CN111629003A - Key distribution method facing to Internet of things - Google Patents

Key distribution method facing to Internet of things Download PDF

Info

Publication number
CN111629003A
CN111629003A CN202010468709.XA CN202010468709A CN111629003A CN 111629003 A CN111629003 A CN 111629003A CN 202010468709 A CN202010468709 A CN 202010468709A CN 111629003 A CN111629003 A CN 111629003A
Authority
CN
China
Prior art keywords
key
internet
things
request
authentication server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010468709.XA
Other languages
Chinese (zh)
Other versions
CN111629003B (en
Inventor
金梁
杨智
李雪燕
刘龙彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan Zhiyun Data Information Technology Co ltd
Original Assignee
Henan Zhiyun Data Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan Zhiyun Data Information Technology Co ltd filed Critical Henan Zhiyun Data Information Technology Co ltd
Priority to CN202010468709.XA priority Critical patent/CN111629003B/en
Publication of CN111629003A publication Critical patent/CN111629003A/en
Application granted granted Critical
Publication of CN111629003B publication Critical patent/CN111629003B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to the technical field of network security, in particular to a key distribution method facing to the Internet of things, which improves the distribution efficiency, judges whether eavesdropping occurs according to time difference and improves the security; the method comprises the following steps of: the Internet of things terminal requests a key from the soft switch, the soft switch sends the key request information to the security gateway, and the security gateway marks and encrypts the key request; step 2: the security gateway sends request information to an authentication server; and step 3: the authentication server decrypts the request information, performs key distribution after authentication, and sends the key information to the security gateway, the soft switch and the internet of things terminal in sequence, and the key distribution is stopped when the authentication fails.

Description

Key distribution method facing to Internet of things
Technical Field
The invention relates to the technical field of network security, in particular to a key distribution method facing to the Internet of things.
Background
As is well known, The Internet of Things (IOT) is a technology that collects any object or process to be monitored, connected, and interacted in real time, collects various information required by sound, light, heat, electricity, mechanics, chemistry, biology, location, etc. through various devices and technologies such as various information sensors, radio frequency identification technology, global positioning system, infrared sensor, laser scanner, etc., and realizes The ubiquitous connection of objects, and people through various possible network accesses, thereby realizing intelligent sensing, identification, and management of objects and processes. The internet of things is an information bearer based on the internet, a traditional telecommunication network and the like, and all common physical objects which can be independently addressed form an interconnected network.
The key distribution method in the prior art has the following problems: the distribution efficiency is low, and the security is poor because the eavesdropping cannot be effectively prevented.
Disclosure of Invention
In order to solve the technical problems, the invention provides a key distribution method facing to the internet of things, which improves the distribution efficiency, judges whether eavesdropping occurs according to the time difference and improves the safety.
The key distribution method facing the Internet of things comprises the following steps:
step 1: the Internet of things terminal requests a key from the soft switch, the soft switch sends the key request information to the security gateway, and the security gateway marks and encrypts the key request;
step 2: the security gateway sends request information to an authentication server;
and step 3: the authentication server decrypts the request information, performs key distribution after authentication, and sends the key information to the security gateway, the soft switch and the internet of things terminal in sequence, and the key distribution is stopped when the authentication fails.
The key distribution method facing the Internet of things comprises the step 0 before the step 1, wherein the step 0 comprises the steps of establishing a request and receiving time difference information base, making time differences between a key request sent by the Internet of things and a key received by the Internet of things, between a key request received by a soft switch and a key received by the soft switch, between a key request received by a security gateway and a key received by the security gateway, between a key request of an authentication server structure and a key sending time of the authentication server in an ideal state, and summing;
recording the key sending request of the Internet of things, the key receiving request of the soft switch, the key receiving request of the security gateway, the structural key request of the authentication server and the key sending time of the authentication server in the steps 1, 2 and 3, calculating time differences between the key sending request of the Internet of things and the key receiving request of the security gateway, between the key receiving request of the soft switch and the key receiving request of the soft switch, between the key receiving request of the security gateway and between the structural key request of the authentication server and the key sending time of the authentication server, summing the time differences and calculating the percentage as a standard for measuring the deviation degree, and using the authentication server to implement a single key on the terminal of; for 10-30%, the authentication server carries out a mode of regularly replacing the key on the terminal of the Internet of things; for 30-50%, the authentication server executes a temporary key on the terminal of the Internet of things; and for 50-100%, the authentication server refuses the terminal of the Internet of things.
According to the key distribution method facing the Internet of things, in the step 1, the Internet of things terminal sends the key request and contains the position information, the equipment ID, the IP address and the MAC address, the authentication server senses the position information, and if the key is transmitted in a close range, the key is transmitted in one mode of NFC, RFID and infrared transmission.
According to the key distribution method facing the Internet of things, the authentication server carries out temporary keys on the terminals of the Internet of things for 30-50%, and carries out delay processing and sets an emergency authentication channel for 30-50% of the terminals of the Internet of things.
The key distribution method facing the Internet of things is based on a system, and the system comprises an Internet of things terminal, a soft switch, a security gateway, an authentication server, a time module, a judgment module and an emergency verification module;
the terminal of the Internet of things: sending a key request and receiving a key;
soft switching: the core technology of the NGN network provides call control and connection control functions for the terminal of the Internet of things;
the security gateway: verifying the security and identity of the terminal of the Internet of things;
an authentication server: carrying out key distribution;
a time module: recording a key sending request of the Internet of things, a key receiving request of a soft switch, a key receiving request of the soft switch, a key receiving request of a security gateway, a key receiving request of the security gateway, a structural key request of an authentication server and key sending time of the authentication server;
a judging module: judging the distribution mode and frequency of the key of the terminal of the Internet of things by the authentication server according to the time difference;
an emergency verification module: and carrying out emergency verification on the terminal of the Internet of things with the overlarge offset degree.
Compared with the prior art, the invention has the beneficial effects that: by recording the whole time difference from the request to the key reception and comparing with the ideal state, different distribution modes are implemented according to the deviation degree, and the distribution efficiency and the safety factor are greatly improved.
Drawings
FIG. 1 is a schematic structural view of the present invention;
FIG. 2 is a system flow diagram of the present invention;
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
As shown in fig. 1 to 2, the key distribution method for the internet of things of the present invention includes the following steps:
step 1: the Internet of things terminal requests a key from the soft switch, the soft switch sends the key request information to the security gateway, and the security gateway marks and encrypts the key request;
step 2: the security gateway sends request information to an authentication server;
and step 3: the authentication server decrypts the request information, performs key distribution after authentication, and sends the key information to the security gateway, the soft switch and the internet of things terminal in sequence, and the key distribution is stopped when the authentication fails.
The key distribution method facing the Internet of things comprises the step 0 before the step 1, wherein the step 0 comprises the steps of establishing a request and receiving time difference information base, making time differences between a key request sent by the Internet of things and a key received by the Internet of things, between a key request received by a soft switch and a key received by the soft switch, between a key request received by a security gateway and a key received by the security gateway, between a key request of an authentication server structure and a key sending time of the authentication server in an ideal state, and summing;
recording the key sending request of the Internet of things, the key receiving request of the soft switch, the key receiving request of the security gateway, the structural key request of the authentication server and the key sending time of the authentication server in the steps 1, 2 and 3, calculating time differences between the key sending request of the Internet of things and the key receiving request of the security gateway, between the key receiving request of the soft switch and the key receiving request of the soft switch, between the key receiving request of the security gateway and between the structural key request of the authentication server and the key sending time of the authentication server, summing the time differences and calculating the percentage as a standard for measuring the deviation degree, and using the authentication server to implement a single key on the terminal of; for 10-30%, the authentication server carries out a mode of regularly replacing the key on the terminal of the Internet of things; for 30-50%, the authentication server executes a temporary key on the terminal of the Internet of things; and for 50-100%, the authentication server refuses the terminal of the Internet of things.
According to the key distribution method facing the Internet of things, in the step 1, the Internet of things terminal sends the key request and contains the position information, the equipment ID, the IP address and the MAC address, the authentication server senses the position information, and if the key is transmitted in a close range, the key is transmitted in one mode of NFC, RFID and infrared transmission.
According to the key distribution method facing the Internet of things, the authentication server carries out temporary keys on the terminals of the Internet of things for 30-50%, and carries out delay processing and sets an emergency authentication channel for 30-50% of the terminals of the Internet of things.
The key distribution method facing the Internet of things is based on a system, and the system comprises an Internet of things terminal, a soft switch, a security gateway, an authentication server, a time module, a judgment module and an emergency verification module;
the terminal of the Internet of things: sending a key request and receiving a key;
soft switching: the core technology of the NGN network provides call control and connection control functions for the terminal of the Internet of things;
the security gateway: verifying the security and identity of the terminal of the Internet of things;
an authentication server: carrying out key distribution;
a time module: recording a key sending request of the Internet of things, a key receiving request of a soft switch, a key receiving request of the soft switch, a key receiving request of a security gateway, a key receiving request of the security gateway, a structural key request of an authentication server and key sending time of the authentication server;
a judging module: judging the distribution mode and frequency of the key of the terminal of the Internet of things by the authentication server according to the time difference;
an emergency verification module: and carrying out emergency verification on the terminal of the Internet of things with the overlarge offset degree.
Compared with the prior art, the invention has the beneficial effects that: by recording the whole time difference from the request to the key reception and comparing with the ideal state, different distribution modes are implemented according to the deviation degree, and the distribution efficiency and the safety factor are greatly improved.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (5)

1. The key distribution method facing the Internet of things is characterized by comprising the following steps:
step 1: the Internet of things terminal requests a key from the soft switch, the soft switch sends the key request information to the security gateway, and the security gateway marks and encrypts the key request;
step 2: the security gateway sends request information to an authentication server;
and step 3: the authentication server decrypts the request information, performs key distribution after authentication, and sends the key information to the security gateway, the soft switch and the internet of things terminal in sequence, and the key distribution is stopped when the authentication fails.
2. The key distribution method oriented to the internet of things as claimed in claim 1, wherein step 1 further comprises step 0, step 0 comprises creating a request and receiving time difference information base, and under an ideal state, time differences are made between a key request sent by the internet of things and a key received by the internet of things, between a key request received by a soft switch and a key received by the soft switch, between a key request received by a security gateway and a key received by the security gateway, between a key request constructed by an authentication server and a key time sent by the authentication server, and are summed;
recording the key sending request of the Internet of things, the key receiving request of the soft switch, the key receiving request of the security gateway, the structural key request of the authentication server and the key sending time of the authentication server in the steps 1, 2 and 3, calculating time differences between the key sending request of the Internet of things and the key receiving request of the security gateway, between the key receiving request of the soft switch and the key receiving request of the soft switch, between the key receiving request of the security gateway and between the structural key request of the authentication server and the key sending time of the authentication server, summing the time differences and calculating the percentage as a standard for measuring the deviation degree, and using the authentication server to implement a single key on the terminal of; for 10-30%, the authentication server carries out a mode of regularly replacing the key on the terminal of the Internet of things; for 30-50%, the authentication server executes a temporary key on the terminal of the Internet of things; and for 50-100%, the authentication server refuses the terminal of the Internet of things.
3. The key distribution method oriented to the internet of things as claimed in claim 2, wherein the key request sent by the terminal of the internet of things in the step 1 includes location information, a device ID, an IP address and an MAC address, the authentication server senses the location information, and if the key is transmitted in a close range, the key is transmitted by using one of NFC, RFID and infrared transmission.
4. The internet-of-things-oriented key distribution method as claimed in claim 2, wherein the authentication server performs temporary keys on terminals of the internet of things for 30-50%, and performs delay processing and sets an emergency authentication channel for 30-50% of the times.
5. The Internet of things-oriented key distribution method according to any one of claims 1-4, wherein the Internet of things-oriented key distribution method is based on a system comprising an Internet of things terminal, a soft switch, a security gateway, an authentication server, a time module, a judgment module and an emergency verification module;
the terminal of the Internet of things: sending a key request and receiving a key;
soft switching: the core technology of the NGN network provides call control and connection control functions for the terminal of the Internet of things;
the security gateway: verifying the security and identity of the terminal of the Internet of things;
an authentication server: carrying out key distribution;
a time module: recording a key sending request of the Internet of things, a key receiving request of a soft switch, a key receiving request of the soft switch, a key receiving request of a security gateway, a key receiving request of the security gateway, a structural key request of an authentication server and key sending time of the authentication server;
a judging module: judging the distribution mode and frequency of the key of the terminal of the Internet of things by the authentication server according to the time difference;
an emergency verification module: and carrying out emergency verification on the terminal of the Internet of things with the overlarge offset degree.
CN202010468709.XA 2020-05-28 2020-05-28 Key distribution method facing to Internet of things Active CN111629003B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010468709.XA CN111629003B (en) 2020-05-28 2020-05-28 Key distribution method facing to Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010468709.XA CN111629003B (en) 2020-05-28 2020-05-28 Key distribution method facing to Internet of things

Publications (2)

Publication Number Publication Date
CN111629003A true CN111629003A (en) 2020-09-04
CN111629003B CN111629003B (en) 2022-03-22

Family

ID=72260122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010468709.XA Active CN111629003B (en) 2020-05-28 2020-05-28 Key distribution method facing to Internet of things

Country Status (1)

Country Link
CN (1) CN111629003B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1658547A (en) * 2004-02-16 2005-08-24 华为技术有限公司 Crytographic keys distribution method
US20100296655A1 (en) * 2008-03-10 2010-11-25 Nds Limited Key distribution system
CN110035033A (en) * 2018-01-11 2019-07-19 华为技术有限公司 Cryptographic key distribution method, apparatus and system
CN110708337A (en) * 2019-10-30 2020-01-17 山东浪潮商用系统有限公司 Big data security framework system based on identity authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1658547A (en) * 2004-02-16 2005-08-24 华为技术有限公司 Crytographic keys distribution method
US20100296655A1 (en) * 2008-03-10 2010-11-25 Nds Limited Key distribution system
CN110035033A (en) * 2018-01-11 2019-07-19 华为技术有限公司 Cryptographic key distribution method, apparatus and system
CN110708337A (en) * 2019-10-30 2020-01-17 山东浪潮商用系统有限公司 Big data security framework system based on identity authentication

Also Published As

Publication number Publication date
CN111629003B (en) 2022-03-22

Similar Documents

Publication Publication Date Title
CN101867530B (en) Things-internet gateway system based on virtual machine and data interactive method
CN108512862B (en) Internet of things terminal security authentication management and control platform based on certificate-free identification authentication technology
CN1685687B (en) Method for determining proximity of target node to source node
CN108521662B (en) Method and system for safe overhead switching of satellite
CN110267270B (en) Identity authentication method for sensor terminal access edge gateway in transformer substation
CN102223637B (en) Identity authentication method and system based on wireless channel characteristic
CN1249637A (en) Method for encryption of wireless communication in wireless system
WO2007107708A3 (en) Establishing communications
RU2008109827A (en) MOBILE STATION, RADIO ACCESS NETWORK DEVICE, MOBILE SWITCHING STATION, MOBILE COMMUNICATION SYSTEM AND METHOD OF GIVING ACCESS TO COMMUNICATION SERVICES
MX2022006548A (en) Methods and devices for establishing secure communication for applications.
CN1249587A (en) Method for mutual authentication and cryptographic key agreement
CA2450631A1 (en) System and method for processing encoded messages for exchange with a mobile data communication device
CN110784865A (en) Network distribution method and terminal of Internet of things equipment, Internet of things equipment and network distribution system
CA3129803A1 (en) Methods and systems for enabling identity-based services using a random identifier
CN112565302A (en) Communication method, system and equipment based on security gateway
WO2003049486A3 (en) Apparatus, and associated method, for facilitating authentication of a mobile station with a core network
JP2004207965A (en) High speed authentication system and method for wireless lan
CN101568116B (en) Method for obtaining certificate state information and certificate state management system
CN111629003B (en) Key distribution method facing to Internet of things
CN102045670B (en) Method, server and smart card for transmitting short message
CN113302895B (en) Method and apparatus for authenticating a group of wireless communication devices
KR101178272B1 (en) Protocol expansion of a signaling message
CN106559402B (en) User terminal and identity authentication method and device for encrypted voice telephone service thereof
CN112399416B (en) Access method and device
KR100983653B1 (en) Apparatus and method for authenticating mobile communication terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant