CN116707805B - Cloud-based method and system for replacing IOT equipment key - Google Patents
Cloud-based method and system for replacing IOT equipment key Download PDFInfo
- Publication number
- CN116707805B CN116707805B CN202310982623.2A CN202310982623A CN116707805B CN 116707805 B CN116707805 B CN 116707805B CN 202310982623 A CN202310982623 A CN 202310982623A CN 116707805 B CN116707805 B CN 116707805B
- Authority
- CN
- China
- Prior art keywords
- file
- cloud
- csr
- iot
- iot equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000012795 verification Methods 0.000 claims description 12
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 238000003860 storage Methods 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000005336 cracking Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000001010 compromised effect Effects 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a cloud-based method and system for replacing an IOT device key, and belongs to the technical field of Internet of things devices. The method of the invention comprises the following steps: creating a new public-private key pair aiming at target equipment, and generating a CSR file based on the public-private key pair; uploading the CSR file to a cloud, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file, and storing the certificate file through the cloud; and acquiring a certificate file stored in the cloud, updating an original certificate file of the IOT equipment by using the certificate file, and simultaneously replacing an original public and private key pair of the IOT equipment by using the public and private key pair. The invention has simple operation, can replace the secret key of the IOT equipment more simply, and can effectively solve the problem of leakage caused by improper management of the IOT secret key.
Description
Technical Field
The invention relates to the technical field of internet of things equipment, in particular to a cloud-based method and system for replacing an IOT equipment key.
Background
The technical background for internet of things (Internet of Things, ioT) device rekeying is based on the need for security and data protection. With the rapid development and wide application of the internet of things, more and more devices are connected with the internet, and a large amount of sensitive data transmission and processing are involved. Rekeying is an important technical measure to ensure the security of devices and data.
First, key exchange may prevent potential security threats. The internet of things devices may be the target of hacking, they attempt to obtain sensitive information of the device or interfere with the normal operation of the device. By periodically rekeying, the success rate of hacking can be reduced because even if they obtain a key, it will fail after replacement.
Second, key exchange helps avoid the risk of key leakage. Even if the key of the device is compromised at a certain point in time, by periodically replacing the key, the chance of continued use by an attacker can be reduced. Rekeying may invalidate previously compromised keys, thereby protecting the security of the device and data.
In addition, key replacement has also helped to cope with advances in password cracking technology. With the increase of computing power and the improvement of password cracking algorithms, originally secure keys may be exposed to the risk of cracking. By periodically rekeying, the resistance of the system can be improved, making it difficult for an attacker to obtain a valid key.
While internet of things device rekeying helps to enhance security, it also has some drawbacks and challenges: (1) complexity and cost: the number of internet of things devices is large, and key replacement is a complex and expensive task for large-scale device deployment. Each device needs to be authenticated and configured at rekeying, which can require significant time and resources; (2) device limitations: some internet of things devices may be limited by hardware and software and may not be easily key replaced. These devices may not have sufficient computing power to support the key exchange process, or lack the necessary security mechanisms to ensure secure transmission and storage of keys; (3) interruption and instability: the key change process may cause interruption or instability of the device, thereby affecting the normal operation of the device and the availability of services. If the key change is incorrect or not timely, the device can be prevented from communicating with other systems or processing data correctly; (4) key management and distribution: key rekeying requires an efficient key management and distribution mechanism. Ensuring that new keys are securely transmitted to each device and properly configured is a complex task. If the key is managed and distributed improperly, it may result in a leakage of the key or an opportunity for an attacker to acquire a new key.
Disclosure of Invention
Aiming at the problems, the invention provides a cloud-based method for replacing an IOT equipment key, which comprises the following steps:
inquiring whether the IOT equipment starts a key automatic updating program or not, if yes, taking the IOT equipment as target equipment, creating a new public-private key pair for the target equipment, and generating a CSR file based on the public-private key pair;
uploading the CSR file to a cloud, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file, and storing the certificate file through the cloud;
and acquiring a certificate file stored in the cloud, updating an original certificate file of the IOT equipment by using the certificate file, and simultaneously replacing an original public and private key pair of the IOT equipment by using the public and private key pair.
Optionally, before querying whether the IOT device starts the automatic key update procedure, the method further comprises:
adding IOT equipment at the cloud end, and adding CSR configuration for the IOT equipment;
and adding CSR configuration for the IOT equipment, wherein the CSR configuration is used for providing certificate user information and a user CN format when generating a CSR file based on the public and private key pair.
Optionally, after adding IOT devices in the cloud and adding CSR configuration to the IOT devices, the method further includes:
registering the IOT equipment at a cloud end by using an original public and private key pair of the IOT equipment;
when registering the IOT device, the cloud end verifies the original certificate file of the IOT device based on the original certificate file of the IOT device stored in a preset mode, and after verification is passed, the IOT device is allowed to register;
if the IOT device is not added in the cloud when the IOT device is registered in the cloud, the IOT device is added in the cloud when the IOT device is registered.
Optionally, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file includes:
and downloading the CSR file uploaded to the cloud, uploading the CSR file to a CA system, signing the CSR file based on the CA system, and generating a certificate file based on the CA system according to the signed CSR file.
Optionally, the method further comprises:
after the original public and private key pair of the IOT equipment is replaced, the public and private key pair of the IOT equipment is used for registering again at the cloud;
when the IOT equipment is re-registered, the cloud end verifies the certificate file of the IOT equipment based on the stored certificate file of the IOT equipment, and after the verification is passed, the IOT equipment is allowed to re-register.
In still another aspect, the present invention further provides a cloud-based system for replacing an IOT device key, including:
the inquiring unit is used for inquiring whether the IOT equipment starts a key automatic updating program or not, if yes, the IOT equipment is used as target equipment, a new public-private key pair is established for the target equipment, and a CSR file is generated based on the public-private key pair;
the signature unit is used for uploading the CSR file to a cloud, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file, and storing the certificate file through the cloud;
the updating unit is used for acquiring the certificate file stored in the cloud, updating the original certificate file of the IOT equipment by using the certificate file, and simultaneously replacing the original public and private key pair of the IOT equipment by using the public and private key pair.
Optionally, before querying whether the IOT device starts the automatic key update procedure, the querying unit is further configured to:
adding IOT equipment at the cloud end, and adding CSR configuration for the IOT equipment;
and adding CSR configuration for the IOT equipment, wherein the CSR configuration is used for providing certificate user information and a user CN format when generating a CSR file based on the public and private key pair.
Optionally, the query unit is further configured to, after adding the IOT device to the cloud, and adding the CSR configuration to the IOT device:
registering the IOT equipment at a cloud end by using an original public and private key pair of the IOT equipment;
when registering the IOT device, the cloud end verifies the original certificate file of the IOT device based on the original certificate file of the IOT device stored in a preset mode, and after verification is passed, the IOT device is allowed to register;
if the IOT device is not added in the cloud when the IOT device is registered in the cloud, the IOT device is added in the cloud when the IOT device is registered.
Optionally, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file includes:
and downloading the CSR file uploaded to the cloud, uploading the CSR file to a CA system, signing the CSR file based on the CA system, and generating a certificate file based on the CA system according to the signed CSR file.
Optionally, the updating unit is further configured to:
after the original public and private key pair of the IOT equipment is replaced, the public and private key pair of the IOT equipment is used for registering again at the cloud;
when the IOT equipment is re-registered, the cloud end verifies the certificate file of the IOT equipment based on the stored certificate file of the IOT equipment, and after the verification is passed, the IOT equipment is allowed to re-register.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a cloud-based method for replacing an IOT device key, which comprises the following steps: inquiring whether the IOT equipment starts a key automatic updating program or not, if yes, taking the IOT equipment as target equipment, creating a new public-private key pair for the target equipment, and generating a CSR file based on the public-private key pair; uploading the CSR file to a cloud, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file, and storing the certificate file through the cloud; and acquiring a certificate file stored in the cloud, updating an original certificate file of the IOT equipment by using the certificate file, and simultaneously replacing an original public and private key pair of the IOT equipment by using the public and private key pair. The invention has simple operation, can replace the secret key of the IOT equipment more simply, and can effectively solve the problem of leakage caused by improper management of the IOT secret key.
Drawings
FIG. 1 is a flow chart of method embodiment 1 of the present invention;
FIG. 2 is a schematic diagram of the implementation of embodiments 2 and 3 of the method of the present invention;
fig. 3 is a block diagram of the system of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the examples described herein, which are provided to fully and completely disclose the present invention and fully convey the scope of the invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, like elements/components are referred to by like reference numerals.
Unless otherwise indicated, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. In addition, it will be understood that terms defined in commonly used dictionaries should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Example 1:
the invention provides a cloud-based method S100 for replacing an IOT device key, as shown in FIG. 1, comprising the following steps:
step S101, inquiring whether the IOT equipment starts a key automatic updating program or not, if yes, taking the IOT equipment as target equipment, creating a new public-private key pair for the target equipment, and generating a CSR file based on the public-private key pair;
step 102, uploading the CSR file to a cloud, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file, and storing the certificate file through the cloud;
step 103, acquiring a certificate file stored in a cloud, updating an original certificate file of the IOT device by using the certificate file, and simultaneously replacing an original public and private key pair of the IOT device by using the public and private key pair.
Before inquiring whether the IOT device starts the automatic key updating program, the method further comprises:
adding IOT equipment at the cloud end, and adding CSR configuration for the IOT equipment;
and adding CSR configuration for the IOT equipment, wherein the CSR configuration is used for providing certificate user information and a user CN format when generating a CSR file based on the public and private key pair.
Wherein, after adding IOT devices in the cloud and adding CSR configuration to the IOT devices, the method further comprises:
registering the IOT equipment at a cloud end by using an original public and private key pair of the IOT equipment;
when registering the IOT device, the cloud end verifies the original certificate file of the IOT device based on the original certificate file of the IOT device stored in a preset mode, and after verification is passed, the IOT device is allowed to register;
if the IOT device is not added in the cloud when the IOT device is registered in the cloud, the IOT device is added in the cloud when the IOT device is registered.
The method for signing the CSR file based on the cloud to generate the certificate file corresponding to the CSR file comprises the following steps:
and downloading the CSR file uploaded to the cloud, uploading the CSR file to a CA system, signing the CSR file based on the CA system, and generating a certificate file based on the CA system according to the signed CSR file.
Wherein the method further comprises:
after the original public and private key pair of the IOT equipment is replaced, the public and private key pair of the IOT equipment is used for registering again at the cloud;
when the IOT equipment is re-registered, the cloud end verifies the certificate file of the IOT equipment based on the stored certificate file of the IOT equipment, and after the verification is passed, the IOT equipment is allowed to re-register.
Example 2:
the invention provides a cloud-based method S200 for replacing an IOT device key, which is shown in FIG. 2, and comprises the following steps:
step S201, adding IOT devices and CSR configuration in the cloud:
adding CSR configuration, which is mainly used for configuring certificate user information and user CN format in CSR file, and providing partial preset information for generating CSR file in the subsequent steps;
step S202, registering the IOT device in the cloud:
before registration, default credentials and a private key are preset in the default IOT device when leaving a factory, the IOT device is automatically connected with a cloud platform when network connection is successful, and registration is performed at the cloud by using the preset private key, and whether the IOT device can allow registration can be verified by using the preset default credentials because the cloud stores the default credentials preset by the IOT device.
The preset certificate and the private key can only be used for requesting a new certificate (i.e. the new certificate or the new private key is generated) and are not used for the subsequent actual business process, and the safety of the IOT device is improved by limiting the use time and the use range of the preset certificate and the private key.
Step S203, updating cloud IOT device information:
after the IOT device is successfully registered in the cloud, device attribute information, such as a device serial number, a device hardware model number, a device software version number, and the like, is automatically reported to the cloud.
Step S204, inquiring whether to start key automatic updating:
after the cloud registration of the IOT device is successful, inquiring about the configuration about the automatic update of the secret key in the local configuration of the IOT device, storing configuration items in a local configuration file of the IOT device, storing options of whether the secret key is automatically updated or not and whether the secret key is updated or not in the configuration file, and if the value of whether the secret key is automatically updated or not in the configuration file is yes and the value of whether the secret key is updated or not is no, starting the secret key automatic update program by the IOT device.
Step S205, a new public-private key pair is created, and a CSR file is generated according to the public key:
after the IOT device starts the key auto-update program, the RSA algorithm is invoked to automatically generate a pair of unique private key and public key, the private key is stored in the local file (if the IOT device supports the encryption chip, the private key is stored in the encryption chip in this step).
The IOT equipment acquires the configuration of the cloud on the CSR file, invokes an RSA algorithm, and generates the CSR file by using an automatically generated private key and public key pair;
step 206, the cloud acquires the CSR file (upload):
after the IOT device generates the CSR file, the CSR file is automatically uploaded to the cloud, the cloud can store the CSR file in a corresponding file server after acquiring the CSR file, and the cloud supports the operation of downloading the CSR file.
Step S207, signature is carried out on the CSR file:
signing the CSR file is realized on the CA system, the CSR file can be manually imported into the CA system after being downloaded in the cloud, the CSR file in the cloud can also be directly obtained through an interface, and signing operation is performed on the CSR file to support automatic signing.
Step S208, generating a certificate file:
the generated certificate file operates on the CA system, and after the CSR file is imported into the CA system, the corresponding certificate file can be generated after signature operation is performed.
Step S209, acquiring a certificate file corresponding to the CSR:
the cloud platform may obtain a certificate generated by the CA system.
Step S2010, saving a new certificate of the IOT device:
the cloud platform can automatically store the certificate file in the cloud file server after receiving the certificate file.
Step S2011, updating the IOT device new certificate:
after receiving the certificate file, the cloud platform needs to update the certificate file used by the IOT device and replace the default certificate file with the newly generated certificate file.
Step S2012, save new certificate:
the cloud platform automatically issues a new certificate to the IOT equipment after receiving the certificate file and updating the new certificate of the IOT equipment, and the IOT equipment stores the new certificate file into a certificate storage path after receiving the certificate file.
Step S2013, the IOT device re-registers:
after receiving the new certificate, the device re-registers the device using the private key generated in step S205, and the cloud verifies the registration information using the new certificate.
Example 3:
the invention provides a cloud-based method S300 for replacing an IOT device key, which is shown in FIG. 2, and comprises the following steps:
step S301, adding CSR configuration for IOT device:
adding CSR configuration, which is mainly used for configuring certificate user information and user CN format in CSR file, and providing partial preset information for generating CSR file in the subsequent steps;
step S302, registering the IOT device in the cloud:
before registration, default credentials and a private key are preset in the default IOT device when leaving a factory, the IOT device is automatically connected with a cloud platform when network connection is successful, and registration is performed at the cloud by using the preset private key, and whether the IOT device can allow registration can be verified by using the preset default credentials because the cloud stores the default credentials preset by the IOT device.
And adding the IOT equipment at the cloud end during registration, automatically registering the IOT equipment at the cloud end after networking, and automatically adding the IOT equipment to the cloud end during registration.
The preset certificate and the private key can only be used for requesting a new certificate (i.e. the new certificate or the new private key is generated) and are not used for the subsequent actual business process, and the safety of the IOT device is improved by limiting the use time and the use range of the preset certificate and the private key.
Step S303, updating cloud IOT device information:
after the IOT device is successfully registered in the cloud, device attribute information, such as a device serial number, a device hardware model number, a device software version number, and the like, is automatically reported to the cloud.
Step S304, inquiring whether to start key automatic updating:
after the cloud registration of the IOT device is successful, inquiring about the configuration about the automatic update of the secret key in the local configuration of the IOT device, storing configuration items in a local configuration file of the IOT device, storing options of whether the secret key is automatically updated or not and whether the secret key is updated or not in the configuration file, and if the value of whether the secret key is automatically updated or not in the configuration file is yes and the value of whether the secret key is updated or not is no, starting the secret key automatic update program by the IOT device.
Step S305, a new public-private key pair is created, and a CSR file is generated according to the public key:
after the IOT device starts the key auto-update program, the RSA algorithm is invoked to automatically generate a pair of unique private key and public key, the private key is stored in the local file (if the IOT device supports the encryption chip, the private key is stored in the encryption chip in this step).
The IOT equipment acquires the configuration of the cloud on the CSR file, invokes an RSA algorithm, and generates the CSR file by using an automatically generated private key and public key pair;
step 306, the cloud acquires the CSR file (upload):
after the IOT device generates the CSR file, the CSR file is automatically uploaded to the cloud, the cloud can store the CSR file in a corresponding file server after acquiring the CSR file, and the cloud supports the operation of downloading the CSR file.
Step S307, signing the CSR file:
signing the CSR file is realized on the CA system, the CSR file can be manually imported into the CA system after being downloaded in the cloud, the CSR file in the cloud can also be directly obtained through an interface, and signing operation is performed on the CSR file to support automatic signing.
Step S308, generating a certificate file:
the generated certificate file operates on the CA system, and after the CSR file is imported into the CA system, the corresponding certificate file can be generated after signature operation is performed.
Step S309, acquiring a certificate file corresponding to the CSR:
the cloud platform may obtain a certificate generated by the CA system.
Step S3010, save the new certificate of IOT device:
the cloud platform can automatically store the certificate file in the cloud file server after receiving the certificate file.
Step S3011, update the IOT device new certificate:
after receiving the certificate file, the cloud platform needs to update the certificate file used by the IOT device and replace the default certificate file with the newly generated certificate file.
Step S3012, save the new certificate:
the cloud platform automatically issues a new certificate to the IOT equipment after receiving the certificate file and updating the new certificate of the IOT equipment, and the IOT equipment stores the new certificate file into a certificate storage path after receiving the certificate file.
Step S3013, re-registering the IOT device:
after receiving the new certificate, the device re-registers the device using the private key generated in step S205, and the cloud verifies the registration information using the new certificate.
Compared with the prior art, the method of the invention has the advantages that:
the operation is simplified: the invention reduces the operation complexity and errors of users through the key replacement process which is simple in design and easy to understand.
The safety is improved: the invention uses the default certificate to verify the replacement process before the key replacement, so that only authorized equipment can perform the key replacement.
The complexity of the production line is reduced, the debugging process after the production line can be met, and meanwhile, the requirement of running safety in a formal environment can be met.
Example 4:
the invention also provides a system 400 for replacing the secret key of the IOT device based on the cloud, as shown in fig. 3, comprising:
a query unit S401, configured to query whether the IOT device starts a key automatic update program, if yes, and if the IOT device is not updated, take the IOT device as a target device, create a new public-private key pair for the target device, and generate a CSR file based on the public-private key pair;
the signature unit S402 is used for uploading the CSR file to a cloud, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file, and storing the certificate file through the cloud;
and the updating unit S403 is used for acquiring the certificate file stored in the cloud, updating the original certificate file of the IOT equipment by using the certificate file, and simultaneously replacing the original public and private key pair of the IOT equipment by using the public and private key pair.
The query unit S401 is further configured to, before querying whether the IOT device starts the automatic key update procedure:
adding IOT equipment at the cloud end, and adding CSR configuration for the IOT equipment;
and adding CSR configuration for the IOT equipment, wherein the CSR configuration is used for providing certificate user information and a user CN format when generating a CSR file based on the public and private key pair.
The query unit S401 adds IOT devices in the cloud, adds CSR configuration to the IOT devices, and is further configured to:
registering the IOT equipment at a cloud end by using an original public and private key pair of the IOT equipment;
when registering the IOT device, the cloud end verifies the original certificate file of the IOT device based on the original certificate file of the IOT device stored in a preset mode, and after verification is passed, the IOT device is allowed to register;
if the IOT device is not added in the cloud when the IOT device is registered in the cloud, the IOT device is added in the cloud when the IOT device is registered.
The method for signing the CSR file based on the cloud to generate the certificate file corresponding to the CSR file comprises the following steps:
and downloading the CSR file uploaded to the cloud, uploading the CSR file to a CA system, signing the CSR file based on the CA system, and generating a certificate file based on the CA system according to the signed CSR file.
Wherein the updating unit S403 is further configured to:
after the original public and private key pair of the IOT equipment is replaced, the public and private key pair of the IOT equipment is used for registering again at the cloud;
when the IOT equipment is re-registered, the cloud end verifies the certificate file of the IOT equipment based on the stored certificate file of the IOT equipment, and after the verification is passed, the IOT equipment is allowed to re-register.
The invention has simple operation, can replace the secret key of the IOT equipment more simply, and can effectively solve the problem of leakage caused by improper management of the IOT secret key.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The scheme in the embodiment of the invention can be realized by adopting various computer languages, such as object-oriented programming language Java, an transliteration script language JavaScript and the like.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (4)
1. A method for replacing an IOT device key based on a cloud, the method comprising:
adding IOT equipment at the cloud end, and adding CSR configuration for the IOT equipment;
adding CSR configuration for the IOT equipment, wherein the CSR configuration is used for providing certificate user information and a user CN format when generating a CSR file based on public and private key pairs; registering the IOT equipment at a cloud end by using an original public and private key pair of the IOT equipment;
when registering the IOT device, the cloud end verifies the original certificate file of the IOT device based on the original certificate file of the IOT device stored in a preset mode, and after verification is passed, the IOT device is allowed to register;
if the IOT equipment is not added in the cloud end when the IOT equipment is registered in the cloud end, the IOT equipment is added in the cloud end when the IOT equipment is registered;
inquiring whether IOT equipment of the Internet of things starts a key automatic updating program or not, if yes, taking the IOT equipment as target equipment, creating a new public-private key pair for the target equipment, and generating a CSR file based on the public-private key pair;
uploading the CSR file to a cloud, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file, and storing the certificate file through the cloud;
acquiring a certificate file stored in a cloud, updating an original certificate file of the IOT equipment by using the certificate file, and simultaneously replacing an original public and private key pair of the IOT equipment by using the public and private key pair;
after the original public and private key pair of the IOT equipment is replaced, the public and private key pair of the IOT equipment is used for registering again at the cloud;
when the IOT equipment is re-registered, the cloud end verifies the certificate file of the IOT equipment based on the stored certificate file of the IOT equipment, and after the verification is passed, the IOT equipment is allowed to re-register.
2. The method of claim 1, wherein signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file comprises:
and downloading the CSR file uploaded to the cloud, uploading the CSR file to a CA system, signing the CSR file based on the CA system, and generating a certificate file based on the CA system according to the signed CSR file.
3. A system for cloud-based replacement of IOT device keys, the system comprising:
the inquiring unit is used for inquiring whether the IOT equipment starts a key automatic updating program or not, if yes, the IOT equipment is used as target equipment, a new public-private key pair is established for the target equipment, and a CSR file is generated based on the public-private key pair;
the query unit is further configured to, before querying whether the IOT device starts the automatic key update procedure:
adding IOT equipment at the cloud end, and adding CSR configuration for the IOT equipment;
adding CSR configuration for the IOT equipment, wherein the CSR configuration is used for providing certificate user information and a user CN format when generating a CSR file based on the public and private key pair;
the query unit is configured to add IOT devices in the cloud, and after adding CSR configuration to the IOT devices, further configured to:
registering the IOT equipment at a cloud end by using an original public and private key pair of the IOT equipment;
when registering the IOT device, the cloud end verifies the original certificate file of the IOT device based on the original certificate file of the IOT device stored in a preset mode, and after verification is passed, the IOT device is allowed to register;
if the IOT equipment is not added in the cloud end when the IOT equipment is registered in the cloud end, the IOT equipment is added in the cloud end when the IOT equipment is registered;
the signature unit is used for uploading the CSR file to a cloud, signing the CSR file based on the cloud to generate a certificate file corresponding to the CSR file, and storing the certificate file through the cloud;
the updating unit is used for acquiring a certificate file stored in the cloud, updating an original certificate file of the IOT equipment by using the certificate file, and simultaneously replacing an original public and private key pair of the IOT equipment by using the public and private key pair; after the original public and private key pair of the IOT equipment is replaced, the public and private key pair of the IOT equipment is used for registering again at the cloud; when the IOT equipment is re-registered, the cloud end verifies the certificate file of the IOT equipment based on the stored certificate file of the IOT equipment, and after the verification is passed, the IOT equipment is allowed to re-register.
4. The system of claim 3, wherein the cloud-based signing the CSR file to generate a certificate file corresponding to the CSR file comprises:
and downloading the CSR file uploaded to the cloud, uploading the CSR file to a CA system, signing the CSR file based on the CA system, and generating a certificate file based on the CA system according to the signed CSR file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310982623.2A CN116707805B (en) | 2023-08-07 | 2023-08-07 | Cloud-based method and system for replacing IOT equipment key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310982623.2A CN116707805B (en) | 2023-08-07 | 2023-08-07 | Cloud-based method and system for replacing IOT equipment key |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116707805A CN116707805A (en) | 2023-09-05 |
CN116707805B true CN116707805B (en) | 2023-10-20 |
Family
ID=87841835
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310982623.2A Active CN116707805B (en) | 2023-08-07 | 2023-08-07 | Cloud-based method and system for replacing IOT equipment key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116707805B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104811300A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Secret key updating method for cloud storage and implementation method of cloud data auditing system |
CN113541935A (en) * | 2021-06-08 | 2021-10-22 | 西安电子科技大学 | Encryption cloud storage method, system, equipment and terminal supporting key escrow |
CN114817889A (en) * | 2021-01-28 | 2022-07-29 | 京东科技控股股份有限公司 | Digital certificate updating method, device and storage medium of electronic signature |
CN115879080A (en) * | 2021-09-28 | 2023-03-31 | 华为云计算技术有限公司 | Certificate authentication method and device |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103595530B (en) * | 2012-08-17 | 2017-04-26 | 华为技术有限公司 | Software secret key updating method and device |
US9769151B2 (en) * | 2013-12-23 | 2017-09-19 | Symantec Corporation | Multi-algorithm key generation and certificate install |
US10284378B2 (en) * | 2016-10-05 | 2019-05-07 | The Toronto-Dominion Bank | Certificate authority master key tracking on distributed ledger |
-
2023
- 2023-08-07 CN CN202310982623.2A patent/CN116707805B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104811300A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Secret key updating method for cloud storage and implementation method of cloud data auditing system |
CN114817889A (en) * | 2021-01-28 | 2022-07-29 | 京东科技控股股份有限公司 | Digital certificate updating method, device and storage medium of electronic signature |
CN113541935A (en) * | 2021-06-08 | 2021-10-22 | 西安电子科技大学 | Encryption cloud storage method, system, equipment and terminal supporting key escrow |
CN115879080A (en) * | 2021-09-28 | 2023-03-31 | 华为云计算技术有限公司 | Certificate authentication method and device |
Also Published As
Publication number | Publication date |
---|---|
CN116707805A (en) | 2023-09-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102018971B1 (en) | Method for enabling network access device to access wireless network access point, network access device, application server and non-volatile computer readable storage medium | |
US11361087B2 (en) | Security data processing device | |
US9100403B2 (en) | Apparatus and methods for providing authorized device access | |
RU2518924C2 (en) | Wireless device, user access control client request method and access control client method | |
US11334345B2 (en) | Differential firmware update generation | |
US8479000B2 (en) | Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit | |
CN110784491A (en) | Internet of things safety management system | |
KR101430240B1 (en) | Apparatus and method for applications signature | |
JP2019505887A (en) | Mobile device with reliable execution environment | |
CN101258505A (en) | Secure software updates | |
US20140075517A1 (en) | Authorization scheme to enable special privilege mode in a secure electronic control unit | |
GB2556906A (en) | Handset identifier verification | |
CN114978635B (en) | Cross-domain authentication method and device, user registration method and device | |
US20100211772A1 (en) | Collaborative Reconciliation of Application Trustworthiness | |
CN116226886B (en) | Information security management method and system for software information system | |
CN109150811A (en) | A kind of method and device that realizing credible session calculates equipment | |
CN111404680B (en) | Password management method and device | |
CN116707805B (en) | Cloud-based method and system for replacing IOT equipment key | |
KR20130085544A (en) | Apparatus and method for control of applications using application sign authentication | |
CN113474777A (en) | Service trust status | |
CN115549958A (en) | Method, device, equipment and medium for replacing secret key | |
KR20100043799A (en) | Method for moving secret data between mobile terminal based on mobile trusted module | |
CN105790931A (en) | Secret key distributing method, network equipment, terminal equipment and system | |
CN116015976A (en) | Data encryption transmission method and device | |
CN116361765A (en) | Identity credential management method, device, electronic equipment and readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |