CN116668200B - Internet of things data security transmission method and system - Google Patents
Internet of things data security transmission method and system Download PDFInfo
- Publication number
- CN116668200B CN116668200B CN202310948396.1A CN202310948396A CN116668200B CN 116668200 B CN116668200 B CN 116668200B CN 202310948396 A CN202310948396 A CN 202310948396A CN 116668200 B CN116668200 B CN 116668200B
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- transmission
- data
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 234
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000004891 communication Methods 0.000 claims abstract description 7
- 238000012795 verification Methods 0.000 claims description 97
- 238000007726 management method Methods 0.000 claims description 21
- 230000004044 response Effects 0.000 claims description 5
- 230000009471 action Effects 0.000 claims description 4
- 238000013500 data storage Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009776 industrial production Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Selective Calling Equipment (AREA)
Abstract
The application provides a method and a system for safely transmitting data of the Internet of things. The system comprises an Internet of things terminal device, an Internet of things gateway and a transmission management terminal which is in communication connection with the Internet of things terminal device and the Internet of things gateway respectively. According to the method and the system for checking the identity and the security of the Internet of things terminal equipment, the identity and the security of each Internet of things terminal equipment needing to transmit data are checked through the preset data transmission matching list, the Internet of things terminal equipment needs to send a data transmission request before transmitting the data, the identity of the Internet of things terminal equipment is checked through the network management terminal, and the security of the Internet of things terminal equipment is checked through the Internet of things gateway, so that the risk of leakage or tampering in the data transmission process of the Internet of things can be reduced, and the transmission security of the data of the Internet of things is improved.
Description
Technical Field
The application relates to the technical field of data transmission, in particular to a method and a system for safely transmitting data of the Internet of things.
Background
Under the development of society, the connection between networks and people's lives is becoming more and more tight. The Internet of things technology developed on the basis of the Internet is used for associating objects and equipment in the environment, is applied to the fields of industrial production, intelligent home, intelligent medical treatment and the like, collects production equipment data, environment data, physical characteristic data of personnel and the like through the Internet of things terminal equipment such as various sensor equipment distributed at different positions, analyzes and processes the collected data through a server, can master various information in the surrounding environment at any time and any place, and brings great convenience to the life of people due to rapid development of the Internet of things technology.
However, as the number of terminal devices of the internet of things increases, the collected data is more and more, and the massive data inevitably contains private data, so that if the data circulating in the network is revealed or tampered, users closely related to the data are greatly affected. The data security in the data transmission process of the Internet of things is guaranteed, the security management level of the data of the Internet of things is improved, and the key of developing the technology of the Internet of things is provided.
Disclosure of Invention
The application aims to provide a safe transmission method and system for internet of things data, which are used for improving the security of internet of things data circulating in a network and reducing the risk of data leakage or tampering of the internet of things data in the circulating process.
The first aspect of the application provides a method for safely transmitting data of the Internet of things, which comprises the following steps:
the method comprises the steps that a transmission management terminal receives a data transmission request, wherein the data transmission request comprises identity information of terminal equipment of the Internet of things, attribute information of a gateway of the Internet of things and request time;
the transmission management terminal performs identity verification on the terminal equipment of the Internet of things in the data transmission request according to the data transmission matching list, and if the identity verification on the terminal equipment of the Internet of things fails, the identity verification failure data is recorded; if the identity of the terminal equipment of the Internet of things is successfully checked, generating a first transmission sequence number according to the data transmission request, encrypting the first transmission sequence number to generate a first transmission instruction ciphertext, sending the transmission instruction ciphertext to the gateway of the Internet of things, and simultaneously generating check feedback information according to the first transmission sequence number and sending the check feedback information to the terminal equipment of the Internet of things;
the terminal equipment of the Internet of things encrypts data to be transmitted to generate a data packet, generates a second transmission serial number according to the received verification feedback information, encrypts the second transmission serial number to generate a second transmission instruction ciphertext, packages the data packet and the second transmission instruction ciphertext and then sends the packaged data packet and the second transmission instruction ciphertext to the gateway of the Internet of things;
the gateway of the Internet of things carries out decryption verification on the data packet, and responds to successful decryption verification on the data packet, and carries out security verification on the current data transmission action of the terminal equipment of the Internet of things according to the first transmission instruction ciphertext;
if the security verification fails, recording security verification failure data; and if the security verification is passed, the data packet is sent to a server for data storage.
Further, the performing identity verification on the terminal device of the internet of things in the data transmission request according to the data transmission matching list includes:
the data transmission matching list records attribute information of a plurality of terminal devices and a plurality of gateway devices and data transmission rules between the terminal devices and the gateway devices, and the data transmission matching list comprises a data allowable transmission time range and a data transmission object of each terminal device;
the identity verification of the terminal equipment of the Internet of things specifically comprises the following steps:
and determining whether the gateway of the Internet of things in the data request is a data transmission object of the terminal equipment of the Internet of things according to the data transmission matching list, determining whether the request time in the data transmission request is in an allowable transmission time range corresponding to the terminal equipment of the Internet of things, and after checking the gateway of the Internet of things and the request time, indicating that the identity check of the terminal equipment of the Internet of things is successful.
Further, the generating a first transmission sequence number according to the data transmission request further includes:
determining transmission start-stop time and transmission end time according to a preset transmission failure rule in response to successful identity verification of the terminal equipment of the Internet of things, and generating a target pseudo-random number through a pseudo-random number generation algorithm, wherein the content of the first transmission serial number is the transmission start-stop time and transmission end time, the identity identification code of the terminal equipment of the Internet of things and the target pseudo-random number in sequence;
for the verification feedback information, further comprising:
and generating the verification feedback information according to the identity verification result of the terminal equipment of the Internet of things and the target pseudo-random number.
Further, for the first transmission instruction ciphertext and the second transmission instruction ciphertext, the method further includes:
encrypting the first transmission sequence number by a private key in a first public-private key pair to generate a first transmission instruction ciphertext, and encrypting the second transmission sequence number by a public key in a second public-private key pair to generate a second transmission instruction ciphertext;
and the content of the second transmission serial number is the identification code of the terminal equipment of the Internet of things and the target pseudo-random number in sequence.
Further, for the gateway of the internet of things, the method further includes:
the internet of things gateway decrypts the data packet through the private key in the second public-private key pair, decrypts the first transmission instruction ciphertext through the public key in the first public-private key pair in response to successful decryption verification of the data packet, decrypts the second transmission instruction ciphertext through the private key in the second public-private key pair, and decrypts the target pseudo-random number recorded by the decrypted second transmission instruction ciphertext through the public key in the first public-private key pair;
and carrying out time verification and identity verification on the terminal equipment of the Internet of things, wherein the time for receiving the data packaged and sent by the terminal equipment of the Internet of things is determined to be within the range of the transmission start-stop time and the transmission end time recorded by the first transmission instruction ciphertext, and whether the pseudo random numbers recorded in the first transmission instruction ciphertext and the second transmission instruction ciphertext are the same is determined, and the passing of the time verification and the identity verification on the terminal equipment of the Internet of things is indicated by the passing of the security verification.
Further, for the data transmission matching list, further comprising:
acquiring the identity verification failure data and the security verification failure data;
regarding the first terminal equipment related to the identity verification failure data as risk equipment, and re-matching a data transmission object for the first terminal equipment;
and deleting the second terminal equipment from the data transmission matching list for the second terminal equipment related to the security verification failure data.
The second aspect of the application provides an internet of things data security transmission system, which comprises internet of things terminal equipment, an internet of things gateway and a transmission management terminal which is respectively in communication connection with the internet of things terminal equipment and the internet of things gateway, wherein the internet of things terminal equipment is in communication connection with the internet of things gateway;
the internet of things data security transmission system executes the internet of things data security transmission method according to any one of the above.
The application has the positive beneficial effects different from the prior art that:
according to the method and the system for checking the identity and the security of the Internet of things terminal equipment, the identity and the security of each Internet of things terminal equipment needing to transmit data are checked through the preset data transmission matching list, the Internet of things terminal equipment needs to send a data transmission request before transmitting the data, the identity of the Internet of things terminal equipment is checked through the network management terminal, and the security of the Internet of things terminal equipment is checked through the Internet of things gateway, so that the risk of leakage or tampering in the data transmission process of the Internet of things can be reduced, and the transmission security of the data of the Internet of things is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the structures shown in these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of an internet of things data security transmission system in an embodiment of the application.
Fig. 2 is a flow chart of a method for securely transmitting data of the internet of things according to an embodiment of the application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, some embodiments of the present application will be described in further detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. However, those of ordinary skill in the art will understand that in various embodiments of the present application, numerous technical details have been set forth in order to provide a better understanding of the present application. However, the claimed technical solution of the present application can be realized without these technical details and various changes and modifications based on the following embodiments.
As shown in fig. 1, in an embodiment, the application provides an internet of things data security transmission system, which comprises a plurality of internet of things terminal devices (internet of things terminal device 1, internet of things terminal device 2, internet of things terminal device 3 and …), a plurality of internet of things gateways (internet of things gateway 1 and internet of things gateway 2 and …) and a transmission management terminal which is respectively in communication connection with the plurality of internet of things terminal devices and the plurality of internet of things gateways, wherein the internet of things terminal devices can be various sensor devices. The application can also be used in other fields applicable to the technical solutions provided by the application, which are not specifically enumerated here.
The internet of things gateway is in communication connection with one or more internet of things terminal devices, and is used for collecting various data collected by the internet of things terminal devices, and the transmission management terminal is particularly used for managing the process of transmitting various data collected by the internet of things terminal devices to the network, so that the risk of data leakage or tampering is reduced.
In order to facilitate understanding of the technical solution provided by the present application, as shown in fig. 2, in an embodiment, the present application further provides a method for securely transmitting data of the internet of things, which specifically includes:
s100, receiving a data transmission request, and performing identity verification on the terminal equipment of the Internet of things in the data transmission request according to a data transmission matching list;
specifically, the data transmission request is sent to the transmission management terminal by the internet of things terminal equipment, and the data transmission request at least comprises identity information of the internet of things terminal equipment, such as an identity code for uniquely representing the identity of the internet of things terminal equipment, attribute information of the internet of things gateway, such as equipment number, equipment parameters and other attribute information of the internet of things gateway, and request time;
the data transmission matching list records attribute information of a plurality of terminal devices and a plurality of gateway devices and data transmission rules between the terminal devices and the gateway devices, the data transmission rules are specifically data permission transmission time ranges and data transmission objects of each terminal device, the data transmission matching list is preset, the information acquired between different internet of things terminal devices is different in information demand degree, for example, compared with environment data, the environment data are more stable, the change of the environment data can be observed after a longer time interval, if the equipment is in an operation state, the state information of the equipment can be changed in a shorter time interval due to some reasons, whether the observed data are changed in a shorter time interval is needed, and in consideration of the positions of the internet of things terminal devices, in order to improve the data smoothness, a proper internet of things gateway for receiving the data can be set for the different internet of things terminal devices under the condition that the number of the internet of things terminal devices is more.
After receiving the data transmission request, the transmission management terminal performs identity verification on the terminal equipment of the Internet of things sending the data transmission request according to the data transmission matching list, and aims to verify whether the transmission management terminal is replaced by unknown equipment or not, and send error data to the gateway of the Internet of things.
Optionally, in the step, the verifying the identity of the terminal device of the internet of things specifically includes:
determining whether the request time in the data transmission request is in an allowable transmission time range corresponding to the terminal equipment of the Internet of things;
inquiring attribute information of an Internet of things gateway matched with the Internet of things terminal equipment through a data transmission matching list, determining whether the inquired gateway equipment is the same as the Internet of things gateway recorded in a data transmission request, and determining whether request time recorded in the data transmission request accords with one of a plurality of data allowable transmission time ranges of the Internet of things terminal equipment recorded in the data transmission matching list;
the verification of the gateway and the request time of the Internet of things is successful, if any one of the gateway and the request time is not successful, the verification of the terminal equipment of the Internet of things is successful, the equipment sending the data transmission request is unknown equipment, and false data is used for replacing the data detected by the terminal equipment of the Internet of things.
S200, if the identity of the terminal equipment of the Internet of things is successfully checked, generating a first transmission sequence number according to a data transmission request, encrypting the first transmission sequence number to generate a first transmission instruction ciphertext, and generating check feedback information according to the first transmission sequence number;
specifically, for the first transmission serial number, the included contents are transmission start-stop time and transmission end time, an identification code of the terminal device of the internet of things and a target pseudo-random number in sequence, wherein the transmission start-stop time and the transmission end time are determined by a preset transmission failure rule, the preset transmission failure rule in the embodiment records that the transmission failure time is 3min-5min, preferably 5min, namely, when the identity of the terminal device of the internet of things is successfully checked, the transmission start-stop time and the transmission end time corresponding to the data transmission request at this time are determined according to the time of successful check, the data transmitted to the gateway of the internet of things by the terminal device of the internet of things is valid within the transmission start-stop time and the transmission end time range, and the data transmitted outside the range need to be checked again; the target pseudo-random number is specifically generated through a pseudo-random number generation algorithm, and the transmission management terminal constructs a first transmission serial number through transmission start-stop time, transmission end time, an identification code of the terminal equipment of the Internet of things and the target pseudo-random number, encrypts the first transmission serial number and generates a first transmission instruction ciphertext.
And the verification feedback information specifically comprises an identity verification result and a target pseudo-random number of the terminal equipment of the Internet of things, and the transmission management terminal constructs the verification feedback information according to the identity verification result and the target pseudo-random number of the terminal equipment of the Internet of things, wherein the target pseudo-random number recorded in the verification feedback information is data encrypted by the transmission management terminal.
If the identity verification of the terminal equipment of the Internet of things fails, recording identity verification failure data, wherein the identity verification failure data at least comprises attribute information and related time information of the terminal equipment of the Internet of things, which are related to the data transmission request received by the transmission management terminal at the time.
The transmission management terminal is used for encrypting the first transmission serial number through the private key in the first public-private key pair to obtain a first transmission instruction ciphertext, and encrypting the target pseudo-random number in the verification feedback information through the private key in the first public-private key pair.
S300, sending a first transmission instruction ciphertext to an Internet of things gateway, and sending verification feedback information to Internet of things terminal equipment;
s400, the terminal equipment of the Internet of things encrypts data to be transmitted to generate a data packet, generates a second transmission sequence number according to the received verification feedback information, encrypts the second transmission sequence number to generate a second transmission instruction ciphertext, packages the data packet and the second transmission instruction ciphertext and then sends the packaged data packet and the second transmission instruction ciphertext to the gateway of the Internet of things;
specifically, the content of the second transmission serial number is an identification code of the terminal device of the internet of things and a target pseudo-random number encrypted by the transmission management terminal in sequence, and the gateway of the internet of things can perform one-step security check on the identity of the terminal device of the internet of things and the transmitted information according to the encrypted second transmission serial number, namely the second transmission instruction ciphertext.
The public key in the second public-private key pair is held by the internet of things terminal equipment, wherein the public key in the internet of things terminal equipment is specifically distributed through a data transmission matching list, after the data transmission matching list is set according to the attribute information of each terminal equipment and gateway equipment, the installation position and other factors, the private key in the second public-private key pair is held by the internet of things gateway according to the corresponding relation between the terminal equipment and the gateway equipment, the public key in the second public-private key pair is distributed to one or more terminal equipment corresponding to the internet of things gateway according to the data transmission matching list, the internet of things terminal equipment encrypts data to be transmitted through the public key in the second public-private key pair to generate a data packet, and the second transmission sequence number is encrypted to generate a second transmission instruction ciphertext.
S500, the gateway of the Internet of things carries out decryption verification on the data packet, and responds to successful decryption verification on the data packet, and safety verification is carried out on the current data transmission action of the terminal equipment of the Internet of things according to the first transmission instruction ciphertext;
specifically, the data to be transmitted is encrypted to generate a data packet, and then decryption verification is carried out on the data packet, so that on one hand, the security of the data to be transmitted, obtained by monitoring the terminal equipment of the Internet of things, in the network can be ensured, the leakage of private information is avoided, and on the other hand, the risk of replacing the data in the data packet can be reduced to a certain extent by carrying out decryption verification on the data packet;
the gateway of the internet of things carries out decryption verification on the data packet through the private key in the second public-private key pair, and if the data packet can be successfully decrypted through the private key in the second public-private key pair, the fact that the decryption verification on the data packet is passed is indicated;
in response to successful decryption verification of the data packet, the gateway of the internet of things further performs time verification and identity verification on the terminal equipment of the internet of things, and specifically comprises the following authentication processes:
decrypting the first transmission instruction ciphertext through a public key in the first public-private key pair, decrypting the second transmission instruction ciphertext through a private key in the second public-private key pair, and decrypting the target pseudo-random number encrypted by the transmission management terminal and recorded by the decrypted second transmission instruction ciphertext through the public key in the first public-private key pair;
performing time verification on the terminal equipment of the Internet of things, wherein the time for receiving data packaged and sent by the terminal equipment of the Internet of things is determined whether the time is within the range of transmission start-stop time and transmission end time recorded by the first transmission instruction ciphertext; and carrying out identity verification on the terminal equipment of the Internet of things, wherein the identity verification comprises the step of determining whether pseudo random numbers recorded in a first transmission instruction ciphertext and a second transmission instruction ciphertext are the same or not, and after time verification and identity verification of the terminal equipment of the Internet of things are passed, the step of indicating that the security verification of the current data transmission action of the terminal equipment of the Internet of things is passed.
S600, if the security verification fails, recording security verification failure data; and if the security verification is passed, sending the data packet to a server for data storage.
It is worth to say that after the security verification is passed, the risk that the data transmitted by the terminal equipment of the internet of things is revealed or tampered is greatly reduced, in this case, the gateway of the internet of things can send the data packet to the server for data storage, the server end holds the private key in the second public-private key pair, the data packet received by the gateway of the internet of things can be decrypted and then stored through the private key in the second public-private key pair, or the data packet is used for subsequent data analysis, and the transmission process of the data of the internet of things is ended.
In an alternative embodiment, for the data transfer matching list, further comprising:
acquiring identity verification failure data and security verification failure data;
regarding the first terminal equipment related to the identity verification failure data, regarding the first terminal equipment as risk equipment, and re-matching the data transmission object for the first terminal equipment;
and deleting the second terminal equipment from the data transmission matching list for the second terminal equipment related to the security verification failure data.
Specifically, the first terminal device actually refers to a terminal device related to identity verification failure data, each group of identity verification failure data corresponds to one internet of things terminal device sending out a data transmission request at a time, here, for convenience in describing the first terminal device as a first terminal device, the following second terminal device is the same, for the first terminal device related to identity verification failure data, there is a certain possibility that identity information of a certain terminal device is leaked, attribute information and/or request time of an internet of things gateway in the data transmission request received by a transmission management terminal is not consistent with information recorded in a data transmission matching list, in this case, the first terminal device can be treated as a risk device by adopting a processing mode of re-matching the first terminal device with a data transmission object, which indicates that the first terminal device has a risk of information leakage, a secret key is re-allocated for the first terminal device by re-matching the data transmission object according to the newly matched data transmission object, then a data packet sent by the first terminal device can be continuously received under the condition that identity verification of the first terminal device is successful and security verification is successful, and the related risk device can be manually interposed by a person;
for the second terminal device involved in the security verification failure data, there is a certain possibility that the secret key issued to the second terminal device is leaked, or other situations, in which in order to ensure the security of data transmission, the second terminal device is processed in a manner of deleting from the data transmission matching list, so as to improve the security of data transmission of the internet of things.
It will be understood that modifications and variations will be apparent to those skilled in the art from the foregoing description, and it is intended that all such modifications and variations be included within the scope of the following claims. Parts of the specification not described in detail belong to the prior art known to those skilled in the art.
Claims (5)
1. The data security transmission method of the Internet of things is characterized by comprising the following steps of:
the method comprises the steps that a transmission management terminal receives a data transmission request, wherein the data transmission request comprises identity information of terminal equipment of the Internet of things, attribute information of a gateway of the Internet of things and request time;
the transmission management terminal performs identity verification on the terminal equipment of the Internet of things in the data transmission request according to the data transmission matching list, and if the identity verification on the terminal equipment of the Internet of things fails, the identity verification failure data is recorded; if the identity of the terminal equipment of the Internet of things is successfully checked, generating a first transmission sequence number according to the data transmission request, encrypting the first transmission sequence number to generate a first transmission instruction ciphertext, sending the transmission instruction ciphertext to the gateway of the Internet of things, and simultaneously generating check feedback information according to the first transmission sequence number and sending the check feedback information to the terminal equipment of the Internet of things;
the terminal equipment of the Internet of things encrypts data to be transmitted to generate a data packet, generates a second transmission serial number according to the received verification feedback information, encrypts the second transmission serial number to generate a second transmission instruction ciphertext, packages the data packet and the second transmission instruction ciphertext and then sends the packaged data packet and the second transmission instruction ciphertext to the gateway of the Internet of things;
the gateway of the Internet of things carries out decryption verification on the data packet, and responds to successful decryption verification on the data packet, and carries out security verification on the current data transmission action of the terminal equipment of the Internet of things according to the first transmission instruction ciphertext;
if the security verification fails, recording security verification failure data; if the security verification is passed, the data packet is sent to a server for data storage;
the step of verifying the identity of the terminal equipment of the internet of things in the data transmission request according to the data transmission matching list comprises the following steps:
the data transmission matching list records attribute information of a plurality of terminal devices and a plurality of gateway devices and data transmission rules between the terminal devices and the gateway devices, and the data transmission matching list comprises a data allowable transmission time range and a data transmission object of each terminal device;
the identity verification of the terminal equipment of the Internet of things specifically comprises the following steps:
determining whether the gateway of the Internet of things in the data request is a data transmission object of the terminal equipment of the Internet of things according to the data transmission matching list, determining whether the request time in the data transmission request is in an allowable transmission time range corresponding to the terminal equipment of the Internet of things, and after checking the gateway of the Internet of things and the request time, indicating that the identity check of the terminal equipment of the Internet of things is successful;
for the data transmission matching list, further comprising:
acquiring the identity verification failure data and the security verification failure data;
regarding the first terminal equipment related to the identity verification failure data as risk equipment, and re-matching a data transmission object for the first terminal equipment;
and deleting the second terminal equipment from the data transmission matching list for the second terminal equipment related to the security verification failure data.
2. The method of claim 1, wherein the generating a first transmission sequence number from the data transmission request further comprises:
determining transmission start-stop time and transmission end time according to a preset transmission failure rule in response to successful identity verification of the terminal equipment of the Internet of things, and generating a target pseudo-random number through a pseudo-random number generation algorithm, wherein the content of the first transmission serial number is the transmission start-stop time and transmission end time, the identity identification code of the terminal equipment of the Internet of things and the target pseudo-random number in sequence;
for the verification feedback information, further comprising:
and generating the verification feedback information according to the identity verification result of the terminal equipment of the Internet of things and the target pseudo-random number, wherein the verification feedback information comprises the encrypted target pseudo-random number.
3. The method of claim 2, wherein for the first transmission instruction ciphertext and the second transmission instruction ciphertext, further comprising:
encrypting the first transmission sequence number by a private key in a first public-private key pair to generate a first transmission instruction ciphertext, and encrypting the second transmission sequence number by a public key in a second public-private key pair to generate a second transmission instruction ciphertext;
and the content of the second transmission serial number is the identification code of the terminal equipment of the Internet of things and the target pseudo-random number in sequence.
4. The method of claim 3, further comprising, for the internet of things gateway:
the internet of things gateway decrypts the data packet through the private key in the second public-private key pair, decrypts the first transmission instruction ciphertext through the public key in the first public-private key pair in response to successful decryption verification of the data packet, decrypts the second transmission instruction ciphertext through the private key in the second public-private key pair, and decrypts the target pseudo-random number recorded by the decrypted second transmission instruction ciphertext through the public key in the first public-private key pair;
and carrying out time verification and identity verification on the terminal equipment of the Internet of things, wherein the time for receiving the data packaged and sent by the terminal equipment of the Internet of things is determined to be within the range of the transmission start-stop time and the transmission end time recorded by the first transmission instruction ciphertext, and whether the pseudo random numbers recorded in the first transmission instruction ciphertext and the second transmission instruction ciphertext are the same is determined, and the passing of the time verification and the identity verification on the terminal equipment of the Internet of things is indicated by the passing of the security verification.
5. The system is characterized by comprising an Internet of things terminal device, an Internet of things gateway and a transmission management terminal which is respectively in communication connection with the Internet of things terminal device and the Internet of things gateway, wherein the Internet of things terminal device is in communication connection with the Internet of things gateway;
the internet of things data security transmission system executes the internet of things data security transmission method according to any one of the claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310948396.1A CN116668200B (en) | 2023-07-31 | 2023-07-31 | Internet of things data security transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310948396.1A CN116668200B (en) | 2023-07-31 | 2023-07-31 | Internet of things data security transmission method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116668200A CN116668200A (en) | 2023-08-29 |
| CN116668200B true CN116668200B (en) | 2023-10-17 |
Family
ID=87710133
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310948396.1A Active CN116668200B (en) | 2023-07-31 | 2023-07-31 | Internet of things data security transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116668200B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117176458B (en) * | 2023-09-26 | 2024-08-16 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Power equipment interaction method and system based on Internet of things |
| CN117278334B (en) * | 2023-11-22 | 2024-03-15 | 深圳市脉山龙信息技术股份有限公司 | Intelligent operation and maintenance management method and system for Internet of things |
| CN117955649B (en) * | 2024-03-26 | 2024-06-18 | 杭州海康威视数字技术股份有限公司 | Safe and efficient data transmission method and system for Internet of things and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107248993A (en) * | 2017-06-21 | 2017-10-13 | 深圳市盛路物联通讯技术有限公司 | A kind of location-based Internet of Things data encryption method and system |
| CN107277138A (en) * | 2017-06-21 | 2017-10-20 | 深圳市盛路物联通讯技术有限公司 | Double data filter method and system based on forward node and filtering gateway |
| EP3376731A1 (en) * | 2017-03-15 | 2018-09-19 | ABB Schweiz AG | Rule-based information exchange in internet of things |
| CN112291230A (en) * | 2020-10-26 | 2021-01-29 | 公安部第一研究所 | Data security authentication transmission method and device for terminal of Internet of things |
| CN115967941A (en) * | 2022-11-25 | 2023-04-14 | 安徽继远软件有限公司 | Power 5G terminal authentication method and authentication system |
| CN116346423A (en) * | 2023-02-28 | 2023-06-27 | 国网福建省电力有限公司 | Client data multiple encryption system and method in intelligent Internet of things energy system |
-
2023
- 2023-07-31 CN CN202310948396.1A patent/CN116668200B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3376731A1 (en) * | 2017-03-15 | 2018-09-19 | ABB Schweiz AG | Rule-based information exchange in internet of things |
| CN107248993A (en) * | 2017-06-21 | 2017-10-13 | 深圳市盛路物联通讯技术有限公司 | A kind of location-based Internet of Things data encryption method and system |
| CN107277138A (en) * | 2017-06-21 | 2017-10-20 | 深圳市盛路物联通讯技术有限公司 | Double data filter method and system based on forward node and filtering gateway |
| CN112291230A (en) * | 2020-10-26 | 2021-01-29 | 公安部第一研究所 | Data security authentication transmission method and device for terminal of Internet of things |
| CN115967941A (en) * | 2022-11-25 | 2023-04-14 | 安徽继远软件有限公司 | Power 5G terminal authentication method and authentication system |
| CN116346423A (en) * | 2023-02-28 | 2023-06-27 | 国网福建省电力有限公司 | Client data multiple encryption system and method in intelligent Internet of things energy system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116668200A (en) | 2023-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116668200B (en) | Internet of things data security transmission method and system | |
| CN107508812B (en) | Industrial control network data storage method, calling method and system | |
| US11258792B2 (en) | Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium | |
| CN108809953B (en) | Anonymous identity authentication method and device based on block chain | |
| CN112887282B (en) | Identity authentication method, device, system and electronic equipment | |
| KR102177411B1 (en) | Method for managing industrial control systems via physical one-way encryption remote monitoring | |
| CN112019566B (en) | Data transmission method, server, client and computer storage medium | |
| CN113285932B (en) | Method for acquiring edge service, server and edge device | |
| CN110474921A (en) | A kind of perception layer data fidelity method towards local Internet of Things | |
| US20230299971A1 (en) | Data protection apparatus, electronic apparatus, method, and storage medium | |
| CN113518071B (en) | Robot sensor information security enhancing device and method | |
| CN113872751B (en) | Method, device and equipment for monitoring service data and storage medium | |
| CN107888548A (en) | A kind of Information Authentication method and device | |
| CN116915480A (en) | Electric power internet of things safety management method and system | |
| CN113992336B (en) | Encryption network offline data trusted exchange method and device based on block chain | |
| CN112887983B (en) | Equipment identity authentication method, device, equipment and medium | |
| JPH1079732A (en) | Network security system and method therefor | |
| GB2570292A (en) | Data protection | |
| CN114386063A (en) | Authentication system, method and device for accessing data of Internet of things equipment | |
| CN112995096B (en) | Data encryption and decryption methods, devices and equipment | |
| JP5376663B2 (en) | TRANSMITTING DEVICE, RECEIVING DEVICE, AND MANAGEMENT SERVER FOR ENCRYPTED DATA DISTRIBUTION, TRANSMITTING PROGRAM, RECEIVING PROGRAM, AND MANAGING PROGRAM FOR ENCRYPTED DATA DISTRIBUTION, ENCRYPTED DATA DISTRIBUTION SYSTEM, AND ENCRYPTED DATA DISTRIBUTION METHOD | |
| CN114155948B (en) | Telemedicine information processing method, operator node, hospital node and system | |
| CN111835713B (en) | Security authentication method, device and storage medium | |
| CN106953728A (en) | A kind of data transmission method and electronic equipment | |
| CN115801453B (en) | System for sensitive data internet security inquiry |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |