CN113141333A - Communication method, device, server, system and storage medium for network access device - Google Patents
Communication method, device, server, system and storage medium for network access device Download PDFInfo
- Publication number
- CN113141333A CN113141333A CN202010056384.4A CN202010056384A CN113141333A CN 113141333 A CN113141333 A CN 113141333A CN 202010056384 A CN202010056384 A CN 202010056384A CN 113141333 A CN113141333 A CN 113141333A
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted
- equipment
- key
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a communication method, equipment, a system and a storage medium of network access equipment, wherein the method comprises the following steps: according to the current communication scene of the equipment, carrying out first encryption processing on communication data to obtain first encryption data; the first encrypted data are transmitted to the APP or the gateway, so that the APP or the gateway can perform second encryption processing on the first encrypted data to obtain second encrypted data, and the second encrypted data are sent to the server; the server decrypts the second encrypted data to obtain first encrypted data, decrypts the first encrypted data to obtain communication data, and performs corresponding response operation according to the communication data; or the first encrypted data are transmitted to the gateway so that the gateway can transmit the first encrypted data to the server, the server decrypts the first encrypted data to obtain the communication data, and corresponding response operation is performed according to the communication data, so that the safety of communication data transmission is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a communication method, device, server, system, and storage medium for a network access device.
Background
At present, when a device communicates with a server, the device generally transmits communication data directly, or encrypts the communication data according to a certain fixed encryption algorithm and then transmits the encrypted communication data in order to enhance the security of the data. However, once the encryption algorithm is broken, the communication data is at risk of leakage, and therefore, the security of the communication data transmission is not high.
Disclosure of Invention
The embodiment of the application provides a communication method, equipment, a server, a system and a storage medium of a network access device, which can improve the security of communication data transmission.
In a first aspect, an embodiment of the present application provides a communication method for a network access device, which is applied to a device and includes:
according to the current communication scene of the equipment, carrying out first encryption processing on communication data to obtain first encryption data; wherein, different communication scenes correspond to different encryption processes;
transmitting the first encrypted data to an APP or a gateway, so that the APP or the gateway can perform second encryption processing on the first encrypted data to obtain second encrypted data, and sending the second encrypted data to a server; the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data; or
And transmitting the first encrypted data to a gateway so that the gateway can transmit the first encrypted data to the server, decrypting the first encrypted data by the server to obtain the communication data, and performing corresponding response operation according to the communication data.
In a second aspect, an embodiment of the present application provides an apparatus, including a processor and a memory, where the memory stores a computer program, and the processor executes the above communication method applied to a network access apparatus of the apparatus when calling the computer program in the memory.
In a third aspect, an embodiment of the present application provides a communication method for a network access device, which is applied to a server, and includes:
receiving encrypted data transmitted by an APP or a gateway; the encrypted data is first encrypted data generated by the equipment performing first encryption processing on communication data according to the current communication scene; or the encrypted data is second encrypted data generated by performing, by the APP or the gateway, second encryption processing on the first encrypted data, and the first encrypted data is transmitted to the APP or the gateway; wherein, different communication scenes correspond to different encryption processes;
decrypting the first encrypted data to obtain the communication data; or, decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data;
and carrying out corresponding response operation according to the communication data.
In a fourth aspect, an embodiment of the present application provides a server, including a processor and a memory, where the memory stores a computer program, and the processor executes the above communication method applied to a network access device of the server when calling the computer program in the memory.
In a fifth aspect, an embodiment of the present application provides an internet of things system, which includes the above-mentioned device and a server.
In a sixth aspect, the present application further provides a computer-readable storage medium, where the computer-readable storage medium is used for storing a computer program, and when the computer program is executed by a processor, the processor is caused to implement the communication method of the network access device.
The embodiment of the application provides a communication method, a device, a server, a system and a storage medium of a network access device, wherein the device performs first encryption processing (different communication scenes correspond to different encryption processing) on communication data according to a current communication scene to obtain first encryption data, then the device transmits the first encryption data to an APP or a gateway, the APP or the gateway performs second encryption processing on the first encryption data to obtain second encryption data, and sends the second encryption data to the server, and the server decrypts the second encryption data to obtain the first encryption data and decrypts the first encryption data to obtain the communication data; or the equipment transmits the first encrypted data to the gateway, the gateway transmits the first encrypted data to the server in a transparent mode, and the server decrypts the first encrypted data to obtain communication data so as to perform corresponding response operation according to the communication data, so that flexible encrypted transmission of the communication data is achieved, and therefore the safety of communication data transmission is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic block diagram of an internet of things system provided in an embodiment of the present application;
fig. 2 is a flowchart illustrating steps of a communication method of a network access device according to an embodiment of the present application;
fig. 3 is a flowchart illustrating steps of another communication method of a network access device according to an embodiment of the present application;
FIG. 4 is a schematic block diagram of an apparatus provided by an embodiment of the present application;
fig. 5 is a schematic block diagram of a server according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The flow diagrams depicted in the figures are merely illustrative and do not necessarily include all of the elements and operations/steps, nor do they necessarily have to be performed in the order depicted. For example, some operations/steps may be decomposed, combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It is to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
When a device communicates with a server, the device generally transmits communication data directly, or encrypts the communication data according to a certain fixed encryption algorithm and then transmits the encrypted communication data in order to enhance the security of the data. However, once the encryption algorithm is broken, the communication data is at risk of leakage, and therefore, the security of the communication data transmission is not high.
In order to solve the above problem, embodiments of the present application provide a communication method, device, server, system, and storage medium for a network access device, so as to improve security of communication data transmission.
Referring to fig. 1, fig. 1 is a schematic block diagram of an internet of things system according to an embodiment of the present disclosure. As shown in fig. 1, the internet of things system 1000 may include at least one device 100 and a server 200, where the device 100 and the server 200 are communicatively connected. Optionally, the device 100 is communicatively connected to the server 200 based on a Wi-Fi Mesh wireless Mesh network. It should be noted that the device 100 and the server 200 may also be communicatively connected in other manners, such as Zigbee, bluetooth, and the like, so as to implement data interaction between the device 100 and the server.
Illustratively, the internet of things system 1000 further includes a gateway 300, the gateway 300 is connected to the device 100 and the server 200, and the device 100 transmits the communication data to the server 200 through the gateway 300.
The device 100 comprises a communication module and a processor, wherein the communication module is used for the communication connection between the device 100 and the server 200.
The Processor may be a Central Processing Unit (CPU), and the Processor may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The device 100 includes, but is not limited to, a television, an air conditioner, a refrigerator, and the like.
The server 200 may be an independent server, or a server cluster, or a system formed by a plurality of servers according to a certain logic. In practical applications, the server 200 may be an IOT (Internet of things) cloud server.
It is to be understood that the above-mentioned nomenclature for the components of the internet of things system is merely for identification purposes, and does not limit the embodiments of the present application accordingly.
The communication method of the network-connected device provided by the embodiment of the application will be described in detail below based on an internet of things system, a device in the internet of things system, and a server in the internet of things system.
Referring to fig. 2, fig. 2 is a flowchart illustrating steps of a communication method of a network access device according to an embodiment of the present application. The communication method of the network access device is specifically applied to the device provided by the embodiment, so as to improve the security of communication data transmission.
As shown in fig. 2, the communication method of the network access device specifically includes steps S101 to S103.
S101, according to the current communication scene of the equipment, carrying out first encryption processing on communication data to obtain first encryption data, and executing step S102 or step S103; wherein different communication scenarios correspond to different encryption processes.
There are various communication scenarios for the device to communicate with the server, which in summary include: the communication data contains sensitive information, for example, the communication data sent by the device contains sensitive information such as token and access key when the device is online; the communication data does not contain sensitive information, for example, the communication data sent by the equipment does not contain sensitive information when the equipment reports the attribute information; and when the equipment is in a network distribution, the validity of the equipment needs to be verified, and a communication scene of a session key of the equipment is acquired.
Before the device sends the communication data, the device carries out corresponding encryption processing on the communication data according to the current communication scene of the device to obtain corresponding encrypted data. In different communication scenarios, different encryption processing is performed on communication data, which will be described in detail below. For the sake of description of distinction, this encryption process of the device is hereinafter referred to as a first encryption process, and encrypted data obtained after the first encryption process is referred to as first encrypted data.
S102, transmitting the first encrypted data to an APP or a gateway so that the APP or the gateway can perform second encryption processing on the first encrypted data to obtain second encrypted data, and sending the second encrypted data to a server; and the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data.
In some embodiments, after the device performs the first encryption processing on the communication data to obtain first encrypted data, the first encrypted data is transmitted to the gateway or the APP controlling the device. After the APP or the gateway receives the first encrypted data, the APP or the gateway performs second encryption processing on the first encrypted data to obtain second encrypted data, and sends the second encrypted data to the server.
When receiving second encrypted data sent by the APP or the gateway, the server first performs corresponding decryption processing on the second encrypted data to obtain first encrypted data, and then decrypts the first encrypted data to obtain communication data.
And then, the server carries out corresponding response operation according to the decrypted communication data. The server performs different response operations for different communication scenarios.
For example, in some embodiments, when the Device is online, the Device first performs AES (Advanced Encryption Standard) Encryption on the random number by using a Device key Device _ access _ key to obtain an encrypted random number, and then performs AES Encryption on the communication data including the encrypted random number and the Device ID by using a Cloud public key Cloud _ public _ key to obtain ciphertext data. Then, the device transmits the ciphertext data and plaintext data including information such as a device ID and a Media Access Control Address (lan Address) to the gateway.
The gateway combines the received ciphertext data and the plaintext data into a data body with a corresponding format, such as a Vlink JSON data body, performs AES encryption on the data body containing the ciphertext data and the plaintext data by adopting a gateway key access _ key to obtain message request body data, and sends the message request body data to the server.
In some embodiments, the queue format of the device, gateway and server communication is preset, for example, the queue format is unified as { up/down identification }/{ gateway ID }/sub/{ device ID }. For example, assuming that the gateway ID is 10000001, the a device ID is 10000002, and the B device ID is 10000003, there are:
gateway topic: viot _ up _ raw/10000001/sub/10000001;
device A, topic: viot _ up _ raw/10000001/sub/10000002;
b, device topic: viot _ up _ raw/10000001/sub/10000003.
Optionally, after obtaining the message request body data, the gateway sends the message request body data to the gateway topic, and the cloud obtains the message request body data through the gateway topic.
After the server acquires the message request body data, the gateway key access _ key is adopted to carry out AES decryption on the message request body data to obtain a data body containing ciphertext data and plaintext data. And then, the server performs AES decryption on the ciphertext data by adopting a Cloud private key Cloud _ private _ key to obtain communication data containing the encrypted random number. Then, the server queries and acquires a Device key Device _ access _ key corresponding to the Device ID according to the Device ID, AES encryption is carried out on the obtained random number by adopting the Device key Device _ access _ key, the encryption result is compared with the encrypted random number obtained by decryption, and if the two are consistent, the Device is authenticated to be legal; otherwise, if the two are not consistent, the authentication device is illegal. The server returns the authentication result to the gateway.
In other embodiments, in a communication scenario where the validity of the Device needs to be verified and a session key with the Device needs to be obtained, for example, when the Device is configured, the Device performs AES encryption on the random number by using the Device key Device _ access _ key to obtain an encrypted random number, performs AES encryption on communication data including the random number, the encrypted random number, the Device ID, and the MAC address by using the Cloud public key Cloud _ public _ key to obtain ciphertext data, and sends the ciphertext data to an APP controlling the Device.
The APP splices the ciphertext data according to a communication protocol interacted with the server to obtain corresponding request body data, AES encryption is carried out on the request body data containing the ciphertext data through an application key APP _ secret to obtain encrypted request body data, the encrypted request body data are sent to the server, and a request is sent to the server.
The server acquires an application key APP _ secret according to the APP _ ID corresponding to the APP, performs AES decryption on the encrypted request body data by using the application key APP _ secret to acquire ciphertext data, and performs AES decryption on the ciphertext data by using a Cloud private key Cloud _ private _ key to acquire communication data.
Acquiring a Device key Device _ access _ key corresponding to the Device according to the Device ID acquired by decryption, carrying out AES decryption on the encrypted random number in the communication data acquired by decryption by the server by adopting the Device key Device _ access _ key, comparing the decryption result with the random number in the communication data acquired by decryption, and if the decryption result is consistent with the random number in the communication data acquired by decryption, authenticating that the Device is legal; otherwise, if the two are not consistent, the authentication equipment is illegal.
After the authentication Device is legal, the server randomly generates a session key session _ key of the Device and the APP, performs AES encryption on the session key session _ key by adopting a Device public key Device _ public _ key to obtain an encrypted session key, performs AES encryption on response data containing the session key session _ key and the encrypted session key by adopting an application key APP _ secret to obtain encrypted response data, and returns the encrypted response data to the APP.
The APP carries out AES decryption on the encrypted response data by adopting the application key APP _ secret to obtain a session key session _ key and an encrypted session key, and the encrypted session key is transmitted to the equipment.
When the Device receives the encrypted session key sent by the APP, the Device private key Device _ private _ key is adopted to carry out AES decryption on the encrypted session key to obtain a session key session _ key, and the session key session _ key obtained by the Device decryption is consistent with the session _ key obtained by the APP decryption. And then, the equipment and the APP communicate according to the consistent session key _ key.
S103, transmitting the first encrypted data to a gateway so that the gateway can transmit the first encrypted data to the server in a transparent mode, decrypting the first encrypted data by the server to obtain the communication data, and performing corresponding response operation according to the communication data.
In other embodiments, for example, in a communication scenario in which the device sends communication data that does not include sensitive information to the server, the device performs a first encryption process on the communication data, obtains first encrypted data, and transmits the first encrypted data to the gateway. And after receiving the first encrypted data, the gateway directly transmits the first encrypted data to the server. And after receiving the first encrypted data transmitted by the gateway, the server decrypts the first encrypted data to obtain decrypted communication data. And then the server carries out corresponding response operation according to the communication data.
For example, in some embodiments, when the communication data does not contain sensitive information, for example, a communication scenario in which the Device reports an attribute message, the Device performs AES encryption on the communication data by using a Device key Device _ access _ key, obtains encrypted message body data, and transmits the encrypted message body data to the gateway.
The gateway transmits the encrypted message body data to the server. Optionally, the gateway transparently transmits the encrypted message body data to the device topic, and the server acquires the encrypted message body data through the device topic.
The server carries out AES decryption on the encrypted message body data by adopting the Device key Device _ access _ key to obtain communication data, carries out response processing according to the communication data, carries out AES encryption on the response data by adopting the Device key Device _ access _ key to obtain encrypted response data, and transmits the encrypted response data to the gateway. Optionally, the server transmits the encrypted response data to the device topic, and the gateway acquires the encrypted response data through the device topic.
And the gateway transmits the acquired encrypted response data to the equipment, and the equipment performs AES decryption on the encrypted response data by adopting the equipment key Device _ access _ key when receiving the encrypted response data to obtain the response data. Further, the device may perform a corresponding operation according to the response data.
Referring to fig. 3, fig. 3 is a flowchart illustrating steps of a communication method of a network access device according to an embodiment of the present application. The communication method of the network access equipment is particularly applied to the server so as to improve the security of communication data transmission.
As shown in fig. 3, the communication method of the network access device specifically includes steps S201 to S204.
S201, receiving encrypted data transmitted by an APP or a gateway, and executing step S202 or step S203; the encrypted data is first encrypted data generated by the equipment performing first encryption processing on communication data according to the current communication scene; or the encrypted data is second encrypted data generated by performing, by the APP or the gateway, second encryption processing on the first encrypted data, and the first encrypted data is transmitted to the APP or the gateway; wherein different communication scenarios correspond to different encryption processes.
Before the device sends the communication data, the device carries out corresponding encryption processing on the communication data according to the current communication scene of the device to obtain corresponding encrypted data. In different communication scenarios, different encryption processing is performed on communication data, which will be described in detail below. For the sake of description of distinction, this encryption process of the device is hereinafter referred to as a first encryption process, and encrypted data obtained after the first encryption process is referred to as first encrypted data.
In some embodiments, for example, in a communication scenario in which the device sends communication data that does not include sensitive information to the server, the device performs a first encryption process on the communication data, obtains first encrypted data, and transmits the first encrypted data to the gateway. And after receiving the first encrypted data, the gateway directly transmits the first encrypted data to the server.
In other embodiments, after the device performs the first encryption processing on the communication data to obtain first encrypted data, the first encrypted data is transmitted to the gateway or the APP controlling the device. After the APP or the gateway receives the first encrypted data, the APP or the gateway performs second encryption processing on the first encrypted data to obtain second encrypted data, and sends the second encrypted data to the server.
S202, decrypting the first encrypted data to obtain the communication data.
S203, decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data.
And S204, performing corresponding response operation according to the communication data.
After receiving the first encrypted data transmitted by the gateway, the server decrypts the first encrypted data to obtain decrypted communication data, and then performs corresponding response operation according to the communication data.
Or, when receiving the second encrypted data sent by the APP or the gateway, the server first performs corresponding decryption processing on the second encrypted data to obtain the first encrypted data, and then decrypts the first encrypted data to obtain the communication data. And then, the server carries out corresponding response operation according to the decrypted communication data. The server performs different response operations for different communication scenarios.
For example, in some embodiments, when the communication data does not contain sensitive information, for example, a communication scenario in which the Device reports an attribute message, the Device performs AES encryption on the communication data by using a Device key Device _ access _ key, obtains encrypted message body data, and transmits the encrypted message body data to the gateway.
The gateway transmits the encrypted message body data to the server. Optionally, the gateway transparently transmits the encrypted message body data to the device topic, and the server acquires the encrypted message body data through the device topic.
The server carries out AES decryption on the encrypted message body data by adopting the Device key Device _ access _ key to obtain communication data, carries out response processing according to the communication data, carries out AES encryption on the response data by adopting the Device key Device _ access _ key to obtain encrypted response data, and transmits the encrypted response data to the gateway. Optionally, the server transmits the encrypted response data to the device topic, and the gateway acquires the encrypted response data through the device topic.
And the gateway transmits the acquired encrypted response data to the equipment, and the equipment performs AES decryption on the encrypted response data by adopting the equipment key Device _ access _ key when receiving the encrypted response data to obtain the response data. Further, the device may perform a corresponding operation according to the response data.
For example, in some embodiments, when the Device is online, the Device first performs AES (Advanced Encryption Standard) Encryption on the random number by using a Device key Device _ access _ key to obtain an encrypted random number, and then performs AES Encryption on the communication data including the encrypted random number and the Device ID by using a Cloud public key Cloud _ public _ key to obtain ciphertext data. Then, the device transmits the ciphertext data and plaintext data including information such as a device ID and a Media Access Control Address (lan Address) to the gateway.
The gateway combines the received ciphertext data and the plaintext data into a data body with a corresponding format, such as a Vlink JSON data body, performs AES encryption on the data body containing the ciphertext data and the plaintext data by adopting a gateway key access _ key to obtain message request body data, and sends the message request body data to the server.
In some embodiments, the queue format of the device, gateway and server communication is preset, for example, the queue format is unified as { up/down identification }/{ gateway ID }/sub/{ device ID }. For example, assuming that the gateway ID is 10000001, the a device ID is 10000002, and the B device ID is 10000003, there are:
gateway topic: viot _ up _ raw/10000001/sub/10000001;
device A, topic: viot _ up _ raw/10000001/sub/10000002;
b, device topic: viot _ up _ raw/10000001/sub/10000003.
Optionally, after obtaining the message request body data, the gateway sends the message request body data to the gateway topic, and the cloud obtains the message request body data through the gateway topic.
After the server acquires the message request body data, the gateway key access _ key is adopted to carry out AES decryption on the message request body data to obtain a data body containing ciphertext data and plaintext data. And then, the server performs AES decryption on the ciphertext data by adopting a Cloud private key Cloud _ private _ key to obtain communication data containing the encrypted random number. Then, the server queries and acquires a Device key Device _ access _ key corresponding to the Device ID according to the Device ID, AES encryption is carried out on the obtained random number by adopting the Device key Device _ access _ key, the encryption result is compared with the encrypted random number obtained by decryption, and if the two are consistent, the Device is authenticated to be legal; otherwise, if the two are not consistent, the authentication device is illegal. The server returns the authentication result to the gateway.
In other embodiments, in a communication scenario where the validity of the Device needs to be verified and a session key with the Device needs to be obtained, for example, when the Device is configured, the Device performs AES encryption on the random number by using the Device key Device _ access _ key to obtain an encrypted random number, performs AES encryption on communication data including the random number, the encrypted random number, the Device ID, and the MAC address by using the Cloud public key Cloud _ public _ key to obtain ciphertext data, and sends the ciphertext data to an APP controlling the Device.
The APP splices the ciphertext data according to a communication protocol interacted with the server to obtain corresponding request body data, AES encryption is carried out on the request body data containing the ciphertext data through an application key APP _ secret to obtain encrypted request body data, the encrypted request body data are sent to the server, and a request is sent to the server.
The server acquires an application key APP _ secret according to the APP _ ID corresponding to the APP, performs AES decryption on the encrypted request body data by using the application key APP _ secret to acquire ciphertext data, and performs AES decryption on the ciphertext data by using a Cloud private key Cloud _ private _ key to acquire communication data.
Acquiring a Device key Device _ access _ key corresponding to the Device according to the Device ID acquired by decryption, carrying out AES decryption on the encrypted random number in the communication data acquired by decryption by the server by adopting the Device key Device _ access _ key, comparing the decryption result with the random number in the communication data acquired by decryption, and if the decryption result is consistent with the random number in the communication data acquired by decryption, authenticating that the Device is legal; otherwise, if the two are not consistent, the authentication equipment is illegal.
After the authentication Device is legal, the server randomly generates a session key session _ key of the Device and the APP, performs AES encryption on the session key session _ key by adopting a Device public key Device _ public _ key to obtain an encrypted session key, performs AES encryption on response data containing the session key session _ key and the encrypted session key by adopting an application key APP _ secret to obtain encrypted response data, and returns the encrypted response data to the APP.
The APP carries out AES decryption on the encrypted response data by adopting the application key APP _ secret to obtain a session key session _ key and an encrypted session key, and the encrypted session key is transmitted to the equipment.
When the Device receives the encrypted session key sent by the APP, the Device private key Device _ private _ key is adopted to carry out AES decryption on the encrypted session key to obtain a session key session _ key, and the session key session _ key obtained by the Device decryption is consistent with the session _ key obtained by the APP decryption. And then, the equipment and the APP communicate according to the consistent session key _ key.
In the above embodiment, the device performs first encryption processing on communication data according to a current communication scenario (different communication scenarios correspond to different encryption processing) to obtain first encryption data, and then the device transmits the first encryption data to the APP or the gateway, where the APP or the gateway performs second encryption processing on the first encryption data to obtain second encryption data and sends the second encryption data to the server, and the server decrypts the second encryption data to obtain the first encryption data and decrypts the first encryption data to obtain communication data; or the equipment transmits the first encrypted data to the gateway, the gateway transmits the first encrypted data to the server in a transparent mode, and the server decrypts the first encrypted data to obtain communication data so as to perform corresponding response operation according to the communication data, so that flexible encrypted transmission of the communication data is achieved, and therefore the safety of communication data transmission is improved.
Referring to fig. 4, fig. 4 is a schematic block diagram of an apparatus according to an embodiment of the present disclosure. As shown in fig. 4, device 400 may include a processor 410 and a memory 420. The processor 410 and the memory 420 are connected by a bus, such as an I2C (Inter-integrated Circuit) bus.
Specifically, the Processor 410 may be a Micro-controller Unit (MCU), a Central Processing Unit (CPU), a Digital Signal Processor (DSP), or the like.
Specifically, the Memory 420 may be a Flash chip, a Read-Only Memory (ROM) magnetic disk, an optical disk, a usb disk, or a removable hard disk.
Wherein the processor is configured to run a computer program stored in the memory and to implement the following steps when executing the computer program:
according to the current communication scene of the equipment, carrying out first encryption processing on communication data to obtain first encryption data; wherein, different communication scenes correspond to different encryption processes;
transmitting the first encrypted data to an APP or a gateway, so that the APP or the gateway can perform second encryption processing on the first encrypted data to obtain second encrypted data, and sending the second encrypted data to a server; the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data; or
And transmitting the first encrypted data to a gateway so that the gateway can transmit the first encrypted data to the server, decrypting the first encrypted data by the server to obtain the communication data, and performing corresponding response operation according to the communication data.
In some embodiments, when the processor implements the first encryption processing on the communication data according to the current communication scenario of the device to obtain first encryption data, the following is specifically implemented:
if the communication data contains sensitive information, the equipment adopts an equipment key to carry out AES encryption on the random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on the communication data containing the encrypted random number to obtain ciphertext data;
the processor is configured to transmit the first encrypted data to an APP or a gateway, so that the APP or the gateway performs second encryption processing on the first encrypted data to obtain second encrypted data, and sends the second encrypted data to a server, the server decrypts the second encrypted data to obtain the first encrypted data, and decrypts the first encrypted data to obtain the communication data, and when performing corresponding response operation according to the communication data, the processor is specifically configured to:
sending the ciphertext data and plaintext data containing the equipment ID to a gateway, so that the gateway can carry out AES encryption on the ciphertext data and the plaintext data by adopting a gateway key to obtain message request body data, and sending the message request body data to the server; the server carries out AES decryption on the message request body data by adopting a gateway key to obtain the ciphertext data, carries out AES decryption on the ciphertext data by adopting a cloud private key to obtain communication data containing the encrypted random number, obtains the equipment key according to the equipment ID, carries out AES encryption on the random number by adopting the equipment key, compares an encryption result with the encrypted random number obtained by decryption, authenticates the legality of the equipment, and returns an authentication result to the gateway.
In some embodiments, the performing, by the processor, the first encryption processing on the communication data according to the current communication scenario of the device to obtain first encrypted data includes:
if the communication data does not contain sensitive information, the equipment adopts an equipment key to carry out AES encryption on the communication data to obtain encrypted message body data;
when the processor realizes that the first encrypted data is transmitted to a gateway so that the gateway transmits the first encrypted data to the server in a transparent manner, and the server decrypts the first encrypted data to obtain the communication data and performs corresponding response operation according to the communication data, the method specifically realizes that:
transmitting the encrypted message body data to a gateway for the gateway to transmit the encrypted message body data to the server; the server adopts the equipment key to carry out AES decryption on the encrypted message body data to obtain the communication data, carries out response processing according to the communication data, carries out AES encryption on the response data by adopting the equipment key to obtain encrypted response data, and transmits the encrypted response data to the gateway, and the gateway transmits the encrypted response data to the equipment;
and when the encrypted response data is received, carrying out AES decryption on the encrypted response data by adopting the equipment key to obtain the response data.
In some embodiments, when the processor implements the first encryption processing on the communication data according to the current communication scenario of the device to obtain first encryption data, the following is specifically implemented:
if the communication scene is an equipment distribution network, the equipment adopts an equipment key to carry out AES encryption on the random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on communication data containing the random number, the encrypted random number and an equipment ID to obtain ciphertext data;
the processor is configured to transmit the first encrypted data to an APP or a gateway, so that the APP or the gateway performs second encryption processing on the first encrypted data to obtain second encrypted data, and sends the second encrypted data to a server, the server decrypts the second encrypted data to obtain the first encrypted data, and decrypts the first encrypted data to obtain the communication data, and when performing corresponding response operation according to the communication data, the processor is specifically configured to:
sending the ciphertext data to an APP (application) for the APP to carry out AES (advanced encryption standard) encryption on the ciphertext data by adopting an application key to obtain encryption request body data, and sending the encryption request body data to the server; the server adopts the application key to carry out AES decryption on the encrypted request body data to obtain the ciphertext data, adopts a cloud private key to carry out AES decryption on the ciphertext data to obtain the communication data, obtains the equipment key according to the equipment ID, adopts the equipment key to carry out AES decryption on encrypted random numbers in the communication data obtained by decryption, compares decryption results with random numbers in the communication data obtained by decryption, and authenticates the legality of the equipment; if the equipment is authenticated to be legal, a session key of the equipment and the APP is randomly generated, an equipment public key is adopted to carry out AES encryption on the session key to obtain an encrypted session key, the application key is adopted to carry out AES encryption on response data containing the session key and the encrypted session key to obtain encrypted response data, and the encrypted response data are returned to the APP; the APP carries out AES decryption on the encrypted response data by adopting the application key to obtain the session key and the encrypted session key, and transmits the encrypted session key to the equipment;
and when the encrypted session key is received, carrying out AES decryption on the encrypted session key by adopting an equipment private key to obtain the session key, and communicating with the APP according to the session key.
Referring to fig. 5, fig. 5 is a schematic block diagram of a server according to an embodiment of the present application. The server 500 includes a processor 510 and a memory 520, and the processor 510 and the memory 520 are connected by a bus, such as an I2C (Inter-integrated Circuit) bus.
Specifically, the Processor 510 may be a Micro-controller Unit (MCU), a Central Processing Unit (CPU), a Digital Signal Processor (DSP), or the like.
Specifically, the Memory 520 may be a Flash chip, a Read-Only Memory (ROM) magnetic disk, an optical disk, a usb disk, or a removable hard disk.
Wherein the processor is configured to run a computer program stored in the memory and to implement the following steps when executing the computer program:
receiving encrypted data transmitted by an APP or a gateway; the encrypted data is first encrypted data generated by the equipment performing first encryption processing on communication data according to the current communication scene; or the encrypted data is second encrypted data generated by performing, by the APP or the gateway, second encryption processing on the first encrypted data, and the first encrypted data is transmitted to the APP or the gateway; wherein, different communication scenes correspond to different encryption processes;
decrypting the first encrypted data to obtain the communication data; or, decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data;
and carrying out corresponding response operation according to the communication data.
In some embodiments, when implementing the receiving of the encrypted data transmitted by the APP or the gateway, the processor specifically implements:
receiving the first encrypted data transmitted by the gateway; the first encrypted data is encrypted message body data, wherein if the communication data does not contain sensitive information, the equipment adopts an equipment key to carry out AES encryption on the communication data to obtain encrypted message body data, and the encrypted message body data is transmitted to the gateway;
when the processor decrypts the first encrypted data to obtain the communication data, the following steps are specifically implemented:
carrying out AES decryption on the encrypted message body data by adopting an equipment key to obtain the communication data;
when the processor implements the corresponding response operation according to the communication data, the following is specifically implemented:
performing response processing according to the communication data, and performing AES encryption on the response data by adopting the equipment key to obtain encrypted response data;
transmitting the encrypted response data to the gateway for the gateway to transmit the encrypted response data to the device; and when the equipment receives the encrypted response data, the equipment carries out AES decryption on the encrypted response data by adopting the equipment key to obtain the response data.
In some embodiments, when implementing the receiving of the encrypted data transmitted by the APP or the gateway, the processor specifically implements:
receiving the second encrypted data transmitted by the gateway; the second encrypted data is message request body data, wherein if the communication data contains sensitive information, the equipment adopts an equipment key to carry out AES encryption on the random number to obtain an encrypted random number, adopts a cloud public key to carry out AES encryption on the communication data containing the encrypted random number to obtain ciphertext data, and sends the ciphertext data and plaintext data containing equipment ID to the gateway; the gateway adopts a gateway key to carry out AES encryption on the ciphertext data and the plaintext data to obtain the message request body data;
when the processor implements the decryption of the second encrypted data to obtain the first encrypted data and the decryption of the first encrypted data to obtain the communication data, the following is specifically implemented:
carrying out AES decryption on the message request body data by adopting a gateway key to obtain the ciphertext data;
carrying out AES decryption on the ciphertext data by adopting a cloud private key to obtain communication data containing the encrypted random number;
when the processor implements the corresponding response operation according to the communication data, the following is specifically implemented:
acquiring the equipment key according to the equipment ID, and carrying out AES encryption on the random number by adopting the equipment key;
and comparing the encryption result with the encrypted random number obtained by decryption, authenticating the validity of the equipment, and returning the authentication result to the gateway.
In some embodiments, when implementing the receiving of the encrypted data transmitted by the APP or the gateway, the processor specifically implements:
receiving the second encrypted data transmitted by the APP; the second encrypted data is encrypted request body data, wherein if the communication scene is an equipment distribution network, the equipment adopts an equipment key to carry out AES encryption on a random number to obtain an encrypted random number, adopts a cloud public key to carry out AES encryption on communication data containing the random number, the encrypted random number and an equipment ID to obtain ciphertext data, and sends the ciphertext data to the APP; the APP adopts an application key to carry out AES encryption on the ciphertext data to obtain the encryption request body data;
when the processor implements the decryption of the second encrypted data to obtain the first encrypted data and the decryption of the first encrypted data to obtain the communication data, the following is specifically implemented:
carrying out AES decryption on the encrypted request body data by adopting the application key to obtain the ciphertext data;
carrying out AES decryption on the ciphertext data by adopting a cloud private key to obtain the communication data;
when the processor implements the corresponding response operation according to the communication data, the following is specifically implemented:
acquiring the equipment key according to the equipment ID, carrying out AES decryption on the encrypted random number in the communication data obtained by decryption by adopting the equipment key, comparing the decryption result with the random number in the communication data obtained by decryption, and authenticating the legality of the equipment;
if the equipment is authenticated to be legal, a session key of the equipment and the APP is randomly generated, and an equipment public key is adopted to carry out AES encryption on the session key to obtain an encrypted session key;
performing AES encryption on response data containing the session key and the encrypted session key by adopting the application key to obtain encrypted response data;
returning the encrypted response data to the APP so that the APP performs AES decryption on the encrypted response data by using the application key to obtain the session key and the encrypted session key, and transmitting the encrypted session key to the device; and when the equipment receives the encrypted session key, the equipment performs AES decryption on the encrypted session key by adopting an equipment private key to obtain the session key, and communicates with the APP according to the session key.
An embodiment of the present application further provides an internet of things system, which may be, for example, the internet of things system shown in fig. 1, where the internet of things system includes a device and a server. It should be noted that the device may be the device illustrated in fig. 4, and the server may be the server illustrated in fig. 5.
The specific operations of the communication between the device and the server in the internet of things system can be described in the foregoing embodiments, and are not described herein.
In an embodiment of the present application, a computer-readable storage medium is further provided, where a computer program is stored in the computer-readable storage medium, where the computer program includes program instructions, and the processor executes the program instructions to implement the steps of the communication method of the network access device provided in the foregoing embodiment.
The computer readable storage medium may be an internal storage unit of the device or the server of the foregoing embodiment, for example, a hard disk or a memory of the device or the server. The computer readable storage medium may also be an external storage device of the device or server, such as a plug-in hard disk provided on the device or server, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like.
As the computer program stored in the computer-readable storage medium can execute any communication method of the network access device provided in the embodiment of the present application, beneficial effects that can be achieved by any communication method of the network access device provided in the embodiment of the present application can be achieved, for details, see the foregoing embodiment, and are not described herein again.
While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (12)
1. A communication method of network access equipment is applied to the equipment and is characterized by comprising the following steps:
according to the current communication scene of the equipment, carrying out first encryption processing on communication data to obtain first encryption data; wherein, different communication scenes correspond to different encryption processes;
transmitting the first encrypted data to an APP or a gateway, so that the APP or the gateway can perform second encryption processing on the first encrypted data to obtain second encrypted data, and sending the second encrypted data to a server; the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data; or
And transmitting the first encrypted data to a gateway so that the gateway can transmit the first encrypted data to the server, decrypting the first encrypted data by the server to obtain the communication data, and performing corresponding response operation according to the communication data.
2. The communication method of the network access device according to claim 1, wherein the performing the first encryption processing on the communication data according to the current communication scenario of the device to obtain the first encrypted data includes:
if the communication data contains sensitive information, the equipment adopts an equipment key to carry out AES encryption on the random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on the communication data containing the encrypted random number to obtain ciphertext data;
the transmitting the first encrypted data to an APP or a gateway so that the APP or the gateway performs second encryption processing on the first encrypted data to obtain second encrypted data, and sends the second encrypted data to a server, the server decrypts the second encrypted data to obtain the first encrypted data, and decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data, including:
sending the ciphertext data and plaintext data containing the equipment ID to a gateway, so that the gateway can carry out AES encryption on the ciphertext data and the plaintext data by adopting a gateway key to obtain message request body data, and sending the message request body data to the server; the server carries out AES decryption on the message request body data by adopting a gateway key to obtain the ciphertext data, carries out AES decryption on the ciphertext data by adopting a cloud private key to obtain communication data containing the encrypted random number, obtains the equipment key according to the equipment ID, carries out AES encryption on the random number by adopting the equipment key, compares an encryption result with the encrypted random number obtained by decryption, authenticates the legality of the equipment, and returns an authentication result to the gateway.
3. The communication method of the network access device according to claim 1, wherein the performing the first encryption processing on the communication data according to the current communication scenario of the device to obtain the first encrypted data includes:
if the communication data does not contain sensitive information, the equipment adopts an equipment key to carry out AES encryption on the communication data to obtain encrypted message body data;
the transmitting the first encrypted data to a gateway so that the gateway transparently transmits the first encrypted data to the server, and the server decrypts the first encrypted data to obtain the communication data and performs corresponding response operation according to the communication data, including:
transmitting the encrypted message body data to a gateway for the gateway to transmit the encrypted message body data to the server; the server adopts the equipment key to carry out AES decryption on the encrypted message body data to obtain the communication data, carries out response processing according to the communication data, carries out AES encryption on the response data by adopting the equipment key to obtain encrypted response data, and transmits the encrypted response data to the gateway, and the gateway transmits the encrypted response data to the equipment;
and when the encrypted response data is received, carrying out AES decryption on the encrypted response data by adopting the equipment key to obtain the response data.
4. The communication method of the network access device according to claim 1, wherein the performing the first encryption processing on the communication data according to the current communication scenario of the device to obtain the first encrypted data includes:
if the communication scene is an equipment distribution network, the equipment adopts an equipment key to carry out AES encryption on the random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on communication data containing the random number, the encrypted random number and an equipment ID to obtain ciphertext data;
the transmitting the first encrypted data to an APP or a gateway so that the APP or the gateway performs second encryption processing on the first encrypted data to obtain second encrypted data, and sends the second encrypted data to a server, the server decrypts the second encrypted data to obtain the first encrypted data, and decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data, including:
sending the ciphertext data to an APP (application) for the APP to carry out AES (advanced encryption standard) encryption on the ciphertext data by adopting an application key to obtain encryption request body data, and sending the encryption request body data to the server; the server adopts the application key to carry out AES decryption on the encrypted request body data to obtain the ciphertext data, adopts a cloud private key to carry out AES decryption on the ciphertext data to obtain the communication data, obtains the equipment key according to the equipment ID, adopts the equipment key to carry out AES decryption on encrypted random numbers in the communication data obtained by decryption, compares decryption results with random numbers in the communication data obtained by decryption, and authenticates the legality of the equipment; if the equipment is authenticated to be legal, a session key of the equipment and the APP is randomly generated, an equipment public key is adopted to carry out AES encryption on the session key to obtain an encrypted session key, the application key is adopted to carry out AES encryption on response data containing the session key and the encrypted session key to obtain encrypted response data, and the encrypted response data are returned to the APP; the APP carries out AES decryption on the encrypted response data by adopting the application key to obtain the session key and the encrypted session key, and transmits the encrypted session key to the equipment;
and when the encrypted session key is received, carrying out AES decryption on the encrypted session key by adopting an equipment private key to obtain the session key, and communicating with the APP according to the session key.
5. A communication method of network access equipment is applied to a server and is characterized by comprising the following steps:
receiving encrypted data transmitted by an APP or a gateway; the encrypted data is first encrypted data generated by the equipment performing first encryption processing on communication data according to the current communication scene; or the encrypted data is second encrypted data generated by performing, by the APP or the gateway, second encryption processing on the first encrypted data, and the first encrypted data is transmitted to the APP or the gateway; wherein, different communication scenes correspond to different encryption processes;
decrypting the first encrypted data to obtain the communication data; or, decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data;
and carrying out corresponding response operation according to the communication data.
6. The communication method of the network access device according to claim 5, wherein the receiving encrypted data transmitted by the APP or the gateway includes:
receiving the first encrypted data transmitted by the gateway; the first encrypted data is encrypted message body data, wherein if the communication data does not contain sensitive information, the equipment adopts an equipment key to carry out AES encryption on the communication data to obtain encrypted message body data, and the encrypted message body data is transmitted to the gateway;
the decrypting the first encrypted data to obtain the communication data includes:
carrying out AES decryption on the encrypted message body data by adopting an equipment key to obtain the communication data;
the corresponding response operation according to the communication data comprises:
performing response processing according to the communication data, and performing AES encryption on the response data by adopting the equipment key to obtain encrypted response data;
transmitting the encrypted response data to the gateway for the gateway to transmit the encrypted response data to the device; and when the equipment receives the encrypted response data, the equipment carries out AES decryption on the encrypted response data by adopting the equipment key to obtain the response data.
7. The communication method of the network access device according to claim 5, wherein the receiving encrypted data transmitted by the APP or the gateway includes:
receiving the second encrypted data transmitted by the gateway; the second encrypted data is message request body data, wherein if the communication data contains sensitive information, the equipment adopts an equipment key to carry out AES encryption on the random number to obtain an encrypted random number, adopts a cloud public key to carry out AES encryption on the communication data containing the encrypted random number to obtain ciphertext data, and sends the ciphertext data and plaintext data containing equipment ID to the gateway; the gateway adopts a gateway key to carry out AES encryption on the ciphertext data and the plaintext data to obtain the message request body data;
the decrypting the second encrypted data to obtain the first encrypted data and decrypting the first encrypted data to obtain the communication data includes:
carrying out AES decryption on the message request body data by adopting a gateway key to obtain the ciphertext data;
carrying out AES decryption on the ciphertext data by adopting a cloud private key to obtain communication data containing the encrypted random number;
the corresponding response operation according to the communication data comprises:
acquiring the equipment key according to the equipment ID, and carrying out AES encryption on the random number by adopting the equipment key;
and comparing the encryption result with the encrypted random number obtained by decryption, authenticating the validity of the equipment, and returning the authentication result to the gateway.
8. The communication method of the network access device according to claim 5, wherein the receiving encrypted data transmitted by the APP or the gateway includes:
receiving the second encrypted data transmitted by the APP; the second encrypted data is encrypted request body data, wherein if the communication scene is an equipment distribution network, the equipment adopts an equipment key to carry out AES encryption on a random number to obtain an encrypted random number, adopts a cloud public key to carry out AES encryption on communication data containing the random number, the encrypted random number and an equipment ID to obtain ciphertext data, and sends the ciphertext data to the APP; the APP adopts an application key to carry out AES encryption on the ciphertext data to obtain the encryption request body data;
the decrypting the second encrypted data to obtain the first encrypted data and decrypting the first encrypted data to obtain the communication data includes:
carrying out AES decryption on the encrypted request body data by adopting the application key to obtain the ciphertext data;
carrying out AES decryption on the ciphertext data by adopting a cloud private key to obtain the communication data;
the corresponding response operation according to the communication data comprises:
acquiring the equipment key according to the equipment ID, carrying out AES decryption on the encrypted random number in the communication data obtained by decryption by adopting the equipment key, comparing the decryption result with the random number in the communication data obtained by decryption, and authenticating the legality of the equipment;
if the equipment is authenticated to be legal, a session key of the equipment and the APP is randomly generated, and an equipment public key is adopted to carry out AES encryption on the session key to obtain an encrypted session key;
performing AES encryption on response data containing the session key and the encrypted session key by adopting the application key to obtain encrypted response data;
returning the encrypted response data to the APP so that the APP performs AES decryption on the encrypted response data by using the application key to obtain the session key and the encrypted session key, and transmitting the encrypted session key to the device; and when the equipment receives the encrypted session key, the equipment performs AES decryption on the encrypted session key by adopting an equipment private key to obtain the session key, and communicates with the APP according to the session key.
9. An apparatus comprising a processor and a memory, the memory storing a computer program therein, the processor executing the communication method of the network access apparatus according to any one of claims 1 to 4 when calling the computer program in the memory.
10. A server, characterized by comprising a processor and a memory, wherein the memory stores a computer program, and the processor executes the communication method of the network access device according to any one of claims 5 to 8 when calling the computer program in the memory.
11. An internet of things system comprising the device of claim 9 and the server of claim 10.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, causes the processor to implement the communication method of the network access device according to any one of claims 1 to 4; or a communication method of implementing the network access device according to any one of claims 5 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010056384.4A CN113141333B (en) | 2020-01-18 | 2020-01-18 | Communication method, device, server, system and storage medium of network access device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010056384.4A CN113141333B (en) | 2020-01-18 | 2020-01-18 | Communication method, device, server, system and storage medium of network access device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113141333A true CN113141333A (en) | 2021-07-20 |
| CN113141333B CN113141333B (en) | 2023-05-09 |
Family
ID=76808562
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010056384.4A Active CN113141333B (en) | 2020-01-18 | 2020-01-18 | Communication method, device, server, system and storage medium of network access device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113141333B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001735A (en) * | 2022-04-18 | 2022-09-02 | 广西电网有限责任公司电力科学研究院 | Electric power system data safety processing method and system |
| CN116055207A (en) * | 2023-01-31 | 2023-05-02 | 深圳市圣驼储能技术有限公司 | Encryption method and system for communication data of Internet of things |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1291396A (en) * | 1998-12-21 | 2001-04-11 | 松下电器产业株式会社 | Communication system and communication method |
| CN101483867A (en) * | 2008-01-10 | 2009-07-15 | 中国移动通信集团公司 | User identity verification method, related device and system in WAP service |
| WO2009149579A1 (en) * | 2008-06-10 | 2009-12-17 | 上海贝尔阿尔卡特股份有限公司 | Secure communication method and apparatus based on ibe algorithm in the store and forward manner |
| US20100318468A1 (en) * | 2009-06-16 | 2010-12-16 | Carr Robert O | Tamper-Resistant Secure Methods, Systems and Apparatuses for Credit and Debit Transactions |
| CN102142961A (en) * | 2010-06-30 | 2011-08-03 | 华为技术有限公司 | Method, device and system for authenticating gateway, node and server |
| CN105208028A (en) * | 2015-09-30 | 2015-12-30 | 北京金山安全软件有限公司 | Data transmission method and related device and equipment |
| CN106028320A (en) * | 2016-07-26 | 2016-10-12 | 深圳市金立通信设备有限公司 | Data security transmission method, terminal and server |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN109450931A (en) * | 2018-12-14 | 2019-03-08 | 北京知道创宇信息技术有限公司 | A kind of secure internet connection method, apparatus and PnP device |
| CN109951479A (en) * | 2019-03-19 | 2019-06-28 | 中国联合网络通信集团有限公司 | A kind of communication means, equipment and communication system |
| CN109982281A (en) * | 2017-12-27 | 2019-07-05 | 上海未来宽带技术股份有限公司 | A kind of communication system and method based on LoRaWAN |
-
2020
- 2020-01-18 CN CN202010056384.4A patent/CN113141333B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1291396A (en) * | 1998-12-21 | 2001-04-11 | 松下电器产业株式会社 | Communication system and communication method |
| CN101483867A (en) * | 2008-01-10 | 2009-07-15 | 中国移动通信集团公司 | User identity verification method, related device and system in WAP service |
| WO2009149579A1 (en) * | 2008-06-10 | 2009-12-17 | 上海贝尔阿尔卡特股份有限公司 | Secure communication method and apparatus based on ibe algorithm in the store and forward manner |
| US20100318468A1 (en) * | 2009-06-16 | 2010-12-16 | Carr Robert O | Tamper-Resistant Secure Methods, Systems and Apparatuses for Credit and Debit Transactions |
| CN102142961A (en) * | 2010-06-30 | 2011-08-03 | 华为技术有限公司 | Method, device and system for authenticating gateway, node and server |
| CN105208028A (en) * | 2015-09-30 | 2015-12-30 | 北京金山安全软件有限公司 | Data transmission method and related device and equipment |
| CN106028320A (en) * | 2016-07-26 | 2016-10-12 | 深圳市金立通信设备有限公司 | Data security transmission method, terminal and server |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN109982281A (en) * | 2017-12-27 | 2019-07-05 | 上海未来宽带技术股份有限公司 | A kind of communication system and method based on LoRaWAN |
| CN109450931A (en) * | 2018-12-14 | 2019-03-08 | 北京知道创宇信息技术有限公司 | A kind of secure internet connection method, apparatus and PnP device |
| CN109951479A (en) * | 2019-03-19 | 2019-06-28 | 中国联合网络通信集团有限公司 | A kind of communication means, equipment and communication system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001735A (en) * | 2022-04-18 | 2022-09-02 | 广西电网有限责任公司电力科学研究院 | Electric power system data safety processing method and system |
| CN115001735B (en) * | 2022-04-18 | 2023-12-12 | 广西电网有限责任公司电力科学研究院 | Power system data security processing method and system |
| CN116055207A (en) * | 2023-01-31 | 2023-05-02 | 深圳市圣驼储能技术有限公司 | Encryption method and system for communication data of Internet of things |
| CN116055207B (en) * | 2023-01-31 | 2023-10-03 | 深圳市圣驼储能技术有限公司 | Encryption method and system for communication data of Internet of things |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113141333B (en) | 2023-05-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10812969B2 (en) | System and method for configuring a wireless device for wireless network access | |
| CN107040369B (en) | Data transmission method, device and system | |
| CN104094267B (en) | Method, apparatus and system for secure sharing of media content from a source device | |
| CN108696411B (en) | Device for use in a CAN system | |
| US10601801B2 (en) | Identity authentication method and apparatus | |
| US9668230B2 (en) | Security integration between a wireless and a wired network using a wireless gateway proxy | |
| CN107454079B (en) | Lightweight equipment authentication and shared key negotiation method based on Internet of things platform | |
| KR101740957B1 (en) | Data certification and acquisition method for vehicle | |
| CN107317677B (en) | Secret key storage and equipment identity authentication method and device | |
| CN106790223B (en) | Data transmission method, equipment and system | |
| CN103685323A (en) | Method for realizing intelligent home security networking based on intelligent cloud television gateway | |
| CN108809907B (en) | Certificate request message sending method, receiving method and device | |
| KR20150079489A (en) | Instant messaging method and system | |
| CN112913189B (en) | OTA (over the air) upgrading method and device | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN114143108B (en) | Session encryption method, device, equipment and storage medium | |
| CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
| CN113141333B (en) | Communication method, device, server, system and storage medium of network access device | |
| WO2022041151A1 (en) | Device verification method, device, and cloud | |
| CN110740109A (en) | Network device, method for security, and computer-readable storage medium | |
| CN106487761B (en) | Message transmission method and network equipment | |
| KR102415628B1 (en) | Method and apparatus for authenticating drone using dim | |
| CN113434837B (en) | Method and device for equipment identity authentication and smart home system | |
| WO2022094936A1 (en) | Access method, device, and cloud platform device | |
| CN114500064A (en) | Communication security verification method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |