CN112134767A - Fusion encryption control method for intelligent household sensor - Google Patents
Fusion encryption control method for intelligent household sensor Download PDFInfo
- Publication number
- CN112134767A CN112134767A CN201910557741.2A CN201910557741A CN112134767A CN 112134767 A CN112134767 A CN 112134767A CN 201910557741 A CN201910557741 A CN 201910557741A CN 112134767 A CN112134767 A CN 112134767A
- Authority
- CN
- China
- Prior art keywords
- sensor
- network
- key
- trust center
- link key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000004927 fusion Effects 0.000 title claims abstract description 13
- 230000005540 biological transmission Effects 0.000 claims abstract description 26
- 230000008569 process Effects 0.000 claims abstract description 14
- 230000007246 mechanism Effects 0.000 claims abstract description 13
- 230000006870 function Effects 0.000 claims description 12
- 238000010561 standard procedure Methods 0.000 claims description 12
- 238000012795 verification Methods 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 10
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 125000004122 cyclic group Chemical group 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 4
- 230000035484 reaction time Effects 0.000 abstract description 4
- 238000001514 detection method Methods 0.000 description 4
- 239000004072 C09CA03 - Valsartan Substances 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008447 perception Effects 0.000 description 2
- WGODGFXCRIJNLS-UHFFFAOYSA-N 2-amino-6-methyl-5-pyridin-4-ylpyridine-3-carbonitrile Chemical compound CC1=NC(N)=C(C#N)C=C1C1=CC=NC=C1 WGODGFXCRIJNLS-UHFFFAOYSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000011514 reflex Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B5/00—Near-field transmission systems, e.g. inductive or capacitive transmission systems
- H04B5/70—Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
- H04B5/77—Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for interrogation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2807—Exchanging configuration information on appliance services in a home automation network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a fusion encryption control method for an intelligent home sensor, and belongs to the technical field of intelligent home. The existing sensor is added by downloading a special software app by a user, the adding method is tedious, time-consuming and labor-consuming, operation is not easy, safety cannot be guaranteed, and user experience is poor. According to the invention, a fusion encryption technology combining Link key and NFC is adopted, so that the passive addition of the sensor is changed into active addition, the addition can be automatically completed only by enabling the sensor to be close to the gateway by a user in the whole addition process, manual setting by the user is not needed, and the trouble and labor are saved. And an install code mechanism is adopted to exchange the data of the key information, thereby achieving the safety of information transmission. The scheme of the invention is feasible, breaks through the bias of the prior art, is easy to operate and has high safety and good user experience. The intelligent home control system has extremely short reaction time and higher sensing efficiency, and shortens time delay caused by propagation delay of the traditional controller.
Description
Technical Field
The invention relates to a fusion encryption control method for an intelligent home sensor, and belongs to the technical field of intelligent home.
Background
The intelligent home system of the Internet of things comprises a home environment perception interaction layer, a network transmission layer and an application service layer. The family environment perception interaction layer is composed of various sensor nodes with wired or wireless functions, and mainly realizes the collection of family environment information, the acquisition of master states and the entry of identity characteristics of visitors; the network transmission layer is mainly responsible for transmitting the home information and the master control information; the application service layer is responsible for controlling the household facilities or the application service interfaces.
The sensor is often the first line of defense of the intelligent home security system, the existing sensor is added by downloading a special software app by a user, when the sensor is added specifically, the user is firstly required to set the sensor into a certain mode which can be searched, and then the user finishes the pairing of the app and the sensor by searching equipment through the app '+', so that the sensor is added. However, the adding method is complicated, time-consuming and labor-consuming, is difficult to operate, and is difficult to successfully add equipment to the old and children; and as no encryption mechanism exists in the adding process, the sensor can be successfully added as long as being searched, the safety cannot be guaranteed, and the user experience is poor.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide the fusion encryption control method for the intelligent home sensor, which can realize the purposes of saving trouble and labor, being easy to operate, having high safety and good user experience and changing the passive addition into the active addition of the sensor.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a fusion encryption control method for an intelligent household sensor comprises the following steps:
setting an NFC read-write module in an intelligent home control system gateway;
the sensor is provided with an NFC module;
the smart home control system and the sensor are transmitted in a non-zigbee mode, namely, card reading and card writing are carried out through NFC;
the sensor transmits an install code to the gateway through the NFC module, and the process specifically comprises the following steps:
the method comprises the following steps that firstly, a sensor is close to a gateway, an NFC module of the sensor actively induces with an NFC read-write module of the gateway, and meanwhile, the NFC read-write module of the gateway reads Zigbee information of the sensor;
secondly, the gateway uploads the read information to a server cloud for verification;
step three, if the verification is passed, executing the step four, and if the verification is failed, ending the process or reading again;
fourthly, the Hub Zigbee of the intelligent home control system writes the network information into the NFC read-write module and then transmits the network information to the sensor after passing the verification; at the moment, the pairing is successful, and the NFC read-write module writes new parameter information into the NFC module to complete the addition of the sensor.
The invention adopts an install code mechanism, namely each sensor is provided with an independent link key; through the integration encryption technology that Link key and NFC combined together, can realize that the sensor becomes initiative interpolation by passive interpolation, whole interpolation process only needs the user to press close to the gateway with the sensor and can accomplish the interpolation automatically, need not user manual setting, and it is laborsaving to save trouble. And an install code mechanism is adopted to exchange the data of the key information, thereby achieving the safety of information transmission. The scheme of the invention is feasible, breaks through the bias of the prior art, is easy to operate and has high safety and good user experience.
The intelligent home control system has extremely short reaction time and higher sensing efficiency, shortens time delay caused by propagation delay of the traditional controller, ensures the timeliness of the intelligent home control system, improves the working efficiency of the intelligent home control system, and really realizes quick intelligent home propagation.
As a preferred technical measure it is provided that,
according to the zigbee security mechanism, a zigbee end device adopts a default Trust center link key (0x5A 0x 690 x 670 x 420 x 650 x 650 x 410 x6c 0x6c 0x 690 x 650 x 610 xe 0x 630 x 650 x 300 x39) to acquire a network key of a network from a cordinate when joining the network, so that the network is entered.
An install code mechanism is adopted, namely, each sensor is added into the network and an independent link key is adopted; the communication between the gateway and the sensor adopts a Standard Security protocol, and the Standard Security encrypts data on a Network layer and an APS layer by using a Network Key and a link Key respectively; the APS layer security allows the Trust Center to securely transmit the Network Key to the joining node or deny the joining node, and it allows the application to add optional secure encrypted messages; the network layer safety is used for ensuring the safety of all messages sent in the ZigBee network; standard Security does not include communication at the MAC layer.
As a preferred technical measure, Standard Security can define different types of Keys, and different ways are used for ensuring the Security of data; all Keys decrypts and encrypts the data packets using the 128-bit symmetric key AES-128.
As a preferred technical measure it is provided that,
the Network Key is adopted to ensure the safe transmission of a Network layer; all sensors in the Standard Security Network can backup the Network Key; the Trust Center can periodically update the Network Key; the Trust Center is updated in two ways: broadcast updates or unicast updates; under the condition of broadcast updating, the Trust Center firstly broadcasts a new Network Key, and at the moment, an old Network Key is used for encrypting a broadcast message; under the condition of unicast updating, the Trust Center sends a new Network Key to each sensor, and at the moment, the Trust Center Link Key is used for encrypting the Network Key; after the new Network Key is sent to each Network node, the Trust Center sends a conversion command to tell all sensors to convert the new Network Key; the new Network Key corresponds to a sequence code, and the sequence code adds 1 on the basis of the sequence code of the old Network Key.
As a preferred technical measure it is provided that,
a Trust Center Link Key is adopted to ensure the safe transmission of a network layer; trust Center Link Key is used for end-to-end secure communication between two nodes (one of which is Trust Center); trust Center Link Key was used in the following cases:
when a node is added to a Network for the first time, the Network Key needs to be encrypted and transmitted to the added node;
when the Network Key is updated, some nodes need to Rejoin because new Network keys are not received; at the moment, the Trust Center encrypts the Network Key by using the Trust Center Link Key, sends the Network Key to the node and accesses the Network again;
when the router sends the APS security message to or receives the APS security message from the Trust Center, the Trust Center Link Key needs to be used; for example, when a router sends an update to a Trust Center that a node joins or rejoins, or a command is sent by the Trust Center to the router to perform some security functions, a Trust Center Link Key needs to be used;
APS encryption enabled application unicast messages, where the sending or receiving sensor is the Trust Center;
the Trust Center decides the option of how to manage the Trust Center Link Key; it can select a unique key (derived from the sensor's IEEE address) for each sensor, or use the same global key for all sensors.
As a preferred technical measure it is provided that,
adopting instrumentation Code Keys to ensure the safe transmission of a network layer; ZigBee 3.0 supports instrumentation Code Key, which was previously used only for Smart Energy networks (Smart Energy networks) that must use instrumentation Code; all ZigBee 3.0 authentication sensors need to support install code at present, but the Trust center determines whether the sensors are used in the network;
the Installcode is used for pre-configuring a Trust Center Link Key and is used for encrypting the transmission of the Network Key when the ZigBee Network is added; when entering the network, both the joining sensor and the Trust Center must know this unique key, so the install code is used to derive the key at both ends; the Installcode can be any value of 6,8,12 or 16 bytes, ending with a 16-bit CRC, or cyclic redundancy check, of these bytes (least significant byte first); installcode is used as an input to a Matyas-Meyer-Oseas (MMO) Hash function, the Hash length of which equals 128 bits; the 128 bit (16 byte) result of the AES-MMO hash function is the value of the preconfigured Trust Center Link Key that is used as the sensor, and the Trust Center can install the Key table entry (the Key and the EUI64 of the joining sensor), which then allows successful authentication during joining the Network, the joining sensor can successfully receive and decrypt the Network Key; as part of this process, the Install code and EUI64 joining the sensor must be transmitted out-of-band (to the network outside the target ZigBee because a new node has not joined) to the Trust Center of the network to allow the correct link key table entry to be created.
As a preferred technical measure it is provided that,
adopting Application Link Keys to ensure the safe transmission of a network layer; the Application Link Key is different from the Trust Center Link Key, is not necessary and belongs to an optional safety mechanism; the Application Link Key is used for APS level encryption between two sensors which are not Trust centers in a network; the Application Link Key is not used between the sensor and the Trust Center; the Application Link Key can be established in the following two ways:
manually configuring by an Application program, and specifying an Application Link Key associated with a target sensor;
generating an Application Link Key by requesting the Trust Center and sending the Application Link Key to the two sensors;
the Ember Stack is adopted to request the Application Link Key, and the method supports various methods for requesting the Application Link Key.
As a preferred technical measure it is provided that,
the method for requesting the Application Link Key by adopting the ZigBee standard method comprises the following steps:
s1: one sensor requests an Application Link Key from the other sensor by contacting the Trust Center;
s2: the Trust Center immediately responds and sends the randomly generated Application Link Key back to the requesting sensor and the other sensor; the method has the advantages of good compatibility and the disadvantages of: only one sensor requests the Key, while another sensor may be sleeping, offline, or not have enough capacity to hold the new Application Link Key.
As a preferred technical measure it is provided that,
the non-ZigBee standard method is adopted to request the Application Link Key, and the Ember Stack is improved on the first method, so that the non-ZigBee standard method is not compatible with a third-party sensor; it requires that all the Ember sensors in the network are configured for this method, including the Trust Center; this approach is more reliable because it helps ensure that the partner sensor is online, and therefore is able to receive the Application Link Key;
the non-ZigBee standard method for requesting the Application Link Key comprises the following steps:
s1: sensor a sends a Link Key request with sensor B to the Trust Center (this request is the encryption of APS layer using the Trust Center Link Key of sensor a) message;
s2: after the Trust Center receives the request, within a certain time (the length of the time is defined by the Trust Center application), the sensor B sends a Link Key request with the sensor A to the Trust Center (the request is APS layer encryption by using the Trust Center Link Key of the sensor B) message;
s3: if the situation happens, the Trust Center generates a random Application Link Key and sends the random Application Link Key to the two sensors;
requiring both sensors to send Link Key requests greatly reduces the instances in which the sensors do not receive an Application Link Key.
As a preferred technical measure it is provided that,
when a sensor is added into a ZigBee Standard Security network, firstly, a message authentication code MAC association request is sent to a father node; if the association is successful, the sensor is in a joined but unauthenticated state, and the sensor does not have a Network Key at the moment; after the father node sends a response that MAC association is successful to the sensor, a sensor updating message is sent to the Trust Center to indicate that the new node hopes to join the ZigBee network; then, the Trust Center determines whether to allow the sensor to be added or not; if the sensor is not allowed to join, sending a Remove sensor (Remove device) request to the parent node; if the sensor is allowed to join, the Trust Center sends a Network Key to the parent node, the Trust Center's behavior depending on whether the sensor has a pre-configured Trust Center Link Key.
Compared with the prior art, the invention has the following beneficial effects:
according to the invention, a fusion encryption technology combining Link key and NFC is adopted, so that the passive addition of the sensor is changed into active addition, the addition can be automatically completed only by enabling the sensor to be close to the gateway by a user in the whole addition process, manual setting by the user is not needed, and the trouble and labor are saved. And an install code mechanism is adopted to exchange the data of the key information, thereby achieving the safety of information transmission. The scheme of the invention is feasible, breaks through the bias of the prior art, is easy to operate and has high safety and good user experience.
The existing method of app "+" searching for devices to add requires more time and security cannot be guaranteed. The intelligent home control system has the advantages of extremely short reaction time and higher sensing efficiency, shortens the time delay caused by the propagation delay of the traditional controller, ensures the timeliness of the intelligent home control system, improves the working efficiency of the intelligent home control system, and really realizes quick intelligent home. The intelligent household card reader is convenient to use, is similar to entrance guard card reading, greatly improves user experience, and increases the use viscosity of a user for an intelligent household.
Drawings
FIG. 1 is a flow chart of the sensor transmitting install code via NFC in accordance with the present invention;
FIG. 2 is a flow chart of the present invention for requesting Application Link Key using a non-ZigBee standard method;
FIG. 3 is a flow chart of a sensor being rejected to join a ZigBee Standard Security network;
FIG. 4 is a block diagram of a Zigbee module according to the present invention;
fig. 5 is a communication block diagram of a card reader (i.e., an NFC read-write module) and a tag (i.e., an NFC module) according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
On the contrary, the invention is intended to cover alternatives, modifications, equivalents and alternatives which may be included within the spirit and scope of the invention as defined by the appended claims. Furthermore, in the following detailed description of the present invention, certain specific details are set forth in order to provide a better understanding of the present invention. It will be apparent to one skilled in the art that the present invention may be practiced without these specific details.
As shown in fig. 1, a fusion encryption control method for smart home sensors includes the following steps:
setting an NFC read-write module in an intelligent home control system gateway;
the sensor is provided with an NFC module;
the smart home control system and the sensor are transmitted in a non-zigbee mode, namely, card reading and card writing are carried out through NFC;
the sensor transmits an install code to the gateway through the NFC module, and the process specifically comprises the following steps:
the method comprises the following steps that firstly, a sensor is close to a gateway, an NFC module of the sensor actively induces with an NFC read-write module of the gateway, and meanwhile, the NFC read-write module of the gateway reads Zigbee information of the sensor;
secondly, the gateway uploads the read information to a server cloud for verification;
step three, if the verification is passed, executing the step four, and if the verification is failed, ending the process or reading again;
fourthly, the Hub Zigbee of the intelligent home control system writes the network information into the NFC read-write module and then transmits the network information to the sensor after passing the verification; at this time, the pairing is successful, and the new parameter information is written into the NFC module.
According to the invention, a fusion encryption technology combining Link key and NFC is adopted, so that the passive addition of the sensor is changed into active addition, the addition can be automatically completed only by enabling the sensor to be close to the gateway by a user in the whole addition process, manual setting by the user is not needed, and the trouble and labor are saved. And an install code mechanism is adopted to exchange the data of the key information, thereby achieving the safety of information transmission. The scheme of the invention is feasible, breaks through the bias of the prior art, is easy to operate and has high safety and good user experience.
The specific embodiment of the install code of the invention comprises the following steps:
according to the zigbee security mechanism, a zigbee end device adopts a default Trust center link key (0x5A 0x 690 x 670 x 420 x 650 x 650 x 410 x6c 0x6c 0x 690 x 650 x 610 xe 0x 630 x 650 x 300 x39) to acquire a network key of a network from a cordinate when joining the network, so that the network is entered.
An install code mechanism is adopted, namely, each sensor is added into the network and an independent link key is adopted; the communication between the gateway and the sensor adopts a Standard Security protocol, and the Standard Security encrypts data on a Network layer and an APS layer by using a Network Key and a link Key respectively; the APS layer security allows the Trust Center to securely transmit the Network Key to the joining node or deny the joining node, and it allows the application to add optional secure encrypted messages; the network layer safety is used for ensuring the safety of all messages sent in the ZigBee network; standard Security does not include communication at the MAC layer.
One specific embodiment of the present invention: standard Security can define different types of Keys, and different modes are used for ensuring the Security of data; all Keys decrypts and encrypts the data packets using the 128-bit symmetric key AES-128.
The first embodiment of the information security transmission of the invention:
the Network Key is adopted to ensure the safe transmission of a Network layer; all sensors in the Standard Security Network can backup the Network Key; the Trust Center can periodically update the Network Key; the Trust Center is updated in two ways: broadcast updates or unicast updates; under the condition of broadcast updating, the Trust Center firstly broadcasts a new Network Key, and at the moment, an old Network Key is used for encrypting a broadcast message; under the condition of unicast updating, the Trust Center sends a new Network Key to each sensor, and at the moment, the Trust Center Link Key is used for encrypting the Network Key; after the new Network Key is sent to each Network node, the Trust Center sends a conversion command to tell all sensors to convert the new Network Key; the new Network Key corresponds to a sequence code, and the sequence code adds 1 on the basis of the old Network Key sequence code.
The second embodiment of the information security transmission of the invention:
a Trust Center Link Key is adopted to ensure the safe transmission of a network layer; trust Center Link Key is used for end-to-end secure communication between two nodes (one of which is Trust Center); trust Center Link Key was used in the following cases:
when a node is added to a Network for the first time, the Network Key needs to be encrypted and transmitted to the added node;
when the Network Key is updated, some nodes need to Rejoin because new Network keys are not received; at the moment, the Trust Center encrypts the Network Key by using the Trust Center Link Key, sends the Network Key to the node and accesses the Network again;
when the router sends the APS security message to or receives the APS security message from the Trust Center, the Trust Center Link Key needs to be used; for example, when a router sends an update to a Trust Center that a node joins or rejoins, or a command is sent by the Trust Center to the router to perform some security functions, a Trust Center Link Key needs to be used;
APS encryption enabled application unicast messages, where the sending or receiving sensor is the Trust Center;
the Trust Center decides the option of how to manage the Trust Center Link Key; it can select a unique key (derived from the sensor's IEEE address) for each sensor, or use the same global key for all sensors.
The third embodiment of the invention for information security transmission comprises:
adopting instrumentation Code Keys to ensure the safe transmission of a network layer; ZigBee 3.0 supports instrumentation Code Key, which was previously used only for Smart Energy networks (Smart Energy networks) that must use instrumentation Code; all ZigBee 3.0 authentication sensors need to support install code at present, but the Trust center determines whether the sensors are used in the network;
the Installcode is used for pre-configuring a Trust Center Link Key and is used for encrypting the transmission of the Network Key when the ZigBee Network is added; when entering the network, both the joining sensor and the Trust Center must know this unique key, so the install code is used to derive the key at both ends; the Installcode can be any value of 6,8,12 or 16 bytes, ending with a 16-bit CRC, or cyclic redundancy check, of these bytes (least significant byte first); installcode is used as an input to a Matyas-Meyer-Oseas (MMO) Hash function, the Hash length of which equals 128 bits; the 128 bit (16 byte) result of the AES-MMO hash function is the value of the preconfigured Trust Center Link Key that is used as the sensor, and the Trust Center can install the Key table entry (the Key and the EUI64 of the joining sensor), which then allows successful authentication during joining the Network, the joining sensor can successfully receive and decrypt the Network Key; as part of this process, the Install code and EUI64 joining the sensor must be transmitted out-of-band (to the network outside the target ZigBee because a new node has not joined) to the Trust Center of the network to allow the correct link key table entry to be created.
The fourth embodiment of the invention for information security transmission comprises:
adopting Application Link Keys to ensure the safe transmission of a network layer; the Application Link Key is different from the Trust Center Link Key, is not necessary and belongs to an optional safety mechanism; the Application Link Key is used for APS level encryption between two sensors which are not Trust centers in a network; the Application Link Key is not used between the sensor and the Trust Center; the Application Link Key can be established in the following two ways:
manually configuring by an Application program, and specifying an Application Link Key associated with a target sensor;
generating an Application Link Key by requesting the Trust Center and sending the Application Link Key to the two sensors;
the Ember Stack supports various methods for requesting an Application Link Key.
The invention requests the first embodiment of the Application Link Key:
the method for requesting the Application Link Key by adopting the ZigBee standard method comprises the following steps:
s1: one sensor requests an Application Link Key from the other sensor by contacting the Trust Center;
s2: the Trust Center immediately responds and sends the randomly generated Application Link Key back to the requesting sensor and the other sensor; the method has the advantages of good compatibility and the disadvantages of: only one sensor requests the Key, while another sensor may be sleeping, offline, or not have enough capacity to hold the new Application Link Key.
The invention requests the second embodiment of the Application Link Key:
the non-ZigBee standard method is adopted to request the Application Link Key, and the Ember Stack is improved on the first method, so that the non-ZigBee standard method is not compatible with a third-party sensor; it requires that all the Ember sensors in the network are configured for this method, including the Trust Center; this approach is more reliable because it helps ensure that the partner sensor is online, and therefore is able to receive the Application Link Key;
as shown in FIG. 2, the non-ZigBee standard method for requesting the Application Link Key comprises the following steps:
s1: sensor a sends a Link Key request with sensor B to the Trust Center (this request is the encryption of APS layer using the Trust Center Link Key of sensor a) message;
s2: after the Trust Center receives the request, within a certain time (the length of the time is defined by the Trust Center application), the sensor B sends a Link Key request with the sensor A to the Trust Center (the request is APS layer encryption by using the Trust Center Link Key of the sensor B) message;
s3: if the situation happens, the Trust Center generates a random Application Link Key and sends the random Application Link Key to the two sensors;
requiring both sensors to send Link Key requests greatly reduces the instances in which the sensors do not receive an Application Link Key.
As shown in fig. 3, when a sensor joins in a ZigBee Standard Security network, first, a message authentication code MAC association request is sent to a parent node; if the association is successful, the sensor is in a joined but unauthenticated state, and the sensor does not have a Network Key at the moment; after the father node sends a response that MAC association is successful to the sensor, a sensor updating message is sent to the Trust Center to indicate that the new node hopes to join the ZigBee network; then, the Trust Center determines whether to allow the sensor to be added or not; if the sensor is not allowed to join, sending a Remove sensor (Remove device) request to the parent node; if the sensor is allowed to join, the Trust Center sends a Network Key to the parent node, the Trust Center's behavior depending on whether the sensor has a pre-configured Trust Center Link Key.
The hardware parameter of the invention is one embodiment:
the specification parameters of the zigbee module shown in FIG. 4
The Zibee master control IC adopts EFR32MG1B232 with the main characteristics as follows:
maximum clock frequency 40MHz, ARM Cortex M4 kernel;
storage space: flash 256kB, RAM 32 kB;
operating frequency and transmission power: 2.4GHz-19dBm, SUB-GHz-20 dBm;
support a variety of protocols: zigbee and Thread;
internal resources and external interfaces:
12-bit 1Msps SAR analog-to-digital conversion (ADC)
2X Analog Comparator (ACMP)
Digital-to-analog current conversion (IDAC)
Up to 32 general purpose I/O pins with output state retention and asynchronous interrupts
8-way DMA controller
12 channel Peripheral Reflex System (PRS)
2X 16-bit timing counter
3 or 4 way PWM compare/capture
Watchdog timer for dedicated RC oscillator
·2×UART/SPI/SmartCard(ISO 7816)/IrDA/I2S
Low power UART (LEUART)TM)
The I2C interface supports SMBus and address recognition in EM3 Stop
Supporting network security
Universal CRC, i.e. cyclic redundancy check
Random number generator
Encryption methods AES 128/256, SHA-1, SHA-2(SHA-224 and SHA-256), and ECC;
as shown in fig. 5, NFC transceiver module parameters
The NFC adopts a dynamic label mode, and the chip is ST25DV 04K; the main characteristics are as follows:
two-wire I2C interface;
protocol support
·ISO/IEC 15693
·NFC Forum Type 5 tag certified by the NFC Forum
·ISO/IEC 15693 modulations,coding,subcarrier modes and data rates
Single or multiple block read-write operations
64-kbits EEPROM, I2C interface access, RF4 byte block access;
supporting I2C \ RF fast switching mode;
support low power consumption modes.
The specific embodiment of the invention is applied as follows:
A. table 1 the present invention is applied to an embodiment of a door sensor (connect sensor):
the Connect sensor intelligent home security system sub-product is used in combination with the HUB and the APP; the hardware mainly comprises a zigbee module, a temperature detection circuit, a magnetic switch detection circuit and a power circuit; the main function detects the opening and closing states of doors, windows and the like, and receives state information through a mobile phone.
TABLE 1
B. As shown in table 2, the present invention is applied to a specific embodiment of a human body motion sensor (motion sensor):
the motion sensor is a subsidiary product of the intelligent home security system and is used in combination with the HUB and the APP; the product comprises a transparent lens; hardware: mainly comprises a zigbee module, a temperature detection circuit, an infrared induction detection circuit and a power circuit; the main function detects whether a person passes through the mobile phone, and receives the state information through the mobile phone.
TABLE 2
According to the two application embodiments of the intelligent home security system sub-product, the intelligent home control system has the advantages that the reaction time is extremely short, the sensing efficiency is high, the time delay caused by propagation delay of a traditional controller is shortened, the timeliness of the intelligent home control system is ensured, the working efficiency of the intelligent home control system is improved, and the fast intelligent home is really realized.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A fusion encryption control method for an intelligent household sensor is characterized by comprising the following steps:
setting an NFC read-write module in an intelligent home control system gateway;
the sensor is provided with an NFC module;
the smart home control system and the sensor are transmitted in a non-zigbee mode, namely, card reading and card writing are carried out through NFC;
the sensor transmits an install code to the gateway through the NFC module, and the process specifically comprises the following steps:
the method comprises the following steps that firstly, a sensor is close to a gateway, an NFC module of the sensor actively induces with an NFC read-write module of the gateway, and meanwhile, the NFC read-write module of the gateway reads Zigbee information of the sensor;
secondly, the gateway uploads the read information to a server cloud for verification;
step three, if the verification is passed, executing the step four, and if the verification is failed, ending the process or reading again;
fourthly, the intelligent home control system writes the network information into the NFC read-write module and then transmits the network information to the sensor after the verification is passed; at the moment, the pairing is successful, and the NFC read-write module writes new parameter information into the NFC module to complete the addition of the sensor.
2. The fusion encryption control method for smart home sensors according to claim 1,
an install code mechanism is adopted, namely, each sensor is added into the network and an independent link key is adopted; the communication between the gateway and the sensor adopts a Standard Security protocol, and the Standard Security encrypts data on a Network layer and an APS layer by using a Network Key and a link Key respectively; the APS layer security allows the Trust Center to securely transmit the Network Key to the joining node or deny the joining node, and it allows the application to add optional secure encrypted messages; the network layer safety is used for ensuring the safety of all messages sent in the ZigBee network; standard Security does not include communication at the MAC layer.
3. The fusion encryption control method for smart home sensors according to claim 2,
standard Security can define different types of Keys, and different modes are used for ensuring the Security of data; all Keys decrypts and encrypts the data packets using the 128-bit symmetric key AES-128.
4. The converged encryption control method for smart home sensors according to claim 3,
the Network Key is adopted to ensure the safe transmission of a Network layer; all sensors in the Standard Security Network can backup the Network Key; the Trust Center can periodically update the Network Key; the Trust Center is updated in two ways: broadcast updates or unicast updates; under the condition of broadcast updating, the Trust Center firstly broadcasts a new Network Key, and at the moment, an old Network Key is used for encrypting a broadcast message; under the condition of unicast updating, the Trust Center sends a new Network Key to each sensor, and at the moment, the Trust Center Link Key is used for encrypting the Network Key; after the new Network Key is sent to each Network node, the Trust Center sends a conversion command to tell all sensors to convert the new Network Key; the new Network Key corresponds to a sequence code, and the sequence code adds 1 on the basis of the sequence code of the old Network Key.
5. The converged encryption control method for smart home sensors according to claim 3,
a Trust Center Link Key is adopted to ensure the safe transmission of a network layer; the Trust Center Link Key is used for end-to-end secure communication between two nodes; trust Center Link Key was used in the following cases:
when a node is added to a Network for the first time, the Network Key needs to be encrypted and transmitted to the added node;
when the Network Key is updated, some nodes need to Rejoin because new Network keys are not received; at the moment, the Trust Center encrypts the Network Key by using the Trust Center Link Key, sends the Network Key to the node and accesses the Network again;
when the router sends the APS security message to or receives the APS security message from the Trust Center, the Trust Center Link Key needs to be used; for example, when a router sends an update to a Trust Center that a node joins or rejoins, or a command is sent by the Trust Center to the router to perform some security functions, a Trust Center Link Key needs to be used;
APS encryption enabled application unicast messages, where the sending or receiving sensor is the Trust Center;
the Trust Center decides the option of how to manage the Trust Center Link Key; it can select a unique key for each sensor or use the same global key for all sensors.
6. The converged encryption control method for smart home sensors according to claim 3,
adopting instrumentation Code Keys to ensure the safe transmission of a network layer; ZigBee 3.0 supports instrumentation Code Key, which is only used for Smart Energy Network, namely an intelligent Energy Network, and the Smart Energy Network must use instrumentation Code; all ZigBee 3.0 authentication sensors need to support install code at present, but the Trust center determines whether the sensors are used in the network;
the Installcode is used for pre-configuring a Trust Center Link Key and is used for encrypting the transmission of the Network Key when the ZigBee Network is added; when entering the network, both the joining sensor and the Trust Center must know this unique key, so the install code is used to derive the key at both ends; the Installcode can be any value of 6,8,12 or 16 bytes, ending with a 16-bit CRC, or cyclic redundancy check, of these bytes; installcode is used as an input to the Matyas-Meyer-OseasHash hash function, with a hash length equal to 128 bits; the 128-bit result of the AES-MMO hash function is the value of the pre-configured Trust Center Link Key that is used as the sensor, and the Trust Center can install a Key table entry that then allows successful authentication during joining the Network, and the joining sensor can successfully receive and decrypt the Network Key; as part of this process, the Installcode and the EUI64 that joined the sensor must be transmitted out-of-band to the Trust Center of the network to allow the correct link key table entry to be created.
7. The converged encryption control method for smart home sensors according to claim 3,
adopting Application Link Keys to ensure the safe transmission of a network layer; the Application Link Key is used for APS level encryption between two sensors which are not Trust centers in a network; the Application Link Key is not used between the sensor and the Trust Center; the Application Link Key can be established in the following two ways:
manually configuring by an Application program, and specifying an Application Link Key associated with a target sensor;
an Application Link Key is generated by requesting the Trust Center and sent to both sensors.
8. The converged encryption control method for smart home sensors according to claim 7,
the method for requesting the Application Link Key by adopting the ZigBee standard method comprises the following steps:
s1: one sensor requests an Application Link Key from the other sensor by contacting the Trust Center;
s2: the Trust Center responds immediately and sends a randomly generated Application Link Key back to the requesting sensor and the other sensor.
9. The converged encryption control method for smart home sensors according to claim 7,
the method is characterized in that a non-ZigBee standard method is adopted to request an Application Link Key, which requires all Ember sensors in a network to be configured with the method, including a Trust Center;
the non-ZigBee standard method for requesting the Application Link Key comprises the following steps:
s1: the sensor A sends a link key request message with the sensor B to the Trust Center;
s2: after the Trust Center receives the request, the sensor B sends a link key request message with the link key of the sensor A to the Trust Center within a certain time;
s3: if this happens, the Trust Center generates a random Application Link Key and sends it to both sensors.
10. The converged encryption control method for smart home sensors according to claim 9,
when a sensor is added into a ZigBee Standard Security network, firstly, a message authentication code MAC association request is sent to a father node; if the association is successful, the sensor is in a joined but unauthenticated state, and the sensor does not have a Network Key at the moment; after the father node sends a response that MAC association is successful to the sensor, a sensor updating message is sent to the Trust Center to indicate that the new node hopes to join the ZigBee network; then, the Trust Center determines whether to allow the sensor to be added or not; if the sensor is not allowed to join, sending a sensor removing request to the father node; if the sensor is allowed to join, the Trust Center sends a Network Key to the parent node, the Trust Center's behavior depending on whether the sensor has a pre-configured Trust Center Link Kev.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910557741.2A CN112134767A (en) | 2019-06-25 | 2019-06-25 | Fusion encryption control method for intelligent household sensor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910557741.2A CN112134767A (en) | 2019-06-25 | 2019-06-25 | Fusion encryption control method for intelligent household sensor |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112134767A true CN112134767A (en) | 2020-12-25 |
Family
ID=73849502
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910557741.2A Pending CN112134767A (en) | 2019-06-25 | 2019-06-25 | Fusion encryption control method for intelligent household sensor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112134767A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160142402A1 (en) * | 2014-11-14 | 2016-05-19 | Samsung Electronics Co., Ltd. | Method and apparatus for registering a device for use |
| CN106936929A (en) * | 2017-04-21 | 2017-07-07 | 深圳华制智能制造技术有限公司 | A kind of things-internet gateway equipment, internet of things equipment group network system and its network-building method |
| CN108353442A (en) * | 2016-10-27 | 2018-07-31 | 硅实验室公司 | The second network is entrusted using network |
| CN109327823A (en) * | 2018-08-29 | 2019-02-12 | 深圳绿米联创科技有限公司 | Network-building method, device, system, ZigBee equipment and storage medium |
| CN109842667A (en) * | 2017-11-29 | 2019-06-04 | 北京京东尚科信息技术有限公司 | Method and cloud platform system for cloud platform management smart machine |
-
2019
- 2019-06-25 CN CN201910557741.2A patent/CN112134767A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160142402A1 (en) * | 2014-11-14 | 2016-05-19 | Samsung Electronics Co., Ltd. | Method and apparatus for registering a device for use |
| CN108353442A (en) * | 2016-10-27 | 2018-07-31 | 硅实验室公司 | The second network is entrusted using network |
| CN106936929A (en) * | 2017-04-21 | 2017-07-07 | 深圳华制智能制造技术有限公司 | A kind of things-internet gateway equipment, internet of things equipment group network system and its network-building method |
| CN109842667A (en) * | 2017-11-29 | 2019-06-04 | 北京京东尚科信息技术有限公司 | Method and cloud platform system for cloud platform management smart machine |
| CN109327823A (en) * | 2018-08-29 | 2019-02-12 | 深圳绿米联创科技有限公司 | Network-building method, device, system, ZigBee equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11647548B2 (en) | Network access method, device, and system | |
| US10841759B2 (en) | Securely providing a password using an internet of things (IoT) system | |
| US10721208B2 (en) | System and method for automatic wireless network authentication in an internet of things (IOT) system | |
| US10743171B2 (en) | Apparatus and method for registering and associating internet of things (IoT) devices with anonymous IoT device accounts | |
| KR102537363B1 (en) | Systems and methods for secure Internet of Things (IoT) device provisioning | |
| US10630647B2 (en) | Secure wireless communication between controllers and accessories | |
| CN113271579B (en) | Bluetooth device control method, client, computer device and readable storage medium | |
| US10951592B2 (en) | Secure wireless communication between controllers and accessories | |
| US10447786B1 (en) | Apparatus and method for temporarily loaning internet of things (IOT) devices | |
| CN101084687B (en) | Systems and methods for the connection and remote configuration of wireless clients | |
| US10779296B2 (en) | System and method for intelligent communication channel selection for an internet of things (IoT) device | |
| CN109327823B (en) | Networking method, device and system, ZigBee equipment and storage medium | |
| KR20190013867A (en) | System and method for establishing a secure communication channel with an Internet (IoT) device | |
| JP6254747B2 (en) | Information providing method, apparatus, program, and recording medium | |
| CN105580310A (en) | Security management method and security management device in home network system | |
| CN106452999B (en) | Intelligent household appliance and method and device for safely accessing intelligent household appliance | |
| WO2006080623A1 (en) | Method and apparatus for managing communication security in wireless network | |
| WO2016058254A1 (en) | Home appliance control method and control device, and home data terminal | |
| WO2019215439A1 (en) | Methods and apparatus for authenticating devices | |
| KR20190134924A (en) | Hardware secure module | |
| CN114760112B (en) | Wireless local area network-oriented intelligent home equipment networking method, system, equipment and storage medium | |
| CN106658488B (en) | Intelligent household appliance and method and device for safely accessing intelligent household appliance | |
| CN113612747B (en) | Method and device for setting device control authority, computer device and storage medium | |
| CN113452515B (en) | Communication method, key configuration method and device | |
| CN117041953A (en) | Method for intercommunication between intelligent device and national network app, terminal device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201225 |