CN111669407A - Method for realizing point-to-point secure communication of Internet of things based on cloud security authentication - Google Patents
Method for realizing point-to-point secure communication of Internet of things based on cloud security authentication Download PDFInfo
- Publication number
- CN111669407A CN111669407A CN202010612216.9A CN202010612216A CN111669407A CN 111669407 A CN111669407 A CN 111669407A CN 202010612216 A CN202010612216 A CN 202010612216A CN 111669407 A CN111669407 A CN 111669407A
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- terminal
- communication
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a method for realizing point-to-point secure communication of an internet of things based on cloud security authentication, and belongs to the technical field of secure communication of the internet of things. The method and the device solve the problems that the rapid transmission, analysis, terminal control and the like of real-time data cannot be realized under the conditions of low communication rate and weak calculation of the terminal of the Internet of things, and realize point-to-point safe communication among the terminals of the Internet of things. The invention comprises four steps: the method comprises the steps of constructing a secure communication hardware module, constructing cloud security mutual-control, point-to-point secure communication and constructing a cloud authentication management platform. According to the invention, cloud security interaction and point-to-point data security transmission among terminals of the Internet of things are realized by using simpler hardware combination modules, and meanwhile, a cloud security management and control platform is built, so that the security management of the terminals of the Internet of things and the full recording and security alarm of security communication are realized. The invention can be widely applied to the conditions of data field acquisition, analysis, control and the like of the Internet of things equipment, and has extremely wide application prospect and great significance.
Description
Technical Field
The invention relates to a method for realizing point-to-point secure communication of an internet of things based on cloud security authentication, and belongs to the technical field of secure communication of the internet of things.
Background
With the vigorous development of the technology of the internet of things, the terminals of the internet of things have entered various industries and thousands of households, and the number of the terminals of the internet of things also increases in geometric multiples; meanwhile, with the rapid development of edge calculation, the internet of things terminal equipment also has different degrees of intelligence or intellectualization, and the storage space is also continuously increased. How to safely and quickly read the data information stored on the terminal of the internet of things or locally control the terminal of the internet of things so as to realize quick and local data analysis and local monitoring and debugging, and particularly in an environment with narrow wireless network bandwidth, the point-to-point safe data transmission is very important. The low latency of localized data acquisition, analysis, and control can bring significant economic benefits or avoid significant economic losses, especially at some critical time.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a method for realizing point-to-point safe communication of the Internet of things based on cloud safety certification, which realizes the safe mutual arbitrary and point-to-point data transmission between terminals of the Internet of things through a simpler hardware combination module, and simultaneously builds a cloud safety control platform, thereby realizing the safe management of the terminals of the Internet of things and the full record and safe alarm of the safe communication.
The invention relates to a method for realizing point-to-point safe communication of an Internet of things based on cloud safety authentication, which comprises the following steps:
the method comprises the following steps: construction of a secure communication hardware module: including high in the clouds communication module, data processing module and near field communication module, wherein:
the cloud communication module is directly connected to a communication module of the Internet through the cloud communication module;
the data processing module is a module with the capability of processing data and controlling the cloud communication module and is responsible for controlling the cloud communication module to receive and transmit data and process the received data;
the near field communication module is a communication module for short-distance transmission and realizes short-distance communication between terminals of the Internet of things;
step two: cloud security interaction: the safe mutual control of the Internet of things terminals for point-to-point information transmission is realized in a three-way handshake mode, and a safe communication channel is established; assuming that the internet of things terminal B actively performs cloud security interaction with the internet of things terminal A, and establishing a secure communication channel, the method comprises the following steps:
the first step is as follows: the terminal B of the Internet of things sends a communication request, and starts handshaking for the first time, wherein the sent request carries a unique equipment identification code B-ID of the terminal B of the Internet of things;
the second step is that: the terminal A of the Internet of things receives the request, simultaneously transmits the unique equipment identification code A-ID of the terminal A of the Internet of things back to the terminal B of the Internet of things, and the terminal B receives the A-ID to complete the first handshake;
the third step: the method comprises the steps that the terminals A and B of the Internet of things respectively send own unique equipment identification codes and opposite unique equipment identification codes to the cloud to carry out cloud legal authentication on the equipment;
the fourth step: the cloud authentication management platform firstly conducts non-repeated verification on the two received IDs, then conducts authentication on the ID of the main device, and if the ID does not exist in the white list, the cloud authentication management platform terminates the authentication; otherwise, entering a fifth step cloud end to authenticate the slave device;
the fifth step: the cloud authentication management platform legally authenticates the ID of the slave equipment, if the ID does not exist in the white list, the information of 'illegal equipment' is returned, and the terminal of the Internet of things enters the sixth step; otherwise, reading the communication level, randomly generating/reading a safe transmission key at the same time, and transmitting the safe transmission key back to the Internet of things terminal, and the Internet of things terminal entering the seventh step;
sixthly, the terminal of the Internet of things receives the returned information and terminates the information transmission;
the seventh step, the terminal of the Internet of things receives the safe transmission key and the communication level;
the eighth step, the Internet of things terminals respectively generate the security communication level and enter the ninth step;
the ninth step, the terminals A and B of the Internet of things mutually send the communication level and the safe transmission key which are respectively obtained to the other side to finish the second handshake;
tenth step, the terminals A and B of the Internet of things receive the communication level and the safe transmission key of the other side, check the communication level and the safe transmission key, and terminate information transmission if the communication level and the safe transmission key are not matched; entering the eleventh step if the verification is matched;
the eleventh step: establishing a secure communication channel to complete the third handshake;
step three: point-to-point secure communication: the data transmission system works in a near field communication module, namely data are transmitted between terminals of the Internet of things through respective near field communication modules, all transmitted data are encrypted through dynamic security keys, and the security of the data in the communication transmission process is guaranteed to the maximum extent, and the data transmission system comprises the following conditions:
the first condition is as follows: secure communication of point-to-point information reading communication;
case two: point-to-point control information secure communication;
step four: constructing a cloud authentication management platform: the method comprises an authentication white list, an interaction log, a safety alarm and a communication log, and comprises the following steps:
the first step is as follows: the terminal of the Internet of things sends identity authentication information;
the second step is that: the cloud authentication management platform receives identity authentication information;
the third step: the cloud authentication management platform is combined with the white list database to implement white list verification, and if the authentication fails, the white list verification is written into the safety alarm database; if the authentication is passed, generating and returning the security communication transmission key and the communication level; the above processes are all written into an interaction log database;
the fourth step: the terminal of the Internet of things receives a secure communication transmission key and a communication level;
the fifth step: the Internet of things terminal implements point-to-point secure communication;
and a sixth step: the internet of things terminal uploads the log information of the point-to-point secure communication to a cloud authentication management platform;
the seventh step: the cloud authentication management platform receives the communication log and writes the communication log into a communication log information database;
eighth step: the functional module of the cloud authentication management platform performs information management and visual display of data around the white list, the mutual log, the safety alarm and the communication log.
Preferably, in the first step, the cloud communication module includes GPRS, 4G, 5G, or Wifi, and the near field communication module includes radio frequency identification, bluetooth, ZigBee, infrared, or NFC.
Preferably, in the step two, the communication level of the terminal of the internet of things is determined by the authority of the secure communication hardware module, which is unique and unchangeable, and includes 5 large levels, i.e., 1-5 levels, the levels are gradually increased, and the authorities are sequentially increased, specifically as follows:
level 1: reading device basic information;
and 2, stage: limited reading data information, namely reading partial data information;
and 3, level: reading all data information;
4, level: restricted control, i.e., partial control authority;
and 5, stage: all control is carried out;
the secure transmission key and the current communication level obtained by the terminals A and B of the Internet of things are used in the point-to-point secure communication, wherein the secure transmission key is used as a factor for encryption to participate in information encryption, and the lowest level communication level of the terminals A and B of the Internet of things is the level of the current point-to-point information transmission, so that the data reading range and the control degree are determined; only secure transfer of readable information can be performed for levels 1-3, and secure transfer of control information can be performed for levels 4-5.
Preferably, in the first step, the secure communication of the peer-to-peer information reading communication includes the following specific steps:
(1) the terminal B of the Internet of things inputs a communication reading instruction;
(2) the terminal A of the Internet of things receives an information reading instruction;
(3) the terminal A of the Internet of things checks the communication level, if the communication level passes the entry (4), if the communication level does not pass the entry (14)
(4) The terminal A of the Internet of things reads self data according to the communication level and packages the self data;
(5) the internet of things terminal A encrypts the package data according to the safe transmission key;
(6) the Internet of things terminal A sends a ciphertext data packet to the Internet of things terminal B, and simultaneously enters a state of monitoring the returned information of the Internet of things B, namely entering (12);
(7) the Internet of things terminal B receives the ciphertext data packet;
(8) the Internet of things terminal B performs inverse encryption on the ciphertext data packet according to the safe transmission key;
(9) the terminal B of the Internet of things performs key verification on unpacked data, and if the key passes the entry (10) and the entry (11), the key does not pass the entry (11);
(10) the terminal B of the Internet of things unpacks the data, stores the data and finishes the information transmission;
(11) the terminal B of the Internet of things sends information of successful or failed receiving to the terminal A of the Internet of things;
(12) the terminal A of the Internet of things monitors success or failure information sent by the terminal B of the Internet of things, if the information is received successfully, the step is entered (13), and if the information is received unsuccessfully, the step is entered (14);
(13) the terminal A of the Internet of things checks whether the data are sent completely, if the data are not sent, the step (4) is finished, and if the data are sent completely, the step (14) is finished;
(14) the terminal B of the Internet of things constructs log information which comprises communication levels, whether verification is successful or not, whether receiving is successful or not, a communication data abstract and relevant time information;
(15) the terminal B of the Internet of things sends log information to a cloud authentication management platform and enters a monitoring state, namely entering (17);
(16) the cloud authentication management platform receives the log information, sends log information receiving success information to the Internet of things terminal A, and simultaneously stores the log information;
(17) the terminal A of the Internet of things judges whether the log information is successfully received or not, if so, the terminal A enters (18), and if not, the terminal A enters (15); (15) - (17) a limited number of cycles, without success, entering (18);
(18) and the terminal A of the Internet of things terminates information transmission.
Preferably, in the second case of the step three, the point-to-point control information security communication includes the following specific steps:
(1) inputting control information on an Internet of things terminal B;
(2) the terminal B of the Internet of things checks the communication level, and the communication level is checked not through the access (1) but through the access (3);
(3) the terminal B of the Internet of things packages the control information;
(4) the internet of things terminal B encrypts the package information according to the safe transmission key;
(5) the Internet of things terminal B sends a ciphertext data packet to the Internet of things terminal A;
(6) the Internet of things terminal A receives the ciphertext data packet;
(7) the Internet of things terminal A performs inverse encryption on the ciphertext data packet according to the safe transmission key;
(8) the terminal A of the Internet of things carries out communication key verification, not through the access (11), but through the access (9)
(9) The terminal A of the Internet of things unpacks data;
(10) the terminal A of the Internet of things verifies the communication level, and the communication level is in accordance with the entrance (12) and does not pass through the entrance (11);
(11) discarding the data packet received this time, and entering (13);
(12) executing the control information;
(13) the terminal A of the Internet of things sends information of successful or failed receiving to the terminal B of the Internet of things, and then the step (16) is carried out;
(14) the terminal B of the Internet of things judges whether the receiving is successful, if the receiving is successful, the step (1) is carried out again, otherwise, the step (15) is carried out;
(15) the terminal B of the Internet of things terminates information transmission;
(16) constructing log information by the terminal A of the Internet of things;
(17) the terminal A of the Internet of things sends log information to the cloud authentication management platform and intercepts returned information, namely, the terminal A enters (19);
(18) the cloud authentication management platform receives the log information and returns a successful receiving message;
(19) the terminal A of the Internet of things judges whether the log information is successfully received or not, if the log information is successfully received (20), if the log information is unsuccessfully received (17), the log information is not successfully received (20) if the log information is unsuccessfully received (17), and the log information is not successfully received (17) - (19) for a limited number of cycles;
(20) and the terminal A of the Internet of things terminates information transmission.
Preferably, in the third step, if the communication level authority of the peer-to-peer secure communication is high enough, not only the transmission of the monitoring data but also the transmission of the control data can be realized.
The invention has the beneficial effects that: the method for realizing the point-to-point safe communication of the Internet of things based on the cloud safety certification solves the problems that the quick transmission, analysis, terminal control and the like of real-time data cannot be realized under the conditions of low communication rate and weak calculation of the terminal of the Internet of things, and realizes the point-to-point safe communication between the terminals of the Internet of things; the invention can be widely applied to the conditions of data field acquisition, analysis, control and the like of the Internet of things equipment, and has extremely wide application prospect and great significance.
Drawings
Fig. 1 is a schematic diagram of a secure communication hardware module.
Fig. 2 is a flow model diagram of cloud security interaction.
FIG. 3(a) is a flow model diagram of information reading for peer-to-peer secure communication.
FIG. 3(b) is a flow model diagram of control management for peer-to-peer secure communications.
Fig. 4 is a schematic structural diagram of a cloud authentication management platform.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
the method for realizing the point-to-point safe communication of the Internet of things based on the cloud safety certification is divided into four steps: the method comprises the steps of construction of a secure communication hardware module, cloud security mutual control, point-to-point secure communication and cloud authentication management.
As shown in fig. 1, the secure communication hardware module comprises three parts: the device comprises a cloud communication module, a data processing module and a near field communication module. The method mainly provides a hardware basis for information transmission and internal data processing for implementing point-to-point secure communication between terminals of the Internet of things.
Wherein: the cloud communication module mainly refers to a communication module which can be directly accessed to the internet through the cloud communication module, such as a GPRS communication module, a 4G communication module, a 5G, Wifi communication module and the like.
The data processing module is a module with the capability of processing data and controlling the communication module, and is mainly responsible for controlling the communication module to receive and transmit data and process the received data.
The NFC module is a communication module capable of transmitting in a short distance, and mainly includes Radio Frequency Identification (RFID), Bluetooth (Bluetooth), ZigBee (ZigBee), infrared, NFC, and the like.
As shown in fig. 2, the cloud security mutual-control realizes the cloud security mutual-control and the dynamic security transmission key of the internet of things terminal device in the point-to-point security communication by means of three-way handshake of the internet of things terminal device exchanging identity ID, sending to the cloud authentication, the security communication key and the communication level mutual-control, and if any one of the steps is unsuccessful, the security mutual-control fails, and the point-to-point security communication is terminated. The part is not only the foundation of point-to-point secure communication, but also the technical core of the implementation method.
Taking the internet of things terminal device B as an example to actively perform cloud security interaction with the internet of things terminal device a and establish a secure communication channel, the method specifically comprises the following steps:
(1) the terminal device B of the Internet of things sends a communication request, and starts handshaking for the first time, wherein the sent request carries a unique device identification code B-ID of the terminal device B of the Internet of things;
(2) the terminal device A of the Internet of things receives the request, and simultaneously transmits the unique device identification code A-ID of the terminal device A of the Internet of things back to the terminal device B of the Internet of things, and the terminal device B receives the A-ID to complete the first handshake;
(3) the method comprises the following steps that terminal equipment A and terminal equipment B of the Internet of things respectively send own unique equipment identification codes and opposite unique equipment identification codes (for example, A sends A-ID and B-ID, B sends B-ID and A-ID) to a cloud to carry out cloud legal authentication on the equipment;
(4) the cloud authentication management platform firstly conducts non-repeated verification on the two received IDs, then conducts authentication on the ID of the main device, and if the ID does not exist in the white list, the cloud authentication management platform terminates the authentication; otherwise, entering (5) the cloud end to authenticate the slave equipment;
(5) the cloud authentication management platform legally authenticates the ID of the slave equipment, if the ID does not exist in the white list, the information of 'illegal equipment' is returned, and the terminal equipment of the Internet of things enters the step (6); otherwise, reading the communication level, randomly generating (or reading) a secure transmission key at the same time, and transmitting the secure transmission key back to the Internet of things terminal, and the Internet of things terminal equipment entering the step (7);
(6) the terminal equipment of the Internet of things receives the returned information and terminates the information transmission;
(7) the terminal equipment of the Internet of things receives the safe transmission key and the communication level;
(8) the terminal equipment of the Internet of things respectively generates the security communication level and enters (9);
(9) the terminal equipment A and the terminal equipment B of the Internet of things mutually send the communication level and the security transmission key which are respectively obtained to the other side to finish the second handshake;
(10) the terminal equipment A and the terminal equipment B of the Internet of things receive the communication level and the safe transmission key of the other party, check the communication level and the safe transmission key, and terminate information transmission if the communication level and the safe transmission key are not matched; if the check matches, entering (11);
(11) and establishing a safety communication information channel and finishing the third handshake.
Each internet of things terminal device has a communication level determined by the authority of the secure communication hardware module, and the communication level is unique and can not be modified, and comprises 5 large levels, namely 1-5 levels, the levels are gradually increased, and the authorities are also sequentially increased, specifically as follows:
level 1: reading device basic information;
and 2, stage: limited reading data information, namely reading partial data information;
and 3, level: reading all data information;
4, level: restricted control, i.e., partial control authority;
and 5, stage: and (4) controlling the whole.
The secure transmission key and the current communication level obtained by the terminals A and B of the Internet of things are used in the point-to-point secure communication, wherein the secure transmission key is used as a factor for encryption to participate in information encryption, and the lowest level communication level of the terminals A and B of the Internet of things is the level of the current point-to-point information transmission, so that the data reading range and the control degree are determined; only secure transfer of readable information can be performed for levels 1-3, and secure transfer of control information can be performed for levels 4-5.
The point-to-point secure communication mainly works in near field communication modules, namely data are transmitted among terminal equipment of the Internet of things through respective near field communication modules, all transmitted data are encrypted through dynamic secure keys, and the security of the data in the communication transmission process is guaranteed to the maximum extent. If the communication level authority is high enough, not only the transmission of the monitoring data but also the transmission of the control data can be realized.
The reading level includes two categories of information reading communication and control information communication.
As shown in fig. 3(a), taking the example that the internet of things terminal B actively establishes a secure channel with the internet of things terminal a, and the internet of things terminal B reads information of the internet of things terminal a, the specific steps of the secure communication of the point-to-point information reading communication are as follows:
(1) the Internet of things terminal equipment B inputs the communication reading instruction;
(2) the terminal A of the Internet of things receives an information reading instruction;
(3) the terminal A of the Internet of things checks the communication level, if the communication level passes the entry (4), if the communication level does not pass the entry (14)
(4) The terminal A of the Internet of things reads self data according to the communication level and packages the self data;
(5) the internet of things terminal A encrypts the package data according to the safe transmission key;
(6) the Internet of things terminal A sends a ciphertext data packet to the Internet of things terminal B, and simultaneously enters a state of monitoring the returned information of the Internet of things B, namely entering (12);
(7) the Internet of things terminal B receives the ciphertext data packet;
(8) the Internet of things terminal B performs inverse encryption on the ciphertext data packet according to the safe transmission key;
(9) the terminal B of the Internet of things performs key verification on unpacked data, and if the key passes the entry (10) and the entry (11), the key does not pass the entry (11);
(10) the terminal B of the Internet of things unpacks the data, stores the data and finishes the information transmission;
(11) the terminal B of the Internet of things sends information of successful or failed receiving to the terminal A of the Internet of things;
(12) the terminal A of the Internet of things monitors success or failure information sent by the terminal B of the Internet of things, if the information is received successfully, the step is entered (13), and if the information is received unsuccessfully, the step is entered (14);
(13) the terminal A of the Internet of things checks whether the data are sent completely, if the data are not sent, the step (4) is finished, and if the data are sent completely, the step (14) is finished;
(14) the terminal B of the Internet of things constructs log information, such as communication level, whether verification is successful or not, whether receiving is successful or not, communication data abstract (statistical information), relevant time information and the like;
(15) the terminal B of the Internet of things sends log information to a cloud authentication management platform and enters a monitoring state, namely entering (17);
(16) the cloud authentication management platform receives the log information, sends log information receiving success information to the Internet of things terminal A, and simultaneously stores the log information;
(17) the terminal A of the Internet of things judges whether the log information is successfully received or not, if so, the terminal A enters (18), and if not, the terminal A enters (15); (15) - (17) a limited number of cycles (e.g. 3) without success, entering (18);
(18) and the terminal A of the Internet of things terminates information transmission.
As shown in fig. 3(B), taking the secure transmission of the control information of the terminal a of the internet of things by the terminal B of the internet of things after the terminal B of the internet of things actively establishes the secure channel with the terminal a of the internet of things as an example, the specific steps of the secure communication of the point-to-point control information are as follows:
(1) inputting control information on an Internet of things terminal B;
(2) the terminal B of the Internet of things checks the communication level, and returns to the step (1) when the communication level does not pass the check, and passes to the step (3) when the communication level passes the check;
(3) the terminal B of the Internet of things packages the control information;
(4) the internet of things terminal B encrypts the package information according to the safe transmission key;
(5) the Internet of things terminal B sends a ciphertext data packet to the Internet of things terminal A;
(6) the Internet of things terminal A receives the ciphertext data packet;
(7) the Internet of things terminal A performs inverse encryption on the ciphertext data packet according to the safe transmission key;
(8) the terminal A of the Internet of things carries out communication key verification, not through entering (11), but through going on (9)
(9) The terminal A of the Internet of things unpacks data;
(10) the terminal A of the Internet of things verifies the communication level, and the communication level is in accordance with the entrance (12) and does not pass through the entrance (11);
(11) discarding the data packet received this time, and entering (13);
(12) executing the control information;
(13) the terminal A of the Internet of things sends information of successful or failed receiving to the terminal B of the Internet of things, and then the step (16) is carried out;
(14) the terminal B of the Internet of things judges whether the receiving is successful, if the receiving is successful, the terminal B can enter the step (1) again, otherwise, the terminal B enters the step (15);
(15) the terminal B of the Internet of things terminates information transmission;
(16) constructing log information by the terminal A of the Internet of things;
(17) the terminal A of the Internet of things sends log information to the cloud authentication management platform and intercepts returned information, namely, the terminal A enters (19);
(18) the cloud authentication management platform receives the log information and returns a successful receiving message;
(19) the terminal A of the Internet of things judges whether the log information is received successfully or not, if the log information is received successfully, the log information enters the terminal A (20), and if the log information is not received successfully, the log information enters the terminal A (17), and if the log information is not received successfully, the log information is not received successfully (20), and if the log information is not received successfully (17), the log information;
(20) and the terminal A of the Internet of things terminates information transmission.
As shown in fig. 4, the cloud authentication management platform includes four parts, namely, an authentication white list, an interworking log, a security alarm and a communication log, that is, the cloud authentication management platform includes four functional modules, namely, a white list management module, an interworking log management module, a security alarm management module and a communication log management module, and the specific processes of the functions of security communication between the internet of things terminals, log recording and tracing, real-time alarm of abnormal communication and the like are as follows:
(1) the terminal of the Internet of things sends identity authentication information;
(2) the cloud authentication management platform receives identity authentication information;
(3) the cloud authentication management platform is combined with the white list database to implement white list verification, and if the authentication fails, the white list verification is written into the safety alarm database; if the authentication is passed, generating and returning the security communication transmission key and the communication level; the above processes are all written into an interaction log database;
(4) the terminal of the Internet of things receives a secure communication transmission key and a communication level;
(5) the Internet of things terminal implements point-to-point secure communication;
(6) the internet of things terminal uploads the log information of the point-to-point secure communication to a cloud authentication management platform;
(7) the cloud authentication management platform receives the communication log and writes the communication log into a communication log information database;
(8) the functional module of the cloud authentication management platform performs information management and visual display of data around the white list, the mutual log, the safety alarm and the communication log.
The use process of the invention is as follows: the method for realizing the point-to-point safe communication of the Internet of things based on the cloud safety certification realizes the cloud safety mutual operation and point-to-point data safe transmission among the terminal devices of the Internet of things, and simultaneously builds a cloud safety control platform, thereby realizing the safe management of the terminal devices of the Internet of things and the full record and safe alarm of the safe communication; the problems that rapid transmission, analysis, terminal control and the like of real-time data cannot be achieved under the conditions that the communication rate of the terminal of the Internet of things is low and the calculation power is weak are solved, and point-to-point safe communication between the terminals of the Internet of things is achieved.
The invention can be widely applied to the conditions of data field acquisition, analysis, control and the like of the Internet of things equipment, and has extremely wide application prospect and great significance.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (6)
1. A method for realizing point-to-point secure communication of an Internet of things based on cloud security authentication is characterized by comprising the following steps:
the method comprises the following steps: construction of a secure communication hardware module: including high in the clouds communication module, data processing module and near field communication module, wherein:
the cloud communication module is directly connected to a communication module of the Internet through the cloud communication module;
the data processing module is a module with the capability of processing data and controlling the cloud communication module and is responsible for controlling the cloud communication module to receive and transmit data and process the received data;
the near field communication module is a communication module for short-distance transmission and realizes short-distance communication between terminals of the Internet of things;
step two: cloud security interaction: the safe mutual control of the Internet of things terminals for point-to-point information transmission is realized in a three-way handshake mode, and a safe communication channel is established; assuming that the internet of things terminal B actively performs cloud security interaction with the internet of things terminal A, and establishing a secure communication channel, the method comprises the following steps:
the first step is as follows: the terminal B of the Internet of things sends a communication request, and starts handshaking for the first time, wherein the sent request carries a unique equipment identification code B-ID of the terminal B of the Internet of things;
the second step is that: the terminal A of the Internet of things receives the request, simultaneously transmits the unique equipment identification code A-ID of the terminal A of the Internet of things back to the terminal B of the Internet of things, and the terminal B receives the A-ID to complete the first handshake;
the third step: the method comprises the steps that the terminals A and B of the Internet of things respectively send own unique equipment identification codes and opposite unique equipment identification codes to the cloud to carry out cloud legal authentication on the equipment;
the fourth step: the cloud authentication management platform firstly conducts non-repeated verification on the two received IDs, then conducts authentication on the ID of the main device, and if the ID does not exist in the white list, the cloud authentication management platform terminates the authentication; otherwise, entering a fifth step cloud end to authenticate the slave device;
the fifth step: the cloud authentication management platform legally authenticates the ID of the slave equipment, if the ID does not exist in the white list, the information of 'illegal equipment' is returned, and the terminal of the Internet of things enters the sixth step; otherwise, reading the communication level, randomly generating/reading a safe transmission key at the same time, and transmitting the safe transmission key back to the Internet of things terminal, and the Internet of things terminal entering the seventh step;
sixthly, the terminal of the Internet of things receives the returned information and terminates the information transmission;
the seventh step, the terminal of the Internet of things receives the safe transmission key and the communication level;
the eighth step, the Internet of things terminals respectively generate the security communication level and enter the ninth step;
the ninth step, the terminals A and B of the Internet of things mutually send the communication level and the safe transmission key which are respectively obtained to the other side to finish the second handshake;
tenth step, the terminals A and B of the Internet of things receive the communication level and the safe transmission key of the other side, check the communication level and the safe transmission key, and terminate information transmission if the communication level and the safe transmission key are not matched; entering the eleventh step if the verification is matched;
the eleventh step: establishing a secure communication channel to complete the third handshake;
step three: point-to-point secure communication: the data transmission system works in a near field communication module, namely data are transmitted between terminals of the Internet of things through respective near field communication modules, all transmitted data are encrypted through dynamic security keys, and the security of the data in the communication transmission process is guaranteed to the maximum extent, and the data transmission system comprises the following conditions:
the first condition is as follows: secure communication of point-to-point information reading communication;
case two: point-to-point control information secure communication;
step four: constructing a cloud authentication management platform: the method comprises an authentication white list, an interaction log, a safety alarm and a communication log, and comprises the following steps:
the first step is as follows: the terminal of the Internet of things sends identity authentication information;
the second step is that: the cloud authentication management platform receives identity authentication information;
the third step: the cloud authentication management platform is combined with the white list database to implement white list verification, and if the authentication fails, the white list verification is written into the safety alarm database; if the authentication is passed, generating and returning the security communication transmission key and the communication level; the above processes are all written into an interaction log database;
the fourth step: the terminal of the Internet of things receives a secure communication transmission key and a communication level;
the fifth step: the Internet of things terminal implements point-to-point secure communication;
and a sixth step: the internet of things terminal uploads the log information of the point-to-point secure communication to a cloud authentication management platform;
the seventh step: the cloud authentication management platform receives the communication log and writes the communication log into a communication log information database;
eighth step: the functional module of the cloud authentication management platform performs information management and visual display of data around the white list, the mutual log, the safety alarm and the communication log.
2. The method for realizing the point-to-point secure communication of the internet of things based on the cloud security authentication of claim 1, wherein in the first step, the cloud communication module comprises GPRS, 4G, 5G or Wifi, and the near field communication module comprises radio frequency identification, Bluetooth, ZigBee, infrared or NFC.
3. The method for implementing internet of things point-to-point secure communication based on cloud security authentication according to claim 1, wherein in the second step, the communication level of the internet of things terminal is determined by the authority of the secure communication hardware module, and the communication level is unique and unchangeable, and comprises 5 large levels, namely 1-5 levels, the levels are gradually increased, and the authority is sequentially increased, specifically as follows:
level 1: reading device basic information;
and 2, stage: limited reading data information, namely reading partial data information;
and 3, level: reading all data information;
4, level: restricted control, i.e., partial control authority;
and 5, stage: all control is carried out;
the secure transmission key and the current communication level obtained by the terminals A and B of the Internet of things are used in the point-to-point secure communication, wherein the secure transmission key is used as a factor for encryption to participate in information encryption, and the lowest level communication level of the terminals A and B of the Internet of things is the level of the current point-to-point information transmission, so that the data reading range and the control degree are determined; only secure transfer of readable information can be performed for levels 1-3, and secure transfer of control information can be performed for levels 4-5.
4. The method for realizing the internet of things point-to-point secure communication based on the cloud security authentication as claimed in claim 1, wherein in the first step, the point-to-point information reading communication secure communication comprises the following specific steps:
(1) the terminal B of the Internet of things inputs a communication reading instruction;
(2) the terminal A of the Internet of things receives an information reading instruction;
(3) the terminal A of the Internet of things checks the communication level, if the communication level passes the entry (4), if the communication level does not pass the entry (14)
(4) The terminal A of the Internet of things reads self data according to the communication level and packages the self data;
(5) the internet of things terminal A encrypts the package data according to the safe transmission key;
(6) the Internet of things terminal A sends a ciphertext data packet to the Internet of things terminal B, and simultaneously enters a state of monitoring the returned information of the Internet of things B, namely entering (12);
(7) the Internet of things terminal B receives the ciphertext data packet;
(8) the Internet of things terminal B performs inverse encryption on the ciphertext data packet according to the safe transmission key;
(9) the terminal B of the Internet of things performs key verification on unpacked data, and if the key passes the entry (10) and the entry (11), the key does not pass the entry (11);
(10) the terminal B of the Internet of things unpacks the data, stores the data and finishes the information transmission;
(11) the terminal B of the Internet of things sends information of successful or failed receiving to the terminal A of the Internet of things;
(12) the terminal A of the Internet of things monitors success or failure information sent by the terminal B of the Internet of things, if the information is received successfully, the step is entered (13), and if the information is received unsuccessfully, the step is entered (14);
(13) the terminal A of the Internet of things checks whether the data are sent completely, if the data are not sent, the step (4) is finished, and if the data are sent completely, the step (14) is finished;
(14) the terminal B of the Internet of things constructs log information which comprises communication levels, whether verification is successful or not, whether receiving is successful or not, a communication data abstract and relevant time information;
(15) the terminal B of the Internet of things sends log information to a cloud authentication management platform and enters a monitoring state, namely entering (17);
(16) the cloud authentication management platform receives the log information, sends log information receiving success information to the Internet of things terminal A, and simultaneously stores the log information;
(17) the terminal A of the Internet of things judges whether the log information is successfully received or not, if so, the terminal A enters (18), and if not, the terminal A enters (15); (15) - (17) a limited number of cycles, without success, entering (18);
(18) and the terminal A of the Internet of things terminates information transmission.
5. The method for realizing the internet of things point-to-point secure communication based on the cloud security authentication according to claim 1, wherein in the second step, the point-to-point control information secure communication comprises the following specific steps:
(1) inputting control information on an Internet of things terminal B;
(2) the terminal B of the Internet of things checks the communication level, and the communication level is checked not through the access (1) but through the access (3);
(3) the terminal B of the Internet of things packages the control information;
(4) the internet of things terminal B encrypts the package information according to the safe transmission key;
(5) the Internet of things terminal B sends a ciphertext data packet to the Internet of things terminal A;
(6) the Internet of things terminal A receives the ciphertext data packet;
(7) the Internet of things terminal A performs inverse encryption on the ciphertext data packet according to the safe transmission key;
(8) the terminal A of the Internet of things carries out communication key verification, not through the access (11), but through the access (9)
(9) The terminal A of the Internet of things unpacks data;
(10) the terminal A of the Internet of things verifies the communication level, and the communication level is in accordance with the entrance (12) and does not pass through the entrance (11);
(11) discarding the data packet received this time, and entering (13);
(12) executing the control information;
(13) the terminal A of the Internet of things sends information of successful or failed receiving to the terminal B of the Internet of things, and then the step (16) is carried out;
(14) the terminal B of the Internet of things judges whether the receiving is successful, if the receiving is successful, the step (1) is carried out again, otherwise, the step (15) is carried out;
(15) the terminal B of the Internet of things terminates information transmission;
(16) constructing log information by the terminal A of the Internet of things;
(17) the terminal A of the Internet of things sends log information to the cloud authentication management platform and intercepts returned information, namely, the terminal A enters (19);
(18) the cloud authentication management platform receives the log information and returns a successful receiving message;
(19) the terminal A of the Internet of things judges whether the log information is successfully received or not, if the log information is successfully received (20), if the log information is unsuccessfully received (17), the log information is not successfully received (20) if the log information is unsuccessfully received (17), and the log information is not successfully received (17) - (19) for a limited number of cycles;
(20) and the terminal A of the Internet of things terminates information transmission.
6. The method for implementing Internet of things point-to-point secure communication based on cloud security authentication according to claim 4 or 5, wherein in the third step, if the authority of the point-to-point secure communication level is high enough, not only the transmission of monitoring data but also the transmission of control data can be implemented.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010612216.9A CN111669407A (en) | 2020-06-30 | 2020-06-30 | Method for realizing point-to-point secure communication of Internet of things based on cloud security authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010612216.9A CN111669407A (en) | 2020-06-30 | 2020-06-30 | Method for realizing point-to-point secure communication of Internet of things based on cloud security authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111669407A true CN111669407A (en) | 2020-09-15 |
Family
ID=72390458
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010612216.9A Withdrawn CN111669407A (en) | 2020-06-30 | 2020-06-30 | Method for realizing point-to-point secure communication of Internet of things based on cloud security authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111669407A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112770147A (en) * | 2021-01-21 | 2021-05-07 | 日照职业技术学院 | Unmanned perspective box based on cloud security authentication and implementation method thereof |
| CN114835072A (en) * | 2022-05-27 | 2022-08-02 | 中元汇吉生物技术股份有限公司 | Uncovering device and control method thereof |
| CN114845302A (en) * | 2022-03-30 | 2022-08-02 | 慧之安信息技术股份有限公司 | Near field encryption communication method and system based on Internet of things |
| CN116982288A (en) * | 2022-07-04 | 2023-10-31 | 嘉兴倍创网络科技有限公司 | Point-to-point secure communication method for Internet of things |
| CN117879974A (en) * | 2024-03-11 | 2024-04-12 | 西昌学院 | Network security protection method based on edge calculation |
-
2020
- 2020-06-30 CN CN202010612216.9A patent/CN111669407A/en not_active Withdrawn
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112770147A (en) * | 2021-01-21 | 2021-05-07 | 日照职业技术学院 | Unmanned perspective box based on cloud security authentication and implementation method thereof |
| CN114845302A (en) * | 2022-03-30 | 2022-08-02 | 慧之安信息技术股份有限公司 | Near field encryption communication method and system based on Internet of things |
| CN114845302B (en) * | 2022-03-30 | 2023-01-10 | 慧之安信息技术股份有限公司 | Near field encryption communication method and system based on Internet of things |
| CN114835072A (en) * | 2022-05-27 | 2022-08-02 | 中元汇吉生物技术股份有限公司 | Uncovering device and control method thereof |
| CN116982288A (en) * | 2022-07-04 | 2023-10-31 | 嘉兴倍创网络科技有限公司 | Point-to-point secure communication method for Internet of things |
| WO2024007122A1 (en) * | 2022-07-04 | 2024-01-11 | 嘉兴倍创网络科技有限公司 | Point-to-point secure communication method for internet of things |
| CN117879974A (en) * | 2024-03-11 | 2024-04-12 | 西昌学院 | Network security protection method based on edge calculation |
| CN117879974B (en) * | 2024-03-11 | 2024-05-14 | 西昌学院 | Network security protection method based on edge calculation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111669407A (en) | Method for realizing point-to-point secure communication of Internet of things based on cloud security authentication | |
| CN110290525A (en) | A kind of sharing method and system, mobile terminal of vehicle number key | |
| CN110177354A (en) | A kind of wireless control method and system of vehicle | |
| CN111783068B (en) | Device authentication method, system, electronic device and storage medium | |
| CN111935714B (en) | Identity authentication method in mobile edge computing network | |
| US9674702B2 (en) | Systems and methods for authentication | |
| CN105069864A (en) | Door lock control secure communication scheme based on NFC (near field communication) function of smart phone | |
| CN110239484B (en) | Vehicle lock remote security control system and method | |
| CN109300208A (en) | Method for unlocking, unlocking apparatus, lock system, lock device and storage medium | |
| CN102347957A (en) | Cloud network admission identifying system and admission identifying technology | |
| CN108024243B (en) | A kind of eSIM is caught in Network Communication method and its system | |
| CN105072615B (en) | The connection method and system of wireless fidelity network | |
| CN101976365B (en) | Safe radio frequency identification system | |
| WO2023071751A1 (en) | Authentication method and communication apparatus | |
| CN104010297A (en) | Wireless terminal configuration method and device thereof and wireless terminal | |
| CN108400989B (en) | Security authentication equipment, method and system for shared resource identity authentication | |
| CN107223328A (en) | A kind of method and system of Root authority management and control | |
| CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
| CN104640112B (en) | A kind of identification authentication method, apparatus and system | |
| CN107786978B (en) | NFC authentication system based on quantum encryption | |
| CN117319450B (en) | Ultrasonic metering instrument data interaction method, device and equipment based on Internet of things | |
| CN106790078A (en) | Safety communicating method and device between a kind of SDK and electronic certificate system | |
| CN107888376B (en) | NFC authentication system based on quantum communication network | |
| CN110866999A (en) | Control method and device for intelligent door lock and storage medium | |
| CN112491559A (en) | Identity verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200915 |
|
| WW01 | Invention patent application withdrawn after publication |