CN112491933A - Local area network encryption communication method and storage medium - Google Patents
Local area network encryption communication method and storage medium Download PDFInfo
- Publication number
- CN112491933A CN112491933A CN202011573385.2A CN202011573385A CN112491933A CN 112491933 A CN112491933 A CN 112491933A CN 202011573385 A CN202011573385 A CN 202011573385A CN 112491933 A CN112491933 A CN 112491933A
- Authority
- CN
- China
- Prior art keywords
- public key
- internet
- area network
- local area
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 121
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012795 verification Methods 0.000 claims abstract description 94
- 238000004590 computer program Methods 0.000 claims description 11
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a local area network encrypted communication method and a storage medium, wherein the method is applied to Internet of things equipment and comprises the following steps: establishing local area network connection with the terminal equipment; receiving first communication verification information sent by terminal equipment, wherein the first communication verification information comprises a first certificate and a first public key corresponding to the terminal equipment, and the first certificate is obtained by signing the first public key through an initial private key; verifying the first certificate by using an initial public key corresponding to a pre-stored initial private key; if the verification is successful, encrypting the message to be sent according to the first public key to obtain ciphertext information; and sending the ciphertext information to the terminal equipment.
Description
Technical Field
The application relates to the technical field of Internet of things, in particular to a local area network encryption communication method and a storage medium.
Background
At present, many household appliances used daily are becoming intelligent and all accessing the internet, the internet of things IOT will improve our lives, many manufacturers realize the potential benefits of IOT and actively develop various intelligent devices, ranging from home connection devices, wearable and home security systems, etc., however, at present, communication among devices in a home local area network is based on plaintext transmission, but the manner based on plaintext transmission has the problem that user data is easily stolen and attacked.
Disclosure of Invention
An object of an embodiment of the present application is to provide a local area network encryption communication method and a storage medium, so as to solve the problem that communication between devices in a home local area network is based on plaintext transmission, which is easy to steal user data and attack.
In a first aspect, the present invention provides a local area network encryption communication method, which is applied to an internet of things device, and the method includes: establishing local area network connection with the terminal equipment; receiving first communication verification information sent by the terminal equipment, wherein the first communication verification information comprises a first certificate and a first public key corresponding to the terminal equipment, and the first certificate is obtained by signing the first public key through an initial private key; verifying the first certificate by using a pre-stored initial public key corresponding to the initial private key; if the verification is successful, encrypting the message to be sent according to the first public key to obtain ciphertext information; and sending the ciphertext information to the terminal equipment.
In the designed local area network encryption communication method, the local area network connection is established through the internet of things device and the terminal device, the first certificate in the first communication verification information sent by the terminal device is verified through the internet of things device, the first public key in the first communication verification information is determined to be authentic when the verification is successful, the message to be sent is encrypted based on the first public key to form ciphertext information and is sent, the ciphertext information is decrypted after the terminal device receives the ciphertext information to obtain the message to be sent, the communication between the internet of things device and the terminal device is encrypted through the verified secret key, the communication data are encrypted safely, the data are prevented from being tampered and leaked, and the communication safety of the internet of things device and the terminal device in the local area network is improved.
In an optional implementation manner of the first aspect, the establishing a local area network connection with a terminal device includes: registering service information of the Internet of things equipment into the local area network through a multicast DNS (Domain name Server), so that the terminal scans the local area network through the multicast DNS to obtain the service information so as to establish local area network connection with the Internet of things equipment, wherein the service information comprises an ip address and a port.
In an optional implementation manner of the first aspect, the encrypting the message to be sent according to the first public key to obtain ciphertext information includes: generating an encryption key according to a device private key corresponding to the Internet of things device and the first public key; and encrypting the message to be sent by using the encryption key to obtain the ciphertext information.
In an optional implementation manner of the first aspect, after encrypting the message to be sent according to the first public key to obtain ciphertext information, the method further includes: and signing the message to be sent according to a device private key corresponding to the Internet of things device to obtain a first signature value, so as to send the first signature value to the terminal device.
In an optional implementation manner of the first aspect, after the establishing the local area network connection with the terminal device, the method further includes: and sending second communication verification information to the terminal equipment, wherein the second communication verification information comprises a second certificate and an equipment public key corresponding to the equipment private key, and the second certificate is obtained by signing the equipment public key through an initial private key, so that the terminal equipment verifies the second certificate to determine the safety of the equipment public key.
In a second aspect, the present invention provides a local area network encryption communication method, applied in a terminal device, including: establishing local area network connection with the Internet of things equipment; sending first communication verification information to the internet of things equipment, wherein the first communication verification information comprises a first certificate and a first public key corresponding to the terminal equipment, and the first certificate is obtained by signing the first public key through an initial private key, so that the internet of things equipment verifies the first certificate and forms ciphertext information according to a message to be sent and the first public key after the verification is successful, and the ciphertext information is sent to the terminal equipment; receiving ciphertext information sent by the Internet of things equipment; and decrypting the ciphertext information to obtain the message body.
In the designed local area network encryption communication method, the local area network connection is established through the internet of things device and the terminal device, the first certificate in the first communication verification information sent by the terminal device is verified through the internet of things device, the first public key in the first communication verification information is determined to be authentic when the verification is successful, the message to be sent is encrypted based on the first public key to form ciphertext information and is sent, the ciphertext information is decrypted after the terminal device receives the ciphertext information to obtain the message to be sent, the communication between the internet of things device and the terminal device is encrypted through the verified secret key, the communication data are encrypted safely, the data are prevented from being tampered and leaked, and the communication safety of the internet of things device and the terminal device in the local area network is improved.
In an optional implementation manner of the second aspect, the establishing a local area network connection with an internet of things device includes: scanning an ip address and a port of the Internet of things equipment registered in advance in the local area network through a multicast DNS; and establishing local area network connection with the Internet of things equipment according to the ip address and the port of the Internet of things equipment.
In an optional implementation manner of the second aspect, after the establishing the local area network connection with the internet of things device, the method further includes: receiving second communication verification information sent by the Internet of things equipment, wherein the second communication verification information comprises a second certificate and an equipment public key of the Internet of things equipment, and the second certificate is obtained by signing the equipment public key through an initial private key; verifying the second certificate by using a pre-stored initial public key corresponding to the initial private key; and if the verification is successful, determining that the device public key in the second communication verification information is safe.
In an optional implementation manner of the second aspect, the ciphertext information is obtained by encrypting the message body through the first public key and a device private key of the internet of things device; the decrypting the ciphertext information to obtain the message body includes: and decrypting the ciphertext information according to the equipment public key and a first private key corresponding to the first public key to obtain the message body.
In a third aspect, the present application provides a local area network encryption communication apparatus, which is applied to an internet of things device, and the apparatus includes: the first connection module is used for establishing local area network connection with the terminal equipment; a first receiving module, configured to receive first communication verification information sent by the terminal device, where the first communication verification information includes a first certificate and a first public key corresponding to the terminal device, and the first certificate is obtained by signing the first public key with an initial private key; the first verification module is used for verifying the first certificate by utilizing a pre-stored initial public key corresponding to the initial private key; the first encryption module is used for encrypting the message to be sent according to the first public key after the verification is successful so as to obtain ciphertext information; and the first sending module is used for sending the ciphertext information to the terminal equipment.
In the designed local area network encryption communication device, the local area network connection is established through the internet of things equipment and the terminal equipment, the first certificate in the first communication verification information sent by the terminal equipment is verified through the internet of things equipment, the first public key in the first communication verification information is determined to be credible when the verification is successful, the message to be sent is encrypted based on the first public key to form ciphertext information and is sent, the ciphertext information is decrypted after the terminal equipment receives the ciphertext information to obtain the message to be sent, the communication between the internet of things equipment and the terminal equipment is encrypted through the verified secret key, the communication data is safely encrypted, the data are prevented from being tampered and leaked, and the communication safety of the internet of things equipment and the terminal equipment in the local area network is improved.
In an optional implementation manner of the third aspect, the first connection module is specifically configured to register service information of the internet of things device in the local area network through a multicast DNS, so that the terminal scans the local area network through the multicast DNS to obtain the service information to establish a local area network connection with the internet of things device, where the service information includes an ip address and a port.
In an optional implementation manner of the third aspect, the first encryption module is specifically configured to generate an encryption key according to a device private key corresponding to the internet of things device and the first public key; and encrypting the message to be sent by using the encryption key to obtain the ciphertext information.
In an optional implementation manner of the third aspect, the first sending module is further configured to send second communication verification information to the terminal device, where the second communication verification information includes a second certificate and a device public key corresponding to the device private key, and the second certificate is obtained by signing the device public key with an initial private key, so that the terminal device verifies the second certificate to determine security of the device public key.
In a fourth aspect, the present application provides another local area network encryption communication apparatus, which is applied to a terminal device, and the apparatus includes: the second connection module is used for establishing local area network connection with the Internet of things equipment; the second sending module is used for sending first communication verification information to the internet of things equipment, wherein the first communication verification information comprises a first certificate and a first public key corresponding to the terminal equipment, and the first certificate is obtained by signing the first public key through an initial private key, so that the internet of things equipment verifies the first certificate and forms ciphertext information according to a message to be sent and the first public key after the verification is successful and sends the ciphertext information to the terminal equipment; the second receiving module is used for receiving ciphertext information sent by the Internet of things equipment; and the decryption module is used for decrypting the ciphertext information to obtain the message to be sent.
In the designed local area network encryption communication device, the local area network connection is established through the internet of things equipment and the terminal equipment, the first certificate in the first communication verification information sent by the terminal equipment is verified through the internet of things equipment, the first public key in the first communication verification information is determined to be credible when the verification is successful, the message to be sent is encrypted based on the first public key to form ciphertext information and is sent, the ciphertext information is decrypted after the terminal equipment receives the ciphertext information to obtain the message to be sent, the communication between the internet of things equipment and the terminal equipment is encrypted through the verified secret key, the communication data is safely encrypted, the data are prevented from being tampered and leaked, and the communication safety of the internet of things equipment and the terminal equipment in the local area network is improved.
In an optional implementation manner of the fourth aspect, the second connection module is specifically configured to scan, through a multicast DNS, ip addresses and ports of the internet of things devices registered in advance in the local area network; and establishing local area network connection with the Internet of things equipment according to the ip address and the port of the Internet of things equipment.
In an optional implementation manner of the fourth aspect, the second receiving module is further configured to receive second communication verification information sent by the internet of things device, where the second communication verification information includes a second certificate and a device public key of the internet of things device, and the second certificate is obtained by signing the device public key with an initial private key; the second verification module is used for verifying the second certificate by utilizing a pre-stored initial public key corresponding to the initial private key; and the determining module is used for determining the safety of the device public key in the second communication verification information after the verification is successful.
In a fifth aspect, an embodiment provides an electronic device, including a memory and a processor, where the memory stores a computer program, and the processor executes the computer program to perform the method in the first aspect or any optional implementation manner of the first aspect, or any optional implementation manner of the second aspect or the second aspect.
In a sixth aspect, the embodiments provide a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs the method in the first aspect, any optional implementation manner of the first aspect, and any optional implementation manner of the second aspect.
In a seventh aspect, an embodiment provides a computer program product, which when run on a computer, causes the computer to execute the method in the first aspect, any optional implementation manner of the first aspect, and any optional implementation manner of the second aspect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a first interaction diagram of a local area network encryption communication method according to an embodiment of the present application;
fig. 2 is a second interaction diagram of a local area network encryption communication method according to an embodiment of the present application;
fig. 3 is a third interaction diagram of a local area network encryption communication method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a local area network encryption communication apparatus according to an embodiment of the present application;
fig. 5 is a block diagram of another lan encryption communication apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Icon: 200-a first connection module; 201-a first receiving module; 202-a first authentication module; 203-a first cryptographic module; 204-a first sending module; 300-a second connection module; 301-a second sending module; 302-a second receiving module; 303-a decryption module; 304-a second authentication module; 305-a determination module; 4-an electronic device; 401-a processor; 402-a memory; 403-communication bus.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
The local area network encryption communication method provided by the embodiment of the application includes an internet of things device and a terminal device, the terminal device can be a mobile phone, an ipad and other terminal devices, and as shown in fig. 1, the local area network encryption communication method specifically includes the following steps:
step S100: and local area network connection is established between the Internet of things equipment and the terminal equipment.
Step S101: the terminal equipment sends first communication verification information to the Internet of things equipment, the first communication verification information comprises a first certificate and a first public key, and the first certificate is obtained by signing the first public key through an initial private key.
Step S102: the internet of things device verifies the first certificate by using the initial public key corresponding to the pre-stored initial private key, and if the verification is successful, the step S103 is performed.
Step S103: and encrypting the message to be sent according to the first public key to obtain ciphertext information and sending the ciphertext information to the terminal equipment.
Step S104: and the terminal equipment decrypts the received ciphertext information to obtain the message to be sent.
In step S100, the internet of things device and the terminal device are in a local area network to establish a local area network connection, where the method for establishing the local area network connection between the internet of things device and the terminal device can be specifically implemented by the following steps:
step S1000: the service information of the Internet of things equipment is registered in the local area network through the multicast DNS by the Internet of things equipment, and the server information comprises an ip address and a port.
Step S1001: the terminal equipment scans ip addresses and ports of the Internet of things equipment registered in advance in the local area network through the multicast DNS, and establishes local area network connection with the Internet of things equipment according to the ip addresses and the ports of the Internet of things equipment.
In the above steps, the internet of things device may establish a socket server in the local device under a local area network environment, register service information in the local area network through multicast DNS broadcast, scan the service information registered in the local area network through the multicast DNS by the terminal device, obtain an ip address and a port, and establish a local area network connection with the internet of things device through the obtained ip address and port.
After the local area network connection is established between the internet of things device and the terminal device through the steps, step S101 can be executed in which the terminal device sends the first communication verification information to the internet of things device.
In step S101, the first communication verification information includes a first certificate and a first public key, where the first public key is a public key in a symmetric key generated by the terminal device itself, and the first public key and the first private key may be generated by an Ed25519 algorithm, and the first certificate is obtained by signing the first public key with an initial private key, where the initial private key may be a private key in the symmetric key generated by an internet of things device manufacturer. Specifically, it has been described above that the terminal device may generate the first public key and the first private key through the Ed25519 algorithm, similarly, the internet of things device may also generate the device public key and the device private key through the Ed25519 algorithm, and the internet of things device manufacturer may also generate an initial public key and an initial private key through the Ed25519 algorithm, so that the terminal device, the internet of things device, and the internet of things device manufacturer all maintain a symmetric key.
On the basis, the terminal equipment can send the first public key to the Internet of things equipment manufacturer, the Internet of things equipment manufacturer signs the first public key through the generated initial private key through an Ed25519 algorithm so as to obtain a first certificate, and then the first certificate and the initial public key corresponding to the initial private key are sent to the terminal equipment for storage; similarly, the device public key of the internet of things device can be sent to the internet of things device manufacturer, the internet of things device manufacturer signs the obtained device public key through the generated initial private key through the Ed25519 algorithm to obtain a second certificate, and then the second certificate and the initial public key are sent to the internet of things device for storage.
Through the process, the terminal equipment stores a first public key, a first private key, a first certificate and an initial public key; the device public key, the device private key, the second certificate and the initial public key are stored in the Internet of things device.
On the basis, when step S102 is executed, the internet of things device may verify the first certificate in the first communication verification information by using the initial public key prestored in the above process, specifically, the Ed25519 algorithm may also be adopted to verify the first certificate by using the initial public key, and then when the verification is successful, step S103 is executed to encrypt the message to be sent according to the first public key to obtain the ciphertext information.
In step S103, if the first certificate is successfully verified, which indicates that the first public key is safe and authentic, the message to be sent is encrypted according to the first public key to obtain ciphertext information, and the ciphertext information is sent to the terminal device, where the message to be sent may include any type of message, such as some interactive data, and then step S104 is executed.
In step S104, the terminal device may decrypt the received ciphertext information, so as to obtain the message to be sent.
Specifically, step S103 encrypts the message to be sent according to the first public key to obtain the ciphertext information, and in addition to simply encrypting through the first public key, the ciphertext information may also be obtained through the following steps:
step S1030: generating an encryption key according to a device private key corresponding to the Internet of things device and the first public key;
step S1031: and encrypting the message to be sent by utilizing the encryption key to obtain the ciphertext information.
In the above step, the internet of things device may combine the device private key and the first public key corresponding to the terminal device to generate an encryption key, and then encrypt the message to be sent by using the encryption key to obtain ciphertext information, which may be specifically implemented by using a chacha20 algorithm when encrypting the message to be sent by using the encryption key.
On the basis of the above manner of generating the encryption key by the device private key and the first public key, the terminal device in step S104 decrypts the received ciphertext information to obtain the message to be sent, which may specifically be implemented in the following manner, as shown in fig. 3, including:
step S1040: and decrypting the ciphertext information according to the pre-stored device public key and the first private key to obtain the message to be sent.
The device public key may be pre-stored in the terminal device, or may be specifically obtained in the following manner:
as described above, after the connection is established, the terminal device may send the first communication verification information to the internet of things device, and similarly, the internet of things device may also send the second communication verification information to the terminal device, so as to obtain the secure device public key in this way, as shown in fig. 3, the method specifically includes the following steps:
step S1050: and the Internet of things equipment sends second communication verification information to the terminal equipment, wherein the second communication verification information comprises a second certificate and an equipment public key.
Step S1051: the terminal device verifies the second certificate by using the pre-stored initial public key, and if the verification is successful, the step goes to step S1052.
Step S1052: and determining the safety of the device public key in the second communication verification information.
The second certificate in the above step is obtained after the device public key is signed by the initial private key, so that the terminal device can verify the second certificate by the pre-stored initial public key after receiving the second certificate, where the pre-stored initial public key is obtained by sending by the device manufacturer of the internet of things after the first certificate is generated as described above. When the verification is successful, the terminal device determines that the device public key in the second communication verification information is secure, and may further use the device public key to perform the step S1040 to decrypt the ciphertext information.
In an optional implementation manner of this embodiment, on the basis as described above, when the terminal device sends information to the internet of things device, the sent information may also be encrypted through the device public key and the first private key, so that the internet of things device decrypts the information through the device private key and the first public key after receiving the information, and further, encryption secure communication between the internet of things device and the terminal device is realized.
In the designed local area network encryption communication method, the local area network connection is established through the internet of things device and the terminal device, the first certificate in the first communication verification information sent by the terminal device is verified through the internet of things device, the first public key in the first communication verification information is determined to be authentic when the verification is successful, the message to be sent is encrypted based on the first public key to form ciphertext information and is sent, the ciphertext information is decrypted after the terminal device receives the ciphertext information to obtain the message to be sent, the communication between the internet of things device and the terminal device is encrypted through the verified secret key, the communication data are encrypted safely, the data are prevented from being tampered and leaked, and the communication safety of the internet of things device and the terminal device in the local area network is improved.
Fig. 4 shows a schematic structural block diagram of a local area network encryption communication apparatus provided by the present application, it should be understood that the apparatus corresponds to the above-mentioned method embodiment performed by the internet of things device in fig. 1 to 3, and is capable of performing the steps involved in the method performed by the internet of things device in the foregoing embodiments, and specific functions of the apparatus may be referred to in the foregoing description, and a detailed description is appropriately omitted here to avoid repetition. The device includes at least one software function that can be stored in memory in the form of software or firmware (firmware) or solidified in the Operating System (OS) of the device. Specifically, the apparatus includes: a first connection module 200, configured to establish a local area network connection with a terminal device; a first receiving module 201, configured to receive first communication verification information sent by a terminal device, where the first communication verification information includes a first certificate and a first public key corresponding to the terminal device, and the first certificate is obtained by signing a first public key through an initial private key; the first verification module 202 is configured to verify the first certificate by using a pre-stored initial public key corresponding to the initial private key; the first encryption module 203 is configured to encrypt the message to be sent according to the first public key after the verification is successful to obtain ciphertext information; and the first sending module 204 is configured to send the ciphertext information to the terminal device.
In the designed local area network encryption communication device, the local area network connection is established through the internet of things equipment and the terminal equipment, the first certificate in the first communication verification information sent by the terminal equipment is verified through the internet of things equipment, the first public key in the first communication verification information is determined to be credible when the verification is successful, the message to be sent is encrypted based on the first public key to form ciphertext information and is sent, the ciphertext information is decrypted after the terminal equipment receives the ciphertext information to obtain the message to be sent, the communication between the internet of things equipment and the terminal equipment is encrypted through the verified secret key, the communication data is safely encrypted, the data are prevented from being tampered and leaked, and the communication safety of the internet of things equipment and the terminal equipment in the local area network is improved.
In an optional implementation manner of this embodiment, the first connection module 200 is specifically configured to register service information of the internet of things device in a local area network through a multicast DNS, so that a terminal scans the local area network through the multicast DNS to obtain the service information to establish a local area network connection with the internet of things device, where the service information includes an ip address and a port.
In an optional implementation manner of this embodiment, the first encryption module 203 is specifically configured to generate an encryption key according to a device private key and a first public key corresponding to the internet of things device; and encrypting the message to be sent by utilizing the encryption key to obtain the ciphertext information.
In an optional implementation manner of this embodiment, the first sending module 204 is further configured to send second communication verification information to the terminal device, where the second communication verification information includes a second certificate and a device public key corresponding to the device private key, and the second certificate is obtained by signing the device public key through the initial private key, so that the terminal device verifies the second certificate to determine security of the device public key.
Fig. 5 shows a schematic block diagram of another local area network encryption communication apparatus provided in the present application, and it should be understood that the apparatus corresponds to the above-mentioned method embodiment executed by the terminal device in fig. 1 to 3, and is capable of executing the steps involved in the method executed by the terminal device in the foregoing embodiments, and the specific functions of the apparatus can be referred to the above description, and detailed descriptions are appropriately omitted here to avoid repetition. The device includes at least one software function that can be stored in memory in the form of software or firmware (firmware) or solidified in the Operating System (OS) of the device. Specifically, the apparatus includes: the second connection module 300 is configured to establish a local area network connection with the internet of things device; the second sending module 301 is configured to send first communication verification information to the internet of things device, where the first communication verification information includes a first certificate and a first public key corresponding to the terminal device, and the first certificate is obtained by signing the first public key through an initial private key, so that the internet of things device verifies the first certificate and forms ciphertext information according to a message to be sent and the first public key after verification is successful, and sends the ciphertext information to the terminal device; the second receiving module 302 is configured to receive ciphertext information sent by the internet of things device; the decryption module 303 is configured to decrypt the ciphertext information to obtain a message to be sent.
In the designed local area network encryption communication device, the local area network connection is established through the internet of things equipment and the terminal equipment, the first certificate in the first communication verification information sent by the terminal equipment is verified through the internet of things equipment, the first public key in the first communication verification information is determined to be credible when the verification is successful, the message to be sent is encrypted based on the first public key to form ciphertext information and is sent, the ciphertext information is decrypted after the terminal equipment receives the ciphertext information to obtain the message to be sent, the communication between the internet of things equipment and the terminal equipment is encrypted through the verified secret key, the communication data is safely encrypted, the data are prevented from being tampered and leaked, and the communication safety of the internet of things equipment and the terminal equipment in the local area network is improved.
In an optional implementation manner of this embodiment, the second connection module 300 is specifically configured to scan, through a multicast DNS, ip addresses and ports of internet of things devices registered in advance in a local area network; and establishing local area network connection with the Internet of things equipment according to the ip address and the port of the Internet of things equipment.
In an optional implementation manner of this embodiment, the second receiving module 302 is further configured to receive second communication verification information sent by the internet of things device, where the second communication verification information includes a second certificate and a device public key of the internet of things device, and the second certificate is obtained by signing the device public key through the initial private key; the second verification module 304 is configured to verify the second certificate by using a pre-stored initial public key corresponding to the initial private key; a determining module 305, configured to determine that the device public key in the second communication verification information is secure after the verification is successful.
As shown in fig. 6, the present application provides an electronic device 4 including: a processor 401 and a memory 402, the processor 401 and the memory 402 being interconnected and communicating with each other via a communication bus 403 and/or other form of connection mechanism (not shown), the memory 402 storing a computer program executable by the processor 401, the computer program being executable by the processor 401 when the computing device is running to perform the method process of any of the foregoing implementations, such as steps S100 to S104: establishing local area network connection between the Internet of things equipment and the terminal equipment; the method comprises the steps that terminal equipment sends first communication verification information to the Internet of things equipment, wherein the first communication verification information comprises a first certificate and a first public key, and the first certificate is obtained by signing a first public key through an initial private key; the Internet of things equipment verifies the first certificate by using an initial public key corresponding to a prestored initial private key, and encrypts a message to be sent according to the first public key to obtain ciphertext information and sends the ciphertext information to the terminal equipment if the verification is successful; and the terminal equipment decrypts the received ciphertext information to obtain the message to be sent.
The present application provides a storage medium having stored thereon a computer program which, when executed by a processor, performs the method processes of any of the preceding implementations.
The storage medium may be implemented by any type of volatile or nonvolatile storage device or combination thereof, such as a Static Random Access Memory (SRAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), an Erasable Programmable Read-Only Memory (EPROM), a Programmable Read-Only Memory (PROM), a Read-Only Memory (ROM), a magnetic Memory, a flash Memory, a magnetic disk, or an optical disk.
The present application provides a computer program product which, when run on a computer, causes the computer to perform the method processes of any of the preceding implementations.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
It should be noted that the functions, if implemented in the form of software functional modules and sold or used as independent products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A local area network encryption communication method is applied to Internet of things equipment and comprises the following steps:
establishing local area network connection with the terminal equipment;
receiving first communication verification information sent by the terminal equipment, wherein the first communication verification information comprises a first certificate and a first public key corresponding to the terminal equipment, and the first certificate is obtained by signing the first public key through an initial private key;
verifying the first certificate by using a pre-stored initial public key corresponding to the initial private key;
if the verification is successful, encrypting the message to be sent according to the first public key to obtain ciphertext information;
and sending the ciphertext information to the terminal equipment.
2. The method of claim 1, wherein establishing the local area network connection with the terminal device comprises:
registering service information of the Internet of things equipment into the local area network through a multicast DNS (Domain name Server), so that the terminal equipment scans the local area network through the multicast DNS to obtain the service information so as to establish local area network connection with the Internet of things equipment, wherein the service information comprises an ip address and a port.
3. The method of claim 1, wherein encrypting the message to be sent according to the first public key to obtain ciphertext information comprises:
generating an encryption key according to a device private key corresponding to the Internet of things device and the first public key;
and encrypting the message to be sent by using the encryption key to obtain the ciphertext information.
4. The method of claim 1, wherein after the encrypting the message to be sent according to the first public key to obtain ciphertext information, the method further comprises:
and signing the message to be sent according to a device private key corresponding to the Internet of things device to obtain a first signature value, so as to send the first signature value to the terminal device.
5. The method according to claim 3 or 4, wherein after the establishing of the local area network connection with the terminal device, the method further comprises:
and sending second communication verification information to the terminal equipment, wherein the second communication verification information comprises a second certificate and an equipment public key corresponding to the equipment private key, and the second certificate is obtained by signing the equipment public key through an initial private key, so that the terminal equipment verifies the second certificate to determine the safety of the equipment public key.
6. A local area network encryption communication method is applied to terminal equipment and comprises the following steps:
establishing local area network connection with the Internet of things equipment;
sending first communication verification information to the internet of things equipment, wherein the first communication verification information comprises a first certificate and a first public key corresponding to the terminal equipment, and the first certificate is obtained by signing the first public key through an initial private key, so that the internet of things equipment verifies the first certificate and forms ciphertext information according to a message to be sent and the first public key after the verification is successful, and the ciphertext information is sent to the terminal equipment;
receiving ciphertext information sent by the Internet of things equipment;
and decrypting the ciphertext information to obtain the message to be sent.
7. The method of claim 6, wherein establishing a local area network connection with an Internet of things device comprises:
scanning an ip address and a port of the Internet of things equipment registered in advance in the local area network through a multicast DNS;
and establishing local area network connection with the Internet of things equipment according to the ip address and the port of the Internet of things equipment.
8. The method of claim 6, wherein after the establishing the local area network connection with the Internet of things device, the method further comprises:
receiving second communication verification information sent by the Internet of things equipment, wherein the second communication verification information comprises a second certificate and an equipment public key of the Internet of things equipment, and the second certificate is obtained by signing the equipment public key through an initial private key;
verifying the second certificate by using a pre-stored initial public key corresponding to the initial private key;
and if the verification is successful, determining that the device public key in the second communication verification information is safe.
9. The method according to claim 8, wherein the ciphertext information is obtained by encrypting a message to be sent through the first public key and a device private key of an internet of things device;
the decrypting the ciphertext information to obtain the message to be sent includes:
and decrypting the ciphertext information according to the equipment public key and a first private key corresponding to the first public key to obtain the message to be sent.
10. A storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method of any of claims 1 to 5 or 6 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011573385.2A CN112491933A (en) | 2020-12-25 | 2020-12-25 | Local area network encryption communication method and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011573385.2A CN112491933A (en) | 2020-12-25 | 2020-12-25 | Local area network encryption communication method and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112491933A true CN112491933A (en) | 2021-03-12 |
Family
ID=74915677
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011573385.2A Pending CN112491933A (en) | 2020-12-25 | 2020-12-25 | Local area network encryption communication method and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112491933A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115734221A (en) * | 2022-11-21 | 2023-03-03 | 北京深盾科技股份有限公司 | Internet of things equipment management method, equipment, mobile terminal, device and storage medium |
| WO2023221591A1 (en) * | 2022-05-16 | 2023-11-23 | 腾讯科技(深圳)有限公司 | Data transmission method, and related apparatus, device and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123501A (en) * | 2006-08-08 | 2008-02-13 | 西安电子科技大学 | A WAPI authentication and secret key negotiation method and system |
| CN107852430A (en) * | 2015-07-06 | 2018-03-27 | 康维达无线有限责任公司 | The wide-area services of Internet of Things are found |
| CN108352982A (en) * | 2015-10-23 | 2018-07-31 | Kddi株式会社 | Communication device, communication means and computer program |
| CN109040149A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN109068321A (en) * | 2018-07-19 | 2018-12-21 | 飞天诚信科技股份有限公司 | Method, system, mobile terminal and the smart home device of consult session key |
| CN111031047A (en) * | 2019-12-16 | 2020-04-17 | 中国南方电网有限责任公司 | Device communication method, device, computer device and storage medium |
-
2020
- 2020-12-25 CN CN202011573385.2A patent/CN112491933A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123501A (en) * | 2006-08-08 | 2008-02-13 | 西安电子科技大学 | A WAPI authentication and secret key negotiation method and system |
| CN107852430A (en) * | 2015-07-06 | 2018-03-27 | 康维达无线有限责任公司 | The wide-area services of Internet of Things are found |
| CN108352982A (en) * | 2015-10-23 | 2018-07-31 | Kddi株式会社 | Communication device, communication means and computer program |
| CN109068321A (en) * | 2018-07-19 | 2018-12-21 | 飞天诚信科技股份有限公司 | Method, system, mobile terminal and the smart home device of consult session key |
| CN109040149A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN111031047A (en) * | 2019-12-16 | 2020-04-17 | 中国南方电网有限责任公司 | Device communication method, device, computer device and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023221591A1 (en) * | 2022-05-16 | 2023-11-23 | 腾讯科技(深圳)有限公司 | Data transmission method, and related apparatus, device and storage medium |
| CN115734221A (en) * | 2022-11-21 | 2023-03-03 | 北京深盾科技股份有限公司 | Internet of things equipment management method, equipment, mobile terminal, device and storage medium |
| CN115734221B (en) * | 2022-11-21 | 2023-11-03 | 北京深盾科技股份有限公司 | Internet of things equipment management method, equipment, mobile terminal, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9838205B2 (en) | Network authentication method for secure electronic transactions | |
| JP6612322B2 (en) | Data processing method and data processing apparatus | |
| EP2954448B1 (en) | Provisioning sensitive data into third party network-enabled devices | |
| US8171085B1 (en) | Methods and apparatuses for authenticating electronic messages | |
| CN1985466B (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| CN107302438B (en) | Private key protection method, system and device based on key updating | |
| EP2999189A1 (en) | Network authentication method for secure electronic transactions | |
| CN103078742B (en) | Generation method and system of digital certificate | |
| CN109150897B (en) | End-to-end communication encryption method and device | |
| US11831753B2 (en) | Secure distributed key management system | |
| JP6880071B2 (en) | Processing methods to prevent copy attacks, servers and clients | |
| CN111245597A (en) | Key management method, system and equipment | |
| KR20010103756A (en) | Self-generation of certificates using a secure microprocessor in a device for transferring digital information | |
| CN101019368A (en) | Method of delivering direct proof private keys to devices using a distribution CD | |
| US11438316B2 (en) | Sharing encrypted items with participants verification | |
| EP4246892A2 (en) | Method and system for controlling the exchange of privacy-sensitive information | |
| JP2019514314A (en) | Method, system and medium for using dynamic public key infrastructure to send and receive encrypted messages | |
| WO2018112482A1 (en) | Method and system for distributing attestation key and certificate in trusted computing | |
| CN110650478A (en) | OTA method, system, device, SE module, program server and medium | |
| CN112765626A (en) | Authorization signature method, device and system based on escrow key and storage medium | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN114127768A (en) | Computer-implemented systems and methods for facilitating transactions associated with blockchains using network identifiers of participating entities | |
| CN112491933A (en) | Local area network encryption communication method and storage medium | |
| CN106992978B (en) | Network security management method and server | |
| CN116527261A (en) | Key recovery method, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210312 |
|
| RJ01 | Rejection of invention patent application after publication |