CN111464489B - Privacy protection method and system for Internet of things equipment - Google Patents

Privacy protection method and system for Internet of things equipment Download PDF

Info

Publication number
CN111464489B
CN111464489B CN202010106458.0A CN202010106458A CN111464489B CN 111464489 B CN111464489 B CN 111464489B CN 202010106458 A CN202010106458 A CN 202010106458A CN 111464489 B CN111464489 B CN 111464489B
Authority
CN
China
Prior art keywords
user
information
internet
things
end system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010106458.0A
Other languages
Chinese (zh)
Other versions
CN111464489A (en
Inventor
杨建军
郭楠
卓兰
杨宏
韩丽
李孟良
张弛
赵向阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING SAIXI TECHNOLOGY DEVELOPMENT CO LTD
China Electronics Standardization Institute
Original Assignee
BEIJING SAIXI TECHNOLOGY DEVELOPMENT CO LTD
China Electronics Standardization Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING SAIXI TECHNOLOGY DEVELOPMENT CO LTD, China Electronics Standardization Institute filed Critical BEIJING SAIXI TECHNOLOGY DEVELOPMENT CO LTD
Priority to CN202010106458.0A priority Critical patent/CN111464489B/en
Publication of CN111464489A publication Critical patent/CN111464489A/en
Application granted granted Critical
Publication of CN111464489B publication Critical patent/CN111464489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Abstract

The invention provides a privacy protection method and a privacy protection system for Internet of things equipment, wherein the method comprises the steps of starting to capture voice information of a user at the Internet of things terminal equipment according to a voice activation signal of the user, and adding user mark information into the voice information, wherein the user mark information is used for identifying whether the user allows the voice information to be stored in a network or not; and sending the data to back-end system equipment; the back-end system equipment receives the voice of the user marked with the information, judges whether the user allows the storage of the privacy information according to the user marked information, and can discard the voice information if the user marked information shows that the user does not allow the voice information to be stored.

Description

Privacy protection method and system for Internet of things equipment
Technical Field
The invention belongs to the technical field of communication of the Internet of things, and relates to a privacy protection method and system based on Internet of things equipment.
Background
Nowadays, intelligent speakers and intelligent appliances, which can interact with people, walk together into our lives. However, the dialog with the smart speaker, and even the dialog heard by the smart speaker, may be revealed. When the U.S. media explodes in 2019, 4 and 11 days, technical grand amazon hires thousands of employees to listen to and analyze the conversation recorded by the smart speakers. The amazon echo intelligent sound box is provided with a voice assistant, namely amazon, and can complete operations such as conversation, music playing and the like according to user instructions. Amazon hires thousands of employees worldwide to listen to the voice recorded by their smart speaker products. They worked for 9 hours per day, with up to 1000 segments of audio analyzed per person. Amazon representation does so to improve the speech understanding ability of the voice assistant and improve the user experience. Although amazon means that the employee does not obtain information such as the user's name, it is still a concern for privacy security. They worry that once this information is revealed to a third party, the consequences will be unthinkable.
Similarly, many hardware manufacturers in China have also introduced intelligent speakers of their own brands, or similar intelligent voice devices, which attempt to increase the intelligence of their respective products by collecting and analyzing their voices. How to technically ensure the protection of user privacy, let the user acquire user audio under the condition that the user knows and allows, or how to ensure that the user privacy is illegally collected and utilized under the condition that the user privacy is not allowed is a problem to be urgently solved.
Disclosure of Invention
In order to solve the technical problem, the invention provides a privacy protection method of Internet of things equipment, which comprises the steps that the Internet of things terminal equipment starts to capture voice information of a user according to a voice activation signal of the user, and user mark information is added into the voice information, wherein the user mark information is used for identifying whether the user allows the voice information to be stored in a network or not; and sending the data to back-end system equipment; the back-end system equipment receives the voice of the user marked with the information, judges whether the user allows the storage of the privacy information according to the user marked information, and can discard the voice information if the user marked information shows that the user does not allow the voice information to be stored.
In particular, the user mark information also includes an identity information identifier of the user.
In particular, the user marking information is added to the user's speech in the form of a voiced or unvoiced signal.
Particularly, the internet of things terminal device encrypts the voice of the user containing the user mark information and sends the encrypted voice to the back-end system device.
Specifically, the voice of the user containing the user mark information is used for generating a digest of the voice of the user by using a hash algorithm, and the digest is encrypted by using a private key of the internet of things equipment to generate a signature of the internet of things equipment; the Internet of things equipment generates a session key, and the session key is used for encrypting the voice of the user containing the user mark information; and encrypting the session key by using the public key of the back-end system equipment to generate an encrypted session key, combining the encrypted session key, the encrypted user voice and the encrypted user signature, and sending the combined encrypted session key, the encrypted user voice and the encrypted user signature to the back-end system equipment.
Particularly, when the terminal equipment of the internet of things is used for the first time, an asymmetric key pair is generated, a private key is stored in the equipment of the internet of things, and a public key is sent to the back-end system equipment for storage; and the back-end system equipment sends the public key to the terminal equipment of the Internet of things.
Particularly, after receiving the combined user voice, the back-end system equipment is divided into three parts, namely an encrypted session key, an encrypted user voice and a user signature; the back-end system equipment decrypts the encrypted session key by using a private key of the back-end system equipment to obtain a session key; decrypting the encrypted user voice by using the session key to obtain the user voice containing the user mark information; the back-end system device decrypts the signature of the Internet of things device by using a public key of the Internet of things device to obtain the abstract of the user voice containing the user mark information; and comparing the user voice containing the user mark information with the digest of the user voice after performing hash calculation to determine whether the user voice is tampered.
In particular, the format and meaning of the user's tag information may be determined based on user negotiation with the backend system device, the format and meaning of the user's tag information may be changed periodically, and the user tag information may be identified by different version numbers.
The invention also provides a privacy protection system of the Internet of things equipment, which comprises the Internet of things terminal equipment and the back-end system equipment; the terminal equipment of the Internet of things starts capturing voice information of a user according to a voice activation signal of the user, and adds user mark information into the voice information, wherein the user mark information is used for identifying whether the user allows the voice information to be stored in a network or not; and sending the data to back-end system equipment; the back-end system equipment receives the voice of the user marked with the information, judges whether the user allows the storage of the privacy information according to the user marked information, and can discard the voice information if the user marked information shows that the user does not allow the voice information to be stored.
By adopting the method and the system, the voice information of the user can be prevented from being collected and stored by the background system equipment under the condition of no permission, the privacy of the user is ensured not to be revealed, and the technical defect that the voice information of the user is randomly acquired by the terminal equipment of the internet of things, such as an intelligent sound box and an intelligent household appliance in the prior art is overcome.
Drawings
FIG. 1 is a block diagram of steps of a privacy protection method for terminal equipment of the Internet of things according to the present invention
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings.
According to the privacy protection method for the terminal equipment of the Internet of things, when the terminal equipment of the Internet of things is used for the first time, a user can receive permission inquiry sent by a manufacturer, and specifically, whether the related content of a permission protocol of voice information of the user is allowed to be collected or not and whether the voice content is allowed to be stored or not are judged; according to the selection of the user on the content of the license agreement, the terminal device of the internet of things can add corresponding marking information to the voice of the user, and the method specifically comprises the following steps:
s101, starting to capture the voice of a user at the terminal equipment of the Internet of things according to the voice activation signal of the user;
s102, adding mark information into the terminal equipment of the Internet of things, wherein the mark information is used for identifying whether a user wants to store the voice privacy information of the user;
s103, sending the user voice containing the mark information to the back-end system equipment.
In particular, such marking information may be embedded in the voiced signal; or embedded in an unvoiced signal, a voiced signal may appear as noise, particularly by being placed in a frequency range not normally occupied by speech, which may embed a sound into the user's speech that anyone can hear; the label information may also be a silent label, which cannot be perceived by a person, e.g. the label may be a sound signal in the high frequency range, which is embedded in the speech signal of the user. Specifically, the user mark information may include an identity of the user.
Specifically, in order to ensure that the user voice with the user mark information is leaked or tampered in the transmission process, the user voice needs to be encrypted, and a corresponding technology is provided to ensure that the mark information cannot be illegally modified and removed, and strict and effective security measures need to be added.
Specifically, the voice of the user containing the mark information is used for generating a digest of the voice of the user by a hash algorithm; the HASH algorithm may be various HASH algorithms, and is not particularly limited in the present invention.
Then, encrypting the abstract by using a private key of the terminal equipment of the Internet of things to generate a signature of the equipment of the Internet of things; the voice content of the user can be traced through the digital signature; the Internet of things equipment generates a session key, wherein the session key is a symmetric encryption key and can be automatically updated at intervals, or different keys are adopted for encryption each time; encrypting the voice of the user containing the tag information using the session key; encrypting the session key by using a public key of a back-end system to generate an encrypted session key; and combining the encrypted session key, the encrypted user voice and the encrypted user signature and then sending the combined encrypted session key, the encrypted user voice and the encrypted user signature to a back-end system. The traceability of the terminal equipment of the Internet of things is ensured through the digital signature technology; the voice content including the user mark information is prevented from being illegally tampered in the transmission process through the digital summarization technology.
In order to ensure the smooth implementation of the encryption and decryption processes, the terminal equipment of the internet of things can generate a public-private key pair, the private key is stored locally, and the public key is sent to a back-end system for storage; meanwhile, the public key of the back-end system equipment is also sent to the terminal equipment of the Internet of things in advance. Meanwhile, in order to ensure that the user marking information between different manufacturers and different devices is repeated or cracked, the format and meaning in the user marking information can be determined based on the negotiation between the user and the back-end system device; specifically, when respective public keys are exchanged between the terminal equipment of the internet of things and the back-end system equipment in advance, the public key information, the format and meaning of the user mark information and the format of the encrypted user voice data are negotiated in an out-of-band mode; the format and meaning of the marking information can be defined into different versions, the versions are identified through the version numbers and can be replaced regularly, for example, the format and the corresponding meaning of the marking information are updated every half month, and the marking is carried out through a new version number.
S104, the back-end system equipment receives the voice information of the user;
and S105, the back-end system equipment analyzes the user mark information in the voice information, judges whether the user allows the storage of the privacy information according to the mark information, and refuses to store and discards the user voice information if the mark information shows that the user does not allow the privacy information to be stored.
Specifically, when the user voice information is encrypted information, the back-end system equipment firstly divides the user voice into an encrypted session key, an encrypted user voice and a user signature after receiving the user voice;
the back-end system equipment decrypts the encrypted session key by using a private key of the back-end system equipment to obtain a session key; decrypting the encrypted user voice by using the session key to obtain the voice of the user containing the marking information; the back-end system device decrypts the signature of the Internet of things device by using a public key of the Internet of things device to obtain the abstract of the user voice containing the user mark information; and after carrying out hash calculation on the voice of the user containing the mark information, comparing the voice with the digest of the voice of the user, if the voice and the mark information are consistent, indicating that the voice and the mark information of the user are not tampered, otherwise, determining that the voice information or the mark information of the user is tampered in the transmission process, and discarding the voice information of the user by the back-end system equipment.
Specifically, to ensure that the user tag information between different manufacturers and different devices is repeated or cracked, the format and meaning in the user tag information may be determined based on the user negotiation with the backend system device. The format and meaning in the user marking information can respectively define different versions, are identified through the version number, and can be replaced periodically, for example, the format and the corresponding meaning of the marking information are updated every half month, and are marked through a new version number. The back-end system device forms a corresponding relation between the version number of the identification information of the user, the format and the meaning of the identification information of the user and the identity of the user, and stores the version number, the format and the meaning of the identification information of the user and the identity of the user locally.
Optionally, when respective public keys are exchanged between the terminal device of the internet of things and the back-end system device, the public key information, the format and meaning of the user mark information and the format and meaning of the encrypted user voice data are negotiated in an out-of-band manner; and when the back-end system equipment obtains the voice information with the user mark information through negotiation in an out-of-band mode, the format and the corresponding meaning of the corresponding user voice mark information are obtained according to the version number, and the user mark information obtained through analysis is used for determining to store or discard the voice of the user.
The invention provides a privacy protection system of terminal equipment of the Internet of things, which comprises the terminal equipment of the Internet of things and back-end system equipment, and is realized in the terminal equipment of the Internet of things and the back-end system equipment by the method, so that the privacy of a user is effectively protected, and the voice information of the user is prevented from being illegally utilized.
It will be evident to those skilled in the art that the embodiments of the present invention are not limited to the details of the foregoing illustrative embodiments, and that the embodiments of the present invention are capable of being embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the embodiments being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. Several units, modules or means recited in the system, apparatus or terminal claims may also be implemented by one and the same unit, module or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the embodiments of the present invention and not for limiting, and although the embodiments of the present invention are described in detail with reference to the above preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions can be made on the technical solutions of the embodiments of the present invention without departing from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (5)

1. A privacy protection method for Internet of things equipment is characterized by comprising the following steps of S101: the terminal equipment of the Internet of things starts to capture voice information of the user according to the voice activation signal of the user; s102: the Internet of things terminal equipment adds user mark information in user voice information, wherein the user mark information is used for identifying whether a user allows the voice information to be stored in a network or not; s103: sending the user voice information containing the user mark information to back-end system equipment; s104: the back-end system equipment receives user voice information containing the user mark information; s105: judging whether the user allows to store the user voice information according to the user mark information, and if the user mark information shows that the user does not allow to store the user voice information, discarding the user voice information by the back-end system equipment;
the internet of things terminal equipment encrypts the user voice containing the user mark information and then sends the encrypted user voice to back-end system equipment, and the method specifically comprises the following steps:
the Internet of things terminal equipment generates the user voice information summary containing the user mark information by using a hash algorithm, and encrypts the summary by using a private key of the Internet of things terminal equipment to generate a signature of the Internet of things terminal equipment; the terminal equipment of the Internet of things generates a session key, and the session key is used for encrypting the user voice information containing the user mark information; encrypting the session key by using a public key of the back-end system equipment to generate an encrypted session key, combining the encrypted session key, the encrypted user voice information and the user signature, and sending the combined encrypted session key, the encrypted user voice information and the user signature to the back-end system equipment; the user tag information is a sound signal located in a high frequency range and cannot be perceived by a person; when the terminal equipment of the Internet of things is used for the first time, an asymmetric key pair is generated, wherein a private key is stored by the terminal equipment of the Internet of things, and a public key is sent to the back-end system equipment for storage; the back-end system device sends the public key to the terminal device of the Internet of things; when respective public keys are exchanged between the terminal equipment of the Internet of things and the back-end system equipment, the public key information, the format and meaning of the user mark information and the format of the encrypted user voice data are negotiated in an out-of-band mode.
2. The privacy protection method of claim 1, wherein: the user mark information also includes the identity information identifier of the user.
3. The privacy protection method of claim 1, wherein: after receiving the combined user voice information, the back-end system equipment is divided into three parts, namely an encrypted session key, encrypted user voice information and a user signature; the back-end system equipment decrypts the encrypted session key by using a private key of the back-end system equipment to obtain a session key; decrypting the encrypted user voice information by using the session key to obtain the user voice information containing the user mark information; the back-end system device decrypts the signature of the terminal device of the internet of things by using the public key of the terminal device of the internet of things to obtain the abstract of the user voice information containing the user mark information; and comparing the user voice information containing the user mark information with the digest of the user voice information after hash calculation so as to determine whether the user voice information is tampered.
4. The privacy protection method of claim 1, wherein: the format and meaning in the user's tag information are determined based on negotiation between the user and the back-end system device, the format and meaning of the user's tag information are periodically changed, and the user tag information is identified by different version numbers.
5. A privacy protection system of Internet of things equipment comprises Internet of things terminal equipment and back-end system equipment; the terminal equipment of the Internet of things starts capturing voice information of a user according to a voice activation signal of the user, and adds user mark information into the voice information, wherein the user mark information is used for identifying whether the user allows the voice information to be stored in a network or not; and sending the data to back-end system equipment; the back-end system equipment receives the user voice information containing the user mark information, judges whether the user allows the storage of the privacy information according to the user mark information, and discards the user voice information if the user mark information shows that the user does not allow the storage of the user voice information;
the internet of things terminal equipment encrypts user voice information containing the user mark information and then sends the encrypted user voice information to back-end system equipment, and the method specifically comprises the following steps: the Internet of things terminal equipment generates the user voice information summary containing the user mark information by using a hash algorithm, and encrypts the summary by using a private key of the Internet of things terminal equipment to generate a signature of the Internet of things terminal equipment; the terminal equipment of the Internet of things generates a session key, and encrypts user voice information containing the user mark information by using the session key; encrypting a session key by using a public key of back-end system equipment to generate an encrypted session key, combining the encrypted session key, the encrypted user voice information and the user signature, and sending the combined encrypted session key, the encrypted user voice information and the user signature to the back-end system equipment; the user tag information is a sound signal located in a high frequency range and cannot be perceived by a person; when the terminal equipment of the Internet of things is used for the first time, an asymmetric key pair is generated, wherein a private key is stored by the terminal equipment of the Internet of things, and a public key is sent to the back-end system equipment for storage; the back-end system device sends the public key to the terminal device of the Internet of things; when respective public keys are exchanged between the terminal equipment of the Internet of things and the back-end system equipment, the public key information, the format and meaning of the user mark information and the format of the encrypted user voice data are negotiated in an out-of-band mode.
CN202010106458.0A 2020-02-21 2020-02-21 Privacy protection method and system for Internet of things equipment Active CN111464489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010106458.0A CN111464489B (en) 2020-02-21 2020-02-21 Privacy protection method and system for Internet of things equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010106458.0A CN111464489B (en) 2020-02-21 2020-02-21 Privacy protection method and system for Internet of things equipment

Publications (2)

Publication Number Publication Date
CN111464489A CN111464489A (en) 2020-07-28
CN111464489B true CN111464489B (en) 2022-02-18

Family

ID=71680197

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010106458.0A Active CN111464489B (en) 2020-02-21 2020-02-21 Privacy protection method and system for Internet of things equipment

Country Status (1)

Country Link
CN (1) CN111464489B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499953A (en) * 2021-12-23 2022-05-13 中国电子技术标准化研究院 Privacy information intelligent security method and device based on flow analysis
CN114429368A (en) * 2022-01-20 2022-05-03 南京欣威视通信息科技股份有限公司 Intelligent delivery type advertising equipment based on big data analysis crowd chats type response
CN114567467A (en) * 2022-02-17 2022-05-31 广州贝鼎科技有限公司 Data exchange method and system for gateway and server of Internet of things

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101115066A (en) * 2006-07-10 2008-01-30 国际商业机器公司 Method and equipment for checking for permission to record voip messages
CN109859757A (en) * 2019-03-19 2019-06-07 百度在线网络技术(北京)有限公司 A kind of speech ciphering equipment control method, device and terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120297017A1 (en) * 2011-05-20 2012-11-22 Microsoft Corporation Privacy-conscious personalization
US20150326617A1 (en) * 2014-05-06 2015-11-12 DoNotGeoTrack, Inc. Privacy Control Processes for Mobile Devices, Wearable Devices, other Networked Devices, and the Internet of Things
US20180213396A1 (en) * 2017-01-20 2018-07-26 Essential Products, Inc. Privacy control in a connected environment based on speech characteristics
CN110534107A (en) * 2019-09-11 2019-12-03 北京安云世纪科技有限公司 Sound control method, device, system and the electronic equipment of smart machine

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101115066A (en) * 2006-07-10 2008-01-30 国际商业机器公司 Method and equipment for checking for permission to record voip messages
CN109859757A (en) * 2019-03-19 2019-06-07 百度在线网络技术(北京)有限公司 A kind of speech ciphering equipment control method, device and terminal

Also Published As

Publication number Publication date
CN111464489A (en) 2020-07-28

Similar Documents

Publication Publication Date Title
CN111464489B (en) Privacy protection method and system for Internet of things equipment
CN107124281B (en) Data security method and related system
US10380357B1 (en) Forensic investigation tool
CN101977190B (en) Digital content encryption transmission method and server side
IL138109A (en) Method and devices for digitally signing files by means of a hand-held device
JP4788213B2 (en) Time stamp verification program and time stamp verification system
CN110474908B (en) Transaction supervision method and device, storage medium and computer equipment
JP2007028014A (en) Digital signature program, digital signature system, digital signature method and signature verification method
US11768957B2 (en) Privacy-preserving image distribution
CN103237010B (en) The server end of digital content is cryptographically provided
WO2016062153A1 (en) Method, system, and terminal for secure transmission of audio data
CN107222501A (en) A kind of information interaction security transmission method and system based on the non-electromagnetic signal of message identification code
TWI505126B (en) A method and apparatus to obtain a key
CN109413116A (en) A kind of believable cloud identity identifying method and system
Qian et al. Speech authentication and content recovery scheme for security communication and storage
Bharti et al. A novel approach for verifiable (n, n) audio secret sharing scheme
WO2015196642A1 (en) Data encryption method, decryption method and device
CN108768920A (en) A kind of recorded broadcast data processing method and device
Yuan et al. Audio watermarking algorithm for real-time speech integrity and authentication
CN108885878B (en) Improved method, apparatus and system for embedding data in a data stream
JPH11161167A (en) Device and method for ciphering and recording medium which records ciphering program
CN115150193A (en) Method and system for encrypting sensitive information in data transmission and readable storage medium
CN114663234A (en) System and method for supervising abnormal transactions on block chain
CN105743859A (en) Method, device and system for authenticating light application
CN113571068A (en) Method and device for voice data encryption, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant