CN115767522A - Internet of things application security enhancement system and method based on communication security integrated design - Google Patents
Internet of things application security enhancement system and method based on communication security integrated design Download PDFInfo
- Publication number
- CN115767522A CN115767522A CN202310023793.8A CN202310023793A CN115767522A CN 115767522 A CN115767522 A CN 115767522A CN 202310023793 A CN202310023793 A CN 202310023793A CN 115767522 A CN115767522 A CN 115767522A
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- security
- module
- communication module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention provides an Internet of things application security enhancement system and method with communication security integrated design. The invention can provide special access authentication and special end-to-end lightweight service safety protection capability on the premise of not increasing system flow overhead, not only meets the safety requirement of key industries on the application of the Internet of things, but also ensures that no new flow and new overhead are introduced through the integrated design of communication and safety. The invention has wide application range, is not only suitable for the application of the Internet of things based on NB-IoT, but also suitable for the application of the Internet of things in future 5G mMTC scenes and other systems.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a system and a method for enhancing application safety of an internet of things in communication safety integrated design.
Background
With the continuous investment of various operators in 4G and 5G mobile communication infrastructures, the internet of things is rapidly developed as an important branch in mobile communication, and the application of the internet of things is increasingly popularized. Accordingly, the safety requirements of the application of the internet of things are more and more vigorous, and especially, the safety enhancement design for the application of the internet of things is more required for a plurality of applications of the internet of things oriented to key industries and important fields.
Taking NB-IoT internet of things system as an example, the model of the internet of things application includes an internet of things terminal-mobile communication network-internet of things management platform-internet of things application. The internet of things terminal and the internet of things management platform are connected and authenticated, as shown in fig. 1, wherein the PGW is a gateway.
Generally, the security of an authentication mode, an authentication algorithm, an authentication protocol and the like adopted by connection authentication management between an internet of things terminal and an internet of things management platform does not meet the requirements of key industries, and meanwhile confidentiality and integrity protection aiming at uplink and downlink service data are not provided. In order to meet the security requirements of key industries for internet of things applications, a model of a conventional solution includes an internet of things terminal-mobile communication network-internet of things management platform-internet of things application. The terminal of the Internet of things needs to be embedded with a password module, and the application of the Internet of things needs to call a matched server password machine through a password service SDK; the terminal side cryptographic module cooperates with the application side server cryptographic machine to provide end-to-end security protection capability, including access authentication and data confidentiality and integrity protection, as shown in fig. 2.
The traditional solution of the application security of the internet of things is that the mobile communication master authentication between the terminal of the internet of things and the NB-IoT network and the connection authentication between the terminal of the internet of things and the management platform of the internet of things are not trusted, and a layer of bidirectional authentication and end-to-end service protection of an application layer is superimposed on the periphery, as shown in fig. 3.
However, the conventional solution for enhancing the application security of the internet of things has the following major disadvantages:
first, from a safety perspective, for critical industries, only one layer of protection is actually provided;
secondly, from the aspect of overhead, the overhead of three-layer protection is actually provided, and the cost and the efficiency are very low;
third, both the terminal manufacturers of the internet of things and the application manufacturers of the internet of things need to have the development capability of the integrated password service, so that the cost of the integrated security capability is increased.
Therefore, an application safety protection method of the internet of things, which has high efficiency and low cost and simultaneously has safety capable of meeting the safety requirements of key industries, is urgently needed.
Disclosure of Invention
The invention aims to provide an Internet of things application security enhancement system and method with communication security integrated design, so as to solve the problems of the traditional solution for enhancing the Internet of things application security.
The invention provides an Internet of things application security enhancement system with communication security integrated design, which comprises an Internet of things terminal, an Internet of things security communication module integrated with a security SIM module and a password module, an NB-IoT network integrated with a security HSS network element, an Internet of things management platform integrated with a server password machine and an Internet of things application; the Internet of things terminal is connected with the Internet of things safety communication module and is connected to the NB-IoT network through the base station; the IOT application is connected to the NB-IoT network via an IOT management platform.
Optionally, the secure SIM module is a pluggable USIM module or an embedded eSIM module embedded in the secure communication module.
The invention also provides an Internet of things application security enhancement method with communication security integrated design, which is realized by adopting the Internet of things application security enhancement system with communication security integrated design;
the method for enhancing the application security of the Internet of things comprises the following steps:
performing special mobile communication master authentication based on a safety SIM module in the Internet of things safety communication module and a safety HSS network element in the NB-IoT network;
based on the Internet of things security communication module, the cryptographic module in the Internet of things security communication module, the Internet of things management platform and the server cryptographic machine in the Internet of things management platform, lightweight special access authentication and lightweight end-to-end service encryption protection are carried out.
Furthermore, a safety SIM module in the Internet of things safety communication module and a safety HSS network element in the NB-IoT network carry out special mobile communication main authentication through an embedded special authentication algorithm.
Further, the process of performing the primary authentication of the private mobile communication by the embedded private authentication algorithm is as follows:
the internet of things terminal initiates a network access attachment request to the NB-IoT network through the internet of things security communication module;
after receiving the network access attachment request, a safety HSS network element of the NB-IoT network generates a special mobile communication main authentication request;
after receiving the special mobile communication main authentication request, the Internet of things safety communication module analyzes the authentication request in the special mobile communication main authentication request and sends the authentication request to the safety SIM module;
the safety SIM module completes identity authentication on the NB-IoT network based on the authentication vector and generates an authentication result at the authentication terminal side;
the Internet of things security communication module generates a special mobile communication main authentication response based on an authentication result returned by the security SIM module and sends the special mobile communication main authentication response to the NB-IoT network;
and after the NB-IoT network completes identity authentication of the terminal of the Internet of things and a subsequent network access attachment process, returning to network access attachment success.
Further, the internet of things security communication module adapts the embedded password module through light software, and performs light-weight special access authentication and light-weight end-to-end service encryption protection on the terminal side by calling special identity authentication operation, special confidentiality protection and integrity protection operation provided by the password module; the Internet of things management platform is used for carrying out lightweight special access authentication and lightweight end-to-end service encryption protection on a network side by adapting the embedded password service SDK through the light software and calling special identity authentication operation, special confidentiality protection and integrity protection operation provided by a matching server password machine through the password service SDK.
Further, the procedure of the dedicated access authentication includes:
after the network access attachment is successful, the Internet of things safety communication module informs the AT command processing software module and the Internet of things terminal of the successful network parking result;
the internet of things terminal informs an internet of things safety communication module to prepare to initiate an access authentication request to an internet of things management platform by sending an AT command CSAUTH;
the Internet of things safety communication module calls a special identity authentication operation function of the password module to generate an identity authentication voucher;
an access authentication request is packaged based on an identity authentication voucher, and a special lightweight access authentication request is initiated to an Internet of things management platform;
after receiving the special lightweight access authentication request, the Internet of things management platform calls a special identity authentication operation function of the server cipher machine to authenticate the identity of the Internet of things terminal;
after the identity authentication of the terminal of the Internet of things is completed, the management platform of the Internet of things returns a special lightweight access authentication response to the security communication module of the Internet of things;
the Internet of things security communication module decapsulates the special lightweight access authentication response to obtain an opposite-end identity authentication certificate, and invokes a special identity authentication operation function of the cryptographic module to verify the opposite-end identity authentication certificate;
and the Internet of things safety communication module is ready to inform the Internet of things terminal of the result of access authentication by responding to the AT instruction AUTH OK.
Further, the process of lightweight end-to-end service encryption protection includes:
the method comprises the steps that when an Internet of things terminal generates uplink service data, lightweight end-to-end service encryption protection is carried out;
and the terminal of the Internet of things generates light-weight end-to-end service encryption protection when downlink service data is generated.
Further, the process of lightweight end-to-end service encryption protection when the internet of things terminal generates uplink service data includes:
the internet of things terminal informs the internet of things security communication module to create a Socket session by sending an AT command CSSOCR;
the Internet of things safety communication module establishes a Socket session and returns a Socket number to the Internet of things terminal;
the internet of things terminal sends plaintext uplink service data to the internet of things safety communication module by sending the AT command CSSOST;
the Internet of things safety communication module calls a confidentiality protection operation function of the password module to generate ciphertext business data;
the Internet of things safety communication module calls an integrity protection operation function of the password module to generate a verification certificate, so that complete uplink ciphertext service data are obtained;
the Internet of things safety communication module sends uplink ciphertext business data to the Internet of things management platform;
the Internet of things management platform calls a server cipher machine through a cryptographic service SDK to carry out integrity protection verification and verify whether the uplink ciphertext service data are tampered in the transmission process;
if the uplink ciphertext service data are not tampered, the Internet of things management platform calls a server cipher machine through a cipher service SDK to perform confidentiality protection analysis, and uplink plaintext service data are obtained;
the Internet of things management platform sends uplink plaintext service data to the Internet of things application;
and the Internet of things application acquires uplink plaintext service data.
Further, the process of lightweight end-to-end service encryption protection when the internet of things terminal generates downlink service data includes:
the Internet of things application sends downlink plaintext service data to the Internet of things management platform;
the Internet of things management platform calls a confidentiality protection operation function of the server cipher machine to generate ciphertext business data;
the Internet of things management platform calls an integrity protection operation function of a server cipher machine through a cipher service SDK to generate a verification certificate, so that complete downlink ciphertext service data are obtained;
the Internet of things management platform sends downlink ciphertext business data to the Internet of things terminal;
after the Internet of things safety communication module receives the downlink ciphertext service data, the integrity protection operation function of the password module is called to verify whether the downlink ciphertext service data are tampered in the transmission process;
if the downlink ciphertext service data are not tampered, the Internet of things safety communication module calls a confidentiality protection operation function of the password module, and analyzes the downlink ciphertext service data to obtain downlink plaintext service data;
the internet of things terminal obtains downlink plaintext service data from the internet of things safety communication module by sending an AT command CSSORF;
the terminal of the Internet of things executes related processing according to the control instruction in the downlink plaintext service data;
the internet of things terminal informs the internet of things security communication module to release Socket session by sending an AT command CSSORF;
and the Internet of things safety communication module releases the Socket session.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
the system and the method for enhancing the application safety of the Internet of things in communication safety integrated design provided by the invention provide special access authentication and special end-to-end lightweight service safety protection capability on the premise of not increasing the system flow overhead, not only meet the safety requirement of key industries on the application of the Internet of things, but also ensure that no new flow and new overhead are introduced through the integrated design of communication and safety. The invention has wide application range, is not only suitable for the application of the Internet of things based on NB-IoT, but also suitable for the application of the Internet of things in future 5G mMTC scenes and other systems.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention, and therefore should not be considered as limiting the scope, and it is obvious for those skilled in the art that other related drawings can be obtained according to these drawings without inventive efforts.
Fig. 1 is a schematic structural diagram of an internet of things application model including an internet of things terminal-mobile communication network-internet of things management platform-internet of things application in an NB-IoT internet of things system.
Fig. 2 is a schematic structural diagram of a conventional solution for application security enhancement of the internet of things.
Fig. 3 is a schematic diagram of an implementation principle of a conventional solution for application security enhancement of the internet of things.
Fig. 4 is a schematic structural diagram of an internet of things application security enhancement system with integrated communication security design in the embodiment of the present invention.
Fig. 5 is a schematic view of a working principle of an internet of things application security enhancement system with integrated communication security design in the embodiment of the invention.
Fig. 6 is a schematic view of a specific service flow of an internet of things application security enhancement system with integrated communication security design in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
As shown in fig. 4, the embodiment provides an internet of things application security enhancement system with integrated communication security design, which includes an internet of things terminal, an internet of things security communication module integrated with a security SIM module and a cryptographic module, an NB-IoT network integrated with a security HSS network element, an internet of things management platform integrated with a server cryptographic machine, and an internet of things application; the Internet of things terminal is connected with the Internet of things safety communication module and is connected to the NB-IoT network through the base station; the IOT application is connected to an NB-IoT network via an IOT management platform. The password module is embedded in the Internet of things security communication module; the safety SIM module is a plug-in USIM module or an embedded eSIM module embedded in the safety communication module; the NB-IoT network special interface calls a safe HSS network element; the server cipher machine is embedded in the Internet of things management platform, and the server cipher machine calls the Internet of things management platform through a special interface.
The working principle of the internet of things application security enhancement system with the communication security integrated design is shown in fig. 5, and the security mobile communication master authentication security enhancement of the communication security integrated design is completed by the cooperation of the security SIM module and the security HSS network element; the Internet of things safety communication module and the password module are matched with the Internet of things management platform and the server password machine to complete special lightweight access authentication and end-to-end service encryption protection of communication safety integrated design. The method not only can meet the strong requirements of key industries on the application safety enhancement of the Internet of things, but also can keep the cost consistent with that before the safety enhancement is carried out. Specifically, the method comprises the following steps:
on the terminal side, the Internet of things security communication module integrates a security SIM module, and the main authentication security of the special mobile communication is enhanced by embedding a special authentication algorithm; the Internet of things safety communication module is slightly adapted to software, the password module is embedded, and safety enhancement of access authentication and service encryption protection is realized by calling special identity authentication operation, special confidentiality protection and integrity protection operation provided by the password module.
On the network side, an NB-IoT network deploys a safe HSS network element, and the main authentication security of the safe special mobile communication is enhanced through an embedded special authentication algorithm; the management platform of the internet of things is slightly adapted to software, and the security of access authentication and service encryption protection is enhanced by embedding a password service SDK and calling special identity authentication operation, special confidentiality protection and integrity protection operation provided by a matching server password machine through the password service SDK.
Finally, respectively fusing different special certifications with mobile communication main certifications and Internet of things connection and authentication management to form special mobile communication main certifications and special Internet of things connection and authentication management; and combining special confidentiality protection and integrity protection with uplink and downlink service transmission to form special lightweight end-to-end service protection. And finally, an Internet of things application security enhancement system with two layers of special authentication and one layer of lightweight end-to-end service protection in communication security integrated design is constructed.
Example 2
The internet of things application security enhancement system with integrated communication security design provided by embodiment 1 can realize an internet of things application security enhancement method with integrated communication security design, and includes:
performing special mobile communication master authentication based on a safety SIM module in the Internet of things safety communication module and a safety HSS network element in the NB-IoT network; specifically, a security SIM module in the Internet of things security communication module and a security HSS network element in the NB-IoT network perform private mobile communication master authentication through an embedded private authentication algorithm.
Based on the Internet of things security communication module, the cryptographic module in the Internet of things security communication module, the Internet of things management platform and the server cryptographic machine in the Internet of things management platform, lightweight special access authentication and lightweight end-to-end service encryption protection are carried out. Specifically, the method comprises the following steps: the Internet of things safety communication module is matched with the embedded password module through mild software, and performs lightweight special access authentication and lightweight end-to-end service encryption protection on a terminal side through special identity authentication operation, special confidentiality protection and integrity protection operation provided by calling the password module; the Internet of things management platform is used for carrying out lightweight special access authentication and lightweight end-to-end service encryption protection on a network side by adapting the embedded password service SDK through the light software and calling special identity authentication operation, special confidentiality protection and integrity protection operation provided by a matching server password machine through the password service SDK.
Therefore, as shown in fig. 6, a specific flow of the internet of things application security enhancement method based on the communication security integrated design is as follows:
s1, starting up a terminal of the Internet of things;
s1-01, the Internet of things terminal initiates a network access attachment request to an NB-IoT network through an Internet of things security communication module;
after receiving the network access attachment request, the safety HSS network element of the S1-02 and NB-IoT network generates a main authentication request of the special mobile communication;
s1-03, after receiving the special mobile communication main authentication request, the Internet of things safety communication module analyzes the authentication request in the special mobile communication main authentication request and sends the authentication request to the safety SIM module;
s1-04, the safety SIM module completes identity authentication on the NB-IoT network based on the authentication vector and generates an authentication result at the authentication terminal side;
s1-05, generating a special mobile communication main authentication response by the Internet of things security communication module based on an authentication result returned by the security SIM module, and sending the special mobile communication main authentication response to the NB-IoT network;
after the identity authentication of the terminal of the Internet of things is completed by the S1-06 and NB-IoT networks, the successful network access attachment is returned after the subsequent network access attachment process is completed;
s1-07, after successful network access attachment, the Internet of things safety communication module informs the AT command processing software module and the Internet of things terminal of the successful network residence result;
s1-08, informing an Internet of things safety communication module to prepare to initiate an access authentication request to an Internet of things management platform by an Internet of things terminal through sending an AT (access terminal) command CSAUTH (terminal access authorization);
s1-09, the Internet of things safety communication module calls a special identity authentication operation function of the password module to generate an identity authentication voucher;
s1-10, an access authentication request is packaged based on an identity authentication certificate, and a special lightweight access authentication request is initiated to an Internet of things management platform;
s1-11, after receiving a special lightweight access authentication request, the Internet of things management platform calls a special identity authentication operation function of a server cipher machine to perform identity authentication on the Internet of things terminal;
s1-12, after identity authentication of the Internet of things terminal is completed, the Internet of things management platform returns a special lightweight access authentication response to the Internet of things security communication module;
s1-13, decapsulating the special lightweight access authentication response by the Internet of things security communication module, obtaining an opposite-end identity authentication certificate, calling a special identity authentication operation function of the cryptographic module, and verifying the opposite-end identity authentication certificate;
s1-14, the Internet of things safety communication module prepares to inform the Internet of things terminal of the result of access authentication through responding to the AT instruction AUTH OK.
S2, generating uplink service data by the Internet of things terminal;
s2-01, informing an Internet of things security communication module to create a Socket session by the Internet of things terminal through sending an AT command CSSOCR;
s2-02, establishing a Socket session by the Internet of things safety communication module, and returning a Socket number to the Internet of things terminal;
s2-03, sending plaintext uplink service data to the Internet of things safety communication module by the Internet of things terminal through sending an AT command CSSOST;
s2-04, calling a confidentiality protection operation function of a password module by the Internet of things security communication module to generate ciphertext business data;
s2-05, the Internet of things safety communication module calls an integrity protection operation function of the password module to generate a verification certificate, and thus complete uplink ciphertext service data are obtained;
s2-06, the Internet of things safety communication module sends uplink ciphertext business data to the Internet of things management platform;
s2-07, the Internet of things management platform calls a server cipher machine through a cryptographic service SDK to carry out integrity protection verification and verify whether the uplink ciphertext service data are tampered in the transmission process;
s2-08, if the uplink ciphertext service data are not tampered, the Internet of things management platform calls a server cipher machine through a cipher service SDK to perform confidentiality protection analysis, and uplink plaintext service data are obtained;
s2-09, the Internet of things management platform sends uplink plaintext service data to the Internet of things application;
and S2-10, obtaining uplink plaintext service data by applying the Internet of things.
S3, if the Internet of things application or the Internet of things management platform has downlink control instruction information;
s3-01, sending downlink plaintext service data to an Internet of things management platform by the Internet of things application;
s3-02, calling a confidentiality protection operation function of a server cipher machine by the Internet of things management platform to generate ciphertext business data;
s3-03, the Internet of things management platform calls an integrity protection operation function of a server cipher machine through a cipher service SDK to generate a verification certificate, and thus complete downlink ciphertext service data are obtained;
s3-04, the Internet of things management platform sends downlink ciphertext business data to the Internet of things terminal;
s3-05, after the Internet of things safety communication module receives the downlink ciphertext service data, calling an integrity protection operation function of the cipher module, and verifying whether the downlink ciphertext service data is tampered in the transmission process;
s3-06, if the downlink ciphertext service data are not tampered, the Internet of things safety communication module calls a confidentiality protection operation function of the cipher module, and analyzes the downlink ciphertext service data to obtain downlink plaintext service data;
s3-07, the terminal of the Internet of things obtains downlink plaintext service data from the security communication module of the Internet of things by sending an AT command CSSORF;
s3-08, the terminal of the Internet of things executes related processing according to the control instruction in the downlink plaintext service data;
s3-09, the Internet of things terminal informs the Internet of things security communication module to release Socket session by sending an AT command CSSORF;
and S3-10, releasing the Socket session by the Internet of things security communication module.
Therefore, the system and the method for enhancing the application safety of the internet of things in the communication safety integrated design provided by the invention provide special access authentication and special end-to-end lightweight service safety protection capability on the premise of not increasing the system flow overhead, not only meet the safety requirement of key industries on the application of the internet of things, but also ensure that no new flow and new overhead are introduced through the communication and safety integrated design. The invention has wide application range, is not only suitable for the application of the Internet of things based on NB-IoT, but also suitable for the application of the Internet of things in future 5G mMTC scenes and other systems.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An Internet of things application security enhancement system with communication security integrated design is characterized by comprising an Internet of things terminal, an Internet of things security communication module integrated with a security SIM module and a password module, an NB-IoT network integrated with a security HSS network element, an Internet of things management platform integrated with a server password machine and an Internet of things application; the Internet of things terminal is connected with the Internet of things security communication module and is connected to the NB-IoT network through the base station; the IOT application is connected to an NB-IoT network via an IOT management platform.
2. The IOT application security enhancement system of claim 1, wherein the security SIM module is a pluggable USIM module or an embedded eSIM module embedded in a security communication module.
3. An Internet of things application security enhancement method in communication security integrated design is characterized in that the Internet of things application security enhancement method is realized by the Internet of things application security enhancement system in communication security integrated design according to claim 1 or 2;
the application security enhancement method of the Internet of things comprises the following steps:
performing special mobile communication master authentication based on a safety SIM module in the Internet of things safety communication module and a safety HSS network element in the NB-IoT network;
based on the Internet of things security communication module, the cryptographic module in the Internet of things security communication module, the Internet of things management platform and the server cryptographic machine in the Internet of things management platform, lightweight special access authentication and lightweight end-to-end service encryption protection are carried out.
4. The method for enhancing the application security of the internet of things in communication security integrated design according to claim 3, wherein the secure SIM module in the internet of things secure communication module and the secure HSS network element in the NB-IoT network perform the primary authentication of the private mobile communication through an embedded private authentication algorithm.
5. The method for enhancing the application security of the internet of things in communication security integrated design according to claim 4, wherein the process of performing the main authentication of the private mobile communication through the embedded private authentication algorithm comprises the following steps:
the internet of things terminal initiates a network access attachment request to the NB-IoT network through the internet of things security communication module;
after receiving the network access attachment request, a safety HSS network element of the NB-IoT network generates a special mobile communication main authentication request;
after receiving the special mobile communication main authentication request, the Internet of things security communication module analyzes the authentication request in the special mobile communication main authentication request and sends the authentication request to the security SIM module;
the safety SIM module completes identity authentication on the NB-IoT network based on the authentication vector and generates an authentication result at the authentication terminal side;
the Internet of things security communication module generates a special mobile communication main authentication response based on an authentication result returned by the security SIM module and sends the special mobile communication main authentication response to the NB-IoT network;
and after the NB-IoT network completes identity identification of the terminal of the Internet of things and a subsequent network access attachment process, returning to network access attachment success.
6. The method for enhancing the application security of the internet of things in communication security integrated design according to claim 3, wherein the internet of things security communication module adapts the embedded cryptographic module through light software, and performs light-weight dedicated access authentication and light-weight end-to-end service encryption protection on a terminal side by calling dedicated identity authentication operation, dedicated confidentiality protection and integrity protection operation provided by the cryptographic module; the Internet of things management platform is used for carrying out lightweight special access authentication and lightweight end-to-end service encryption protection on a network side by adapting the embedded password service SDK through the light software and calling special identity authentication operation, special confidentiality protection and integrity protection operation provided by a matching server password machine through the password service SDK.
7. The method for enhancing application security of the internet of things in communication security integrated design according to claim 6, wherein the process of the special access authentication comprises:
after the network access attachment is successful, the Internet of things safety communication module informs the AT command processing software module and the Internet of things terminal of the successful network parking result;
the internet of things terminal informs the internet of things security communication module to prepare to initiate an access authentication request to the internet of things management platform by sending an AT command CSAUTH;
the Internet of things safety communication module calls a special identity authentication operation function of the password module to generate an identity authentication voucher;
an access authentication request is packaged based on an identity authentication voucher, and a special lightweight access authentication request is initiated to an Internet of things management platform;
after receiving the special lightweight access authentication request, the Internet of things management platform calls a special identity authentication operation function of the server cipher machine to authenticate the identity of the Internet of things terminal;
after the identity authentication of the Internet of things terminal is completed, the Internet of things management platform returns a special lightweight access authentication response to the Internet of things security communication module;
the Internet of things security communication module decapsulates the special lightweight access authentication response to obtain an opposite-end identity authentication certificate, and invokes a special identity authentication operation function of the cryptographic module to verify the opposite-end identity authentication certificate;
and the Internet of things safety communication module is ready to inform the Internet of things terminal of the result of access authentication by responding to the AT instruction AUTH OK.
8. The method for enhancing application security of the internet of things in communication security integrated design according to claim 6, wherein the process of lightweight end-to-end service encryption protection comprises:
the method comprises the steps that when an Internet of things terminal generates uplink service data, lightweight end-to-end service encryption protection is carried out;
and the terminal of the Internet of things generates lightweight end-to-end service encryption protection when downlink service data is generated.
9. The method for enhancing the application security of the internet of things in communication security integrated design according to claim 8, wherein the process of lightweight end-to-end service encryption protection when the terminal of the internet of things generates uplink service data comprises the following steps:
the internet of things terminal informs the internet of things security communication module to create a Socket session by sending an AT command CSSOCR;
the Internet of things safety communication module establishes a Socket session and returns a Socket number to the Internet of things terminal;
the internet of things terminal sends plaintext uplink service data to the internet of things safety communication module by sending the AT command CSSOST;
the Internet of things safety communication module calls a confidentiality protection operation function of the password module to generate ciphertext business data;
the Internet of things safety communication module calls an integrity protection operation function of the password module to generate a verification certificate, so that complete uplink ciphertext service data are obtained;
the Internet of things safety communication module sends uplink ciphertext business data to the Internet of things management platform;
the Internet of things management platform calls a server cipher machine through a cipher service SDK to carry out integrity protection verification and verify whether the uplink cipher text service data is tampered in the transmission process;
if the uplink ciphertext service data are not tampered, the Internet of things management platform calls a server cipher machine through a cipher service SDK to perform confidentiality protection analysis, and uplink plaintext service data are obtained;
the Internet of things management platform sends uplink plaintext service data to the Internet of things application;
and the Internet of things application acquires uplink plaintext service data.
10. The method for enhancing application security of the internet of things in communication security integrated design according to claim 8, wherein the process of lightweight end-to-end service encryption protection when the terminal of the internet of things generates downlink service data comprises:
the Internet of things application sends downlink plaintext service data to the Internet of things management platform;
the Internet of things management platform calls a confidentiality protection operation function of the server cipher machine to generate ciphertext business data;
the Internet of things management platform calls an integrity protection operation function of a server cipher machine through a cipher service SDK to generate a verification certificate, so that complete downlink ciphertext service data are obtained;
the Internet of things management platform sends downlink ciphertext business data to the Internet of things terminal;
after the Internet of things safety communication module receives the downlink ciphertext service data, the integrity protection operation function of the cipher module is called, and whether the downlink ciphertext service data is tampered in the transmission process is verified;
if the downlink ciphertext service data are not tampered, the Internet of things safety communication module calls a confidentiality protection operation function of the password module, and analyzes the downlink ciphertext service data to obtain downlink plaintext service data;
the internet of things terminal obtains downlink plaintext service data from the internet of things safety communication module by sending an AT command CSSORF;
the terminal of the Internet of things executes related processing according to the control instruction in the downlink plaintext service data;
the internet of things terminal informs the internet of things security communication module to release Socket session by sending an AT command CSSORF;
and the Internet of things safety communication module releases the Socket session.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310023793.8A CN115767522B (en) | 2023-01-09 | 2023-01-09 | Internet of things application security enhancement system and method for communication security integrated design |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310023793.8A CN115767522B (en) | 2023-01-09 | 2023-01-09 | Internet of things application security enhancement system and method for communication security integrated design |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115767522A true CN115767522A (en) | 2023-03-07 |
| CN115767522B CN115767522B (en) | 2023-05-05 |
Family
ID=85348349
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310023793.8A Active CN115767522B (en) | 2023-01-09 | 2023-01-09 | Internet of things application security enhancement system and method for communication security integrated design |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115767522B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532963A (en) * | 2013-10-22 | 2014-01-22 | 中国联合网络通信集团有限公司 | IOT (Internet of Things) based equipment authentication method, device and system |
| CN104244227A (en) * | 2013-06-09 | 2014-12-24 | 中国移动通信集团公司 | Terminal access authentication method and device in internet of things system |
| CN105307108A (en) * | 2015-11-17 | 2016-02-03 | 成都工百利自动化设备有限公司 | Internet of things information interactive communication method and system |
| CN105554912A (en) * | 2015-12-10 | 2016-05-04 | 成都工百利自动化设备有限公司 | IOT (Internet of Things) terminal based on virtual SIM/USIM |
| CN106790217A (en) * | 2017-01-10 | 2017-05-31 | 北京号码生活网络科技有限公司 | The authentication system of the internet of things equipment based on SIM certification mode |
| CN106899954A (en) * | 2015-12-18 | 2017-06-27 | 中兴通讯股份有限公司 | Wireless communication system cut-in method, device and terminal |
| CN107104932A (en) * | 2016-02-23 | 2017-08-29 | 中兴通讯股份有限公司 | Key updating method, apparatus and system |
| CN107846668A (en) * | 2016-09-18 | 2018-03-27 | 展讯通信(上海)有限公司 | A kind of things-internet gateway and its communication means |
| CN112911588A (en) * | 2021-02-04 | 2021-06-04 | 郑州信大捷安信息技术股份有限公司 | Lightweight narrowband Internet of things secure transmission method and system |
| US20210185042A1 (en) * | 2017-11-22 | 2021-06-17 | Aeris Communications, Inc. | Secure authentication of devices for internet of things |
| CN113163375A (en) * | 2021-03-31 | 2021-07-23 | 郑州信大捷安信息技术股份有限公司 | Air certificate issuing method and system based on NB-IoT communication module |
| CN114584542A (en) * | 2020-11-18 | 2022-06-03 | 中移物联网有限公司 | Method and system for integrating internet of things card service capability in communication module |
-
2023
- 2023-01-09 CN CN202310023793.8A patent/CN115767522B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104244227A (en) * | 2013-06-09 | 2014-12-24 | 中国移动通信集团公司 | Terminal access authentication method and device in internet of things system |
| CN103532963A (en) * | 2013-10-22 | 2014-01-22 | 中国联合网络通信集团有限公司 | IOT (Internet of Things) based equipment authentication method, device and system |
| CN105307108A (en) * | 2015-11-17 | 2016-02-03 | 成都工百利自动化设备有限公司 | Internet of things information interactive communication method and system |
| CN105554912A (en) * | 2015-12-10 | 2016-05-04 | 成都工百利自动化设备有限公司 | IOT (Internet of Things) terminal based on virtual SIM/USIM |
| CN106899954A (en) * | 2015-12-18 | 2017-06-27 | 中兴通讯股份有限公司 | Wireless communication system cut-in method, device and terminal |
| CN107104932A (en) * | 2016-02-23 | 2017-08-29 | 中兴通讯股份有限公司 | Key updating method, apparatus and system |
| CN107846668A (en) * | 2016-09-18 | 2018-03-27 | 展讯通信(上海)有限公司 | A kind of things-internet gateway and its communication means |
| CN106790217A (en) * | 2017-01-10 | 2017-05-31 | 北京号码生活网络科技有限公司 | The authentication system of the internet of things equipment based on SIM certification mode |
| US20210185042A1 (en) * | 2017-11-22 | 2021-06-17 | Aeris Communications, Inc. | Secure authentication of devices for internet of things |
| CN114584542A (en) * | 2020-11-18 | 2022-06-03 | 中移物联网有限公司 | Method and system for integrating internet of things card service capability in communication module |
| CN112911588A (en) * | 2021-02-04 | 2021-06-04 | 郑州信大捷安信息技术股份有限公司 | Lightweight narrowband Internet of things secure transmission method and system |
| CN113163375A (en) * | 2021-03-31 | 2021-07-23 | 郑州信大捷安信息技术股份有限公司 | Air certificate issuing method and system based on NB-IoT communication module |
Non-Patent Citations (1)
| Title |
|---|
| 范国林;朱双宁;金小艳;孙宁宁;王彦玲;: "基于NB-IoT技术的物联网安全防护技术研究" * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115767522B (en) | 2023-05-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10979408B2 (en) | Authentication and authorization in proximity based service communication | |
| KR101438243B1 (en) | Sim based authentication | |
| FI106605B (en) | authentication method | |
| CN108848491B (en) | Virtual SIM card creates system | |
| WO2020174121A1 (en) | Inter-mobile network communication authorization | |
| CN111246477B (en) | Access method, terminal, micro base station and access system | |
| CA3059639A1 (en) | Method for controlling a charging operation of a vehicle at a charging station | |
| CN110996322B (en) | Method for realizing secondary authentication of terminal | |
| CN108990063A (en) | Communication system, network and user equipment and its communication means | |
| CN112153641B (en) | Secondary authentication enhancement and end-to-end encryption method and system based on edge UPF | |
| JP2006050523A (en) | Authentication vector generation device, subscriber authentication module, mobile communication system, authentication vector generation method, calculation method, and subscriber authentication method | |
| CN106790080A (en) | Secure communication of network method and apparatus between operation system and electronic certificate system | |
| CN109583154A (en) | A kind of system and method based on Web middleware access intelligent code key | |
| CN113726524A (en) | Secure communication method and communication system | |
| CN112838925A (en) | Data transmission method, device and system, electronic equipment and storage medium | |
| CN107294968A (en) | The monitoring method and system of a kind of audio, video data | |
| CN106790078A (en) | Safety communicating method and device between a kind of SDK and electronic certificate system | |
| CN115767522B (en) | Internet of things application security enhancement system and method for communication security integrated design | |
| WO2022075815A1 (en) | Methods and systems for authentication and establishment of secure connection for edge computing services | |
| CN115843030A (en) | Signaling protection device and access control method | |
| CN114599033A (en) | Communication authentication processing method and device | |
| CN114244505A (en) | Safety communication method based on safety chip | |
| CN115696318B (en) | Secure communication device, secure authentication method, and secure communication method | |
| WO2018032984A1 (en) | Access authentication method, ue, and access device | |
| CN111866829A (en) | Direct communication method for authorizing 5GD2D service through NFC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |