CN111130769A - Internet of things terminal encryption method and device - Google Patents
Internet of things terminal encryption method and device Download PDFInfo
- Publication number
- CN111130769A CN111130769A CN201911287529.5A CN201911287529A CN111130769A CN 111130769 A CN111130769 A CN 111130769A CN 201911287529 A CN201911287529 A CN 201911287529A CN 111130769 A CN111130769 A CN 111130769A
- Authority
- CN
- China
- Prior art keywords
- terminal
- key
- negotiation
- random number
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 48
- 238000012795 verification Methods 0.000 claims abstract description 36
- 238000004891 communication Methods 0.000 claims abstract description 22
- 238000004364 calculation method Methods 0.000 claims abstract description 12
- 230000000977 initiatory effect Effects 0.000 claims abstract description 4
- 230000006855 networking Effects 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Abstract
The invention provides an Internet of things terminal encryption method and device, wherein the method comprises the following steps: after initiating a connection request, the first terminal receives a verification identifier sent by the second terminal, resolves the verification identifier through a pre-stored resolving algorithm and feeds back a resolving result to the second terminal; after the calculation result passes verification, the second terminal sends the public key and the random number of the second terminal to the first terminal; the first terminal generates a first negotiation key through a key negotiation algorithm according to a private key of the first terminal, a public key of the second terminal and the random number; the first terminal sends the own public key and the random number to the second terminal, and the second terminal generates a second negotiation key through a key negotiation algorithm according to the own private key, the public key of the first terminal and the random number; and when the first negotiation key is consistent with the second negotiation key, the negotiation key is used as a session key for encrypted communication. The technical scheme solves the problem of the communication safety of the existing Internet of things terminal, and can ensure the communication safety of the terminal while improving the encryption speed.
Description
Technical Field
The invention relates to the field of Internet of things, in particular to a terminal encryption method and device.
Background
The information required in the monitoring or connection process is collected through various information sensing devices, and the management control technology of specific objects is realized by accessing the internet through network communication, namely the internet of things technology. Based on wireless network, hardware and sensor, etc., it can facilitate information exchange and realize intelligent identification management. In the internet of things system, since hardware devices may be distributed in various places, and the network access environment is complex and is vulnerable to various illegal attacks, it is very necessary to protect the communication security of the internet of things terminal.
At present, in common terminal encryption modes of the internet of things, lightweight encryption algorithms such as symmetric encryption and asymmetric encryption exist, the resource requirement is low, and the encryption requirements can be met based on the lightweight encryption algorithms.
Disclosure of Invention
In view of this, embodiments of the present invention provide an internet of things terminal encryption method and apparatus, so as to solve the problem that it is difficult to improve encryption speed and ensure communication security in the existing terminal encryption communication method.
In a first aspect of the embodiments of the present invention, there is provided an internet of things terminal encryption method, including:
after initiating a connection request to a second terminal, a first terminal receives a verification identifier sent by the second terminal, resolves the verification identifier through a resolving algorithm prestored in the first terminal, and feeds back a resolving result to the second terminal;
if the calculation result passes the verification, the second terminal sends the public key of the second terminal and the random number generated based on the hash algorithm to the first terminal;
the first terminal generates a first negotiation key through a key negotiation algorithm according to a private key of the first terminal, a public key of the second terminal and a random number;
the first terminal sends a self public key and a random number generated based on a hash algorithm to the second terminal, and the second terminal generates a second negotiation key through a key negotiation algorithm according to a self private key, the public key of the first terminal and the random number;
and when the first negotiation key is consistent with the second negotiation key, the negotiation key is used as a session key for encrypted communication.
In a second aspect of the embodiments of the present invention, there is provided an internet of things terminal encryption apparatus, including:
the resolving module is used for receiving the verification identifier sent by the second terminal after the first terminal initiates a connection request to the second terminal, resolving the verification identifier through a resolving algorithm prestored in the first terminal and feeding back a resolving result to the second terminal;
the verification module is used for sending the public key of the second terminal and the random number generated based on the hash algorithm to the first terminal after the calculation result passes the verification;
the first generation module is used for generating a first negotiation key by the first terminal through a key negotiation algorithm according to a private key of the first terminal, a public key of the second terminal and a random number;
the second generation module is used for sending the public key of the first terminal and the random number generated based on the hash algorithm to the second terminal, and the second terminal generates a second negotiation key through a key negotiation algorithm according to the private key of the second terminal, the public key of the first terminal and the random number;
and the communication module is used for carrying out encryption communication by taking the negotiation key as a session key when the first negotiation key is consistent with the second negotiation key.
In the embodiment of the invention, after a terminal initiates a connection request, the terminal receives an authentication identifier sent by a corresponding terminal, the terminal resolves the authentication identifier through a pre-stored algorithm, feeds back a resolving result, after the corresponding terminal passes the resolving result, the terminal sends a self public key and a generated random number to the terminal, the terminal obtains a first negotiation key through a key negotiation algorithm according to a self private key, a public key of the opposite side and the random number, the corresponding terminal also calculates a second negotiation key according to the self private key, the public key of the opposite side and the random number, if the first negotiation key and the second negotiation key are consistent, the negotiation key with consistent authentication is used as a session key for encrypted communication, thereby solving the problem that the existing communication method is difficult to guarantee the security while the encryption speed is improved, based on connection authentication, and key negotiation can guarantee the communication security when the terminal is connected with other terminal devices, simultaneously for simple symmetric encryption and asymmetric encryption, the security is higher, based on the negotiation key, can effectively promote encryption speed, can encrypt the communication with a plurality of equipment moreover, can effectively avoid the key to reveal the problem.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a terminal encryption method for the internet of things according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an internet of things terminal encryption device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "comprises" and "comprising," when used in this specification and claims, and in the accompanying drawings and figures, are intended to cover non-exclusive inclusions, such that a process, method or system, or apparatus that comprises a list of steps or elements is not limited to the listed steps or elements. In addition, "first" and "second" are used to distinguish different objects, and are not used to describe a specific order.
Referring to fig. 1, fig. 1 is a schematic flow chart of a terminal encryption method for the internet of things according to an embodiment of the present invention, including:
s101, after initiating a connection request to a second terminal, a first terminal receives a verification identifier sent by the second terminal, the verification identifier is resolved through a resolving algorithm prestored in the first terminal, and a resolving result is fed back to the second terminal;
the first terminal and the second terminal can be internet of things terminals, or the first terminal is an internet of things terminal, the second terminal is a mobile terminal, or the first terminal is a mobile terminal and the second terminal is an internet of things terminal. The terminal of the internet of things, namely the equipment for realizing data acquisition and data transmission in the internet of things, can comprise a sensor, a processor and a wireless communication module in the terminal of the internet of things, and the mobile terminal, namely the terminal equipment for data acquisition, receives the terminal equipment of the internet of things, and can perform data processing analysis, such as mobile phones, tablet computers, PCs and other equipment.
The first terminal and the second terminal are stored with verification identification resolving algorithms, when the terminals receive the verification identifications, the verification identifications are resolved to obtain resolving results, and the second terminal can verify the resolving results according to the resolving algorithms of the second terminal.
Preferably, the verification identifier at least includes terminal identity information and a connection password.
S102, if the calculation result passes the verification, the second terminal sends the public key of the second terminal and the random number generated based on the hash algorithm to the first terminal;
preferably, the first terminal and the second terminal generate a negotiation key through a key negotiation algorithm according to a private key of the first terminal, the exchange public key, a calculation result of the verification identifier and the random number.
The first terminal can also generate a first negotiation key through a key negotiation algorithm according to the self private key, the second terminal public key, the calculation result of the verification identifier and the random number.
S103, the first terminal generates a first negotiation key through a key negotiation algorithm according to a self private key, the public key of the second terminal and the random number;
preferably, the second terminal may further generate a second negotiation key through a key negotiation algorithm according to the private key of the second terminal, the public key of the first terminal, the calculation result of the verification identifier, and the random number.
S104, the first terminal sends the own public key and the random number generated based on the hash algorithm to the second terminal, and the second terminal generates a second negotiation key through a key negotiation algorithm according to the own private key, the public key of the first terminal and the random number;
and S105, when the first negotiation key is consistent with the second negotiation key, carrying out encryption communication by taking the negotiation key as a session key.
Compared with the traditional encryption method for the terminal of the internet of things, the encryption method provided by the embodiment is simple in encryption process and high in safety, and based on the verification identification and the key negotiation of the connection, the encryption communication safety of the terminal of the internet of things can be improved, and meanwhile, the encryption speed is improved.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, but should not constitute any limitation to the implementation process of the embodiments of the present invention,
fig. 2 is a schematic structural diagram of a terminal encryption device for internet of things according to a third embodiment of the present invention, where the device includes:
the calculation module 210 is configured to receive a verification identifier sent by a second terminal after a first terminal initiates a connection request to the second terminal, calculate the verification identifier through a calculation algorithm pre-stored in the first terminal, and feed back a calculation result to the second terminal;
preferably, the verification identifier at least includes terminal identity information and a connection password.
The verification module 220 is configured to send the public key of the second terminal and the random number generated based on the hash algorithm to the first terminal if the calculation result passes the verification;
a first generating module 230, configured to generate, by the first terminal, a first negotiation key through a key negotiation algorithm according to a private key of the first terminal, a public key of the second terminal, and a random number;
preferably, the second terminal generates a second negotiation key through a key negotiation algorithm according to a private key of the second terminal, the public key of the first terminal and the random number; further comprising:
and the first terminal and the second terminal respectively generate a negotiation key through a key negotiation algorithm according to the self private key, the exchange public key, the resolving result of the verification identifier and the random number.
A second generating module 240, configured to send, by the first terminal, a public key of the first terminal and a random number generated based on a hash algorithm to the second terminal, where the second terminal generates a second negotiation key through a key negotiation algorithm according to a private key of the second terminal, the public key of the first terminal, and the random number;
a communication module 250, configured to perform encrypted communication by using the negotiation key as a session key when the first negotiation key is consistent with the second negotiation key.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
It will be understood by those skilled in the art that all or part of the steps in the method for implementing the above embodiments may be implemented by a program to instruct associated hardware, where the program may be stored in a computer-readable storage medium, and when the program is executed, the program includes steps S101 to S105, where the storage medium includes, for example: ROM/RAM, magnetic disk, optical disk, etc.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (6)
1. An Internet of things terminal encryption method is characterized by comprising the following steps:
after initiating a connection request to a second terminal, a first terminal receives a verification identifier sent by the second terminal, resolves the verification identifier through a resolving algorithm prestored in the first terminal, and feeds back a resolving result to the second terminal;
if the calculation result passes the verification, the second terminal sends the public key of the second terminal and the random number generated based on the hash algorithm to the first terminal;
the first terminal generates a first negotiation key through a key negotiation algorithm according to a private key of the first terminal, a public key of the second terminal and a random number;
the first terminal sends a self public key and a random number generated based on a hash algorithm to the second terminal, and the second terminal generates a second negotiation key through a key negotiation algorithm according to a self private key, the public key of the first terminal and the random number;
and when the first negotiation key is consistent with the second negotiation key, the negotiation key is used as a session key for encrypted communication.
2. The method according to claim 1, wherein the authentication identifier comprises at least terminal identity information and a connection password.
3. The method according to claim 1, wherein the second terminal generates a second negotiation key through a key negotiation algorithm according to a private key of the second terminal, the public key of the first terminal and a random number; further comprising:
and the first terminal and the second terminal respectively generate a negotiation key through a key negotiation algorithm according to the self private key, the exchange public key, the resolving result of the verification identifier and the random number.
4. The utility model provides a thing networking terminal encryption device which characterized in that includes:
the resolving module is used for receiving the verification identifier sent by the second terminal after the first terminal initiates a connection request to the second terminal, resolving the verification identifier through a resolving algorithm prestored in the first terminal and feeding back a resolving result to the second terminal;
the verification module is used for sending the public key of the second terminal and the random number generated based on the hash algorithm to the first terminal after the calculation result passes the verification;
the first generation module is used for generating a first negotiation key by the first terminal through a key negotiation algorithm according to a private key of the first terminal, a public key of the second terminal and a random number;
the second generation module is used for sending the public key of the first terminal and the random number generated based on the hash algorithm to the second terminal, and the second terminal generates a second negotiation key through a key negotiation algorithm according to the private key of the second terminal, the public key of the first terminal and the random number;
and the communication module is used for carrying out encryption communication by taking the negotiation key as a session key when the first negotiation key is consistent with the second negotiation key.
5. The apparatus according to claim 4, wherein the authentication identifier comprises at least terminal identity information and a connection password.
6. The apparatus according to claim 4, wherein the second terminal generates a second negotiation key through a key negotiation algorithm according to its own private key, the public key of the first terminal, and a random number; further comprising:
and the first terminal and the second terminal respectively generate a negotiation key through a key negotiation algorithm according to the self private key, the exchange public key, the resolving result of the verification identifier and the random number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911287529.5A CN111130769A (en) | 2019-12-14 | 2019-12-14 | Internet of things terminal encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911287529.5A CN111130769A (en) | 2019-12-14 | 2019-12-14 | Internet of things terminal encryption method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111130769A true CN111130769A (en) | 2020-05-08 |
Family
ID=70498863
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911287529.5A Pending CN111130769A (en) | 2019-12-14 | 2019-12-14 | Internet of things terminal encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111130769A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112636906A (en) * | 2020-12-11 | 2021-04-09 | 海光信息技术股份有限公司 | Key agreement method and device |
| CN112699352A (en) * | 2021-03-23 | 2021-04-23 | 中国信息通信研究院 | Trusted data acquisition terminal identity verification method, computer storage medium and electronic equipment |
| CN113079022A (en) * | 2021-03-31 | 2021-07-06 | 郑州信大捷安信息技术股份有限公司 | Secure transmission method and system based on SM2 key negotiation mechanism |
| WO2022062980A1 (en) * | 2020-09-23 | 2022-03-31 | 歌尔股份有限公司 | Communication method and apparatus, and electronic device and storage medium |
| CN114710359A (en) * | 2022-04-15 | 2022-07-05 | 辽宁工控科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109495445A (en) * | 2018-09-30 | 2019-03-19 | 青岛海尔科技有限公司 | Identity identifying method, device, terminal, server and medium based on Internet of Things |
| CN109768982A (en) * | 2019-01-23 | 2019-05-17 | 深圳市元征科技股份有限公司 | A kind of encrypted transmission method and device based on Internet of Things |
-
2019
- 2019-12-14 CN CN201911287529.5A patent/CN111130769A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109495445A (en) * | 2018-09-30 | 2019-03-19 | 青岛海尔科技有限公司 | Identity identifying method, device, terminal, server and medium based on Internet of Things |
| CN109768982A (en) * | 2019-01-23 | 2019-05-17 | 深圳市元征科技股份有限公司 | A kind of encrypted transmission method and device based on Internet of Things |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022062980A1 (en) * | 2020-09-23 | 2022-03-31 | 歌尔股份有限公司 | Communication method and apparatus, and electronic device and storage medium |
| CN112636906A (en) * | 2020-12-11 | 2021-04-09 | 海光信息技术股份有限公司 | Key agreement method and device |
| CN112699352A (en) * | 2021-03-23 | 2021-04-23 | 中国信息通信研究院 | Trusted data acquisition terminal identity verification method, computer storage medium and electronic equipment |
| CN112699352B (en) * | 2021-03-23 | 2021-06-18 | 中国信息通信研究院 | Trusted data acquisition terminal identity verification method, computer storage medium and electronic equipment |
| CN113079022A (en) * | 2021-03-31 | 2021-07-06 | 郑州信大捷安信息技术股份有限公司 | Secure transmission method and system based on SM2 key negotiation mechanism |
| CN113079022B (en) * | 2021-03-31 | 2022-02-18 | 郑州信大捷安信息技术股份有限公司 | Secure transmission method and system based on SM2 key negotiation mechanism |
| CN114710359A (en) * | 2022-04-15 | 2022-07-05 | 辽宁工控科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
| CN114710359B (en) * | 2022-04-15 | 2024-02-06 | 沈阳邦粹科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10812969B2 (en) | System and method for configuring a wireless device for wireless network access | |
| US11743726B2 (en) | Access method and system of internet of things equipment based on 5G, and storage medium | |
| Chaudhry et al. | Securing demand response management: A certificate-based access control in smart grid edge computing infrastructure | |
| CN107770182B (en) | Data storage method of home gateway and home gateway | |
| US10841784B2 (en) | Authentication and key agreement in communication network | |
| CN107454079B (en) | Lightweight equipment authentication and shared key negotiation method based on Internet of things platform | |
| CN111130769A (en) | Internet of things terminal encryption method and device | |
| CN110336774B (en) | Mixed encryption and decryption method, equipment and system | |
| US9843579B2 (en) | Dynamically generated SSID | |
| CN107637039B (en) | System for performing owner transfer and method and system for transferring ownership of device | |
| WO2019153701A1 (en) | Method and apparatus for obtaining device identification | |
| EP3700124B1 (en) | Security authentication method, configuration method, and related device | |
| US10680835B2 (en) | Secure authentication of remote equipment | |
| CN104145465A (en) | Group based bootstrapping in machine type communication | |
| EP2924944B1 (en) | Network authentication | |
| CN105553666B (en) | Intelligent power terminal safety authentication system and method | |
| CN113099443A (en) | Equipment authentication method, device, equipment and system | |
| CN105635062A (en) | Network access equipment verification method and device | |
| CN112769568B (en) | Security authentication communication system and method in fog computing environment and Internet of things equipment | |
| CN113572765B (en) | Lightweight identity authentication key negotiation method for resource-limited terminal | |
| CN113473458B (en) | Device access method, data transmission method and computer readable storage medium | |
| CN112566119A (en) | Terminal authentication method and device, computer equipment and storage medium | |
| WO2018222132A3 (en) | Network authentication method, network device and core network device | |
| Erroutbi et al. | Secure and lightweight HMAC mutual authentication protocol for communication between IoT devices and fog nodes | |
| WO2017020530A1 (en) | Enhanced wlan certificate authentication method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200508 |
|
| RJ01 | Rejection of invention patent application after publication |