminal may generally be mobile client or be embedded in mobile client
Tool such as controls public platform.
In addition, the equipment issuing subject of equipment end can be No. SN of equipment end;User's issuing subject of control terminal can be with
It is No. SN of the equipment end of control terminal concern.
It is worth noting that the public key and private key of rivest, shamir, adelman are equipment end and the control terminal for paying close attention to the equipment end
Between by cloud business server protocol it is built-up.
In the embodiment shown in fig. 1, the intelligent appliance encryption control system based on MQTT include: equipment end, control terminal,
Proxy server and cloud business server, wherein equipment end, control terminal pass through MQTT respectively and connect with proxy server;
Equipment end generates key, and key is added by asymmetric for equipment issuing subject, and booking reader's issuing subject to be arranged
Close algorithm is encrypted, and encrypted key is sent to cloud business server, is encrypted using key pair equipment message, will
The encrypted equipment message for carrying equipment issuing subject is published to proxy server;Cloud business server, for storing
Encrypted key;Control terminal, for user's issuing subject to be arranged, and the corresponding equipment publication master of equipment end for subscribing to concern
Topic obtains encrypted key from cloud business server, and key is decrypted, and is instructed using key control extension, will
The encrypted control instruction for carrying user's issuing subject is published to proxy server;Proxy server, for according to equipment
The encrypted equipment message for carrying equipment issuing subject is sent to corresponding control terminal, is sent out according to user by issuing subject
The encrypted control instruction for carrying user's issuing subject is sent to corresponding equipment end by cloth theme, it is above-mentioned realize for
Control instruction and equipment message are encrypted, and encrypting key used is that equipment end generates, only relevant with equipment end
Control terminal key can be just decrypted, to ensure that the safety of give out information i.e. control instruction and equipment message.
In an alternative embodiment of the invention, in order to further ensure the safety to give out information, periodically key is carried out more
Newly.Equipment end is further used for default n × m character list and cipher code renewal time interval, from every a line of n × m character list
K character, and the k character input key-function that will be randomly selected in every a line are randomly choosed, a key is generated,
When length reaches cipher code renewal time interval in the presence of current key, a new key is regenerated, is replaced using new key
Current key is changed, and by current key storage into preset key recycling table, and new key is encrypted, wherein n table
The line number of character list is levied, m characterizes the columns of character list;
Cloud business server is further used for replacing original encrypted key using encrypted new key.
In general, above-mentioned n is not less than 16;Above-mentioned m is not less than 10, and above-mentioned k is not less than 3.
Above-mentioned renewal time interval refers to the time interval that two keys generate, and is found by various tests, key updating
Time interval selects 72h to have preferable effect.
In an alternative embodiment of the invention, equipment end encrypts equipment message for utilizing following encryption formula;
Encrypt formula:
C=E (K, P)
Wherein, C characterizes encrypted equipment message;E () characterizes AES encryption function;K characterizes the key;P characterizes equipment
Message.I.e. in embodiments of the present invention, key and equipment message are the input parameter of AES encryption function.
Above equipment message is the running state parameter of equipment such as intelligent air condition, equipment message be temperature,
The running state parameter of wind speed, humidity etc..
In an alternative embodiment of the invention, in equipment end more new key and control terminal is not yet in the case where more new key, be
Guaranteeing the decryption to control instruction, equipment end is decrypted for receiving encrypted control instruction using key pair,
After decryption failure, original key is called from key recycling table, encrypted control instruction is decrypted again.
In an alternative embodiment of the invention, in equipment end more new key and control terminal is not yet in the case where more new key, be
Guaranteeing the decryption to equipment message, control terminal is decrypted for receiving encrypted facility information using key pair,
After decryption failure, new key is obtained from cloud business server, is carried out using the facility information after new key pair encryption
Decryption.
In an alternative embodiment of the invention, control terminal is further used for using following decryption formula, to encrypted equipment
Message is decrypted;
Decrypt formula:
P=D (Y, C)
Wherein, P characterizes equipment message;D () characterizes AES decryption function;C characterizes encrypted equipment message;Y characterization control
Hold the key got from cloud business server.
It is worth noting that control terminal encrypts control instruction also by above-mentioned encryption formula, only input encryption
Parameter in function becomes control instruction and key.
In addition, equipment end can also be decrypted control instruction by above-mentioned decryption formula, decryption function is only inputted
Parameter becomes encrypted control instruction and key.
In an embodiment of the invention, equipment issuing subject includes: the sequence number of the first distribution indicator and equipment end;
User's issuing subject includes: the sequence number of an equipment end of the second distribution indicator and control terminal concern.
Wherein, the first distribution indicator and the second distribution indicator can guide proxy server preferably to identify equipment publication master
Topic and user's issuing subject.
As shown in Fig. 2, the embodiment of the invention provides a kind of intelligent appliance control extension method based on MQTT, this method
It may comprise steps of:
Step 201: equipment end, control terminal pass through MQTT agreement respectively and connect with proxy server;
Step 202: equipment issuing subject being set in equipment end, and booking reader's issuing subject generates key, and by key
It is encrypted by rivest, shamir, adelman, encrypted key is sent to cloud business server;
Step 203: cloud business server stores encrypted key;
Step 204: user's issuing subject being set in control terminal, and the corresponding equipment publication master of the equipment end for subscribing to concern
Topic obtains encrypted key from cloud business server, and key is decrypted;
Step 205: being instructed using key control extension, the encrypted control instruction for carrying user's issuing subject is sent out
Cloth is to proxy server;
Step 206: proxy server will carry the encrypted described of user's issuing subject according to user's issuing subject
Control instruction is sent to corresponding equipment end;
Step 207: equipment end is encrypted using key pair equipment message, will be after the encryption that carry equipment issuing subject
Equipment message be published to proxy server;
Step 208: proxy server will carry the encrypted equipment of equipment issuing subject according to equipment issuing subject
Message is sent to corresponding control terminal.
In an alternative embodiment of the invention, the above-mentioned intelligent appliance control extension method based on MQTT further comprises:
Equipment end presets n × m character list and cipher code renewal time interval;Generate the specific embodiment of key can include: from n × m
K character is randomly choosed in every a line of character list, and k character input key being randomly selected in every a line is generated into letter
Number, generates a key, long when reaching cipher code renewal time interval in the presence of current key, regenerate one it is new close
Key replaces current key using new key, and by current key storage into preset key recycling table, wherein n characterizes word
The line number of table is accorded with, m characterizes the columns of character list.In general, above-mentioned n is not less than 16;Above-mentioned m is not less than 10, and above-mentioned k is not less than
3.Timing more new key is realized by the above process, to further ensure the safety to give out information.Between renewal time
Every can be 72h.
In an alternative embodiment of the invention, the specific embodiment party that equipment end is encrypted using the key pair equipment message
Formula can include: equipment end utilizes following encryption formula, encrypts to equipment message;
Encrypt formula:
C=E (K, P)
Wherein, C characterizes encrypted equipment message;E () characterizes AES encryption function;K characterizes key;P characterization equipment disappears
Breath.
In an alternative embodiment of the invention, the above-mentioned intelligent appliance control extension method based on MQTT further comprises: control
End processed utilizes following decryption formula, and encrypted equipment message is decrypted;
Decrypt formula:
P=D (Y, C)
Wherein, P characterizes the equipment message;D () characterizes AES decryption function;C characterizes encrypted equipment message;Y characterization
The key that the control terminal is got from the cloud business server.
In an alternative embodiment of the invention, the above-mentioned intelligent appliance control extension method based on MQTT, further comprises: setting
Standby end receives encrypted control instruction using key pair and is decrypted, and after decryption failure, calls from key recycling table
Key originally is again decrypted encrypted control instruction.Wherein, key recycling table be to have expired key carry out
The table of recycling.
In an alternative embodiment of the invention, the above-mentioned intelligent appliance control extension method based on MQTT further comprises: control
End processed receives the encrypted facility information using the key pair and is decrypted, after decryption failure, from cloud business
The new key is obtained in server, is decrypted using the facility information after new key pair encryption.
As shown in figure 3, the embodiment of the invention provides a kind of intelligent appliance control extension method based on MQTT, this method
It may comprise steps of:
Step 301: equipment end, control terminal pass through MQTT agreement respectively and connect with proxy server;
Step 302: presetting n × m character list and cipher code renewal time interval in equipment end;
N characterizes the line number of character list, and m characterizes the columns of character list.In general, above-mentioned n is not less than 16;Above-mentioned m is not small
In 10, above-mentioned k is not less than 3.Timing more new key is realized by the above process, to further ensure the peace to give out information
Quan Xing.Renewal time interval can be 72h.
Step 303: randomly choosing k character from every a line of n × m character list, and will be randomly selected in every a line
K character input key-function, generate a key, and execute step 305;Length reaches close in the presence of current key
When key renewal time interval, step 304 is executed;
The key-function is any one existing random key generating function.
Step 304: regenerating a new key, replace current key using new key, and current key is deposited
It stores up in preset key recycling table;
Step 305: key being encrypted by rivest, shamir, adelman, encrypted key is sent to cloud business clothes
Business device;
Key in the step can be the key and the updated new key of step 204 generated in above-mentioned steps 203.
Step 306: cloud business server stores encrypted key;
Step 307: in equipment end, equipment issuing subject, and booking reader's issuing subject are set;
The step and above-mentioned steps 302 are to having no strict sequence between step 306.
Step 308: user's issuing subject being set in control terminal, and the corresponding equipment publication master of the equipment end for subscribing to concern
Topic obtains encrypted key from cloud business server, and key is decrypted;
Step 309: being instructed using key control extension, the encrypted control instruction for carrying user's issuing subject is sent out
Cloth is to proxy server;
This is, using key and control instruction as input parameter, to input to AES encryption letter using the instruction of key control extension
Number, generates encrypted control instruction.
Step 310: proxy server will carry the encrypted control of user's issuing subject according to user's issuing subject
Instruction is sent to corresponding equipment end;
Step 311: encrypted control instruction is decrypted in equipment end, after successful decryption, executes step 313;?
After decryption failure, step 312 is executed;
Step 312: calling original key from key recycling table, encrypted control instruction is decrypted again;
Step 313: equipment end executes control instruction, and is encrypted using key pair equipment message, and equipment will be carried
The encrypted equipment message of issuing subject is published to proxy server;
In this step, equipment end utilizes following encryption formula, encrypts to equipment message;
Encrypt formula:
C=E (K, P)
Wherein, C characterizes encrypted equipment message;E () characterizes AES encryption function;K characterizes key;P characterization equipment disappears
Breath.
Step 314: proxy server will carry the encrypted equipment of equipment issuing subject according to equipment issuing subject
Message is sent to corresponding control terminal;
Step 315: control terminal decrypts encrypted equipment message;
In this step, control terminal utilizes following decryption formula, and encrypted equipment message is decrypted;
Decrypt formula:
P=D (Y, C)
Wherein, P characterizes the equipment message;D () characterizes AES decryption function;C characterizes encrypted equipment message;Y characterization
The key that the control terminal is got from the cloud business server.
Step 316: after decryption failure, new key is obtained from cloud business server, is added using new key pair
Facility information after close is decrypted.
The embodiment of the invention provides a kind of readable mediums, including execute instruction, when the processor of storage control executes
Described when executing instruction, the storage control executes the method that any of the above-described embodiment of the present invention provides.
The embodiment of the invention provides a kind of storage controls, comprising: processor, memory and bus;The memory
It is executed instruction for storing, the processor is connect with the memory by the bus, when the storage control is run
When, the processor executes the described of memory storage and executes instruction, so that the storage control executes in the present invention
The method that any embodiment offer is provided.
In conclusion more than the present invention each embodiment at least has the following beneficial effects:
1, in embodiments of the present invention, the intelligent appliance encryption control system based on MQTT include: equipment end, control terminal,
Proxy server and cloud business server, wherein equipment end, control terminal pass through MQTT respectively and connect with proxy server;
Equipment end generates key, and key is added by asymmetric for equipment issuing subject, and booking reader's issuing subject to be arranged
Close algorithm is encrypted, and encrypted key is sent to cloud business server, is encrypted using key pair equipment message, will
The encrypted equipment message for carrying equipment issuing subject is published to proxy server;Cloud business server, for storing
Encrypted key;Control terminal, for user's issuing subject to be arranged, and the corresponding equipment publication master of equipment end for subscribing to concern
Topic obtains encrypted key from cloud business server, and key is decrypted, and is instructed using key control extension, will
The encrypted control instruction for carrying user's issuing subject is published to proxy server;Proxy server, for according to equipment
The encrypted equipment message for carrying equipment issuing subject is sent to corresponding control terminal, is sent out according to user by issuing subject
The encrypted control instruction for carrying user's issuing subject is sent to corresponding equipment end by cloth theme, it is above-mentioned realize for
Control instruction and equipment message are encrypted, and encrypting key used is that equipment end generates, only relevant with equipment end
Control terminal key can be just decrypted, to ensure that the safety of give out information i.e. control instruction and equipment message.
2, in embodiments of the present invention, equipment end is further used between default n × m character list and cipher code renewal time
Every, the k character of random selection from every a line of n × m character list, and the k character input that will be randomly selected in every a line
Key-function generates a key, when length reaches cipher code renewal time interval in the presence of current key, regenerates one
A new key replaces current key using new key, and by current key storage into preset key recycling table, and right
New key is encrypted, wherein n characterizes the line number of character list, and m characterizes the columns of character list;Cloud business server, into one
Step is for replacing original encrypted key using encrypted new key.It realizes and periodically key is updated, from
And it is further ensured that the safety to give out information.
3, in embodiments of the present invention, equipment end is solved for receiving encrypted control instruction using key pair
It is close, after decryption failure, original key is called from key recycling table, encrypted control instruction is decrypted again,
I.e. in equipment end more new key and control terminal guarantees the decryption to control instruction not yet in the case where more new key.
4, in embodiments of the present invention, control terminal is solved for receiving encrypted facility information using key pair
It is close, after decryption failure, new key is obtained from cloud business server, utilizes the facility information after new key pair encryption
It is decrypted, control terminal guarantees the decryption to equipment message not yet in the case where more new key in equipment end more new key.
It should be noted that, in this document, such as first and second etc relational terms are used merely to an entity
Or operation is distinguished with another entity or operation, is existed without necessarily requiring or implying between these entities or operation
Any actual relationship or order.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-
It is exclusive to include, so that the process, method, article or equipment for including a series of elements not only includes those elements,
It but also including other elements that are not explicitly listed, or further include solid by this process, method, article or equipment
Some elements.In the absence of more restrictions, the element limited by sentence " including one ", is not arranged
Except there is also other identical factors in the process, method, article or apparatus that includes the element.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can store in computer-readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light
In the various media that can store program code such as disk.
Finally, it should be noted that the foregoing is merely presently preferred embodiments of the present invention, it is merely to illustrate skill of the invention
Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention,
Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.
Claims (10)
1. a kind of intelligent appliance encryption control system based on MQTT characterized by comprising equipment end, control terminal, agency's clothes
Business device and cloud business server, wherein
The equipment end, the control terminal pass through MQTT agreement respectively and connect with the proxy server;
The equipment end generates key for being arranged equipment issuing subject, and booking reader's issuing subject, and by the key
It is encrypted by rivest, shamir, adelman, encrypted key is sent to the cloud business server, utilizes the key
Equipment message is encrypted, the encrypted equipment message for carrying the equipment issuing subject is published to the generation
Manage server;
The cloud business server, for storing the encrypted key;
The control terminal, for user's issuing subject to be arranged, and the corresponding equipment issuing subject of equipment end for subscribing to concern,
The encrypted key is obtained from the cloud business server, and the key is decrypted, is added using the key
The encrypted control instruction for carrying user's issuing subject is published to the agency service by close control instruction
Device;
The proxy server is used for according to the equipment issuing subject, will be after the encryption that carry the equipment issuing subject
The equipment message be sent to the corresponding control terminal, according to user's issuing subject, user's hair will be carried
The encrypted control instruction of cloth theme is sent to the corresponding equipment end.
2. the intelligent appliance encryption control system according to claim 1 based on MQTT, which is characterized in that
The equipment end is further used for default n × m character list and cipher code renewal time interval, from n × m character list
Every a line in randomly choose k character, and the k character input key-function that will be randomly selected in every a line is given birth to
A new key is regenerated when length reaches the cipher code renewal time interval in the presence of current key at a key,
The current key is replaced using the new key, and by current key storage into preset key recycling table, and
The new key is encrypted, wherein n characterizes the line number of the character list, and m characterizes the columns of the character list;
The cloud business server is further used for after replacing the original encryption using the encrypted new key
Key.
3. the intelligent appliance encryption control system according to claim 1 based on MQTT, which is characterized in that
The equipment end encrypts the equipment message for utilizing following encryption formula;
Encrypt formula:
C=E (K, P)
Wherein, C characterizes encrypted equipment message;E () characterizes AES encryption function;K characterizes the key;P characterizes the equipment
Message.
4. the intelligent appliance encryption control system according to claim 2 based on MQTT, which is characterized in that
The equipment end is decrypted for receiving the encrypted control instruction using the key pair, loses in decryption
After losing, original key is called from the key recycling table, the encrypted control instruction is decrypted again;
And/or
The control terminal is decrypted for receiving the encrypted facility information using the key pair, loses in decryption
After losing, the new key is obtained from the cloud business server, is set using described in after the new key pair encryption
Standby information is decrypted.
5. the intelligent appliance encryption control system according to any one of claims 1 to 4 based on MQTT, which is characterized in that
The control terminal is further used for that the encrypted equipment message is decrypted using following decryption formula;
Decrypt formula:
P=D (Y, C)
Wherein, P characterizes the equipment message;D () characterizes AES decryption function;C characterizes encrypted equipment message;Described in Y characterization
The key that control terminal is got from the cloud business server.
6. the intelligent appliance encryption control system according to any one of claims 1 to 4 based on MQTT, which is characterized in that
The equipment issuing subject includes: the sequence number of the first distribution indicator and equipment end;
User's issuing subject includes: the sequence number of an equipment end of the second distribution indicator and control terminal concern.
7. a kind of intelligent appliance control extension method based on MQTT characterized by comprising
Equipment end, control terminal pass through MQTT agreement respectively and connect with proxy server;
In equipment end, equipment issuing subject is set, and booking reader's issuing subject generates key, and the key passed through it is non-right
Encryption Algorithm is claimed to be encrypted, encrypted key is sent to cloud business server;
The cloud business server stores the encrypted key;
In the control terminal, user's issuing subject, and the corresponding equipment issuing subject of equipment end for subscribing to concern are set, from
The cloud business server obtains the encrypted key, and the key is decrypted;
It is instructed using the key control extension, the encrypted control instruction for carrying user's issuing subject is sent out
Cloth is to the proxy server;
The proxy server will carry the encrypted described of user's issuing subject according to user's issuing subject
Control instruction is sent to the corresponding equipment end;
The equipment end is encrypted using the key pair equipment message, will be after the encryption that carry the equipment issuing subject
The equipment message be published to the proxy server;
The proxy server will carry the encrypted described of the equipment issuing subject according to the equipment issuing subject
Equipment message is sent to the corresponding control terminal.
8. the intelligent appliance control extension method according to claim 7 based on MQTT, which is characterized in that further packet
It includes:
N × m character list and cipher code renewal time interval are preset in the equipment end;
The generation key, comprising: k character is randomly choosed from every a line of n × m character list, and will be in every a line
K character input key-function being randomly selected, generates a key, and length reaches described close in the presence of current key
When key renewal time interval, a new key is regenerated, replaces the current key using the new key, and by institute
Current key storage is stated into preset key recycling table, wherein n characterizes the line number of the character list, and m characterizes the character list
Columns.
9. the intelligent appliance control extension method according to claim 7 based on MQTT, which is characterized in that
The equipment end is encrypted using the key pair equipment message, comprising:
The equipment end utilizes following encryption formula, encrypts to the equipment message;
Encrypt formula:
C=E (K, P)
Wherein, C characterizes encrypted equipment message;E () characterizes AES encryption function;K characterizes the key;P characterizes the equipment
Message;
And/or
Further comprise: the control terminal utilizes following decryption formula, and the encrypted equipment message is decrypted;
Decrypt formula:
P=D (Y, C)
Wherein, P characterizes the equipment message;D () characterizes AES decryption function;C characterizes encrypted equipment message;Described in Y characterization
The key that control terminal is got from the cloud business server.
10. the intelligent appliance control extension method according to claim 8 based on MQTT, which is characterized in that
Further comprise: the equipment end receives the encrypted control instruction using the key pair and is decrypted,
After decryption failure, original key is called from the key recycling table, the encrypted control instruction is solved again
It is close;
And/or
Further comprise: the control terminal receives the encrypted facility information using the key pair and is decrypted,
After decryption failure, the new key is obtained from the cloud business server, after the new key pair encryption
The facility information is decrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910065245.5A CN109587178A (en) | 2019-01-23 | 2019-01-23 | A kind of intelligent appliance encryption control system and method based on MQTT |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910065245.5A CN109587178A (en) | 2019-01-23 | 2019-01-23 | A kind of intelligent appliance encryption control system and method based on MQTT |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109587178A true CN109587178A (en) | 2019-04-05 |
Family
ID=65917191
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910065245.5A Pending CN109587178A (en) | 2019-01-23 | 2019-01-23 | A kind of intelligent appliance encryption control system and method based on MQTT |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109587178A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112202557A (en) * | 2020-11-17 | 2021-01-08 | 平安科技(深圳)有限公司 | Encryption method, device, equipment and storage medium based on secret key update distribution |
| CN112953940A (en) * | 2021-02-20 | 2021-06-11 | 同济大学 | Safe publishing and subscribing system and method based on hybrid encryption algorithm and key attribute filtering |
| CN112950844A (en) * | 2021-04-29 | 2021-06-11 | 四川虹美智能科技有限公司 | Intelligent vending machine control method, control platform and system |
| CN113098969A (en) * | 2021-04-09 | 2021-07-09 | 薪得付信息技术(上海)有限公司 | Data distribution method, device and system and electronic equipment |
| CN114128207A (en) * | 2019-07-17 | 2022-03-01 | 三菱电机株式会社 | Data distribution system, data processing device, and program |
| WO2022130088A1 (en) * | 2020-12-14 | 2022-06-23 | International Business Machines Corporation | Key rotation on publish-subscribe system |
| CN114666367A (en) * | 2022-03-21 | 2022-06-24 | 浙江大学 | General Internet of things system based on product equipment mode |
| CN114866374A (en) * | 2022-05-11 | 2022-08-05 | 青岛海信日立空调系统有限公司 | Intelligent home gateway equipment and intelligent home system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104639625A (en) * | 2015-01-27 | 2015-05-20 | 华南理工大学 | Data concentrator acquisition control method based on MQTT (Message Queuing Telemetry Transport), data concentrator acquisition control device based on MQTT and data concentrator acquisition control system based on MQTT |
| CN107435150A (en) * | 2016-05-25 | 2017-12-05 | 西安电子科技大学 | A kind of oil pipeline cathodic protection potential detecting system and detection method |
| US20180115517A1 (en) * | 2016-10-24 | 2018-04-26 | Fisher-Rosemount Systems, Inc. | Secured Process Control Communications |
| CN108965447A (en) * | 2018-07-27 | 2018-12-07 | 四川爱创科技有限公司 | The method and system that data are acquired and remotely controlled |
| CN109040098A (en) * | 2018-08-23 | 2018-12-18 | 四川长虹电器股份有限公司 | A method of MQTT protocol authentication is realized based on JWT |
| CN109088723A (en) * | 2018-10-26 | 2018-12-25 | 四川长虹电器股份有限公司 | A kind of long-range control method based on MQTT agreement |
-
2019
- 2019-01-23 CN CN201910065245.5A patent/CN109587178A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104639625A (en) * | 2015-01-27 | 2015-05-20 | 华南理工大学 | Data concentrator acquisition control method based on MQTT (Message Queuing Telemetry Transport), data concentrator acquisition control device based on MQTT and data concentrator acquisition control system based on MQTT |
| CN107435150A (en) * | 2016-05-25 | 2017-12-05 | 西安电子科技大学 | A kind of oil pipeline cathodic protection potential detecting system and detection method |
| US20180115517A1 (en) * | 2016-10-24 | 2018-04-26 | Fisher-Rosemount Systems, Inc. | Secured Process Control Communications |
| CN108965447A (en) * | 2018-07-27 | 2018-12-07 | 四川爱创科技有限公司 | The method and system that data are acquired and remotely controlled |
| CN109040098A (en) * | 2018-08-23 | 2018-12-18 | 四川长虹电器股份有限公司 | A method of MQTT protocol authentication is realized based on JWT |
| CN109088723A (en) * | 2018-10-26 | 2018-12-25 | 四川长虹电器股份有限公司 | A kind of long-range control method based on MQTT agreement |
Non-Patent Citations (2)
| Title |
|---|
| 李飞等: "《信息安全理论与技术》", 31 March 2016 * |
| 武金木等: "《信息安全基础》", 31 July 2007 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11856091B2 (en) | 2019-07-17 | 2023-12-26 | Mitsubishi Electric Corporation | Data distribution system, data processing device, and program |
| CN114128207A (en) * | 2019-07-17 | 2022-03-01 | 三菱电机株式会社 | Data distribution system, data processing device, and program |
| CN114128207B (en) * | 2019-07-17 | 2023-10-17 | 三菱电机株式会社 | Data distribution system, data processing apparatus, and computer-readable recording medium |
| CN112202557B (en) * | 2020-11-17 | 2023-05-30 | 平安科技(深圳)有限公司 | Encryption method, device, equipment and storage medium based on key update distribution |
| CN112202557A (en) * | 2020-11-17 | 2021-01-08 | 平安科技(深圳)有限公司 | Encryption method, device, equipment and storage medium based on secret key update distribution |
| WO2022130088A1 (en) * | 2020-12-14 | 2022-06-23 | International Business Machines Corporation | Key rotation on publish-subscribe system |
| GB2616997A (en) * | 2020-12-14 | 2023-09-27 | Ibm | Key rotation on publish-subscribe system |
| CN112953940A (en) * | 2021-02-20 | 2021-06-11 | 同济大学 | Safe publishing and subscribing system and method based on hybrid encryption algorithm and key attribute filtering |
| CN113098969A (en) * | 2021-04-09 | 2021-07-09 | 薪得付信息技术(上海)有限公司 | Data distribution method, device and system and electronic equipment |
| CN113098969B (en) * | 2021-04-09 | 2022-12-20 | 薪得付信息技术(上海)有限公司 | Data distribution method, device and system and electronic equipment |
| CN112950844B (en) * | 2021-04-29 | 2022-04-19 | 四川虹美智能科技有限公司 | Intelligent vending machine control method, control platform and system |
| CN112950844A (en) * | 2021-04-29 | 2021-06-11 | 四川虹美智能科技有限公司 | Intelligent vending machine control method, control platform and system |
| CN114666367A (en) * | 2022-03-21 | 2022-06-24 | 浙江大学 | General Internet of things system based on product equipment mode |
| CN114866374A (en) * | 2022-05-11 | 2022-08-05 | 青岛海信日立空调系统有限公司 | Intelligent home gateway equipment and intelligent home system |
| CN114866374B (en) * | 2022-05-11 | 2024-01-16 | 青岛海信日立空调系统有限公司 | Intelligent home gateway equipment and intelligent home system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109587178A (en) | A kind of intelligent appliance encryption control system and method based on MQTT | |
| CN108092769B (en) | Quantum cipher network reliable encryption transmission system and method | |
| CN109768987A (en) | A kind of storage of data file security privacy and sharing method based on block chain | |
| CN104917787B (en) | File security sharing method based on group key and system | |
| CN108173644A (en) | Data transfer encryption method, device, storage medium, equipment and server | |
| CN109168162B (en) | Bluetooth communication encryption method and device and intelligent security equipment | |
| CN105119891B (en) | A kind of data interactive method, set-top box and server | |
| CN112311533B (en) | Terminal identity authentication method, system and storage medium | |
| Bali et al. | Lightweight authentication for MQTT to improve the security of IoT communication | |
| CN106209373B (en) | Key generation system, data stamped signature and encryption system and method | |
| CN104168320B (en) | The method and system that a kind of user data is shared | |
| CN105847279A (en) | Distributed data processing method and data center | |
| CN106250173B (en) | A method of message Remote Installation and unloading advertisement based on MQTT | |
| CN115964728A (en) | File encryption method and device based on consensus algorithm | |
| CN113300999A (en) | Information processing method, electronic device, and readable storage medium | |
| CN109491591A (en) | A kind of information diffusion method suitable for cloudy storage system | |
| CN107222473B (en) | Method and system for encrypting and decrypting API service data at transport layer | |
| CN108924596A (en) | media data transmission method, device and storage medium | |
| CN110570197B (en) | Data processing method and device based on block chain | |
| CN109560917B (en) | QKD method, device and system | |
| AU2012210978B2 (en) | Controlled security domains | |
| CN107947931A (en) | A kind of method and system of key agreement, bluetooth equipment | |
| CN113297603A (en) | Data processing method, apparatus, device, storage medium and program product | |
| CN107483883B (en) | Intelligent data interaction method and device | |
| CN113014545A (en) | Data processing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190405 |
|
| RJ01 | Rejection of invention patent application after publication |