CN112822274A - Safety verification method and device for household edge computing system - Google Patents

Safety verification method and device for household edge computing system Download PDF

Info

Publication number
CN112822274A
CN112822274A CN202110023829.3A CN202110023829A CN112822274A CN 112822274 A CN112822274 A CN 112822274A CN 202110023829 A CN202110023829 A CN 202110023829A CN 112822274 A CN112822274 A CN 112822274A
Authority
CN
China
Prior art keywords
verification
cloud
communication node
household appliance
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110023829.3A
Other languages
Chinese (zh)
Other versions
CN112822274B (en
Inventor
王斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Lanhe Pengbo Intelligent Technology Co ltd
Original Assignee
Suzhou Lanhe Pengbo Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Lanhe Pengbo Intelligent Technology Co ltd filed Critical Suzhou Lanhe Pengbo Intelligent Technology Co ltd
Priority to CN202110023829.3A priority Critical patent/CN112822274B/en
Publication of CN112822274A publication Critical patent/CN112822274A/en
Application granted granted Critical
Publication of CN112822274B publication Critical patent/CN112822274B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a safety verification method of a household edge computing system, which comprises the steps of constructing a verification cloud, wherein the verification cloud stores an identification code and a cloud verification signature code of household appliance slave equipment, and an identification code, a cloud verification signature code and a local verification signature code of communication node equipment, and when the edge node, the communication node equipment and the household appliance slave equipment are in communication connection, data verification and verification when communication connection, control and relation release are established between the edge node and the communication node equipment, between the communication node equipment and the household appliance slave equipment are realized through the cloud verification signature code and the local verification signature code. The invention can realize two-stage safety protection, so that all networked household appliances have self-protection and system-level protection capabilities, and the safety of family big data generated by the Internet of things is improved.

Description

Safety verification method and device for household edge computing system
Technical Field
The invention relates to the field of communication methods of home Internet of things, in particular to a safety verification method and device for a home edge computing system.
Background
The home data generated by the internet of things mainly enables property government services and premise service providers such as home security services, solitary security services and community government, and more commercial values including premise services such as education services, health services, social consumption and the like. The big family data generated by the Internet of things is a new power of the intelligent home industry, the family comprises data such as home time, sleeping time, entertainment time, makeup time, reading time, indoor temperature, indoor humidity, frequent meals, work time of children, exercise amount, regional activity time and the like, and the basis of the novel service industry is built based on the family data.
At present, the application of household big data has a security problem, specifically, household privacy leakage, household equipment hijacking, household internet of things 'network attack', data tampering, data trust and the like can become a harm point of the safety of the household data at present. Any device must be secure and reliable hardware for the user. At present, most of the safety problems of the Internet of things family big data are in a hidden state and have dispersion and uniformity, and the problems directly restrict the further application of the family big data.
Disclosure of Invention
The invention aims to provide a safety verification method and a safety verification device for a household edge computing system, which are used for solving the safety problem of household big data generated by the internet of things.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the safety verification method for the household edge computing system comprises the following steps of constructing a verification cloud, wherein the verification cloud is in communication connection with communication node equipment and a personal intelligent terminal through an edge gateway, the verification cloud stores an identification code and a cloud verification signature code of household appliance slave equipment, and the identification code, the cloud verification signature code and a local verification signature code of the communication node equipment, and the safety verification when the edge node, the communication node equipment and the household appliance slave equipment are in communication connection is realized through the verification cloud, and comprises the following steps:
(S1), acquiring the identity identification codes of the household appliance slave equipment and the communication node equipment to be bound by the household appliance slave equipment through the personal intelligent terminal, and transmitting the identity identification codes to a verification cloud through the edge gateway by the personal intelligent terminal;
(S2) inquiring to obtain a cloud verification signature code of the household appliance slave equipment based on the identification code of the household appliance slave equipment obtained in the step (S1) by the verification cloud, and inquiring to obtain a cloud verification signature code and a local verification signature code of the communication node equipment based on the identification code of the communication node equipment needing to be bound obtained in the step (S1);
(S3) the verification cloud transmits the cloud verification signature code of the communication node equipment obtained by the inquiry in the step (S2) to the communication node equipment through the edge gateway, the communication node equipment receiving the cloud verification signature code compares the cloud verification signature code with the cloud verification signature code of the communication node equipment and verifies the cloud verification signature code, if the comparison result is that the cloud verification signature code is consistent, the communication node equipment sends confirmation information to the edge gateway, the edge gateway transmits the confirmation information to the verification cloud and the personal intelligent terminal respectively, and verification when the communication node equipment and the edge gateway establish communication are completed;
(S4) after the verification cloud receives the confirmation information, the cloud verification signature code of the household appliance slave equipment is encrypted through the local verification signature code of the communication node equipment obtained in the step (S2) to obtain the encrypted cloud verification signature code of the household appliance slave equipment, and then the encrypted cloud verification signature code of the household appliance slave equipment is transmitted to the communication node equipment through the edge gateway by the verification cloud;
(S5), when the communication node device receives the encrypted cloud verification signature code of the household appliance slave device, the encrypted cloud verification signature code of the household appliance slave device is decrypted based on the local verification signature code of the communication node device, the decrypted cloud verification signature code of the household appliance slave device is obtained and stored, and then the decrypted cloud verification signature code of the household appliance slave device is organized into signature verification information by the communication node device and transmitted to the household appliance slave device;
(S6), when the household appliance slave equipment receives the signature verification information, extracting the cloud verification signature code of the household appliance slave equipment, comparing the cloud verification signature code with the cloud verification signature code of the household appliance slave equipment, and verifying the local verification signature code of the household appliance slave equipment by the household appliance slave equipment through the cloud verification signature code of the household appliance slave equipment if the comparison result is that the cloud verification signature code of the household appliance slave equipment is consistent, so that the encrypted local verification signature code of the household appliance slave equipment is obtained, and then the encrypted local verification signature code of the household appliance slave equipment is transmitted to the communication node equipment by the household appliance slave equipment;
(S7) when the communication node device receives the encrypted local verification signature code of the household appliance slave device, the encrypted local verification signature code of the household appliance slave device is decrypted based on the cloud verification signature code of the household appliance slave device obtained in the step (S5), the decrypted local verification signature code of the household appliance slave device is obtained and stored, and meanwhile, the node device transmits confirmation information to the edge gateway;
and (S8) the edge gateway transmits the received confirmation information to the personal intelligent terminal and the verification cloud respectively to complete verification and verification when the household appliance slave equipment is bound with the communication node equipment.
In the home edge computing system security verification method, the encryption in the step (S4) and the encryption in the step (S6) are both based on the SM4 algorithm, and the decryption in the corresponding step (S5) and the decryption in the step (S7) are also based on the SM4 algorithm.
In the method for verifying security of the home edge computing system, in the step (S5), the signature verification information organized by the communication node device further includes a random signature code, and the communication node device sets a random signature code to be updated at regular time and distributes the random signature code to the home appliance slave device, wherein the distribution process is as follows:
(A1) the communication node equipment updates to obtain a new random signature code, encrypts the new random signature code through the local verification signature code of the household appliance slave equipment obtained in the step (7), and then transmits the encrypted random signature code to the household appliance slave equipment;
(A2) the household appliance slave equipment decrypts the received encrypted random signature code based on the local verification signature code of the household appliance slave equipment to obtain and store the decrypted random signature code, and then the household appliance slave equipment sends confirmation information to the communication node equipment;
(A3) and when the communication node equipment receives the confirmation information, starting the new random signature code.
In the safety verification method for the household edge computing system, when the personal intelligent terminal controls the household appliance slave equipment, the personal intelligent terminal transmits a control instruction to the edge gateway, the edge gateway transmits the control instruction to the verification cloud, and the verification cloud generates a command containing a cloud verification signature code of the communication node equipment and sends the command to the communication node equipment through the edge gateway;
when the communication node equipment receives a command containing a cloud verification signature code of the communication node equipment, the communication node equipment is compared with the cloud verification signature code of the communication node equipment, and if the comparison is consistent, the communication node equipment generates a command containing a random signature code and transmits the command to the household appliance slave equipment;
the household appliance slave equipment compares and verifies the random signature code stored by the household appliance slave equipment with the random signature code in the command from the communication node equipment, if the comparison is consistent, the household appliance slave equipment works, and meanwhile, the household appliance slave equipment generates confirmation information containing the random signature code and transmits the confirmation information to the communication node equipment;
when the communication node equipment receives the confirmation information containing the random signature codes, the random signature codes in the confirmation information are compared with the random signature codes of the communication node equipment to verify, if the random signature codes are matched with the random signature codes, the communication node equipment transmits the confirmation information to the edge gateway, and the confirmation information is transmitted to the verification cloud and the personal intelligent terminal through the edge gateway respectively; or the communication node equipment transmits the confirmation information to the personal intelligent terminal, and then the personal intelligent terminal transmits the confirmation information to the edge gateway and then the edge gateway transmits the confirmation information to the verification cloud; thereby completing verification upon transmission of the control command.
In the safety verification method for the household edge computing system, when the household appliance slave equipment is set to automatically run according with the conditions, the communication node equipment generates a command containing a random signature code and transmits the command to the household appliance slave equipment;
the household appliance slave equipment compares and verifies the random signature code stored by the household appliance slave equipment with the random signature code in the command from the communication node equipment, and if the comparison is consistent, the household appliance slave equipment generates confirmation information containing the random signature code and transmits the confirmation information to the communication node equipment;
when the communication node equipment receives the confirmation information containing the random signature codes, the random signature codes in the confirmation information are compared with the random signature codes of the communication node equipment to verify, if the random signature codes are matched with the random signature codes, the communication node equipment transmits the confirmation information to the edge gateway, and the confirmation information is transmitted to the verification cloud and the personal intelligent terminal through the edge gateway respectively; therefore, the verification and verification of the automatic operation of the household appliance slave equipment are completed.
In the safety verification method for the household edge computing system, when the relationship between the household appliance slave equipment and the communication node equipment is released, the verification and verification process is as follows:
(B1) acquiring the identity identification code of the household appliance slave equipment needing to be subjected to relationship release through the personal intelligent terminal, and transmitting the identity identification code to the verification cloud through the edge gateway through the personal intelligent terminal;
(B2) inquiring and obtaining a cloud verification signature code of the household appliance slave equipment by the verification cloud based on the identity verification code of the household appliance slave equipment obtained in the step (B1), then encrypting the cloud verification signature code of the household appliance slave equipment by the verification cloud through a local verification signature code of a communication equipment node to obtain an encrypted cloud verification signature code of the household appliance slave equipment, and transmitting the encrypted cloud verification signature code of the household appliance slave equipment to the communication node equipment through an edge gateway by the verification cloud;
(B3) when the communication node equipment receives the encrypted cloud verification signature code of the household appliance slave equipment, the communication node equipment decrypts the cloud verification signature code based on the local verification signature code of the communication node equipment, so as to obtain the decrypted cloud verification signature code of the household appliance slave equipment, cancels the household appliance slave equipment by the communication node equipment, deletes the cloud verification signature code of the household appliance slave equipment, and then generates confirmation information by the communication node equipment and transmits the confirmation information to the edge gateway;
(B4) and the edge gateway transmits the received confirmation information to the verification cloud and the personal intelligent terminal respectively to complete verification when the relationship between the household appliance slave equipment and the communication node equipment is released.
In the safety verification method for the household edge computing system, when the relationship between the communication node equipment and the edge gateway is removed, the verification and verification process is as follows:
(C1) acquiring the identity identification code of the communication node equipment needing to be cancelled through the personal intelligent terminal, and transmitting the identity identification code to the verification cloud through the edge gateway by the personal intelligent terminal;
(C2) inquiring the identity verification code of the communication node equipment obtained in the step (C1) by the verification cloud based on the identity verification code of the communication node equipment, and then transmitting the cloud verification signature code of the communication node equipment to the edge gateway by the verification cloud;
(C3) and when the edge gateway receives the cloud verification signature code of the communication node equipment, the edge gateway cancels the communication node equipment, generates confirmation information and respectively transmits the confirmation information to the verification cloud and the personal intelligent terminal, and completes verification and verification when the communication node equipment cancels.
A safety calibration device of a household edge computing system comprises a verification cloud, an edge gateway and communication node equipment; wherein:
the communication node equipment is directly integrated in the household appliance slave equipment and is connected with a wifi module with a processor of the household appliance slave equipment, and the verification cloud is in communication connection with the processor of the household appliance slave equipment through an edge gateway and the wifi module serving as the communication node equipment;
or the communication node equipment comprises a national standard router or a plug-in module and a national standard chip which is integrated in the household appliance slave equipment and connected with the household appliance slave equipment processor, wherein the national standard router or the plug-in module is used for connecting the national standard chip and the edge gateway in a communication mode, and the verification cloud is in communication connection with the processor of the household appliance slave equipment through the edge gateway, the national standard router or the plug-in module and the national standard chip.
The edge gateway comprises a main processor unit, a coprocessor unit, a verification identification code storage unit, a signature encryption authentication unit, a power supply unit, a network communication unit and a data storage control unit, wherein the coprocessor unit, the verification identification code storage unit, the signature encryption authentication unit, the power supply unit, the network communication unit and the data storage control unit are respectively connected with the main processor unit, and the network communication unit in the edge gateway is used for being in communication connection with a verification cloud, a personal intelligent terminal and communication node equipment.
Compared with the prior art, the invention has the following advantages:
the invention establishes the verification cloud, and the communication node equipment and the household appliance slave equipment are verified respectively through the verification cloud, so that two-stage safety protection can be realized respectively when communication, control and relation relief are established, and all networked household appliance products have self-protection and system-level protection capabilities. When the method of the invention is used for realizing the Internet of things of household appliances, the safety of the generated family big data can be ensured, thereby providing reliable data safety support for the further application of the family big data.
Drawings
Fig. 1 is a schematic diagram of a verification process when the edge node and the communication node device establish communication connection according to the present invention.
Fig. 2 is a schematic diagram of a verification process when the communication node device and the home appliance slave device establish communication connection according to the present invention.
Fig. 3 is a schematic diagram of a random signature distribution flow in the present invention.
Fig. 4 is a schematic diagram of a verification process when the personal intelligent terminal controls the home appliance slave device according to the present invention.
Fig. 5 is a schematic diagram of a verification process when the home appliance slave device operates by itself according to the present invention.
Fig. 6 is a schematic diagram of a verification process when the relationship between the home appliance slave device and the communication node device is released according to the present invention.
Fig. 7 is a schematic diagram of a verification process when the relationship between the communication node device and the edge gateway is released in the present invention.
FIG. 8 is a schematic diagram of a security verification apparatus for a home edge computing system when the communication node device is a wifi module according to the present invention.
FIG. 9 is a schematic diagram of a security verification apparatus for a home edge computing system when the communication node device of the present invention is a national standard router, a plug-in module, or a national standard chip.
Fig. 10 is a schematic diagram of an edge gateway architecture of the present invention.
Detailed Description
The invention is further illustrated with reference to the following figures and examples.
As shown in fig. 1 and 2, a security verification method for a home edge computing system includes constructing a verification cloud at a network cloud end, wherein the verification cloud is in communication connection with a communication node device and a personal intelligent terminal through an edge gateway, the communication node device is used for being in communication connection with a home appliance slave device, the verification cloud stores an identification code and a cloud verification signature code of the home appliance slave device, and the identification code, the cloud verification signature code and a local verification signature code of the communication node device, and the security verification when the edge node, the communication node device and the home appliance slave device establish communication connection is realized through the verification cloud.
The process of verifying and verifying when establishing the communication connection relationship between the edge gateway and the communication node equipment, and between the communication node equipment and the household appliance slave equipment is as follows:
(S1) acquiring the identity identification codes ID of the household appliance slave equipment and the communication node equipment which is required to be bound by the household appliance slave equipment through the personal intelligent terminal, and transmitting the identity identification codes ID to the verification cloud through the edge gateway by the personal intelligent terminal;
(S2) inquiring to obtain a cloud verification signature code K-cluster of the household appliance slave equipment based on the identification code ID of the household appliance slave equipment obtained in the step (S1) by the verification cloud, and inquiring to obtain a cloud verification signature code K-cluster and a local verification signature code K-local of the communication node equipment based on the identification code ID of the communication node equipment needing to be bound obtained in the step (S1);
(S3) the verification cloud transmits the cloud verification signature code K-cloud of the communication node equipment obtained by inquiring in the step (S2) to the communication node equipment through the edge gateway, the communication node equipment receiving the cloud verification signature code compares the cloud verification signature code with the cloud verification signature code of the communication node equipment and verifies the cloud verification signature code, if the comparison result is consistent, the communication node equipment sends confirmation information to the edge gateway, and the edge gateway transmits the confirmation information to the verification cloud and the personal intelligent terminal respectively to complete verification and verification when the communication node equipment and the edge gateway establish communication;
(S4) after the verification cloud receives the confirmation information, the cloud verification signature code K-cloud of the household appliance slave equipment is encrypted through the local verification signature code K-local of the communication node equipment obtained in the step (S2) to obtain the encrypted cloud verification signature code K-cloud of the household appliance slave equipment, and then the encrypted cloud verification signature code K-cloud of the household appliance slave equipment is transmitted to the communication node equipment through the edge gateway by the verification cloud;
(S5) when the communication node equipment receives the encrypted cloud verification signature code K-group of the household appliance slave equipment, decrypting the encrypted cloud verification signature code K-group of the household appliance slave equipment based on the local verification signature code K-local of the communication node equipment to obtain and store the decrypted cloud verification signature code K-group of the household appliance slave equipment, and organizing the decrypted cloud verification signature code K-group of the household appliance slave equipment into signature verification information and transmitting the signature verification information to the household appliance slave equipment by the communication node equipment;
(S6), when the household appliance slave equipment receives the signature verification information, extracting the cloud verification signature code K-cloud of the household appliance slave equipment, comparing the cloud verification signature code with the cloud verification signature code of the household appliance slave equipment, and verifying, if the comparison result is that the cloud verification signature code K-cloud of the household appliance slave equipment is consistent, encrypting the local verification signature code K-local of the household appliance slave equipment through the cloud verification signature code K-cloud of the household appliance slave equipment to obtain the encrypted local verification signature code K-local of the household appliance slave equipment, and then transmitting the encrypted local verification signature code K-local of the household appliance slave equipment to the communication node equipment by the household appliance slave equipment;
(S7) when the communication node equipment receives the encrypted local verification signature code K-local of the household appliance slave equipment, decrypting the encrypted local verification signature code K-local of the household appliance slave equipment based on the cloud verification signature code K-cloud of the household appliance slave equipment obtained in the step (S5) to obtain and store the decrypted local verification signature code K-local of the household appliance slave equipment, and simultaneously transmitting confirmation information to the edge gateway by the node equipment;
and (S8) the edge gateway transmits the received confirmation information to the personal intelligent terminal and the verification cloud respectively to complete verification and verification when the household appliance slave equipment is bound with the communication node equipment.
The encryption in the step (S4) and the encryption in the step (S6) are both based on the SM4 algorithm, and the decryption in the corresponding step (S5) and the decryption in the step (S7) are also based on the SM4 algorithm.
As shown in fig. 3, in the step (S5) of the present invention, since the communication node device and the home appliance slave device are connected by intranet communication, there is a great risk of key leakage if a symmetric fixed key is used because the encryption level of the intranet is relatively low. Therefore, it is necessary to add the random signature code K-challenge to the signature verification information organized by the communication node device, and set and update the random signature code K-challenge at regular time in the communication node device and distribute the updated random signature code K-challenge to the home appliance slave device, so as to improve the security, and the distribution process is as follows:
(A1) the communication node equipment updates to obtain a new random signature code K-challenge, encrypts the new random signature code K-challenge through the local verification signature code K-local of the household appliance slave equipment obtained based on the step (7), and then transmits the encrypted random signature code K-challenge to the household appliance slave equipment;
(A2) the household appliance slave equipment decrypts the received encrypted random signature code K-challenge based on the local verification signature code K-local of the household appliance slave equipment to obtain and store the decrypted random signature code K-challenge, and then the household appliance slave equipment sends confirmation information to the communication node equipment;
(A3) and when the communication node equipment receives the confirmation information, starting the new random signature code K-conntol.
In the invention, the household appliance slave equipment can be provided with a personal intelligent terminal to realize remote control, and can also automatically run based on self programs.
As shown in fig. 4, when the personal intelligent terminal controls the home appliance slave device, the personal intelligent terminal transmits a control instruction to the edge gateway, the edge gateway transmits the control instruction to the verification cloud, and the verification cloud generates a command including a communication node device cloud verification signature code K-cloud and transmits the command to the communication node device through the edge gateway;
when the communication node equipment receives a command containing a cloud verification signature code K-group of the communication node equipment, the communication node equipment is compared and verified with the cloud verification signature code K-group of the communication node equipment, and if the comparison is consistent, the communication node equipment generates a command containing a random signature code K-conntol and transmits the command to the household appliance slave equipment;
the household appliance slave equipment compares and verifies the random signature code K-conntol stored by the household appliance slave equipment with the random signature code K-conntol in the command from the communication node equipment, if the comparison is consistent, the household appliance slave equipment works, and meanwhile, the household appliance slave equipment generates confirmation information containing the random signature code K-conntol and transmits the confirmation information to the communication node equipment;
when the communication node equipment receives the confirmation information containing the random signature code K-confitol, the random signature code in the confirmation information is compared with the random signature code K-confitol, and the communication node equipment transmits the confirmation information to the edge gateway if the random signature code is matched with the random signature code K-confitol, and the confirmation information is transmitted to the verification cloud and the personal intelligent terminal by the edge gateway respectively; or the communication node equipment transmits the confirmation information to the personal intelligent terminal, and then the personal intelligent terminal transmits the confirmation information to the edge gateway and then the edge gateway transmits the confirmation information to the verification cloud; thereby completing verification upon transmission of the control command.
As shown in fig. 5, when the home appliance slave device is set to automatically operate in accordance with the condition, the communication node device generates a command including a random signature code and transmits the command to the home appliance slave device;
the household appliance slave equipment compares and verifies the random signature code K-conntol stored by the household appliance slave equipment with the random signature code K-conntol in the command from the communication node equipment, and if the comparison is consistent, the household appliance slave equipment generates confirmation information containing the random signature code K-conntol and transmits the confirmation information to the communication node equipment;
when the communication node equipment receives the confirmation information containing the random signature code K-confitol, the random signature code K-confitol in the confirmation information is compared with the random signature code K-confitol, and if the random signature code K-confitol is matched with the random signature code K-confitol, the communication node equipment transmits the confirmation information to the edge gateway and transmits the confirmation information to the verification cloud and the personal intelligent terminal through the edge gateway respectively; therefore, the verification and verification of the automatic operation of the household appliance slave equipment are completed.
As shown in fig. 6, when the relationship between the home appliance slave device and the communication node device is released, the verification process is as follows:
(B1) acquiring the ID of the household appliance slave equipment needing to be subjected to relationship release through the personal intelligent terminal, and transmitting the ID to the verification cloud through the edge gateway by the personal intelligent terminal;
(B2) inquiring to obtain a cloud verification signature code K-cloud of the household appliance slave equipment by the verification cloud based on the identity verification code ID of the household appliance slave equipment obtained in the step (B1), then encrypting the cloud verification signature code K-cloud of the household appliance slave equipment by the verification cloud through the local verification signature code K-local of the communication equipment node to obtain the encrypted cloud verification signature code K-cloud of the household appliance slave equipment, and transmitting the encrypted cloud verification signature code K-cloud of the household appliance slave equipment to the communication node equipment through an edge gateway by the verification cloud;
(B3) when the communication node equipment receives the encrypted cloud verification signature code K-cloud of the household appliance slave equipment, the communication node equipment decrypts the encrypted cloud verification signature code K-cloud based on the local verification signature code K-local of the communication node equipment, the household appliance slave equipment is cancelled by the communication node equipment, the cloud verification signature code of the household appliance slave equipment is deleted, and then the communication node equipment generates confirmation information and transmits the confirmation information to the edge gateway;
(B4) and the edge gateway transmits the received confirmation information to the verification cloud and the personal intelligent terminal respectively to complete verification when the relationship between the household appliance slave equipment and the communication node equipment is released.
As shown in fig. 7, when the relationship between the communication node device and the edge gateway is released, the verification process is as follows:
(C1) acquiring the ID of the communication node equipment needing to be logged off through the personal intelligent terminal, and transmitting the ID to a verification cloud through the edge gateway by the personal intelligent terminal;
(C2) inquiring to obtain a cloud verification signature code K-cloud of the communication node equipment by the verification cloud based on the identity verification code ID of the communication node equipment obtained in the step (C1), and then transmitting the cloud verification signature code K-cloud of the communication node equipment to the edge gateway by the verification cloud;
(C3) and when the edge gateway receives the cloud verification signature code K-cluster of the communication node, the edge gateway cancels the communication node equipment, generates confirmation information and respectively transmits the confirmation information to the verification cloud and the personal intelligent terminal, and completes verification and verification when the communication node equipment is cancelled.
The invention also discloses a safety checking device of the household edge computing system, which comprises a verification cloud, an edge gateway and communication node equipment; as shown in fig. 8, the communication node device is directly integrated in the home appliance slave device and is connected to the wifi module of the processor of the home appliance slave device, and the verification cloud is in communication connection with the processor of the home appliance slave device through the edge gateway and the wifi module as the communication node device;
as shown in fig. 9, or the communication node device includes a national standard router or a plug-in module, and a national standard chip integrated in the home appliance slave device and connected to the home appliance slave device processor, where the national standard router or the plug-in module is used to connect the national standard chip and the edge gateway in a communication manner, and the verification cloud is connected to the processor of the home appliance slave device in a communication manner through the edge gateway, the national standard router or the plug-in module, and the national standard chip.
As shown in fig. 10, the edge gateway includes a main processor unit, and a coprocessor unit, a verification identifier storage unit, a signature encryption authentication unit, a power supply unit, a network communication unit, and a data storage control unit, which are respectively connected to the main processor unit, where the network communication unit in the edge gateway is used to connect a verification cloud, a personal intelligent terminal, and a communication node device in a communication manner.
The embodiments of the present invention are described only for the preferred embodiments of the present invention, and not for the limitation of the concept and scope of the present invention, and various modifications and improvements made to the technical solution of the present invention by those skilled in the art without departing from the design concept of the present invention shall fall into the protection scope of the present invention, and the technical content of the present invention which is claimed is fully set forth in the claims.

Claims (9)

1. A safety verification method for a household edge computing system is characterized by comprising the following steps: the method comprises the following steps of constructing a verification cloud, wherein the verification cloud is in communication connection with communication node equipment and a personal intelligent terminal through an edge gateway respectively, the verification cloud is stored with an identification code and a cloud verification signature code of household appliance slave equipment and the identification code, the cloud verification signature code and a local verification signature code of the communication node equipment, and the safety verification is realized through the verification cloud when the edge node, the communication node equipment and the household appliance slave equipment are in communication connection, and the method comprises the following steps:
(S1), acquiring the identity identification codes of the household appliance slave equipment and the communication node equipment to be bound by the household appliance slave equipment through the personal intelligent terminal, and transmitting the identity identification codes to a verification cloud through the edge gateway by the personal intelligent terminal;
(S2) inquiring to obtain a cloud verification signature code of the household appliance slave equipment based on the identification code of the household appliance slave equipment obtained in the step (S1) by the verification cloud, and inquiring to obtain a cloud verification signature code and a local verification signature code of the communication node equipment based on the identification code of the communication node equipment needing to be bound obtained in the step (S1);
(S3) the verification cloud transmits the cloud verification signature code of the communication node equipment obtained by the inquiry in the step (S2) to the communication node equipment through the edge gateway, the communication node equipment receiving the cloud verification signature code compares the cloud verification signature code with the cloud verification signature code of the communication node equipment and verifies the cloud verification signature code, if the comparison result is that the cloud verification signature code is consistent, the communication node equipment sends confirmation information to the edge gateway, the edge gateway transmits the confirmation information to the verification cloud and the personal intelligent terminal respectively, and verification when the communication node equipment and the edge gateway establish communication are completed;
(S4) after the verification cloud receives the confirmation information, the cloud verification signature code of the household appliance slave equipment is encrypted through the local verification signature code of the communication node equipment obtained in the step (S2) to obtain the encrypted cloud verification signature code of the household appliance slave equipment, and then the encrypted cloud verification signature code of the household appliance slave equipment is transmitted to the communication node equipment through the edge gateway by the verification cloud;
(S5), when the communication node device receives the encrypted cloud verification signature code of the household appliance slave device, the encrypted cloud verification signature code of the household appliance slave device is decrypted based on the local verification signature code of the communication node device, the decrypted cloud verification signature code of the household appliance slave device is obtained and stored, and then the decrypted cloud verification signature code of the household appliance slave device is organized into signature verification information by the communication node device and transmitted to the household appliance slave device;
(S6), when the household appliance slave equipment receives the signature verification information, extracting the cloud verification signature code of the household appliance slave equipment, comparing the cloud verification signature code with the cloud verification signature code of the household appliance slave equipment, and verifying the local verification signature code of the household appliance slave equipment by the household appliance slave equipment through the cloud verification signature code of the household appliance slave equipment if the comparison result is that the cloud verification signature code of the household appliance slave equipment is consistent, so that the encrypted local verification signature code of the household appliance slave equipment is obtained, and then the encrypted local verification signature code of the household appliance slave equipment is transmitted to the communication node equipment by the household appliance slave equipment;
(S7) when the communication node device receives the encrypted local verification signature code of the household appliance slave device, the encrypted local verification signature code of the household appliance slave device is decrypted based on the cloud verification signature code of the household appliance slave device obtained in the step (S5), the decrypted local verification signature code of the household appliance slave device is obtained and stored, and meanwhile, the node device transmits confirmation information to the edge gateway;
and (S8) the edge gateway transmits the received confirmation information to the personal intelligent terminal and the verification cloud respectively to complete verification and verification when the household appliance slave equipment is bound with the communication node equipment.
2. The home edge computing system security verification method of claim 1, wherein: the encryption in the steps (S4) and (S6) is based on SM4 algorithm, and the decryption in the corresponding steps (S5) and (S7) is also based on SM4 algorithm.
3. The home edge computing system security verification method of claim 1, wherein: in the step (S5), the signature verification information organized by the communication node device further includes a random signature code, and the communication node device sets a timing update random signature code and distributes the timing update random signature code to the home appliance slave device, where the distribution process is as follows:
(A1) the communication node equipment updates to obtain a new random signature code, encrypts the new random signature code through the local verification signature code of the household appliance slave equipment obtained in the step (7), and then transmits the encrypted random signature code to the household appliance slave equipment;
(A2) the household appliance slave equipment decrypts the received encrypted random signature code based on the local verification signature code of the household appliance slave equipment to obtain and store the decrypted random signature code, and then the household appliance slave equipment sends confirmation information to the communication node equipment;
(A3) and when the communication node equipment receives the confirmation information, starting the new random signature code.
4. A home edge computing system security verification method according to claim 1 or 3, wherein: when the personal intelligent terminal controls the household appliance slave equipment, the personal intelligent terminal transmits a control instruction to the edge gateway, the edge gateway transmits the control instruction to the verification cloud, and the verification cloud generates a command containing a cloud verification signature code of the communication node equipment and sends the command to the communication node equipment through the edge gateway;
when the communication node equipment receives a command containing a cloud verification signature code of the communication node equipment, the communication node equipment is compared with the cloud verification signature code of the communication node equipment, and if the comparison is consistent, the communication node equipment generates a command containing a random signature code and transmits the command to the household appliance slave equipment;
the household appliance slave equipment compares and verifies the random signature code stored by the household appliance slave equipment with the random signature code in the command from the communication node equipment, if the comparison is consistent, the household appliance slave equipment works, and meanwhile, the household appliance slave equipment generates confirmation information containing the random signature code and transmits the confirmation information to the communication node equipment;
when the communication node equipment receives the confirmation information containing the random signature codes, the random signature codes in the confirmation information are compared with the random signature codes of the communication node equipment to verify, if the random signature codes are matched with the random signature codes, the communication node equipment transmits the confirmation information to the edge gateway, and the confirmation information is transmitted to the verification cloud and the personal intelligent terminal through the edge gateway respectively; or the communication node equipment transmits the confirmation information to the personal intelligent terminal, and then the personal intelligent terminal transmits the confirmation information to the edge gateway and then the edge gateway transmits the confirmation information to the verification cloud; thereby completing verification upon transmission of the control command.
5. A home edge computing system security verification method according to claim 1 or 3, wherein: the household appliance slave equipment is set to automatically run according with the conditions, and the communication node equipment generates a command containing a random signature code and transmits the command to the household appliance slave equipment;
the household appliance slave equipment compares and verifies the random signature code stored by the household appliance slave equipment with the random signature code in the command from the communication node equipment, and if the comparison is consistent, the household appliance slave equipment generates confirmation information containing the random signature code and transmits the confirmation information to the communication node equipment;
when the communication node equipment receives the confirmation information containing the random signature codes, the random signature codes in the confirmation information are compared with the random signature codes of the communication node equipment to verify, if the random signature codes are matched with the random signature codes, the communication node equipment transmits the confirmation information to the edge gateway, and the confirmation information is transmitted to the verification cloud and the personal intelligent terminal through the edge gateway respectively; therefore, the verification and verification of the automatic operation of the household appliance slave equipment are completed.
6. The home edge computing system security verification method of claim 1, wherein: when the relationship between the household appliance slave equipment and the communication node equipment is released, the verification process is as follows:
(B1) acquiring the identity identification code of the household appliance slave equipment needing to be subjected to relationship release through the personal intelligent terminal, and transmitting the identity identification code to the verification cloud through the edge gateway through the personal intelligent terminal;
(B2) inquiring and obtaining a cloud verification signature code of the household appliance slave equipment by the verification cloud based on the identity verification code of the household appliance slave equipment obtained in the step (B1), then encrypting the cloud verification signature code of the household appliance slave equipment by the verification cloud through a local verification signature code of a communication equipment node to obtain an encrypted cloud verification signature code of the household appliance slave equipment, and transmitting the encrypted cloud verification signature code of the household appliance slave equipment to the communication node equipment through an edge gateway by the verification cloud;
(B3) when the communication node equipment receives the encrypted cloud verification signature code of the household appliance slave equipment, the communication node equipment decrypts the cloud verification signature code based on the local verification signature code of the communication node equipment, so as to obtain the decrypted cloud verification signature code of the household appliance slave equipment, cancels the household appliance slave equipment by the communication node equipment, deletes the cloud verification signature code of the household appliance slave equipment, and then generates confirmation information by the communication node equipment and transmits the confirmation information to the edge gateway;
(B4) and the edge gateway transmits the received confirmation information to the verification cloud and the personal intelligent terminal respectively to complete verification when the relationship between the household appliance slave equipment and the communication node equipment is released.
7. The home edge computing system security verification method of claim 1, wherein: when the relation between the communication node equipment and the edge gateway is released, the verification process is as follows:
(C1) acquiring the identity identification code of the communication node equipment needing to be cancelled through the personal intelligent terminal, and transmitting the identity identification code to the verification cloud through the edge gateway by the personal intelligent terminal;
(C2) inquiring the identity verification code of the communication node equipment obtained in the step (C1) by the verification cloud based on the identity verification code of the communication node equipment, and then transmitting the cloud verification signature code of the communication node equipment to the edge gateway by the verification cloud;
(C3) and when the edge gateway receives the cloud verification signature code of the communication node equipment, the edge gateway cancels the communication node equipment, generates confirmation information and respectively transmits the confirmation information to the verification cloud and the personal intelligent terminal, and completes verification and verification when the communication node equipment cancels.
8. The safety checking device for the home edge computing system is characterized in that: the method comprises the steps of verifying cloud, an edge gateway and communication node equipment; wherein:
the communication node equipment is directly integrated in the household appliance slave equipment and is connected with a wifi module with a processor of the household appliance slave equipment, and the verification cloud is in communication connection with the processor of the household appliance slave equipment through an edge gateway and the wifi module serving as the communication node equipment;
or the communication node equipment comprises a national standard router or a plug-in module and a national standard chip which is integrated in the household appliance slave equipment and connected with the household appliance slave equipment processor, wherein the national standard router or the plug-in module is used for connecting the national standard chip and the edge gateway in a communication mode, and the verification cloud is in communication connection with the processor of the household appliance slave equipment through the edge gateway, the national standard router or the plug-in module and the national standard chip.
9. The home edge computing system security verification apparatus as claimed in claim 8, wherein: the edge gateway comprises a main processor unit, a coprocessor unit, a verification identification code storage unit, a signature encryption authentication unit, a power supply unit, a network communication unit and a data storage control unit, wherein the coprocessor unit, the verification identification code storage unit, the signature encryption authentication unit, the power supply unit, the network communication unit and the data storage control unit are respectively connected with the main processor unit, and the network communication unit in the edge gateway is used for being in communication connection with a verification cloud, a personal intelligent terminal and communication node equipment.
CN202110023829.3A 2021-01-08 2021-01-08 Safety verification method and device for household edge computing system Active CN112822274B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110023829.3A CN112822274B (en) 2021-01-08 2021-01-08 Safety verification method and device for household edge computing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110023829.3A CN112822274B (en) 2021-01-08 2021-01-08 Safety verification method and device for household edge computing system

Publications (2)

Publication Number Publication Date
CN112822274A true CN112822274A (en) 2021-05-18
CN112822274B CN112822274B (en) 2022-06-21

Family

ID=75868681

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110023829.3A Active CN112822274B (en) 2021-01-08 2021-01-08 Safety verification method and device for household edge computing system

Country Status (1)

Country Link
CN (1) CN112822274B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115203708A (en) * 2022-09-14 2022-10-18 粤港澳大湾区数字经济研究院(福田) Method and system for deploying application data to coprocessor

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005537A (en) * 2018-06-04 2018-12-14 杭州古北电子科技有限公司 A kind of cloud security quickly matches network method and distribution network systems
CN111355745A (en) * 2020-03-12 2020-06-30 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
CN111478902A (en) * 2020-04-07 2020-07-31 江苏润和智融科技有限公司 Power edge gateway equipment and sensing data uplink storage method based on same
CN111866086A (en) * 2020-06-28 2020-10-30 青岛万民科技有限公司 Block chain control method and system based on cloud edge
CN112073379A (en) * 2020-08-12 2020-12-11 国网江苏省电力有限公司南京供电分公司 Lightweight Internet of things security key negotiation method based on edge calculation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005537A (en) * 2018-06-04 2018-12-14 杭州古北电子科技有限公司 A kind of cloud security quickly matches network method and distribution network systems
CN111355745A (en) * 2020-03-12 2020-06-30 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
CN111478902A (en) * 2020-04-07 2020-07-31 江苏润和智融科技有限公司 Power edge gateway equipment and sensing data uplink storage method based on same
CN111866086A (en) * 2020-06-28 2020-10-30 青岛万民科技有限公司 Block chain control method and system based on cloud edge
CN112073379A (en) * 2020-08-12 2020-12-11 国网江苏省电力有限公司南京供电分公司 Lightweight Internet of things security key negotiation method based on edge calculation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115203708A (en) * 2022-09-14 2022-10-18 粤港澳大湾区数字经济研究院(福田) Method and system for deploying application data to coprocessor
CN115203708B (en) * 2022-09-14 2022-12-23 粤港澳大湾区数字经济研究院(福田) Method and system for deploying application data to coprocessor

Also Published As

Publication number Publication date
CN112822274B (en) 2022-06-21

Similar Documents

Publication Publication Date Title
US10743171B2 (en) Apparatus and method for registering and associating internet of things (IoT) devices with anonymous IoT device accounts
CN103067340B (en) The method for authenticating of remote control network information household appliances and system, the Internet home gateway
CN106101147B (en) A kind of method and system for realizing smart machine and the communication of remote terminal dynamic encryption
US10873634B2 (en) Apparatus and method for temporarily loaning internet of things (IOT) devices
US9021568B2 (en) Verification method for verifying validity of program, and verification system
KR102537363B1 (en) Systems and methods for secure Internet of Things (IoT) device provisioning
WO2015106702A1 (en) Cloud platform control method, based on sdmp protocol, for smart device
US20150168930A1 (en) Device control method, device control system
CN106357653A (en) Control authority sharing method and system
US10924920B2 (en) System and method for internet of things (IoT) device validation
CN105580310A (en) Security management method and security management device in home network system
CN105978851A (en) System and method for controlling intelligent equipment
CN105871920A (en) Communication system and method of terminal and cloud server as well as terminal and cloud server
JP2019524013A (en) System and method for establishing a secure communication channel with an Internet of Things (IOT) device
CN106101097A (en) Home appliance and with the communication system of Cloud Server and method, Cloud Server
CN105824242A (en) Intelligent household safety protection system and method
CN103561044A (en) Data transmission method and data transmission system
CN106130958A (en) The communication system of home appliance and terminal and method, home appliance, terminal
CN103647788B (en) A kind of node security authentication method in intelligent grid
CN107223328A (en) A kind of method and system of Root authority management and control
CN103716161A (en) Server certification method of smart-device being remote-controlled by internet and server certification apparatus using the method
CN112822274B (en) Safety verification method and device for household edge computing system
US20210243188A1 (en) Methods and apparatus for authenticating devices
CN113542242A (en) Device management method and device management apparatus
CN106936841B (en) Safety protecting method and system in smart home

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant