CN113141333B - Communication method, device, server, system and storage medium of network access device - Google Patents

Communication method, device, server, system and storage medium of network access device Download PDF

Info

Publication number
CN113141333B
CN113141333B CN202010056384.4A CN202010056384A CN113141333B CN 113141333 B CN113141333 B CN 113141333B CN 202010056384 A CN202010056384 A CN 202010056384A CN 113141333 B CN113141333 B CN 113141333B
Authority
CN
China
Prior art keywords
data
encrypted
key
communication
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010056384.4A
Other languages
Chinese (zh)
Other versions
CN113141333A (en
Inventor
陈小平
陈荣锦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Foshan Viomi Electrical Technology Co Ltd
Original Assignee
Foshan Viomi Electrical Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Foshan Viomi Electrical Technology Co Ltd filed Critical Foshan Viomi Electrical Technology Co Ltd
Priority to CN202010056384.4A priority Critical patent/CN113141333B/en
Publication of CN113141333A publication Critical patent/CN113141333A/en
Application granted granted Critical
Publication of CN113141333B publication Critical patent/CN113141333B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Abstract

The application discloses a communication method, equipment, a system and a storage medium of network access equipment, wherein the method comprises the following steps: according to the current communication scene of the equipment, carrying out first encryption processing on communication data to obtain first encrypted data; transmitting the first encrypted data to the APP or the gateway so that the APP or the gateway performs second encryption processing on the first encrypted data to obtain second encrypted data, and transmitting the second encrypted data to the server; the server decrypts the second encrypted data to obtain first encrypted data, decrypts the first encrypted data to obtain communication data, and performs corresponding response operation according to the communication data; or the first encrypted data is transmitted to the gateway so that the gateway can transmit the first encrypted data to the server, the server decrypts the first encrypted data to obtain communication data, and corresponding response operation is carried out according to the communication data, so that the safety of communication data transmission is improved.

Description

Communication method, device, server, system and storage medium of network access device
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a communications method, a device, a server, a system, and a storage medium for a network access device.
Background
In the prior art, when a device communicates with a server, communication data is generally transmitted directly, or in order to enhance the security of the data, the communication data is encrypted according to a fixed encryption algorithm and then transmitted. However, once the encryption algorithm is broken, there is a risk of leakage of the communication data, and thus, the security of the communication data transmission is not high.
Disclosure of Invention
The embodiment of the application provides a communication method, equipment, a server, a system and a storage medium of network access equipment, which can improve the safety of communication data transmission.
In a first aspect, an embodiment of the present application provides a communication method of a network access device, which is applied to a device, and includes:
according to the current communication scene of the equipment, carrying out first encryption processing on communication data to obtain first encrypted data; wherein, different communication scenes correspond to different encryption processes;
transmitting the first encrypted data to an APP or a gateway so that the APP or the gateway can perform second encryption processing on the first encrypted data to obtain second encrypted data, and transmitting the second encrypted data to a server; the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data; or alternatively
And transmitting the first encrypted data to a gateway so that the gateway can transmit the first encrypted data to the server, and the server decrypts the first encrypted data to obtain the communication data and performs corresponding response operation according to the communication data.
In a second aspect, an embodiment of the present application provides an apparatus, including a processor and a memory, where the memory stores a computer program, and when the processor invokes the computer program in the memory, the foregoing communication method applied to a network access device of the apparatus is executed.
In a third aspect, an embodiment of the present application provides a communication method of a network access device, which is applied to a server, and includes:
receiving encrypted data transmitted by an APP or a gateway; the encrypted data is first encrypted data generated by performing first encryption processing on the communication data by the equipment according to the current communication scene; or the encrypted data is second encrypted data generated by performing first encryption processing on the communication data by the equipment according to the current communication scene, transmitting the first encrypted data to the APP or the gateway, and performing second encryption processing on the first encrypted data by the APP or the gateway; wherein, different communication scenes correspond to different encryption processes;
Decrypting the first encrypted data to obtain the communication data; or, decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data;
and carrying out corresponding response operation according to the communication data.
In a fourth aspect, an embodiment of the present application provides a server, including a processor and a memory, where the memory stores a computer program, and when the processor invokes the computer program in the memory, the processor executes the communication method applied to the network access device of the server.
In a fifth aspect, an embodiment of the present application provides an internet of things system, including the above device and a server.
In a sixth aspect, embodiments of the present application further provide a computer readable storage medium, where the computer readable storage medium is configured to store a computer program, where the computer program when executed by a processor causes the processor to implement the communication method of the network access device described above.
The embodiment of the application provides a communication method, equipment, a server, a system and a storage medium of network access equipment, wherein the equipment performs first encryption processing on communication data according to the current communication scene (different encryption processing corresponding to different communication scenes) to obtain first encryption data, then the equipment transmits the first encryption data to an APP or a gateway, the APP or the gateway performs second encryption processing on the first encryption data to obtain second encryption data, the second encryption data is transmitted to the server, the server decrypts the second encryption data to obtain first encryption data, and decrypts the first encryption data to obtain communication data; or the device transmits the first encrypted data to the gateway, the gateway transmits the first encrypted data to the server, and the server decrypts the first encrypted data to obtain communication data so as to perform corresponding response operation according to the communication data, thereby realizing flexible encrypted transmission of the communication data, and improving the safety of communication data transmission.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic block diagram of an Internet of things system according to an embodiment of the present application;
fig. 2 is a schematic flowchart of steps of a communication method of an access device according to an embodiment of the present application;
fig. 3 is a schematic flowchart of steps of another communication method of a network access device according to an embodiment of the present application;
FIG. 4 is a schematic block diagram of an apparatus provided in an embodiment of the present application;
fig. 5 is a schematic block diagram of a server according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The flow diagrams depicted in the figures are merely illustrative and not necessarily all of the elements and operations/steps are included or performed in the order described. For example, some operations/steps may be further divided, combined, or partially combined, so that the order of actual execution may be changed according to actual situations.
It is to be understood that the terminology used in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
When a device communicates with a server, it generally directly transmits communication data, or in order to enhance the security of data, the communication data is encrypted according to a fixed encryption algorithm and then transmitted. However, once the encryption algorithm is broken, there is a risk of leakage of the communication data, and thus, the security of the communication data transmission is not high.
In order to solve the above problems, embodiments of the present application provide a communication method, device, server, system, and storage medium of a network access device, for improving security of communication data transmission.
Referring to fig. 1, fig. 1 is a schematic block diagram of an internet of things system according to an embodiment of the present application. As shown in fig. 1, the internet of things system 1000 may include at least one device 100 and a server 200, where the device 100 and the server 200 are communicatively connected. Optionally, the device 100 is communicatively connected to the server 200 based on a Wi-Fi Mesh wireless Mesh network. It should be noted that, the device 100 and the server 200 may also be connected in a communication manner by other manners, such as Zigbee, bluetooth, etc., so as to implement data interaction between the device 100 and the server.
The internet of things system 1000 further includes a gateway 300, the gateway 300 is connected to the device 100 and the server 200, and the device 100 transmits communication data to the server 200 through the gateway 300.
The device 100 comprises a communication module and a processor, wherein the communication module is configured to communicatively connect the device 100 with the server 200.
The processor may be a central processing unit (Central Processing Unit, CPU), which may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The device 100 includes, but is not limited to, a television, an air conditioner, a refrigerator, etc.
The server 200 may be an independent server, or a server cluster, or a plurality of servers may form a system according to a certain logic. In practical applications, the server 200 may be an IOT (Internet ofThings ) cloud server.
It will be appreciated that the above designations of the components of the internet of things system are for identification purposes only and are not limiting on the embodiments of the present application.
The following describes in detail a communication method of the network access device provided by the embodiment of the present application based on an internet of things system, a device in the internet of things system, and a server in the internet of things system.
Referring to fig. 2, fig. 2 is a schematic flowchart of a communication method of an access device according to an embodiment of the present application. The communication method of the network access device is specifically applied to the device provided by the embodiment, so as to improve the safety of communication data transmission.
As shown in fig. 2, the communication method of the network access device specifically includes steps S101 to S103.
S101, carrying out first encryption processing on communication data according to the current communication scene of the equipment to obtain first encryption data, and executing step S102 or step S103; wherein different communication scenarios correspond to different encryption processes.
The device and the server are in various communication scenes, and the communication scenes comprise: the communication data comprises sensitive information, such as the communication data sent by the equipment when the equipment is online comprises sensitive information such as token, access key and the like; the communication data does not contain sensitive information, for example, the communication data sent by the equipment does not contain sensitive information when the equipment reports the attribute information; and when the equipment is configured with the network, the legitimacy of the equipment needs to be verified, and a communication scene of a session key with the equipment is acquired.
Before the device sends the communication data, the device performs corresponding encryption processing on the communication data according to the current communication scene of the device to obtain corresponding encrypted data. The communication data is encrypted differently in different communication scenarios, which will be described in detail below. For convenience of distinguishing description, this encryption process of the device will be referred to as a first encryption process hereinafter, and encrypted data obtained after the first encryption process will be referred to as first encrypted data.
S102, transmitting the first encrypted data to an APP or a gateway so that the APP or the gateway can perform second encryption processing on the first encrypted data to obtain second encrypted data, and transmitting the second encrypted data to a server; the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data.
In some embodiments, after the device performs a first encryption process on the communication data to obtain first encrypted data, the first encrypted data is transmitted to the gateway or an APP that controls the device. After the APP or the gateway receives the first encrypted data, the APP or the gateway performs second encryption processing on the first encrypted data to obtain second encrypted data, and sends the second encrypted data to the server.
When the server receives second encrypted data sent by the APP or the gateway, the server firstly carries out corresponding decryption processing on the second encrypted data to obtain first encrypted data, and then decrypts the first encrypted data to obtain communication data.
And then, the server performs corresponding response operation according to the decrypted communication data. For different communication scenarios, the server performs different response operations.
For example, in some embodiments, when the communication data to be sent by the Device in the current communication scenario includes sensitive information, for example, when the Device is on line, the Device first uses the Device key device_access_key to encrypt the random number by AES (Advanced Encryption Standard ) to obtain an encrypted random number, and then uses the Cloud public key cloud_public_key to encrypt the communication data including the encrypted random number and the information such as the Device ID by AES to obtain ciphertext data. The device then transmits ciphertext data, and plaintext data including information such as a device ID, a MAC address (Media Access Control Address, a lan address), and the like, to the gateway.
The gateway combines the received ciphertext data and plaintext data into a data body with a corresponding format, such as a Vlink JSON data body, and adopts a gateway key access_key to carry out AES encryption on the data body containing the ciphertext data and the plaintext data to obtain message request body data, and sends the message request body data to the server.
In some embodiments, the queue format of the communication between the device and the gateway and the server is preset, for example, the queue format is set to be uniform as { uplink and downlink identification }/{ gateway ID }/sub/{ device ID }. For example, assuming that the gateway ID is 10000001, the a device ID is 10000002, and the b device ID is 10000003, there are:
gateway topic: viot_up_raw/10000001/10000001;
a device topic: viot_up_raw/10000001/10000002;
device B topic: viot_up_raw/10000001/10000003.
Optionally, after the gateway obtains the message request body data, the gateway sends the message request body data to the gateway topic, and the cloud side obtains the message request body data through the gateway topic.
After obtaining the message request body data, the server adopts the gateway key access_key to carry out AES decryption on the message request body data to obtain a data body containing ciphertext data and plaintext data. And then, the server adopts a Cloud private key cloud_private_key to carry out AES decryption on the ciphertext data to obtain communication data containing the encrypted random number. Then, the server inquires and acquires a Device key device_access_key corresponding to the Device ID according to the Device ID, AES (advanced encryption standard) encryption is carried out on the obtained random number by adopting the Device key device_access_key, the encryption result is compared with the encrypted random number obtained by decryption, and if the encryption result and the encrypted random number are consistent, the authentication Device is legal; otherwise, if the two are inconsistent, the authentication equipment is illegal. The server returns the authentication result to the gateway.
In other embodiments, in a communication scenario where the validity of the Device needs to be verified and a session key with the Device is acquired, for example, when the Device is configured with a network, the Device uses a Device key device_access_key to AES encrypt a random number to obtain an encrypted random number, uses a Cloud public key cloud_public_key to AES encrypt communication data including the random number, the encrypted random number, a Device ID, and a MAC address to obtain ciphertext data, and sends the ciphertext data to an APP that controls the Device.
The APP acquires corresponding request body data according to the ciphertext data spliced by the communication protocol interacted with the server, carries out AES encryption on the request body data containing the ciphertext data by adopting the application key app_secret, acquires encrypted request body data, sends the encrypted request body data to the server, and initiates a request to the server.
The server acquires an application key app_secret according to the APP_ID corresponding to the APP, and adopts the application key app_secret to carry out AES decryption on the encrypted request body data to obtain ciphertext data, and adopts a Cloud private key cloud_private_key to carry out AES decryption on the ciphertext data to obtain communication data.
According to the Device ID obtained by decryption, a Device key device_access_key corresponding to the Device is obtained, the server adopts the Device key device_access_key to carry out AES decryption on encrypted random numbers in communication data obtained by decryption, the decryption result is compared with the random numbers in the communication data obtained by decryption, and if the decryption result is consistent with the random numbers in the communication data obtained by decryption, the authentication Device is legal; otherwise, if the two are inconsistent, the authentication equipment is illegal.
After the authentication Device is legal, the server randomly generates a session key of the Device and the APP, and adopts the Device public key to carry out AES encryption on the session key to obtain an encrypted session key, and adopts the application key APP secret to carry out AES encryption on response data containing the session key and the encrypted session key to obtain encrypted response data, and the encrypted response data is returned to the APP.
The APP adopts the application key app_secret to carry out AES decryption on the encrypted response data to obtain a session key and an encrypted session key, and the encrypted session key is transmitted to the device.
When receiving an encrypted session key sent by an APP, equipment private key Device private key is adopted to carry out AES decryption on the encrypted session key to obtain a session key session_key, and the session key session_key obtained by equipment decryption is consistent with the session_key obtained by APP decryption. The device then communicates with the APP according to the consistent session key.
S103, the first encrypted data is transmitted to a gateway so that the gateway can transmit the first encrypted data to the server, the server decrypts the first encrypted data to obtain the communication data, and corresponding response operation is carried out according to the communication data.
In other embodiments, for example, in a communication scenario in which the device sends communication data that does not include sensitive information to the server, the device performs a first encryption process on the communication data, and after obtaining the first encrypted data, transmits the first encrypted data to the gateway. And the gateway directly and transparently transmits the first encrypted data to the server after receiving the first encrypted data. After receiving the first encrypted data transmitted by the gateway, the server decrypts the first encrypted data to obtain decrypted communication data. And then the server performs corresponding response operation according to the communication data.
Illustratively, in some embodiments, when the communication data does not include sensitive information, e.g., a communication scenario in which the Device reports the attribute message, the Device AES encrypts the communication data using the Device key Device access key to obtain encrypted message body data, and transmits the encrypted message body data to the gateway.
The gateway transparently passes the encrypted message body data to the server. Optionally, the gateway transparently passes the encrypted message body data to the device topic, and the server obtains the encrypted message body data through the device topic.
The server adopts the Device key device_access_key to carry out AES decryption on the encrypted message body data to obtain communication data, carries out response processing according to the communication data, carries out AES encryption on the response data by adopting the Device key device_access_key to obtain encrypted response data, and transmits the encrypted response data to the gateway. Optionally, the server transmits the encrypted response data to the device topic, and the gateway obtains the encrypted response data through the device topic.
The gateway transmits the acquired encrypted response data to the Device, and when the Device receives the encrypted response data, the Device adopts the Device key Device access key to carry out AES decryption on the encrypted response data, so as to obtain response data. Further, the device may perform a corresponding operation based on the response data.
Referring to fig. 3, fig. 3 is a schematic flowchart of a communication method of an access device according to an embodiment of the present application. The communication method of the network access equipment is particularly applied to the server, so that the safety of communication data transmission is improved.
As shown in fig. 3, the communication method of the network access device specifically includes steps S201 to S204.
S201, receiving encrypted data transmitted by an APP or a gateway, and executing step S202 or step S203; the encrypted data is first encrypted data generated by performing first encryption processing on the communication data by the equipment according to the current communication scene; or the encrypted data is second encrypted data generated by performing first encryption processing on the communication data by the equipment according to the current communication scene, transmitting the first encrypted data to the APP or the gateway, and performing second encryption processing on the first encrypted data by the APP or the gateway; wherein different communication scenarios correspond to different encryption processes.
Before the device sends the communication data, the device performs corresponding encryption processing on the communication data according to the current communication scene of the device to obtain corresponding encrypted data. The communication data is encrypted differently in different communication scenarios, which will be described in detail below. For convenience of distinguishing description, this encryption process of the device will be referred to as a first encryption process hereinafter, and encrypted data obtained after the first encryption process will be referred to as first encrypted data.
In some embodiments, for example, in a communication scenario in which a device sends communication data that does not include sensitive information to a server, the device performs a first encryption process on the communication data, and after obtaining the first encrypted data, transmits the first encrypted data to a gateway. And the gateway directly and transparently transmits the first encrypted data to the server after receiving the first encrypted data.
In other embodiments, the device performs a first encryption process on the communication data to obtain first encrypted data, and then transmits the first encrypted data to the gateway or the APP that controls the device. After the APP or the gateway receives the first encrypted data, the APP or the gateway performs second encryption processing on the first encrypted data to obtain second encrypted data, and sends the second encrypted data to the server.
S202, decrypting the first encrypted data to obtain the communication data.
S203, decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data.
S204, corresponding response operation is carried out according to the communication data.
After receiving the first encrypted data transmitted by the gateway, the server decrypts the first encrypted data to obtain decrypted communication data, and then the server performs corresponding response operation according to the communication data.
Or when the server receives the second encrypted data sent by the APP or the gateway, the server firstly carries out corresponding decryption processing on the second encrypted data to obtain first encrypted data, and then decrypts the first encrypted data to obtain communication data. And then, the server performs corresponding response operation according to the decrypted communication data. For different communication scenarios, the server performs different response operations.
Illustratively, in some embodiments, when the communication data does not include sensitive information, e.g., a communication scenario in which the Device reports the attribute message, the Device AES encrypts the communication data using the Device key Device access key to obtain encrypted message body data, and transmits the encrypted message body data to the gateway.
The gateway transparently passes the encrypted message body data to the server. Optionally, the gateway transparently passes the encrypted message body data to the device topic, and the server obtains the encrypted message body data through the device topic.
The server adopts the Device key device_access_key to carry out AES decryption on the encrypted message body data to obtain communication data, carries out response processing according to the communication data, carries out AES encryption on the response data by adopting the Device key device_access_key to obtain encrypted response data, and transmits the encrypted response data to the gateway. Optionally, the server transmits the encrypted response data to the device topic, and the gateway obtains the encrypted response data through the device topic.
The gateway transmits the acquired encrypted response data to the Device, and when the Device receives the encrypted response data, the Device adopts the Device key Device access key to carry out AES decryption on the encrypted response data, so as to obtain response data. Further, the device may perform a corresponding operation based on the response data.
For example, in some embodiments, when the communication data to be sent by the Device in the current communication scenario includes sensitive information, for example, when the Device is on line, the Device first uses the Device key device_access_key to encrypt the random number by AES (Advanced Encryption Standard ) to obtain an encrypted random number, and then uses the Cloud public key cloud_public_key to encrypt the communication data including the encrypted random number and the information such as the Device ID by AES to obtain ciphertext data. The device then transmits ciphertext data, and plaintext data including information such as a device ID, a MAC address (Media Access Control Address, a lan address), and the like, to the gateway.
The gateway combines the received ciphertext data and plaintext data into a data body with a corresponding format, such as a Vlink JSON data body, and adopts a gateway key access_key to carry out AES encryption on the data body containing the ciphertext data and the plaintext data to obtain message request body data, and sends the message request body data to the server.
In some embodiments, the queue format of the communication between the device and the gateway and the server is preset, for example, the queue format is set to be uniform as { uplink and downlink identification }/{ gateway ID }/sub/{ device ID }. For example, assuming that the gateway ID is 10000001, the a device ID is 10000002, and the b device ID is 10000003, there are:
gateway topic: viot_up_raw/10000001/10000001;
a device topic: viot_up_raw/10000001/10000002;
device B topic: viot_up_raw/10000001/10000003.
Optionally, after the gateway obtains the message request body data, the gateway sends the message request body data to the gateway topic, and the cloud side obtains the message request body data through the gateway topic.
After obtaining the message request body data, the server adopts the gateway key access_key to carry out AES decryption on the message request body data to obtain a data body containing ciphertext data and plaintext data. And then, the server adopts a Cloud private key cloud_private_key to carry out AES decryption on the ciphertext data to obtain communication data containing the encrypted random number. Then, the server inquires and acquires a Device key device_access_key corresponding to the Device ID according to the Device ID, AES (advanced encryption standard) encryption is carried out on the obtained random number by adopting the Device key device_access_key, the encryption result is compared with the encrypted random number obtained by decryption, and if the encryption result and the encrypted random number are consistent, the authentication Device is legal; otherwise, if the two are inconsistent, the authentication equipment is illegal. The server returns the authentication result to the gateway.
In other embodiments, in a communication scenario where the validity of the Device needs to be verified and a session key with the Device is acquired, for example, when the Device is configured with a network, the Device uses a Device key device_access_key to AES encrypt a random number to obtain an encrypted random number, uses a Cloud public key cloud_public_key to AES encrypt communication data including the random number, the encrypted random number, a Device ID, and a MAC address to obtain ciphertext data, and sends the ciphertext data to an APP that controls the Device.
The APP acquires corresponding request body data according to the ciphertext data spliced by the communication protocol interacted with the server, carries out AES encryption on the request body data containing the ciphertext data by adopting the application key app_secret, acquires encrypted request body data, sends the encrypted request body data to the server, and initiates a request to the server.
The server acquires an application key app_secret according to the APP_ID corresponding to the APP, and adopts the application key app_secret to carry out AES decryption on the encrypted request body data to obtain ciphertext data, and adopts a Cloud private key cloud_private_key to carry out AES decryption on the ciphertext data to obtain communication data.
According to the Device ID obtained by decryption, a Device key device_access_key corresponding to the Device is obtained, the server adopts the Device key device_access_key to carry out AES decryption on encrypted random numbers in communication data obtained by decryption, the decryption result is compared with the random numbers in the communication data obtained by decryption, and if the decryption result is consistent with the random numbers in the communication data obtained by decryption, the authentication Device is legal; otherwise, if the two are inconsistent, the authentication equipment is illegal.
After the authentication Device is legal, the server randomly generates a session key of the Device and the APP, and adopts the Device public key to carry out AES encryption on the session key to obtain an encrypted session key, and adopts the application key APP secret to carry out AES encryption on response data containing the session key and the encrypted session key to obtain encrypted response data, and the encrypted response data is returned to the APP.
The APP adopts the application key app_secret to carry out AES decryption on the encrypted response data to obtain a session key and an encrypted session key, and the encrypted session key is transmitted to the device.
When receiving an encrypted session key sent by an APP, equipment private key Device private key is adopted to carry out AES decryption on the encrypted session key to obtain a session key session_key, and the session key session_key obtained by equipment decryption is consistent with the session_key obtained by APP decryption. The device then communicates with the APP according to the consistent session key.
According to the embodiment, the device performs first encryption processing on communication data according to the current communication scene (different encryption processing corresponding to different communication scenes) to obtain first encryption data, then the device transmits the first encryption data to the APP or the gateway, the APP or the gateway performs second encryption processing on the first encryption data to obtain second encryption data, the second encryption data is sent to the server, the server decrypts the second encryption data to obtain first encryption data, and the first encryption data is decrypted to obtain communication data; or the device transmits the first encrypted data to the gateway, the gateway transmits the first encrypted data to the server, and the server decrypts the first encrypted data to obtain communication data so as to perform corresponding response operation according to the communication data, thereby realizing flexible encrypted transmission of the communication data, and improving the safety of communication data transmission.
Referring to fig. 4, fig. 4 is a schematic block diagram of an apparatus according to an embodiment of the present application. As shown in fig. 4, device 400 may include a processor 410 and a memory 420. The processor 410 and the memory 420 are connected by a bus, such as an I2C (Inter-integrated Circuit) bus.
Specifically, the processor 410 may be a Micro-controller unit (MCU), a central processing unit (Central Processing Unit, CPU), a digital signal processor (Digital Signal Processor, DSP), or the like.
Specifically, the Memory 420 may be a Flash chip, a Read-Only Memory (ROM) disk, an optical disk, a U-disk, a removable hard disk, or the like.
Wherein the processor is configured to run a computer program stored in the memory and to implement the following steps when the computer program is executed:
according to the current communication scene of the equipment, carrying out first encryption processing on communication data to obtain first encrypted data; wherein, different communication scenes correspond to different encryption processes;
transmitting the first encrypted data to an APP or a gateway so that the APP or the gateway can perform second encryption processing on the first encrypted data to obtain second encrypted data, and transmitting the second encrypted data to a server; the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data; or alternatively
And transmitting the first encrypted data to a gateway so that the gateway can transmit the first encrypted data to the server, and the server decrypts the first encrypted data to obtain the communication data and performs corresponding response operation according to the communication data.
In some embodiments, when implementing the first encryption processing on the communication data according to the current communication scenario of the device, the processor obtains first encrypted data, specifically implementing:
if the communication data contains sensitive information, the equipment adopts an equipment key to carry out AES encryption on the random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on the communication data containing the encrypted random number to obtain ciphertext data;
the processor is configured to, when implementing the transmission of the first encrypted data to an APP or a gateway, to perform a second encryption process on the first encrypted data by the APP or the gateway to obtain second encrypted data, and send the second encrypted data to a server, where the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs a corresponding response operation according to the communication data, specifically implement:
Sending the ciphertext data and plaintext data containing the equipment ID to a gateway so that the gateway can carry out AES encryption on the ciphertext data and the plaintext data by adopting a gateway key to obtain message request body data, and sending the message request body data to the server; the server adopts a gateway key to carry out AES decryption on the message request body data to obtain the ciphertext data, adopts a cloud private key to carry out AES decryption on the ciphertext data to obtain communication data containing the encrypted random number, obtains the equipment key according to the equipment ID, carries out AES encryption on the random number by adopting the equipment key, compares an encryption result with the encrypted random number obtained by decryption, authenticates the validity of the equipment, and returns an authentication result to the gateway.
In some embodiments, the processor performs a first encryption process on the communication data according to the current communication scenario of the device to obtain first encrypted data, where the implementation includes:
if the communication data does not contain sensitive information, the equipment adopts an equipment key to carry out AES encryption on the communication data to obtain encrypted message body data;
The processor is configured to, when implementing the transmitting the first encrypted data to the gateway, for the gateway to transmit the first encrypted data to the server, decrypt the first encrypted data by using the server to obtain the communication data, and perform a corresponding response operation according to the communication data, specifically implement:
transmitting the encrypted message body data to a gateway for the gateway to transparently transmit the encrypted message body data to the server; the server adopts the equipment key to carry out AES decryption on the encrypted message body data to obtain the communication data, carries out response processing according to the communication data, carries out AES encryption on the response data by adopting the equipment key to obtain encrypted response data, and transmits the encrypted response data to the gateway, and the gateway transmits the encrypted response data to the equipment;
and when the encrypted response data is received, performing AES decryption on the encrypted response data by adopting the equipment key to obtain the response data.
In some embodiments, when implementing the first encryption processing on the communication data according to the current communication scenario of the device, the processor obtains first encrypted data, specifically implementing:
If the communication scene is a device distribution network, the device adopts a device key to carry out AES encryption on a random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on communication data containing the random number, the encrypted random number and a device ID to obtain ciphertext data;
the processor is configured to, when implementing the transmission of the first encrypted data to an APP or a gateway, to perform a second encryption process on the first encrypted data by the APP or the gateway to obtain second encrypted data, and send the second encrypted data to a server, where the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs a corresponding response operation according to the communication data, specifically implement:
sending the ciphertext data to an APP (application program) so that the APP can carry out AES (advanced encryption standard) encryption on the ciphertext data by adopting an application key to obtain encryption request body data, and sending the encryption request body data to the server; the server adopts the application key to carry out AES decryption on the encrypted request body data to obtain the ciphertext data, adopts a cloud private key to carry out AES decryption on the ciphertext data to obtain the communication data, obtains the equipment key according to the equipment ID, adopts the equipment key to carry out AES decryption on encrypted random numbers in the communication data obtained by decryption, compares a decryption result with the random numbers in the communication data obtained by decryption, and authenticates the legitimacy of the equipment; if the equipment is authenticated to be legal, randomly generating a session key of the equipment and the APP, performing AES encryption on the session key by adopting an equipment public key to obtain an encrypted session key, performing AES encryption on response data containing the session key and the encrypted session key by adopting the application key to obtain encrypted response data, and returning the encrypted response data to the APP; the APP carries out AES decryption on the encrypted response data by adopting the application key to obtain the session key and the encrypted session key, and transmits the encrypted session key to the equipment;
And when the encrypted session key is received, performing AES decryption on the encrypted session key by adopting a device private key to obtain the session key, and communicating with the APP according to the session key.
Referring to fig. 5, fig. 5 is a schematic block diagram of a server according to an embodiment of the present application. The server 500 includes a processor 510 and a memory 520, the processor 510 and the memory 520 being connected by a bus, such as an I2C (Inter-integrated Circuit) bus.
Specifically, the processor 510 may be a Micro-controller unit (MCU), a central processing unit (Central Processing Unit, CPU), a digital signal processor (Digital Signal Processor, DSP), or the like.
Specifically, the Memory 520 may be a Flash chip, a Read-Only Memory (ROM) disk, an optical disk, a U-disk, a removable hard disk, or the like.
Wherein the processor is configured to run a computer program stored in the memory and to implement the following steps when the computer program is executed:
receiving encrypted data transmitted by an APP or a gateway; the encrypted data is first encrypted data generated by performing first encryption processing on the communication data by the equipment according to the current communication scene; or the encrypted data is second encrypted data generated by performing first encryption processing on the communication data by the equipment according to the current communication scene, transmitting the first encrypted data to the APP or the gateway, and performing second encryption processing on the first encrypted data by the APP or the gateway; wherein, different communication scenes correspond to different encryption processes;
Decrypting the first encrypted data to obtain the communication data; or, decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data;
and carrying out corresponding response operation according to the communication data.
In some embodiments, when implementing the receiving the encrypted data transmitted by the APP or gateway, the processor specifically implements:
receiving the first encrypted data transmitted by the gateway; the first encrypted data is encrypted message body data, wherein if the communication data does not contain sensitive information, the equipment adopts an equipment key to carry out AES encryption on the communication data to obtain the encrypted message body data, and the encrypted message body data is transmitted to the gateway;
the processor, when implementing the decryption of the first encrypted data to obtain the communication data, specifically implements:
performing AES decryption on the encrypted message body data by adopting an equipment key to obtain the communication data;
when the processor realizes the corresponding response operation according to the communication data, the processor specifically realizes:
performing response processing according to the communication data, and performing AES encryption on the response data by adopting the equipment key to obtain encrypted response data;
Transmitting the encrypted response data to the gateway for the gateway to transmit the encrypted response data to the device; and when the equipment receives the encrypted response data, performing AES decryption on the encrypted response data by adopting the equipment key to obtain the response data.
In some embodiments, when implementing the receiving the encrypted data transmitted by the APP or gateway, the processor specifically implements:
receiving the second encrypted data transmitted by the gateway; the second encrypted data is message request body data, wherein if the communication data contains sensitive information, the device adopts a device key to carry out AES encryption on the random number to obtain an encrypted random number, adopts a cloud public key to carry out AES encryption on the communication data containing the encrypted random number to obtain ciphertext data, and sends the ciphertext data and plaintext data containing a device ID to the gateway; the gateway adopts a gateway key to carry out AES encryption on the ciphertext data and the plaintext data to obtain the message request body data;
the processor is specifically configured to, when implementing the decryption of the second encrypted data to obtain the first encrypted data and the decryption of the first encrypted data to obtain the communication data:
Performing AES decryption on the message request body data by adopting a gateway key to obtain the ciphertext data;
performing AES decryption on the ciphertext data by using a cloud private key to obtain communication data containing the encrypted random number;
when the processor realizes the corresponding response operation according to the communication data, the processor specifically realizes:
acquiring the equipment key according to the equipment ID, and performing AES encryption on the random number by adopting the equipment key;
comparing the encryption result with the encrypted random number obtained by decryption, authenticating the validity of the equipment, and returning the authentication result to the gateway.
In some embodiments, when implementing the receiving the encrypted data transmitted by the APP or gateway, the processor specifically implements:
receiving the second encrypted data transmitted by the APP; the second encrypted data is encrypted request body data, wherein if the communication scene is a device distribution network, the device uses a device key to carry out AES encryption on a random number to obtain an encrypted random number, uses a cloud public key to carry out AES encryption on communication data containing the random number, the encrypted random number and a device ID to obtain ciphertext data, and sends the ciphertext data to the APP; the APP carries out AES encryption on the ciphertext data by adopting an application key to obtain the encryption request body data;
The processor is specifically configured to, when implementing the decryption of the second encrypted data to obtain the first encrypted data and the decryption of the first encrypted data to obtain the communication data:
AES (advanced encryption standard) decryption is carried out on the encrypted request body data by adopting the application key to obtain the ciphertext data;
performing AES decryption on the ciphertext data by using a cloud private key to obtain the communication data;
when the processor realizes the corresponding response operation according to the communication data, the processor specifically realizes:
obtaining the equipment key according to the equipment ID, performing AES decryption on the encrypted random number in the communication data obtained by decryption by adopting the equipment key, comparing a decryption result with the random number in the communication data obtained by decryption, and authenticating the legitimacy of the equipment;
if the equipment is authenticated to be legal, randomly generating a session key of the equipment and the APP, and performing AES encryption on the session key by adopting an equipment public key to obtain an encrypted session key;
AES (advanced encryption standard) encryption is carried out on response data containing the session key and the encryption session key by adopting the application key to obtain encrypted response data;
Returning the encrypted response data to the APP so that the APP can carry out AES decryption on the encrypted response data by adopting the application key to obtain the session key and the encrypted session key, and transmitting the encrypted session key to the equipment; and when the equipment receives the encrypted session key, performing AES decryption on the encrypted session key by adopting an equipment private key to obtain the session key, and communicating with the APP according to the session key.
The embodiment of the application also provides an internet of things system, which can be, for example, the internet of things system shown in fig. 1, and the internet of things system comprises equipment and a server. It should be noted that the device may be the device illustrated in fig. 4, and the server may be the server illustrated in fig. 5.
Specific operations of communication between the device and the server in the internet of things system can be described in the foregoing embodiments, and will not be described herein.
An embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program includes program instructions, and the processor executes the program instructions to implement the steps of the communication method of the network access device provided in the foregoing embodiment.
The computer readable storage medium may be an internal storage unit of the device or the server of the foregoing embodiment, for example, a hard disk or a memory of the device or the server. The computer readable storage medium may also be an external storage device of a device or a server, such as a plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash memory Card (Flash Card) or the like, which are provided on the device or the server.
Because the computer program stored in the computer readable storage medium can execute any one of the communication methods of the network access device provided in the embodiments of the present application, the beneficial effects that can be achieved by any one of the communication methods of the network access device provided in the embodiments of the present application can be achieved, which are detailed in the previous embodiments and are not described herein again.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (11)

1. A communication method of a network access device, applied to a device, comprising:
according to the current communication scene of the equipment, carrying out first encryption processing on communication data to obtain first encrypted data; wherein, different communication scenes correspond to different encryption processes;
transmitting the first encrypted data to an APP or a gateway so that the APP or the gateway can perform second encryption processing on the first encrypted data to obtain second encrypted data, and transmitting the second encrypted data to a server; the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs corresponding response operation according to the communication data; or alternatively
Transmitting the first encrypted data to a gateway so that the gateway can transmit the first encrypted data to the server, decrypting the first encrypted data by the server to obtain the communication data, and performing corresponding response operation according to the communication data;
the method for obtaining the first encrypted data includes the steps of:
If the communication data contains sensitive information, the equipment adopts an equipment key to carry out AES encryption on the random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on the communication data containing the encrypted random number to obtain ciphertext data;
if the communication data does not contain sensitive information, the equipment adopts an equipment key to carry out AES encryption on the communication data to obtain encrypted message body data;
if the communication scene is a device distribution network, the device adopts a device key to carry out AES encryption on the random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on communication data containing the random number, the encrypted random number and the device ID to obtain ciphertext data.
2. The communication method of the network access device according to claim 1, wherein if the communication data includes sensitive information, the device uses a device key to AES encrypt a random number to obtain an encrypted random number, uses a cloud public key to AES encrypt the communication data including the encrypted random number to obtain ciphertext data, and then transmits the first encrypted data to an APP or a gateway to obtain second encrypted data by performing a second encryption process on the first encrypted data by the APP or the gateway, and transmits the second encrypted data to a server, and the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs a corresponding response operation according to the communication data, including:
Sending the ciphertext data and plaintext data containing the equipment ID to a gateway so that the gateway can carry out AES encryption on the ciphertext data and the plaintext data by adopting a gateway key to obtain message request body data, and sending the message request body data to the server; the server adopts a gateway key to carry out AES decryption on the message request body data to obtain the ciphertext data, adopts a cloud private key to carry out AES decryption on the ciphertext data to obtain communication data containing the encrypted random number, obtains the equipment key according to the equipment ID, carries out AES encryption on the random number by adopting the equipment key, compares an encryption result with the encrypted random number obtained by decryption, authenticates the validity of the equipment, and returns an authentication result to the gateway.
3. The method according to claim 1, wherein if the communication data does not include sensitive information, the device AES encrypts the communication data with a device key to obtain encrypted message body data, and then transmits the first encrypted data to a gateway, so that the gateway can transmit the first encrypted data to the server, and the server decrypts the first encrypted data to obtain the communication data, and performs a corresponding response operation according to the communication data, and includes:
Transmitting the encrypted message body data to a gateway for the gateway to transparently transmit the encrypted message body data to the server; the server adopts the equipment key to carry out AES decryption on the encrypted message body data to obtain the communication data, carries out response processing according to the communication data, carries out AES encryption on the response data by adopting the equipment key to obtain encrypted response data, and transmits the encrypted response data to the gateway, and the gateway transmits the encrypted response data to the equipment;
and when the encrypted response data is received, performing AES decryption on the encrypted response data by adopting the equipment key to obtain the response data.
4. The communication method of the network access device according to claim 1, wherein if the communication scenario is a device configuration network, the device uses a device key to AES encrypt a random number to obtain an encrypted random number, uses a cloud public key to AES encrypt communication data including the random number, the encrypted random number, and a device ID to obtain ciphertext data, and then transmits the first encrypted data to an APP or a gateway to perform a second encryption process on the first encrypted data to obtain second encrypted data, and transmits the second encrypted data to a server, and the server decrypts the second encrypted data to obtain the first encrypted data, decrypts the first encrypted data to obtain the communication data, and performs a corresponding response operation according to the communication data, including:
Sending the ciphertext data to an APP (application program) so that the APP can carry out AES (advanced encryption standard) encryption on the ciphertext data by adopting an application key to obtain encryption request body data, and sending the encryption request body data to the server; the server adopts the application key to carry out AES decryption on the encrypted request body data to obtain the ciphertext data, adopts a cloud private key to carry out AES decryption on the ciphertext data to obtain the communication data, obtains the equipment key according to the equipment ID, adopts the equipment key to carry out AES decryption on encrypted random numbers in the communication data obtained by decryption, compares a decryption result with the random numbers in the communication data obtained by decryption, and authenticates the legitimacy of the equipment; if the equipment is authenticated to be legal, randomly generating a session key of the equipment and the APP, performing AES encryption on the session key by adopting an equipment public key to obtain an encrypted session key, performing AES encryption on response data containing the session key and the encrypted session key by adopting the application key to obtain encrypted response data, and returning the encrypted response data to the APP; the APP carries out AES decryption on the encrypted response data by adopting the application key to obtain the session key and the encrypted session key, and transmits the encrypted session key to the equipment;
And when the encrypted session key is received, performing AES decryption on the encrypted session key by adopting a device private key to obtain the session key, and communicating with the APP according to the session key.
5. A communication method of a network access device, applied to a server, comprising:
receiving encrypted data transmitted by an APP or a gateway; the encrypted data is first encrypted data generated by performing first encryption processing on the communication data by the equipment according to the current communication scene; or the encrypted data is second encrypted data generated by performing first encryption processing on the communication data by the equipment according to the current communication scene, transmitting the first encrypted data to the APP or the gateway, and performing second encryption processing on the first encrypted data by the APP or the gateway; wherein, different communication scenes correspond to different encryption processes; the device performs a first encryption process on communication data according to a current communication scene, including:
if the communication data contains sensitive information, the equipment adopts an equipment key to carry out AES encryption on the random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on the communication data containing the encrypted random number to obtain ciphertext data;
If the communication data does not contain sensitive information, the equipment adopts an equipment key to carry out AES encryption on the communication data to obtain encrypted message body data;
if the communication scene is a device distribution network, the device adopts a device key to carry out AES encryption on a random number to obtain an encrypted random number, and adopts a cloud public key to carry out AES encryption on communication data containing the random number, the encrypted random number and a device ID to obtain ciphertext data;
decrypting the first encrypted data to obtain the communication data; or, decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data;
and carrying out corresponding response operation according to the communication data.
6. The method for communication of the network access device according to claim 5, wherein the receiving encrypted data transmitted by the APP or the gateway comprises:
receiving the first encrypted data transmitted by the gateway; the first encrypted data is encrypted message body data, wherein if the communication data does not contain sensitive information, the equipment adopts an equipment key to carry out AES encryption on the communication data to obtain the encrypted message body data, and the encrypted message body data is transmitted to the gateway;
The decrypting the first encrypted data to obtain the communication data includes:
performing AES decryption on the encrypted message body data by adopting an equipment key to obtain the communication data;
the corresponding response operation according to the communication data comprises the following steps:
performing response processing according to the communication data, and performing AES encryption on the response data by adopting the equipment key to obtain encrypted response data;
transmitting the encrypted response data to the gateway for the gateway to transmit the encrypted response data to the device; and when the equipment receives the encrypted response data, performing AES decryption on the encrypted response data by adopting the equipment key to obtain the response data.
7. The method for communication of the network access device according to claim 5, wherein the receiving encrypted data transmitted by the APP or the gateway comprises:
receiving the second encrypted data transmitted by the gateway; the second encrypted data is message request body data, wherein if the communication data contains sensitive information, the device adopts a device key to carry out AES encryption on the random number to obtain an encrypted random number, adopts a cloud public key to carry out AES encryption on the communication data containing the encrypted random number to obtain ciphertext data, and sends the ciphertext data and plaintext data containing a device ID to the gateway; the gateway adopts a gateway key to carry out AES encryption on the ciphertext data and the plaintext data to obtain the message request body data;
The decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data includes:
performing AES decryption on the message request body data by adopting a gateway key to obtain the ciphertext data;
performing AES decryption on the ciphertext data by using a cloud private key to obtain communication data containing the encrypted random number;
the corresponding response operation according to the communication data comprises the following steps:
acquiring the equipment key according to the equipment ID, and performing AES encryption on the random number by adopting the equipment key;
comparing the encryption result with the encrypted random number obtained by decryption, authenticating the validity of the equipment, and returning the authentication result to the gateway.
8. The method for communication of the network access device according to claim 5, wherein the receiving encrypted data transmitted by the APP or the gateway comprises:
receiving the second encrypted data transmitted by the APP; the second encrypted data is encrypted request body data, wherein if the communication scene is a device distribution network, the device uses a device key to carry out AES encryption on a random number to obtain an encrypted random number, uses a cloud public key to carry out AES encryption on communication data containing the random number, the encrypted random number and a device ID to obtain ciphertext data, and sends the ciphertext data to the APP; the APP carries out AES encryption on the ciphertext data by adopting an application key to obtain the encryption request body data;
The decrypting the second encrypted data to obtain the first encrypted data, and decrypting the first encrypted data to obtain the communication data includes:
AES (advanced encryption standard) decryption is carried out on the encrypted request body data by adopting the application key to obtain the ciphertext data;
performing AES decryption on the ciphertext data by using a cloud private key to obtain the communication data;
the corresponding response operation according to the communication data comprises the following steps:
obtaining the equipment key according to the equipment ID, performing AES decryption on the encrypted random number in the communication data obtained by decryption by adopting the equipment key, comparing a decryption result with the random number in the communication data obtained by decryption, and authenticating the legitimacy of the equipment;
if the equipment is authenticated to be legal, randomly generating a session key of the equipment and the APP, and performing AES encryption on the session key by adopting an equipment public key to obtain an encrypted session key;
AES (advanced encryption standard) encryption is carried out on response data containing the session key and the encryption session key by adopting the application key to obtain encrypted response data;
returning the encrypted response data to the APP so that the APP can carry out AES decryption on the encrypted response data by adopting the application key to obtain the session key and the encrypted session key, and transmitting the encrypted session key to the equipment; and when the equipment receives the encrypted session key, performing AES decryption on the encrypted session key by adopting an equipment private key to obtain the session key, and communicating with the APP according to the session key.
9. An apparatus comprising a processor and a memory, the memory having stored therein a computer program, the processor, when calling the computer program in the memory, performing the method of communication of the network access apparatus according to any one of claims 1 to 4.
10. A server comprising a processor and a memory, wherein the memory has stored therein a computer program, which when invoked by the processor performs the communication method of the network access device according to any of claims 5 to 8.
11. An internet of things system comprising the apparatus of claim 9 and the server of claim 10.
CN202010056384.4A 2020-01-18 2020-01-18 Communication method, device, server, system and storage medium of network access device Active CN113141333B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010056384.4A CN113141333B (en) 2020-01-18 2020-01-18 Communication method, device, server, system and storage medium of network access device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010056384.4A CN113141333B (en) 2020-01-18 2020-01-18 Communication method, device, server, system and storage medium of network access device

Publications (2)

Publication Number Publication Date
CN113141333A CN113141333A (en) 2021-07-20
CN113141333B true CN113141333B (en) 2023-05-09

Family

ID=76808562

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010056384.4A Active CN113141333B (en) 2020-01-18 2020-01-18 Communication method, device, server, system and storage medium of network access device

Country Status (1)

Country Link
CN (1) CN113141333B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001735B (en) * 2022-04-18 2023-12-12 广西电网有限责任公司电力科学研究院 Power system data security processing method and system
CN116055207B (en) * 2023-01-31 2023-10-03 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1291396A (en) * 1998-12-21 2001-04-11 松下电器产业株式会社 Communication system and communication method
CN101483867A (en) * 2008-01-10 2009-07-15 中国移动通信集团公司 User identity verification method, related device and system in WAP service
CN109982281A (en) * 2017-12-27 2019-07-05 上海未来宽带技术股份有限公司 A kind of communication system and method based on LoRaWAN

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009149579A1 (en) * 2008-06-10 2009-12-17 上海贝尔阿尔卡特股份有限公司 Secure communication method and apparatus based on ibe algorithm in the store and forward manner
US10748146B2 (en) * 2009-06-16 2020-08-18 Heartland Payment Systems, Llc Tamper-resistant secure methods, systems and apparatuses for credit and debit transactions
CN102142961B (en) * 2010-06-30 2014-10-08 华为技术有限公司 Method, device and system for authenticating gateway, node and server
CN105208028B (en) * 2015-09-30 2019-03-15 北京金山安全软件有限公司 Data transmission method and related device and equipment
CN106028320A (en) * 2016-07-26 2016-10-12 深圳市金立通信设备有限公司 Data security transmission method, terminal and server
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN109450931A (en) * 2018-12-14 2019-03-08 北京知道创宇信息技术有限公司 A kind of secure internet connection method, apparatus and PnP device
CN109951479A (en) * 2019-03-19 2019-06-28 中国联合网络通信集团有限公司 A kind of communication means, equipment and communication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1291396A (en) * 1998-12-21 2001-04-11 松下电器产业株式会社 Communication system and communication method
CN101483867A (en) * 2008-01-10 2009-07-15 中国移动通信集团公司 User identity verification method, related device and system in WAP service
CN109982281A (en) * 2017-12-27 2019-07-05 上海未来宽带技术股份有限公司 A kind of communication system and method based on LoRaWAN

Also Published As

Publication number Publication date
CN113141333A (en) 2021-07-20

Similar Documents

Publication Publication Date Title
JP7119040B2 (en) Data transmission method, device and system
US10812969B2 (en) System and method for configuring a wireless device for wireless network access
CN108696411B (en) Device for use in a CAN system
CN109088889B (en) SSL encryption and decryption method, system and computer readable storage medium
EP3210335B1 (en) Efficient start-up for secured connections and related services
US10567165B2 (en) Secure key transmission protocol without certificates or pre-shared symmetrical keys
US9668230B2 (en) Security integration between a wireless and a wired network using a wireless gateway proxy
US9497171B2 (en) Method, device, and system for securely sharing media content from a source device
EP3518458B1 (en) Method and device for secure communications over a network using a hardware security engine
KR101740957B1 (en) Data certification and acquisition method for vehicle
US20150341178A1 (en) Certificate issuing system, client terminal, server device, certificate acquisition method, and certificate issuing method
CN108809907B (en) Certificate request message sending method, receiving method and device
CN112351037B (en) Information processing method and device for secure communication
KR20150079489A (en) Instant messaging method and system
CN113207322B (en) Communication method and communication device
CN113141333B (en) Communication method, device, server, system and storage medium of network access device
WO2022041151A1 (en) Device verification method, device, and cloud
CN106487761B (en) Message transmission method and network equipment
US9876774B2 (en) Communication security system and method
WO2022094936A1 (en) Access method, device, and cloud platform device
CN114500064A (en) Communication security verification method and device, storage medium and electronic equipment
CN114285557A (en) Communication encryption method, system and device
CN111865956A (en) System, method, device and storage medium for preventing service hijacking
CN108737093B (en) Encryption method, device and system
CN116599772B (en) Data processing method and related equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant