CN114844720A - Internet of things data encryption transmission method, system, server and client - Google Patents

Internet of things data encryption transmission method, system, server and client Download PDF

Info

Publication number
CN114844720A
CN114844720A CN202210630707.5A CN202210630707A CN114844720A CN 114844720 A CN114844720 A CN 114844720A CN 202210630707 A CN202210630707 A CN 202210630707A CN 114844720 A CN114844720 A CN 114844720A
Authority
CN
China
Prior art keywords
client
server
connection
message
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210630707.5A
Other languages
Chinese (zh)
Other versions
CN114844720B (en
Inventor
邓盛名
胡勇胜
陈金鑫
余斌
李华喜
罗红祥
康志远
丁旭
马腾飞
黄孔
谭曜堃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Wuling Power Technology Co Ltd
Original Assignee
Hunan Wuling Power Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Wuling Power Technology Co Ltd filed Critical Hunan Wuling Power Technology Co Ltd
Priority to CN202210630707.5A priority Critical patent/CN114844720B/en
Publication of CN114844720A publication Critical patent/CN114844720A/en
Application granted granted Critical
Publication of CN114844720B publication Critical patent/CN114844720B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method, a system, a server and a client for encrypting and transmitting internet of things data, wherein the method comprises the following steps: receiving a connection request message sent by a client, performing access verification according to the connection request message, generating a service key after the access verification is passed, and returning a connection confirmation message; receiving a first release message sent by a client, generating a session key according to a service key and the extracted client key, and returning a message release completion notification; acquiring an Internet of things data ciphertext transmitted by a client, and decrypting the Internet of things data ciphertext through a session key to obtain an Internet of things data plaintext; the method comprises the steps of carrying out communication authentication on a client side in communication, triggering active cheating when the communication authentication level is dangerous, sending a server side fault message to the client side through the active cheating, controlling the client side to enter a connection cycle, and disconnecting the connection when the connection cycle is finished. The invention improves the security of the data transmission of the Internet of things through autonomous negotiation and active cheating.

Description

Internet of things data encryption transmission method, system, server and client
Technical Field
The invention relates to the technical field of Internet of things, in particular to an Internet of things data encryption transmission method, system, server and client.
Background
The Internet of things is one of the most promising industries at present, and plays a very important role in aspects of driving the digital transformation of the traditional hydropower industry, promoting the optimized and upgraded structure of the hydropower industry and the like. However, the conventional internet of things data transmission method has the following problems: on one hand, when the client and the server establish communication connection, a third party CA certificate is generally adopted for safety certification, so that the resource use of encryption and decryption of the data of the Internet of things is increased, the risk of information leakage caused by the third party exists, and the safety of the data transmission of the Internet of things cannot be effectively ensured; on the other hand, when the problem of eavesdropping and data tampering is solved, the security of the data transmission of the internet of things is ensured mainly depending on the complexity of an encryption algorithm, that is, at present, in order to improve the security of the data transmission of the internet of things, the encryption algorithm with higher complexity is generally adopted to encrypt the data of the internet of things, however, the more complex the encryption algorithm is, the longer the length of the encrypted data is, and the problem that the reliability of the data transmission of the internet of things may be reduced may be caused.
Disclosure of Invention
Therefore, it is necessary to provide an internet of things data encryption transmission method, system, server and client for solving the above technical problems.
Based on the above object, a first aspect of the present invention provides an internet of things data encryption transmission method, including:
the server receives a connection request message sent by the client, performs access verification according to the connection request message, generates a service key after the access verification is passed, and sends a connection confirmation message to the client;
receiving a first release message sent by the client, generating a first session key according to a service key and a client key extracted from the first release message, and sending a message release completion notification to the client;
acquiring an internet of things data ciphertext transmitted by the client, and decrypting the internet of things data ciphertext through the first session key to obtain an internet of things data plaintext;
performing communication authentication on the client in communication to obtain a communication authentication level;
and when the communication authentication level is dangerous, triggering active cheating, sending a server fault message to the client through the active cheating, controlling the client to enter a connection cycle, and disconnecting the client when the connection cycle is finished.
A second aspect of the present invention provides a server, including:
the connection request module is used for receiving a connection request message sent by a client, performing access verification according to the connection request message, generating a service key after the access verification is passed, and sending a connection confirmation message to the client;
the connection establishing module is used for receiving a first release message sent by the client, generating a first session key according to a service key and a client key extracted from the first release message, and sending a message release completion notification to the client;
the encryption communication module is used for acquiring an internet of things data ciphertext transmitted by the client, and decrypting the internet of things data ciphertext through the first session key to obtain an internet of things data plaintext;
the communication authentication module is used for carrying out communication authentication on the client side in communication to obtain a communication authentication level;
and the active cheating module is used for triggering active cheating when the communication authentication level is dangerous, sending a server fault message to the client through the active cheating, controlling the client to enter a connection cycle, and disconnecting the client when the connection cycle is finished.
The third aspect of the present invention provides an internet of things data encryption transmission method, including:
the client sends the connection request message to the server and receives a connection confirmation message returned by the server after access inspection is carried out on the connection request message;
performing return verification according to the connection confirmation message, and generating a client key after the return verification is passed;
sending the first-time release message to a server, acquiring a service key after receiving a message release completion notification returned by the server, and generating a second session key according to the service key and the client key;
encrypting the data of the Internet of things through the second session key, and transmitting an encrypted data cipher text of the Internet of things to the server;
detecting whether a server fault message sent by the server during active cheating is received or not;
and when a fault message of the server is received, sending a connection attempt request message to the server, and entering a connection cycle until the server is disconnected.
A fourth aspect of the present invention provides a client, including:
the connection request module is used for sending a connection request message to a server and receiving a connection confirmation message returned by the server after access inspection is carried out on the server according to the connection request message;
the return checking module is used for carrying out return checking according to the connection confirmation message and generating a client key after the return checking is passed;
the connection establishing module is used for sending the first-time release message to the server, acquiring a service key after receiving a message release completion notification returned by the server, and generating a second session key according to the service key and the client key;
the encryption transmission module is used for encrypting the internet of things data through the second session key and transmitting an encrypted internet of things data ciphertext to the server;
the detection module is used for detecting whether a server fault message sent by the server during active cheating is received or not;
and the connection attempting module is used for sending a connection attempting request message to the server side when receiving the server side fault message, and entering connection circulation until the connection is disconnected with the server side.
The fifth aspect of the invention provides an internet of things data encryption transmission system, which comprises a client and a server;
the server receives the connection request message sent by the client, performs access verification according to the connection request message, generates a service key after the access verification is passed, and sends a connection confirmation message to the client;
the client receives the connection confirmation message returned by the server, performs return verification according to the connection confirmation message, and generates a client key after the return verification is passed;
the server receives a first release message sent by the client, generates a first session key according to the service key and the client key extracted from the first release message, and sends a message release completion notification to the client;
the client receives the message release completion notification returned by the server, and generates a second session key according to the client key and the service key extracted from the connection confirmation message;
the client encrypts the data of the Internet of things through the second session key, and transmits an encrypted data cipher text of the Internet of things to the server;
the server receives the internet of things data ciphertext sent by the client, and decrypts the internet of things data ciphertext through the first session key to obtain an internet of things data plaintext;
the server performs communication authentication on the client in communication to obtain a communication authentication level, triggers active spoofing when the communication authentication level is dangerous, sends a server fault message to the client through the active spoofing, controls the client to enter a connection cycle, and disconnects the client after the connection cycle is finished.
Compared with the traditional internet of things data transmission method, the internet of things data encryption transmission method has the following beneficial effects:
1) the server and the client generate a session key through autonomous negotiation, and third-party CA intervention is not needed, so that the leakage risk is reduced, and the safety of the data transmission of the Internet of things is improved;
2) through active cheating, a client side at an attack server side is enabled to be involved in meaningless decryption work, the safety of data transmission of the internet of things is further improved, and meanwhile the reliability of data transmission of the internet of things is guaranteed;
3) the secure connection between the client and the server is established based on an MQTT (Message Queuing telemeasuring Transmission) protocol, so that the method is simple and easy to use, and is suitable for most Internet of things data encryption transmission scenes.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a first flowchart of a method for encrypting and transmitting internet of things data according to a first embodiment of the present invention;
fig. 2 is a second flowchart of an internet of things data encryption transmission method according to a first embodiment of the present invention;
fig. 3 is a schematic structural diagram of a server according to a second embodiment of the present invention;
fig. 4 is a flowchart of an internet of things data encryption transmission method according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of a client according to a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an internet of things data encryption transmission system provided in the fifth embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention more clearly apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the invention provides an internet of things data encryption transmission method, which is characterized in that a server side and a client side establish safe connection through an MQTT (Message queue Telemetry Transport) protocol to realize encryption transmission of internet of things data, and active cheating is carried out on the client side when the server side detects that a transmission equipment code associated with the client side is in a blacklist. The main body of the internet of things data encryption transmission method provided by the embodiment of the invention is a server, and as shown in fig. 1, the internet of things data encryption transmission method comprises the following steps:
and step S10, the server receives the connection request message sent by the client, performs access verification according to the connection request message, generates a service key after the access verification is passed, and sends a connection confirmation message to the client.
In step S10, after the server obtains the connection request message sent by the client, the server may extract information required for access verification from the connection request message, and then obtain the requirement required for access verification stored by the server itself, and further perform access verification on the client according to the information required for access verification and the corresponding requirement to generate a verification result, if the verification result is that the access verification passes, the server independently generates a service key, and returns a connection confirmation message including the service key to the client, thereby establishing MQTT connection between the client and the server.
In a preferred embodiment, when the server includes a communication server and a blacklist server, the step S10 includes the following steps:
step S101, a connection request message sent by a client is received through a communication server, and whether a transmission equipment code exists in the connection request message is detected.
In this embodiment, the server includes, but is not limited to, a communication server, a blacklist server, and the like; the communication server is used for establishing connection, and the blacklist server is used for access verification. The client is arranged in the transmission device and is associated with a transmission device code, optionally, the transmission device code is a transmission device SN code. The connection request message may include a connection request packet (i.e., a CONNECT packet), a transport device code, and a timestamp; the time stamp is a 13-bit time stamp converted from the UCT time (i.e., world standard time), e.g., the UCT time is 2022-4-1321:28:55, and the time-converted 13-bit time stamp is 1649856535358.
That is, the server obtains the connection request message sent by the client through the communication server, detects whether the transmission device code exists in the connection request message, if not, returns the connection rejection message to the client, interrupts the connection with the client, waits for the client to resend the connection request message, and if so, enters step S102 to perform access verification through the blacklist server. Optionally, the blacklist server is provided with a database, which may contain a grey list, a white list and a blacklist.
And step S102, when the transmission equipment codes exist in the connection request message, extracting the transmission equipment codes and the time stamps from the connection request message through the blacklist server, and carrying out access verification on the client.
It can be understood that, when the transmission device code exists in the connection request message, the connection request message is transferred to the blacklist server, the transmission device code and the timestamp are extracted from the connection request message through the blacklist server, and the access check is performed on the client by referring to steps S1021 to S1023, that is, the access check in step S102 specifically includes the following steps:
step S1021, detecting whether the transmission equipment code is in an activated state and whether the difference value between the current time of the server and the time stamp is less than the failure time;
step S1022, if the transmission device is encoded in the active state and the difference between the current time of the server and the timestamp does not exceed the expiration time, determining that the access check is passed;
step S1023, if the transmission device code is in an inactive state, or the difference between the current time of the server and the timestamp is greater than or equal to the expiration time, it is determined that the access check fails, and the transmission device code is listed in a grey list.
Optionally, the expiration time is 180 seconds, that is, when the expiration time exceeds 180 seconds, it may be determined that the connection request packet is an expiration packet.
Understandably, the blacklist server acquires an activation list when performing access check, determines that the transmission equipment code is in an activation state if detecting that the transmission equipment code is in the activation list, and further determines that the access check is passed and grants the client access if detecting that the difference value between the current time of the server and the time stamp is not more than (namely less than) 180 seconds; and if the transmission equipment code is not detected in the activated list, or the difference value between the current time of the server and the time stamp is detected to exceed (namely is more than or equal to) 180 seconds, determining that the access check fails, temporarily listing the transmission equipment code in a grey list, and further transferring the transmission equipment code listed in the grey list to a black list when the access check of the client is detected to fail in the subsequent two times.
And step S103, when the transmission equipment codes are detected to be in an activated state and the difference value between the current time of the server and the time stamp is smaller than the failure time, determining that the access check is passed, and listing the transmission equipment codes in a white list.
Specifically, when the blacklist server detects that the transmission device code is in an activated state and the difference between the current time of the server and the timestamp is less than the failure time, it is determined that the access check is passed, and the transmission device code is listed in a white list, at this time, the transmission device associated with the transmission device code in the white list has an access right of a preset time, and preferably, the preset time is 24 hours.
And step S104, generating a service key through the communication server, generating a connection confirmation message according to the connection confirmation data packet, the service key and the transmission equipment code, and sending the connection confirmation message to the client.
In step S104, the method for generating the service key specifically includes: firstly, acquiring a target number x with the first last digit meeting a preset value range from a timestamp, preferably, the value range is more than 1 and less than or equal to 4, if the target number x meeting the preset value range does not exist in the timestamp, setting the target number x to be 3, generating two prime numbers p and q with x digits and a 2-digit prime number e through a random generator, and taking the prime number p as a service key.
Further, after the service side randomly generates the service key, a connection confirmation data packet (namely, a CONNACK data packet) is obtained, a connection confirmation message is generated according to the CONNACK data packet, the service key and the transmission equipment code, and the connection confirmation message containing the CONNACK data packet, the service key and the transmission equipment code is returned to the client side, so that MQTT connection between the service side and the client side is well established. It can be understood that in the embodiment, the access check is performed through the blacklist server, and the connection is established through the communication server, so that the reliability of the connection between the server and the client is ensured.
Step S20, receiving a first publishing message sent by the client, generating a first session key according to the service key and the client key sum extracted from the first publishing message, and sending a message publishing completion notification to the client.
That is, when the message is issued for the first time, the MQTT connection is established between the client and the server, but the secure connection is not established, at this time, the server acquires the message issued for the first time sent by the client, extracts the client key from the message issued for the first time, generates the session key (i.e., the first session key) of the server through the session key generation algorithm according to the client key and the service key of the server, and sends a message issuance completion notification to the client, thereby establishing the secure connection between the client and the server. The first session key is used for decrypting the internet of things data ciphertext transmitted by the client to obtain the internet of things data.
Preferably, when the session key (including the first session key and the second session key) consists of an encryption key and a decryption key, the session key generation algorithm may be:
Figure BDA0003679561940000061
wherein,
Figure BDA0003679561940000062
an encryption key and a decryption key that are session keys; f (x) is the first byte of the encryption key and decryption key; p and q are respectively a service key and a client key, namely two prime numbers with x digits are generated by a random generator; e. d is the second byte of the encryption key and the decryption key, respectively; mod [ 2 ]]Performing modulo operation; e d ≡ 1(mod [ δ ]]) Meaning e x d is divided by δ with a remainder of 1. Wherein e is a 2 x-bit prime number generated by a random generator in the service key generation method, taking the timestamp as 1649856535358 as an example, if the number with the first last bit satisfying the value range 1 < x ≦ 4 is 3, the target number x is 3, and therefore the second byte e of the encryption key is a 6-bit prime number.
And step S30, acquiring the Internet of things data ciphertext transmitted by the client, and decrypting the Internet of things data ciphertext through the first session key to obtain the Internet of things data plaintext.
In step S30, the internet of things data ciphertext refers to a ciphertext obtained by asymmetrically encrypting the internet of things data transmitted by the client.
That is, in the stable communication process, the server side obtains the data ciphertext of the internet of things transmitted by the client side, asymmetrically decrypts the data ciphertext of the internet of things by using the decryption key in the first session key to obtain the data plaintext of the internet of things, and then stores the data plaintext of the internet of things. The decryption algorithm adopted by the asymmetric decryption can be as follows:
Y * =Z 2d mod(f(x)),
wherein, Y * Plaintext is the data of the Internet of things; z is an Internet of things data ciphertext; (f (x), d) is a decryption key in the first session key.
It should be noted that both the step S20 and the step S30 can be executed by the communication server of the server, that is, the communication server is used for establishing connection and stabilizing communication.
Step S40, performing communication authentication on the communicating client to obtain a communication authentication level.
That is, in the stable communication process, the server acquires the communication data sent by the client, and performs communication authentication on the client according to the communication data through the authentication server to obtain a communication authentication level, wherein the communication authentication level is any one of safety, abnormity and danger.
In a preferred embodiment, when the service end further includes an authentication server, the step S40 may include the following steps:
step S401, a server side obtains communication data sent by a client side, and extracts a transmission equipment code and a time stamp from the communication data through an authentication server;
step S402, calling a database of a blacklist server to compare codes of the transmission equipment, and detecting whether a timestamp is qualified; the database contains a white list, a grey list and a black list;
step S403, if the transmission equipment code is in the white list and the time stamp is qualified, determining that the communication authentication level is safe;
step S404, if the transmission equipment code is in the grey list, the communication authentication level is determined to be abnormal;
step S405, if the transmission equipment code is in the blacklist, the communication authentication level is determined to be dangerous.
In this embodiment, the server further includes an authentication server; the authentication server is used for periodically authenticating the client in stable communication.
When the authentication server carries out communication authentication, communication data sent by the client side are extracted once according to a preset authentication period to obtain a transmission equipment code and a time stamp, when the transmission equipment code is in a white list and the time stamp is qualified, the communication authentication level is determined to be safe, and the step S60 is carried out to keep communication with the client side until a connection release control message sent by the client side is received; when the transmission device code is in the grey list, determining that the communication authentication level is abnormal, and entering step S70 to actively interrupt the connection with the client and wait for the connection to be reestablished with the client; when the transmission device code is in the blacklist, the communication authentication level is determined to be dangerous, and step S50 is entered to actively cheat the client and no longer accept the connection requirement. The qualified timestamp means that the difference value between the current time of the server and the timestamp is less than 180 seconds; the authentication period is set as required, optionally 12 hours. It can be understood that, in the embodiment, the security of the communication between the server and the client can be improved by performing the communication authentication through the authentication server.
And step S50, when the communication authentication level is dangerous, triggering active cheating, sending a server fault message to the client through the active cheating, controlling the client to enter a connection cycle, and disconnecting the client when the connection cycle is finished.
In step S50, when the server detects that the communication authentication level is dangerous, the server performs active spoofing on the client, first sends a server failure message to the client to request the client to reestablish connection, controls the client to enter a connection loop when the client attempts to connect, and ends the connection loop process when the connection loop process meets a loop end condition, and sends the server failure message to the client while disconnecting the connection with the client, so as to avoid receiving the connection requirement of the client. Optionally, the cycle end condition is that the number of connection attempts of the client reaches a preset connection number limit.
In a preferred embodiment, the active spoofing in step S50 specifically includes the following steps:
step S501, when the server side actively cheats, the server side sends a server side fault message to the client side;
step S502, acquiring a decryption algorithm, updating the complexity of the decryption algorithm to obtain a deception algorithm, and moving a client side establishing connection to a blacklist server;
step S503, receiving the attempted connection request message sent by the client through the blacklist server, recording the attempted connection times, and generating a plurality of true-like keys according to the complexity of the service key;
step S504, generating a connection control message according to the plurality of true-like secret keys so as to control the client to enter a connection cycle;
and step S505, when the connection attempt times reach the preset connection time limit value, sending a server fault message to the client, and disconnecting the connection with the client.
In this embodiment, the blacklist server is further configured to, in response to an attempted connection of the client in active spoofing, cause the client to enter a connection loop. The fault message of the server includes but is limited to message length, message time, fault codes and the like, and the fault codes are divided into two types, one type is real fault information, and the other type is active deception fault codes. The connection time limit may be set according to a requirement, and optionally, the connection time limit is set to 100 times.
Understandably, when the server side actively cheats, firstly, the server side fault message is sent to the client side, the complexity n of the initial decryption algorithm is updated to be the square of n, the cheating algorithm is obtained, the client side with the established connection is transferred to the blacklist server, the attempted connection of the client side is transferred to the blacklist server for processing, and resources of the server side can be saved. For the deception algorithm, on one hand, the risk of cracking of the initial decryption algorithm can be prevented, and on the other hand, the complexity of the decryption algorithm can be increased, so that the computing resources of a cracker are consumed.
Then, receiving an attempted connection request message which is sent by a client and contains an attempted connection data packet, transmission equipment codes and a time stamp through a blacklist server, recording the number of attempted connection times, and obtaining a plurality of class true keys through a class true key generation method according to the complexity of an initial service key. The true key generation method adopts the following steps: according to an initial service key p, two adjacent prime numbers g larger than the service key p are obtained 1 And g 2 And two adjacent prime numbers g smaller than the service key p 3 And g 4 And four prime numbers g 1 、g 2 、g 3 And g 4 As a prime number key, further, four prime numbers g 1 、g 2 、g 3 And g 4 And cross multiplication is carried out to obtain a non-prime number key, and the prime number key and the non-prime number key are used as a true-like key of the service key p.
And finally, acquiring a connection control data packet, combining the connection control data packet with the plurality of class true keys and the timestamps to generate a connection control message, sending the connection control message to the client, controlling the client to enter a connection cycle according to the plurality of class true keys, sending a server fault message to the client after the connection attempt times exceed 100 times, and disconnecting the connection with the client.
Further, as shown in fig. 2, after the step S40, the following steps may be included:
and step S60, when the communication authentication level is abnormal, interrupting the connection with the client, waiting for the connection to be reestablished with the client, and if the communication authentication level is detected to be abnormal again, converting the communication authentication level from abnormal to dangerous.
In step S60, when the server detects that the communication authentication level is safe, the server temporarily interrupts the connection with the client, updates the database called from the blacklist server and jumps to the connection establishment process, and further, when the server reestablishes the connection with the client, if it detects that the transmission device code is not in the white list yet, it determines that the communication authentication level is still abnormal, and moves the transmission device code from the grey list to the blacklist, and at the same time, turns the communication authentication level from abnormal to dangerous.
And step S70, when the communication authentication level is safe, the connection with the client is kept, and when a connection releasing request sent by the client is received, the connection with the client is disconnected.
In step S70, when the server detects that the communication authentication level is security, the server continues to maintain connection with the client, and detects whether a connection release request sent by the client is received in real time, and if the connection release request is received, disconnects the connection with the client.
As can be seen from the above, the method for encrypting and transmitting data of an internet of things provided in the embodiment of the present invention has the following advantages compared with the existing method for encrypting and transmitting data of an internet of things:
1) the server and the client generate a session key through autonomous negotiation, and third-party CA intervention is not needed, so that the leakage risk is reduced, and the safety of the data transmission of the Internet of things is improved;
2) through active cheating, a client side at an attack server side is enabled to be involved in meaningless decryption work, the safety of data transmission of the internet of things is further improved, and meanwhile the reliability of data transmission of the internet of things is guaranteed;
3) the safe connection between the client and the server is established based on the MQTT protocol, so that the method is simple and easy to use, and is suitable for most scenes of encrypting and transmitting the Internet of things data.
As shown in fig. 3, the server according to the second embodiment of the present invention includes a connection request module 110, a connection establishment module 120, an encryption transmission module 130, a communication authentication module 140, and an active spoofing module 150;
the connection request module 110 is configured to receive, by the server, a connection request message sent by the client, perform access verification according to the connection request message, generate a service key after the access verification is passed, and send a connection confirmation message to the client;
a connection establishing module 120, configured to receive a first release message sent by the client, generate a first session key according to a client key and a service key analyzed from the first release message, and send a message release completion notification to the client;
the encryption transmission module 130 is used for acquiring an internet of things data ciphertext transmitted by the client, and decrypting the internet of things data ciphertext through the first session key to obtain an internet of things data plaintext;
a communication authentication module 140, configured to perform communication authentication on a client in communication to obtain a communication authentication level;
and the active spoofing module 150 is configured to trigger active spoofing when the communication authentication level is dangerous, send a server failure message to the client through the active spoofing, control the client to enter a connection cycle, and disconnect the client when the connection cycle is ended.
Further, as shown in fig. 3, the server further includes an abnormal connection module 160 and a safety release module 170;
the abnormal connection module 160 is used for disconnecting the connection with the client when the communication authentication level is abnormal, updating the database and reestablishing the connection with the client, and if the communication authentication level is detected to be abnormal twice, converting the communication authentication level from abnormal to dangerous;
and the safety release module 170 is configured to maintain the connection with the client when the communication authentication level is safety, and disconnect the connection with the client when receiving a connection release request sent by the client.
Further, the server comprises a communication server and a blacklist server; the connection request module 110 includes the following units, and the detailed description of each functional unit is as follows:
the request receiving unit is used for receiving a connection request message sent by a client through a communication server and detecting whether a transmission equipment code exists in the connection request message or not;
the access checking unit is used for extracting the transmission equipment codes and the time stamps from the connection request message through the blacklist server when the transmission equipment codes exist in the connection request message, and performing access checking on the client; when the transmission equipment codes are detected to be in an activated state and the difference value between the current time of the server and the time stamp is smaller than the failure time, determining that the access check is passed, and listing the transmission equipment codes in a white list;
and the request response unit is used for generating a service key through the communication server, generating a connection confirmation message according to the connection confirmation data packet, the service key and the transmission equipment code, and sending the connection confirmation message to the client.
Further, the server comprises an authentication server; the communication authentication module 140 includes the following elements, and the detailed description of each functional element is as follows:
the information extraction unit is used for the server side to obtain the communication data sent by the client side and extract the transmission equipment codes and the time stamps from the communication data through the authentication server;
the information detection unit is used for calling a database of the blacklist server to compare the codes of the transmission equipment and detecting whether the timestamp is qualified or not; the database contains a white list, a grey list and a black list;
the authentication unit is used for determining that the communication authentication level is safe if the transmission equipment code is in the white list and the time stamp is qualified; if the transmission equipment code is in the grey list, determining that the communication authentication level is abnormal; and if the transmission equipment code is in the blacklist, determining the communication authentication level as dangerous.
Further, the server comprises an authentication server; the active spoofing module 150 includes the following elements, each of which is described in detail below:
the failure sending unit is used for sending a server failure message to the client when the server actively cheats;
the algorithm updating unit is used for acquiring a decryption algorithm, updating the complexity of the decryption algorithm to obtain a deception algorithm, and moving the client side establishing the connection to the blacklist server;
the class true key generation unit is used for receiving the connection attempt request message sent by the client through the blacklist server, recording the connection attempt times and generating a plurality of class true keys according to the complexity of the service key;
the connection cycle control unit generates a connection control message according to the plurality of true-like keys so as to control the client to enter a connection cycle; and when the attempted connection times reach a preset connection time limit value, sending a server fault message to the client, and disconnecting the connection with the client.
The server provided in the foregoing embodiment is used to implement the corresponding method for encrypting and transmitting the internet of things data in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
In the method for encrypting and transmitting the data of the internet of things provided by the third embodiment of the present invention, a main body of the method for encrypting and transmitting the data of the internet of things is a client, as shown in fig. 4, the method includes the following steps:
and step S1, the client sends the connection request message to the server and receives a connection confirmation message returned after the server performs access check according to the connection request message.
In step S1, the connection request packet includes a connection request packet, a transmission device code, and a timestamp; the connection confirmation message includes a connection request packet, a service key, and a timestamp.
After acquiring the transmission equipment code and the connection request data packet, the client firstly generates a connection request message according to the connection request data packet, the transmission equipment code and the timestamp, and sends the connection request message to the server; then, the connection confirmation message sent by the server side is waited and received.
And step S2, performing return verification according to the connection confirmation message, and generating the client key after the return verification is passed.
In step S2, after the client acquires the connection confirmation message sent by the server, the client may extract the transmission device code from the connection confirmation message, and then detect whether the extracted transmission device code matches the transmission device code stored in the client, and if so, determine that the transmission device code passes the check, independently generate the client key, and extract the service key from the connection confirmation message for storage; if not, it is determined that the return check fails, and the process may go to step S1 to resend the connection request to the server.
It should be noted that, the generation method of the client key is the same as the generation method of the service key, and is not described herein again.
And step S3, sending the first release message to the server, receiving a message release completion notification returned by the server, acquiring a service key, and generating a second session key according to the service key and the client key.
Before step S3, MQTT connection between the client and the server has been established, in step S3, the client sends a first release message including a client key to the server, detects in real time whether a message release completion notification returned by the server is received, and if a message release completion notification returned by the server is received, obtains the service key extracted in advance from the connection confirmation message, and obtains a session key (i.e., a second session key) of the client through a session key generation algorithm according to the service key and the client key, thereby establishing secure connection between the client and the server.
It should be noted that, the session key generation algorithm refers to the session key generation algorithm in step S20, and details are not described here.
And step S4, encrypting the data of the Internet of things through the second session key, and transmitting the encrypted data cipher text of the Internet of things to the server.
In the stable communication process, the client side carries out asymmetric encryption on the acquired internet of things data through the encryption key in the second session key to obtain an internet of things data cipher text, and the internet of things data cipher text is sent to the server side, so that encrypted transmission of the internet of things data is achieved. The asymmetric encryption adopts an encryption algorithm as follows:
Z=Y 2e mod(f(x)),
wherein Z is an Internet of things data ciphertext; y is original internet of things data; (f, (x), e) an encryption key for the second session key.
It should be noted that the encryption algorithm used for the asymmetric encryption at the client corresponds to the decryption algorithm used for the asymmetric decryption at the server.
Step S5, detecting whether a server failure message sent by the server during active spoofing is received.
In step S5, the client detects in real time whether a server failure message sent by the server is received, and if a server failure message sent by the server is received, the method proceeds to step S6 to try to connect to the server; otherwise, step S7 is entered to continue to maintain the connection with the server.
And step S6, when receiving the fault message of the server, sending a connection attempt request message to the server, and entering a connection cycle until the server is disconnected.
In step S6, after receiving the connection control packet returned by the server according to the connection attempt request packet, the client extracts the true-like key from the connection control packet, and enters a connection loop according to the true-like key until the server actively disconnects from the client.
Further, as shown in fig. 4, after the step S5, the following steps may be included:
and step S7, when the fault message of the service end is not received, the connection with the service end is kept, and when a connection releasing request is sent to the service end, the connection with the service end is disconnected.
In step S7, when the client does not receive the server failure message sent by the server, the client maintains secure connection with the server, and when it is detected that the obtained transmission data completes encrypted transmission, obtains a connection release packet (i.e., a DISCONNECT packet), and sends the connection release request to the server after generating a connection release request according to the connection release packet, the second session key, and the transmission device code, and directly DISCONNECTs the connection with the server without performing a release confirmation.
As shown in fig. 5, the client according to the fourth embodiment of the present invention includes a connection request module 210, a return verification module 220, a connection establishment module 230, an encryption transmission module 240, a detection module 250, and a connection attempt module 250;
the connection request module 210 is configured to send a connection request message to the server, and receive a connection confirmation message returned by the server after performing access inspection according to the connection request message;
the return checking module 220 is configured to perform return checking according to the connection confirmation message, and generate a client key after the return checking is passed;
the connection establishing module 230 is configured to send the first-time release message to the server, obtain a service key after receiving a message release completion notification returned by the server, and generate a second session key according to the service key and the client key;
the encryption transmission module 240 is configured to encrypt the internet of things data through the second session key, and transmit an encrypted internet of things data ciphertext to the server;
a detection module 250, configured to detect whether a server failure message sent when the server triggers active spoofing is received;
and a connection attempting module 250, configured to send a connection attempting request message to the server when receiving a server failure message sent when the server triggers active spoofing, and enter a connection loop until the server is disconnected.
Further, as shown in fig. 5, the client further includes a security releasing module 270, configured to, when a server failure message sent when the server triggers active spoofing is not received, maintain connection with the server, and when a connection releasing request is sent to the server, disconnect the connection with the server.
An embodiment of the present invention provides an internet of things data encryption transmission system, as shown in fig. 6, the internet of things data encryption transmission system includes a server 100 and a client 200; the server 100 includes a communication server, a blacklist server and an authentication server; the communication server is used for establishing connection and stable connection; the blacklist server is used for access verification and responding to the attempted connection of the client during active cheating, so that the client enters a connection cycle; the authentication server is used for performing periodic authentication on the client during stable connection; the client 200 is arranged in the transmission equipment and is associated with a unique transmission equipment code;
the server 100 receives the connection request message sent by the client 200, performs access verification according to the connection request message, generates a service key after the access verification is passed, and sends a connection confirmation message to the client 200;
the client 200 receives a connection confirmation message returned by the server, performs return verification according to the connection confirmation message, and generates a client key after the return verification is passed;
the server 100 receives a first release message sent by the client 200, generates a first session key according to the service key and a client key extracted from the first release message, and sends a message release completion notification to the client 200;
the client 200 receives the message release completion notification returned by the server, and generates a second session key according to the client key and the service key extracted from the connection confirmation message;
the client 200 encrypts the internet of things data through the second session key, and transmits an encrypted internet of things data cipher text to the server 100;
the server 100 receives the internet of things data ciphertext sent by the client 200, decrypts the internet of things data ciphertext through the first session key, and obtains an internet of things data plaintext;
the server 100 performs communication authentication on the client 200 in communication to obtain a communication authentication level, triggers active spoofing when the communication authentication level is dangerous, sends a server fault message to the client through the active spoofing, controls the client 200 to enter a connection cycle, and disconnects the client 200 after the connection cycle is finished.
Further, when the communication authentication level is abnormal, the server 100 interrupts the connection with the client, waits for the connection to be reestablished with the client, and if the communication authentication level is detected to be abnormal again, turns the communication authentication level from abnormal to dangerous; and when the communication authentication level is safe, keeping the connection with the client, and disconnecting the connection with the client when receiving a connection release request sent by the client.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to imply that the scope of the invention is limited to these examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity.
The present embodiments are intended to embrace all such alterations, modifications and variations that fall within the broad scope of the present invention. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the invention.

Claims (10)

1. An internet of things data encryption transmission method is characterized by comprising the following steps:
the server receives a connection request message sent by the client, performs access verification according to the connection request message, generates a service key after the access verification is passed, and sends a connection confirmation message to the client;
receiving a first release message sent by the client, generating a first session key according to a service key and a client key extracted from the first release message, and sending a message release completion notification to the client;
acquiring an internet of things data ciphertext transmitted by the client, and decrypting the internet of things data ciphertext through the first session key to obtain an internet of things data plaintext;
performing communication authentication on the client in communication to obtain a communication authentication level;
and when the communication authentication level is dangerous, triggering active cheating, sending a server fault message to the client through the active cheating, controlling the client to enter a connection cycle, and disconnecting the client when the connection cycle is finished.
2. The method for encrypted transmission of internet of things data according to claim 1, wherein after the communication authentication is performed on the client in communication and the communication authentication level is obtained, the method further comprises:
when the communication authentication level is abnormal, interrupting the connection with the client, waiting for reestablishment of the connection with the client, and if the communication authentication level is detected to be abnormal again, converting the communication authentication level from abnormal to dangerous;
and when the communication authentication level is safe, keeping the connection with the client, and disconnecting the connection with the client when receiving a connection release request sent by the client.
3. The encryption transmission method for the internet of things data according to claim 1, wherein the server comprises a communication server and a blacklist server; the method comprises the following steps of receiving a connection request message sent by a client, carrying out access verification according to the connection request message, generating a service key after the access verification is passed, and sending a connection confirmation message to the client, wherein the method comprises the following steps:
receiving a connection request message sent by a client through a communication server, and detecting whether a transmission equipment code exists in the connection request message or not;
when a transmission equipment code exists in the connection request message, extracting the transmission equipment code and the timestamp from the connection request message through a blacklist server, and carrying out access verification on the client;
when the transmission equipment code is detected to be in an activated state and the difference value between the current time of the server and the time stamp is smaller than the failure time, determining that the access check is passed, and listing the transmission equipment code in a white list;
and generating a service key through the communication server, generating a connection confirmation message according to a connection confirmation data packet, the service key and the transmission equipment code, and then sending the connection confirmation message to the client.
4. The encryption transmission method for the data of the internet of things according to claim 3, wherein the server further comprises an authentication server; the performing communication authentication on the client in communication to obtain a communication authentication level includes:
the server side obtains communication data sent by the client side, and extracts transmission equipment codes and time stamps from the communication data through an authentication server;
calling a database of a blacklist server to compare the codes of the transmission equipment, and detecting whether the timestamp is qualified or not; the database comprises a white list, a grey list and a black list;
if the transmission equipment codes are in the white list and the time stamps are qualified, determining that the communication authentication level is safe;
if the transmission equipment code is in the grey list, determining that the communication authentication level is abnormal;
and if the transmission equipment code is in the blacklist, determining that the communication authentication level is dangerous.
5. The method for encrypted transmission of internet of things data according to claim 3, wherein the active spoofing comprises:
the server side sends a server side fault message to the client side when the server side actively cheats;
acquiring a decryption algorithm, updating the complexity of the decryption algorithm to obtain a deception algorithm, and moving the client side establishing connection to a blacklist server;
receiving a connection attempt request message sent by the client through the blacklist server, recording connection attempt times, and generating a plurality of true-like keys according to the complexity of the service key;
generating a connection control message according to the plurality of true-like keys so as to control the client to enter a connection cycle;
and when the attempted connection times reach a connection time limit value, sending the server fault message to the client, and disconnecting the connection with the client.
6. A server, comprising:
the connection request module is used for receiving a connection request message sent by a client, performing access verification according to the connection request message, generating a service key after the access verification is passed, and sending a connection confirmation message to the client;
the connection establishing module is used for receiving a first release message sent by the client, generating a first session key according to a service key and a client key extracted from the first release message, and sending a message release completion notification to the client;
the encryption communication module is used for acquiring an internet of things data ciphertext transmitted by the client, and decrypting the internet of things data ciphertext through the first session key to obtain an internet of things data plaintext;
the communication authentication module is used for carrying out communication authentication on the client side in communication to obtain a communication authentication level;
and the active cheating module is used for triggering active cheating when the communication authentication level is dangerous, sending a server fault message to the client through the active cheating, controlling the client to enter a connection cycle, and disconnecting the client when the connection cycle is finished.
7. The server according to claim 6, further comprising:
the abnormal connection module is used for interrupting the connection with the client when the communication authentication level is abnormal, waiting for reestablishment of the connection with the client, and converting the communication authentication level from abnormal to dangerous if the communication authentication level is detected to be abnormal again;
and the safety release module is used for keeping the connection with the client when the communication authentication level is safe, and disconnecting the connection with the client when receiving a connection release request sent by the client.
8. An internet of things data encryption transmission method is characterized by comprising the following steps:
the client sends the connection request message to the server and receives a connection confirmation message returned by the server after access inspection is carried out on the connection request message;
performing return verification according to the connection confirmation message, and generating a client key after the return verification is passed;
sending the first-time release message to a server, acquiring a service key after receiving a message release completion notification returned by the server, and generating a second session key according to the service key and the client key;
encrypting the data of the Internet of things through the second session key, and transmitting an encrypted data cipher text of the Internet of things to the server;
detecting whether a server fault message sent by the server during active cheating is received or not;
and when a fault message of the server is received, sending a connection attempt request message to the server, and entering a connection cycle until the server is disconnected.
9. A client, comprising:
the connection request module is used for sending a connection request message to a server and receiving a connection confirmation message returned by the server after access inspection is carried out on the server according to the connection request message;
the return checking module is used for carrying out return checking according to the connection confirmation message and generating a client key after the return checking is passed;
the connection establishing module is used for sending the first-time release message to the server, acquiring a service key after receiving a message release completion notification returned by the server, and generating a second session key according to the service key and the client key;
the encryption transmission module is used for encrypting the internet of things data through the second session key and transmitting an encrypted internet of things data ciphertext to the server;
the detection module is used for detecting whether a server fault message sent by the server during active cheating is received or not;
and the connection attempting module is used for sending a connection attempting request message to the server side when receiving the server side fault message, and entering connection circulation until the connection is disconnected with the server side.
10. An internet of things data encryption transmission system is characterized by comprising a client and a server;
the server receives the connection request message sent by the client, performs access verification according to the connection request message, generates a service key after the access verification is passed, and sends a connection confirmation message to the client;
the client receives the connection confirmation message returned by the server, performs return verification according to the connection confirmation message, and generates a client key after the return verification is passed;
the server receives a first release message sent by the client, generates a first session key according to the service key and the client key extracted from the first release message, and sends a message release completion notification to the client;
the client receives the message release completion notification returned by the server, and generates a second session key according to the client key and the service key extracted from the connection confirmation message;
the client encrypts the data of the Internet of things through the second session key, and transmits an encrypted data cipher text of the Internet of things to the server;
the server receives the internet of things data ciphertext sent by the client, and decrypts the internet of things data ciphertext through the first session key to obtain an internet of things data plaintext;
the server performs communication authentication on the client in communication to obtain a communication authentication level, triggers active spoofing when the communication authentication level is dangerous, sends a server fault message to the client through the active spoofing, controls the client to enter a connection cycle, and disconnects the client after the connection cycle is finished.
CN202210630707.5A 2022-06-06 2022-06-06 Method, system, server and client for encrypting and transmitting Internet of things data Active CN114844720B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210630707.5A CN114844720B (en) 2022-06-06 2022-06-06 Method, system, server and client for encrypting and transmitting Internet of things data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210630707.5A CN114844720B (en) 2022-06-06 2022-06-06 Method, system, server and client for encrypting and transmitting Internet of things data

Publications (2)

Publication Number Publication Date
CN114844720A true CN114844720A (en) 2022-08-02
CN114844720B CN114844720B (en) 2023-06-02

Family

ID=82574398

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210630707.5A Active CN114844720B (en) 2022-06-06 2022-06-06 Method, system, server and client for encrypting and transmitting Internet of things data

Country Status (1)

Country Link
CN (1) CN114844720B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115801453A (en) * 2023-01-30 2023-03-14 北京大数元科技发展有限公司 System for security query of sensitive data internet

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294367A1 (en) * 2005-06-23 2006-12-28 Masami Yoshioka Secure transmission of data between clients over communications network
CN106453373A (en) * 2016-11-03 2017-02-22 北京知道未来信息技术有限公司 Efficient SYN Flood attack identification and disposal method
US20170338951A1 (en) * 2016-05-19 2017-11-23 Alibaba Group Holding Limited Method and system for secure data transmission
US20180302438A1 (en) * 2017-04-18 2018-10-18 Vencore Labs, Inc. Identifying and deceiving adversary nodes and maneuvers for attack deception and mitigation
CN109347809A (en) * 2018-09-25 2019-02-15 北京计算机技术及应用研究所 A kind of application virtualization safety communicating method towards under autonomous controllable environment
CN110912852A (en) * 2018-09-14 2020-03-24 阿里巴巴集团控股有限公司 Method, device and system for obtaining secret key
US20210058407A1 (en) * 2019-08-21 2021-02-25 International Business Machines Corporation Suspending security violating-database client connections in a database protection system
WO2022021992A1 (en) * 2020-07-31 2022-02-03 深圳市燃气集团股份有限公司 Data transmission method and system based on nb-iot communication, and medium
CN114143108A (en) * 2021-12-08 2022-03-04 中国建设银行股份有限公司 Session encryption method, device, equipment and storage medium
CN114338218A (en) * 2022-01-04 2022-04-12 四川九州电子科技股份有限公司 PPPoE dialing method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294367A1 (en) * 2005-06-23 2006-12-28 Masami Yoshioka Secure transmission of data between clients over communications network
US20170338951A1 (en) * 2016-05-19 2017-11-23 Alibaba Group Holding Limited Method and system for secure data transmission
CN106453373A (en) * 2016-11-03 2017-02-22 北京知道未来信息技术有限公司 Efficient SYN Flood attack identification and disposal method
US20180302438A1 (en) * 2017-04-18 2018-10-18 Vencore Labs, Inc. Identifying and deceiving adversary nodes and maneuvers for attack deception and mitigation
CN110912852A (en) * 2018-09-14 2020-03-24 阿里巴巴集团控股有限公司 Method, device and system for obtaining secret key
CN109347809A (en) * 2018-09-25 2019-02-15 北京计算机技术及应用研究所 A kind of application virtualization safety communicating method towards under autonomous controllable environment
US20210058407A1 (en) * 2019-08-21 2021-02-25 International Business Machines Corporation Suspending security violating-database client connections in a database protection system
WO2022021992A1 (en) * 2020-07-31 2022-02-03 深圳市燃气集团股份有限公司 Data transmission method and system based on nb-iot communication, and medium
CN114143108A (en) * 2021-12-08 2022-03-04 中国建设银行股份有限公司 Session encryption method, device, equipment and storage medium
CN114338218A (en) * 2022-01-04 2022-04-12 四川九州电子科技股份有限公司 PPPoE dialing method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115801453A (en) * 2023-01-30 2023-03-14 北京大数元科技发展有限公司 System for security query of sensitive data internet
CN115801453B (en) * 2023-01-30 2023-05-02 北京大数元科技发展有限公司 System for sensitive data internet security inquiry

Also Published As

Publication number Publication date
CN114844720B (en) 2023-06-02

Similar Documents

Publication Publication Date Title
Li et al. Group-based authentication and key agreement with dynamic policy updating for MTC in LTE-A networks
CN111799867B (en) Mutual trust authentication method and system between charging equipment and charging management platform
US10084760B2 (en) Secure messages for internet of things devices
US7720227B2 (en) Encryption method for SIP message and encrypted SIP communication system
CN101981581B (en) Handling expired passwords
US20080162934A1 (en) Secure transmission system
CN109167802B (en) Method, server and terminal for preventing session hijacking
CN108737323B (en) Digital signature method, device and system
CN112217794A (en) Computer-implemented internet of things datagram transmission light authentication system and method
US20060209843A1 (en) Secure spontaneous associations between networkable devices
CN101820629A (en) Identity authentication method, device and system in wireless local area network (WLAN)
CN110213247B (en) Method and system for improving safety of pushed information
US7707424B2 (en) Secure file transfer
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN108616350B (en) HTTP-Digest class AKA identity authentication system and method based on symmetric key pool
CN113572788A (en) BACnet/IP protocol equipment authentication safety method
EP2515468A1 (en) Method and system for establishing security connection between switch equipments
CN114844720B (en) Method, system, server and client for encrypting and transmitting Internet of things data
KR101016277B1 (en) Method and apparatus for sip registering and establishing sip session with enhanced security
CN104811451A (en) Link login method and system
US8112629B2 (en) Stateless challenge-response protocol
WO2020188679A1 (en) Communication system
CN101167331B (en) Method, system and device for transferring network event log protocol message
KR20200099873A (en) HMAC-based source authentication and secret key sharing method and system for Unnamed Aerial vehicle systems
CN103986716A (en) Establishing method for SSL connection and communication method and device based on SSL connection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant