CN117692902A - Intelligent home interaction method and system based on embedded home gateway - Google Patents
Intelligent home interaction method and system based on embedded home gateway Download PDFInfo
- Publication number
- CN117692902A CN117692902A CN202410149901.0A CN202410149901A CN117692902A CN 117692902 A CN117692902 A CN 117692902A CN 202410149901 A CN202410149901 A CN 202410149901A CN 117692902 A CN117692902 A CN 117692902A
- Authority
- CN
- China
- Prior art keywords
- homomorphic
- terminal
- key
- home gateway
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000003993 interaction Effects 0.000 title claims abstract description 10
- 230000006854 communication Effects 0.000 claims abstract description 113
- 238000004891 communication Methods 0.000 claims abstract description 111
- 230000004044 response Effects 0.000 claims abstract description 32
- 238000004364 calculation method Methods 0.000 claims description 112
- 238000012795 verification Methods 0.000 claims description 25
- 238000004422 calculation algorithm Methods 0.000 claims description 16
- 238000009795 derivation Methods 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 9
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 11
- 238000013461 design Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000000638 solvent extraction Methods 0.000 description 3
- 230000003190 augmentative effect Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- GVVPGTZRZFNKDS-JXMROGBWSA-N geranyl diphosphate Chemical compound CC(C)=CCC\C(C)=C\CO[P@](O)(=O)OP(O)(O)=O GVVPGTZRZFNKDS-JXMROGBWSA-N 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 238000000275 quality assurance Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides an intelligent home interaction method and system based on an embedded home gateway, which belong to the technical field of communication and are used for guaranteeing communication safety of a terminal accessed to the home gateway and avoiding privacy disclosure. The method comprises the following steps: the home gateway receives an access request from a first terminal, wherein the access request is used for the first terminal to request to access a network where the home gateway is located; under the condition that the home gateway determines that the first terminal is credible according to the access request, the home gateway acquires a first key of the first terminal, wherein the first key is a key used by the first terminal for encryption communication in a network; and the home gateway sends an access response to the first terminal, wherein the access response carries ciphertext information, and the ciphertext information is ciphertext obtained by encrypting the first key.
Description
Technical Field
The application relates to the technical field of communication, in particular to an intelligent home interaction method and system based on an embedded home gateway.
Background
The home gateway is a device for realizing communication between devices inside the home network and external devices, and is the most central component in the home network. The device in the home network, such as an intelligent home, can exchange information with an external network (such as an operator network defined by a third generation partnership project (3 rd Generation Partnership Project, 3 GPP)), can exchange information between internal devices, can provide functions of home networking, service quality assurance, security management, maintenance management, address management, data forwarding and the like, and can expand and provide specific applications besides providing basic access functions. Taking the intelligent home scene as an example, the intelligent home can interact with other intelligent home connected with the home gateway through the home gateway, such as the mobile phone controls the opening/closing of an air conditioner, the sound controls the opening of a curtain through the voice of a user, and the like, and the situation can also be called that equipment in the local area network can interact through the home gateway.
However, as devices accessing the home gateway are increasing, how to secure data is a hotspot problem of current research.
Disclosure of Invention
The embodiment of the application provides an intelligent home interaction method and system based on an embedded home gateway, which are used for guaranteeing communication safety of a terminal accessed to the home gateway and avoiding privacy disclosure.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, an embodiment of the present application provides an interaction method for an intelligent home based on an embedded home gateway, which is applied to the home gateway, and the method includes: the home gateway receives an access request from a first terminal, wherein the access request is used for the first terminal to request to access a network where the home gateway is located; under the condition that the home gateway determines that the first terminal is credible according to the access request, the home gateway acquires a first key of the first terminal, wherein the first key is a key used by the first terminal for encryption communication in a network; and the home gateway sends an access response to the first terminal, wherein the access response carries ciphertext information, and the ciphertext information is ciphertext obtained by encrypting the first key.
Optionally, the access request includes at least one of the following information: a trusted certificate of the first terminal, an identity of the first terminal, a cell for requesting access to the network, or an identity of the network; the identity of the first terminal, the cell used to request access to the network, and the identity of the network are used to jointly indicate the network in which the first terminal requests access to the home gateway.
Optionally, the home gateway determines that the first terminal is trusted according to the access request, including: the home gateway performs signature verification on the trusted certificate of the first terminal; under the condition that the verification sign passes, the home gateway determines that the first terminal is credible; the verification means that the home gateway verifies whether the signature of the trusted certificate of the first terminal is signed by a trusted authority and is not tampered, if the signature of the trusted certificate of the first terminal is signed by the trusted authority and is not tampered, the verification is passed, otherwise, the verification is failed.
Optionally, the home gateway obtains a first key of the first terminal, including: the home gateway takes at least one item of information and a root key preconfigured by the home gateway as input parameters, and deduces the input parameters to obtain a first key.
Optionally, the home gateway comprises a homomorphic encryption module and a homomorphic calculation module, wherein the homomorphic encryption module is connected with the homomorphic calculation module through a communication proxy interface and is used for allowing the homomorphic calculation module to access only through the communication proxy interface; the home gateway takes at least one item of information and a root key preconfigured by the home gateway as input parameters, and deduces the input parameters to obtain a first key, and the method comprises the following steps: the homomorphic encryption module homomorphic encrypts at least one item of information into homomorphic ciphertext; the homomorphic encryption module sends homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface; the homomorphic calculating module receives homomorphic ciphertext from the homomorphic encrypting module through the communication proxy interface; the homomorphic calculation module takes the homomorphic ciphertext and the root key preconfigured by the homomorphic calculation module in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a key derivation algorithm to obtain the homomorphic ciphertext of the first key, wherein the homomorphic ciphertext of the first key is ciphertext information; the root key is a key which is preset by a homomorphic computing module in factory, or is derived by the homomorphic encrypting module in the process that the home gateway is used as user equipment to register in an operator network under the condition that the home gateway has the capability of the user equipment, and after the homomorphic encrypting module sends the key Kausf or the key Kseaf to the homomorphic computing module through a communication proxy interface for storage, the homomorphic encrypting module locally releases the key Kausf or the key Kseaf;
Correspondingly, the home gateway sends an access response to the first terminal, including: the homomorphic calculation module sends ciphertext information to the homomorphic encryption module through the communication proxy interface; the homomorphic encryption module receives ciphertext information from the homomorphic calculation module through the communication proxy interface; and the homomorphic encryption module sends an access response to the first terminal according to the ciphertext information.
Optionally, the home gateway obtains a first key of the first terminal, including: the home gateway takes at least one item of information and a key of a terminal accessed to the network as input parameters, and deduces the input parameters to obtain a first key.
Optionally, the home gateway comprises a homomorphic encryption module and a homomorphic calculation module, wherein the homomorphic encryption module is connected with the homomorphic calculation module through a communication proxy interface and is used for allowing the homomorphic calculation module to access only through the communication proxy interface; the home gateway takes at least one item of information and a key of a terminal accessed to a network as input parameters, and deduces the input parameters to obtain a first key, and the method comprises the following steps: the homomorphic encryption module homomorphic encrypts at least one item of information into homomorphic ciphertext; the homomorphic encryption module sends homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface; the homomorphic calculating module receives homomorphic ciphertext from the homomorphic encrypting module through the communication proxy interface; if the terminal accessed to the network is a second terminal, the homomorphic calculation module takes the homomorphic ciphertext and a second secret key of the second terminal in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a secret key derivation algorithm to obtain the homomorphic ciphertext of the first secret key; the homomorphic ciphertext of the first key is ciphertext information, and the second key is a key used by the second terminal for encryption communication in the network; if the terminals accessed to the network are a plurality of terminals, the homomorphic calculation module selects a second terminal and a third terminal from the plurality of terminals, takes a homomorphic ciphertext, a second key of the second terminal in the homomorphic ciphertext state and a third key of the third terminal in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a key derivation algorithm to obtain homomorphic ciphertext of the first key; the homomorphic ciphertext of the first key is ciphertext information, and the third key is a key used by the third terminal for encryption communication in the network; the second terminal and the third terminal are terminals with high reliability of front 2 in the plurality of terminals; correspondingly, the home gateway sends an access response to the first terminal, including: the homomorphic calculation module sends ciphertext information to the homomorphic encryption module through the communication proxy interface; the homomorphic encryption module receives ciphertext information from the homomorphic calculation module through the communication proxy interface; and the homomorphic encryption module sends an access response to the first terminal according to the ciphertext information.
Alternatively, the terminal can perform homomorphic decryption on the ciphertext information to obtain plaintext of the first key.
Optionally, the method further comprises; under the condition that the first terminal requests to establish PC5 connection with other terminals in the network, the home gateway sends a key sharing instruction to the other terminals, wherein the key sharing instruction carries ciphertext information and an identifier of the first terminal, and the other terminals can also execute homomorphic decryption on the ciphertext information to obtain plaintext of the first key.
In a second aspect, there is provided an interactive system for smart home based on an embedded home gateway, the system comprising a home gateway, the system being configured to: the home gateway receives an access request from a first terminal, wherein the access request is used for the first terminal to request to access a network where the home gateway is located; under the condition that the home gateway determines that the first terminal is credible according to the access request, the home gateway acquires a first key of the first terminal, wherein the first key is a key used by the first terminal for encryption communication in a network; and the home gateway sends an access response to the first terminal, wherein the access response carries ciphertext information, and the ciphertext information is ciphertext obtained by encrypting the first key.
Optionally, the access request includes at least one of the following information: a trusted certificate of the first terminal, an identity of the first terminal, a cell for requesting access to the network, or an identity of the network; the identity of the first terminal, the cell used to request access to the network, and the identity of the network are used to jointly indicate the network in which the first terminal requests access to the home gateway.
Optionally, the system is configured to: the home gateway performs signature verification on the trusted certificate of the first terminal; under the condition that the verification sign passes, the home gateway determines that the first terminal is credible; the verification means that the home gateway verifies whether the signature of the trusted certificate of the first terminal is signed by a trusted authority and is not tampered, if the signature of the trusted certificate of the first terminal is signed by the trusted authority and is not tampered, the verification is passed, otherwise, the verification is failed.
Optionally, the system is configured to: the home gateway takes at least one item of information and a root key preconfigured by the home gateway as input parameters, and deduces the input parameters to obtain a first key.
Optionally, the home gateway comprises a homomorphic encryption module and a homomorphic calculation module, wherein the homomorphic encryption module is connected with the homomorphic calculation module through a communication proxy interface and is used for allowing the homomorphic calculation module to access only through the communication proxy interface; the system is configured to: the homomorphic encryption module homomorphic encrypts at least one item of information into homomorphic ciphertext; the homomorphic encryption module sends homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface; the homomorphic calculating module receives homomorphic ciphertext from the homomorphic encrypting module through the communication proxy interface; the homomorphic calculation module takes the homomorphic ciphertext and the root key preconfigured by the homomorphic calculation module in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a key derivation algorithm to obtain the homomorphic ciphertext of the first key, wherein the homomorphic ciphertext of the first key is ciphertext information; the root key is a key which is preset by a homomorphic computing module in factory, or is derived by the homomorphic encrypting module in the process that the home gateway is used as user equipment to register in an operator network under the condition that the home gateway has the capability of the user equipment, and after the homomorphic encrypting module sends the key Kausf or the key Kseaf to the homomorphic computing module through a communication proxy interface for storage, the homomorphic encrypting module locally releases the key Kausf or the key Kseaf; accordingly, the system is configured to: the homomorphic calculation module sends ciphertext information to the homomorphic encryption module through the communication proxy interface; the homomorphic encryption module receives ciphertext information from the homomorphic calculation module through the communication proxy interface; and the homomorphic encryption module sends an access response to the first terminal according to the ciphertext information.
Optionally, the system is configured to: the home gateway takes at least one item of information and a key of a terminal accessed to the network as input parameters, and deduces the input parameters to obtain a first key.
Optionally, the home gateway comprises a homomorphic encryption module and a homomorphic calculation module, wherein the homomorphic encryption module is connected with the homomorphic calculation module through a communication proxy interface and is used for allowing the homomorphic calculation module to access only through the communication proxy interface; the system is configured to: the homomorphic encryption module homomorphic encrypts at least one item of information into homomorphic ciphertext; the homomorphic encryption module sends homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface; the homomorphic calculating module receives homomorphic ciphertext from the homomorphic encrypting module through the communication proxy interface; if the terminal accessed to the network is a second terminal, the homomorphic calculation module takes the homomorphic ciphertext and a second secret key of the second terminal in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a secret key derivation algorithm to obtain the homomorphic ciphertext of the first secret key; the homomorphic ciphertext of the first key is ciphertext information, and the second key is a key used by the second terminal for encryption communication in the network; if the terminals accessed to the network are a plurality of terminals, the homomorphic calculation module selects a second terminal and a third terminal from the plurality of terminals, takes a homomorphic ciphertext, a second key of the second terminal in the homomorphic ciphertext state and a third key of the third terminal in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a key derivation algorithm to obtain homomorphic ciphertext of the first key; the homomorphic ciphertext of the first key is ciphertext information, and the third key is a key used by the third terminal for encryption communication in the network; the second terminal and the third terminal are terminals with high reliability of front 2 in the plurality of terminals; accordingly, the system is configured to: the homomorphic calculation module sends ciphertext information to the homomorphic encryption module through the communication proxy interface; the homomorphic encryption module receives ciphertext information from the homomorphic calculation module through the communication proxy interface; and the homomorphic encryption module sends an access response to the first terminal according to the ciphertext information.
Alternatively, the terminal can perform homomorphic decryption on the ciphertext information to obtain plaintext of the first key.
Optionally, the system is configured to: under the condition that the first terminal requests to establish PC5 connection with other terminals in the network, the home gateway sends a key sharing instruction to the other terminals, wherein the key sharing instruction carries ciphertext information and an identifier of the first terminal, and the other terminals can also execute homomorphic decryption on the ciphertext information to obtain plaintext of the first key.
In summary, the method and the device have the following technical effects:
the home gateway may be responsible for managing a network (such as a local area network) where the home gateway is located, for example, for a first terminal that requests access to the network, such as an intelligent home device, the home gateway may obtain a first key used by the first terminal for encrypted communication in the network when determining that the first terminal is trusted, and send the first key to the first terminal in a ciphertext manner, so that the first terminal performs encrypted communication in the network, thereby ensuring communication security of the terminal that accesses the home gateway, and avoiding privacy disclosure.
The specific technical effects are as follows:
1. the communication safety is improved, namely the first terminal can be ensured to carry out encryption communication in the network where the home gateway is located by encrypting the ciphertext information by using the first key. Even if an attacker can intercept an access request or an access response, they cannot directly acquire the key or ciphertext information therein, thereby reducing the risk of data leakage.
2. The user privacy is protected, namely the home gateway can acquire the first key of the first terminal after determining that the first terminal is trusted. This means that only those users that are considered trusted can obtain the key, thereby protecting the privacy and security of the user.
3. And the communication flow is simplified, namely the ciphertext information in the access response is encrypted by using the first key, so that the user does not need to exchange the key frequently in the communication process, and the communication flow is simplified.
4. The network access efficiency is improved, namely, the home gateway can quickly respond when the first terminal requests access, because the home gateway already acquires the first key of the first terminal in advance, and does not need to exchange the key again.
Drawings
Fig. 1 is a schematic architecture diagram of a communication system according to an embodiment of the present application;
fig. 2 is a flowchart of an interaction method of smart home based on an embedded home gateway according to an embodiment of the present application.
Detailed Description
In the embodiment of the invention, the descriptions of "when … …", "in the case of … …", "if" and "if" all refer to that the device will perform corresponding processing under some objective condition, and are not limited in time, nor do the descriptions require that the device must have a judging action when implementing, nor do the descriptions mean that other limitations exist.
In the description of the embodiments of the present invention, unless otherwise indicated, "/" means that the objects associated in tandem are in a "or" relationship, e.g., A/B may represent A or B; the "and/or" in the embodiment of the present invention is merely an association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a alone, a and B together, and B alone, wherein A, B may be singular or plural. Also, in the description of the embodiments of the present invention, unless otherwise indicated, "plurality" means two or more than two. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural. In addition, in order to facilitate the clear description of the technical solution of the embodiments of the present invention, in the embodiments of the present invention, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ. Meanwhile, in the embodiments of the present invention, words such as "exemplary" or "such as" are used to mean serving as examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion that may be readily understood.
The network architecture and the service scenario described in the embodiments of the present invention are for more clearly describing the technical solution of the embodiments of the present invention, and do not constitute a limitation on the technical solution provided by the embodiments of the present invention, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of the new service scenario, the technical solution provided by the embodiments of the present invention is applicable to similar technical problems.
The technical solutions in the present application will be described below with reference to the accompanying drawings.
Referring to fig. 1, an embodiment of the present application provides a communication system, including: home gateway and terminal.
The terminal may be a terminal having a transceiver function, or a chip system that may be disposed on the terminal. The terminal may also be referred to as a User Equipment (UE), an access terminal, a subscriber unit (subscriber unit), a subscriber station, a Mobile Station (MS), a remote station, a remote terminal, a mobile device, a user terminal, a wireless communication device, a user agent, or a user device. The terminals in embodiments of the present application may be mobile phones (mobile phones), cellular phones (cellular phones), smart phones (smart phones), tablet computers (pads), wireless data cards, personal digital assistants (personal digital assistant, PDAs), wireless modems (modems), handheld devices (handsets), laptop computers (lap computers), machine type communication (machine type communication, MTC) terminals, computers with wireless transceiving functions, virtual Reality (VR) terminals, augmented reality (augmented reality, AR) terminals, wireless terminals in industrial control (industrial control), wireless terminals in unmanned aerial vehicle (self driving), wireless terminals in smart grid (smart grid), wireless terminals in transportation security (transportation safety), wireless terminals in smart city (smart city), wireless terminals in smart home (smart home), roadside units with functions, RSU, etc. The terminal of the present application may also be an in-vehicle module, an in-vehicle component, an in-vehicle chip, or an in-vehicle unit built into a vehicle as one or more components or units.
The home gateway may be an embedded home gateway, or an embedded home gateway, and specifically may be a wired access gateway, an Access Point (AP), a wireless relay node, or a wireless backhaul node. The home gateway may be provided with terminal capabilities, in which case the home gateway may also be considered a special form of terminal that is capable of accessing an operator network, such as a public land mobile network (Public Land Mobile Network, PLMN), by means of a 3GPP access or a non-3 GPP access.
The interaction between the home gateway and the terminal in the above communication system will be described in detail with reference to the method.
Referring to fig. 2, an embodiment of the present application provides an interaction method for smart home based on an embedded home gateway, where the method includes:
s201, the home gateway receives an access request from the first terminal.
The access request is used for a first terminal to request to access a network where the home gateway is located, and the network may be a local area network. For example, the access request may include at least one of the following information: a trusted certificate of the first terminal, an identity of the first terminal, a cell for requesting access to the network, or an identity of the network; the identity of the first terminal, the cell used to request access to the network, and the identity of the network are used to jointly indicate the network in which the first terminal requests access to the home gateway. The identifier of the first terminal may be used to uniquely identify the terminal, and may specifically be a device identifier of the terminal. Typically, the trusted certificate of the first terminal is a trusted certificate issued by a trusted certificate authority for the first terminal, which has a signature of the certificate authority to prove that the first terminal is a trusted device. The cells used to request access to the network may be newly defined cells or may be implemented by multiplexing existing cells, without limitation. The identification of the network may be used to uniquely identify the network, and in particular may be the name of the network.
S202, under the condition that the home gateway determines that the first terminal is credible according to the access request, the home gateway obtains a first key of the first terminal.
Wherein the first key is a key used by the first terminal for encrypted communication in the network.
First, the home gateway may determine that the first terminal is trusted according to the access request. For example, the home gateway may authenticate the trusted certificate of the first terminal; and under the condition that the verification sign passes, the home gateway determines that the first terminal is credible. The verification means that the home gateway verifies whether the signature of the trusted certificate of the first terminal is signed by a trusted authority and is not tampered, if the signature of the trusted certificate of the first terminal is signed by the trusted authority and is not tampered, the verification is passed, otherwise, the verification is failed. And under the condition that the verification sign passes, the home gateway can trigger to acquire the first key of the first terminal.
In one possible design, the home gateway uses at least one item of information and a root key preconfigured by the home gateway as input parameters, and deduces the input parameters to obtain a first key.
Specifically, the home gateway may have a trusted operating environment, such as a homomorphic encryption module and a trusted operating environment homomorphic computing module. The homomorphic encryption module is connected with the homomorphic calculation module through a communication proxy interface and is used for allowing the homomorphic calculation module to access only through the communication proxy interface. In other words, the homomorphic calculation module cannot be accessed by the homomorphic encryption module administrator of the third party or the non-home gateway, so that the data security of the homomorphic calculation module is ensured. On the basis, the homomorphic encryption module can homomorphic encrypt at least one item of information into homomorphic ciphertext; the homomorphic encryption module sends homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface; the homomorphic calculation module can receive homomorphic ciphertext from the homomorphic encryption module through the communication proxy interface; the homomorphic calculation module takes the homomorphic ciphertext and the root key preconfigured by the homomorphic calculation module in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a key derivation algorithm to obtain a first key. The homomorphic calculation is to execute the same calculation as the function of the plaintext in the homomorphic ciphertext state, and the result obtained by calculation is the homomorphic ciphertext of the plaintext result obtained by performing the function calculation on the plaintext. The homomorphism calculation may in particular be a loop-based homomorphism calculation, and reference may in particular be made to the relevant description of the prior art. The root key may be a factory pre-configured key of the homomorphic computing module, or in the case that the home gateway has the capability of the user equipment, the root key may be a key Kausf or a key Kseaf deduced by the home gateway during the process of registering the home gateway as the user equipment to the operator network (e.g. PLMN), i.e. in the registration procedure. After the homomorphic encryption module sends the secret key Kausf or the secret key Kseaf to the homomorphic calculation module through the communication proxy interface for storage, the homomorphic encryption module locally releases the secret key Kausf or the secret key Kseaf. Then, the homomorphic calculation module can send ciphertext information to the homomorphic encryption module through the communication proxy interface; the homomorphic encryption module can receive ciphertext information from the homomorphic calculation module through the communication proxy interface.
In another possible design, the home gateway may take at least one item of information and a key of a terminal that has access to the network as input parameters, and derive the input parameters to obtain the first key.
Specifically, similar to the above architecture, the home gateway may include a homomorphic encryption module and a homomorphic calculation module, where the homomorphic encryption module and the homomorphic calculation module are connected through a communication proxy interface, so that the homomorphic calculation module only allows access to the homomorphic encryption module through the communication proxy interface. Thus, the homomorphic encryption module can homomorphic encrypt at least one item of information into homomorphic ciphertext; the homomorphic encryption module can send homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface; the homomorphic calculation module can receive homomorphic ciphertext from the homomorphic encryption module through the communication proxy interface; if the terminal accessed to the network is a second terminal, the homomorphic calculation module takes the homomorphic ciphertext and a second secret key of the second terminal in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a secret key derivation algorithm to obtain the homomorphic ciphertext of the first secret key. The homomorphic ciphertext of the first key is ciphertext information, and the second key is a key used by the second terminal for encryption communication in the network; if the terminals accessed to the network are a plurality of terminals, the homomorphic calculation module selects a second terminal and a third terminal from the plurality of terminals, takes a homomorphic ciphertext, a second key of the second terminal in the homomorphic ciphertext state and a third key of the third terminal in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a key derivation algorithm to obtain homomorphic ciphertext of the first key. The homomorphic ciphertext of the first key is ciphertext information, the third key is a key used by the third terminal for encryption communication in the network, the second terminal and the third terminal are terminals with high credibility of front 2, and therefore leakage risks of the second key and the third key are minimum, and safety can be further guaranteed. In addition, when the third terminal accesses the home gateway, the manner of acquiring the third key is similar to that of the first terminal, and reference is made to understanding, and details are not repeated. Then, the homomorphic calculation module can send ciphertext information to the homomorphic encryption module through the communication proxy interface; the homomorphic encryption module can receive ciphertext information from the homomorphic calculation module through the communication proxy interface.
It will be appreciated that the above manner of deriving the first key is merely an example, e.g., the first key may not be consistent in length with a key configured with a range of sizes, such as a range of lengths of keys, for each terminal accessing the network. The homomorphic calculation module can randomly select a key of a terminal as an input parameter, derive an intermediate key, judge whether the derived intermediate key is in the length range of the key, if so, determine the intermediate key as a first key, otherwise, continue to randomly select the key of the terminal as the input parameter, and then continue to derive until the key is derived to the first key.
And S203, the home gateway sends an access response to the first terminal.
The access response carries ciphertext information. For example, the homomorphic encryption module sends an access response to the first terminal according to the ciphertext information, e.g., carries the ciphertext information into the access response, and then sends the ciphertext information. Correspondingly, the first terminal can homomorphic decrypt the ciphertext information to obtain the first key.
In the case that the first terminal requests to establish a PC5 connection with another terminal in the network, the home gateway may further send a key sharing indication to the other terminal (e.g., the second terminal, the third terminal, etc.), where the key sharing indication carries ciphertext information and an identifier of the first terminal, and indicates that the ciphertext information is a ciphertext of the first terminal. In this way, other terminals can homomorphically decrypt the ciphertext information to obtain the first key for use in communication with the first terminal.
It can be understood that, in order to reduce the risk of disclosure of the key, the terminal in the network may also include a homomorphic encryption module and a homomorphic calculation module, where the key of the terminal or the key of other terminals may be used only in the environment of the homomorphic calculation module, and the homomorphic encryption module sends the message used for communication in the network to the homomorphic calculation module, and the homomorphic calculation module uses the key to encrypt or decrypt the message and then returns the message to the homomorphic encryption module for the homomorphic encryption module to send to other terminals in the network, or consume the message by itself.
In summary, the home gateway may be responsible for managing a network (such as a local area network) where the home gateway is located, for example, for a first terminal that requests to access the network, such as an intelligent home device, the home gateway may obtain a first key used by the first terminal for performing encryption communication in the network when determining that the first terminal is trusted, and send the first key to the first terminal in a ciphertext manner, so that the first terminal performs encryption communication in the network, thereby ensuring communication security of the terminal accessing the home gateway, and avoiding privacy disclosure.
Specific:
1. the communication safety is improved, namely the first terminal can be ensured to carry out encryption communication in the network where the home gateway is located by encrypting the ciphertext information by using the first key. Even if an attacker can intercept an access request or an access response, they cannot directly acquire the key or ciphertext information therein, thereby reducing the risk of data leakage.
2. The user privacy is protected, namely the home gateway can acquire the first key of the first terminal after determining that the first terminal is trusted. This means that only those users that are considered trusted can obtain the key, thereby protecting the privacy and security of the user.
3. And the communication flow is simplified, namely the ciphertext information in the access response is encrypted by using the first key, so that the user does not need to exchange the key frequently in the communication process, and the communication flow is simplified.
4. The network access efficiency is improved, namely, the home gateway can quickly respond when the first terminal requests access, because the home gateway already acquires the first key of the first terminal in advance, and does not need to exchange the key again.
The method provided in the embodiment of the present application is described in detail above in connection with fig. 2. The following describes an interactive device for intelligent home based on an embedded home gateway for executing the method provided by the embodiment of the present application.
The system includes a home gateway, the system configured to: the home gateway receives an access request from a first terminal, wherein the access request is used for the first terminal to request to access a network where the home gateway is located; under the condition that the home gateway determines that the first terminal is credible according to the access request, the home gateway acquires a first key of the first terminal, wherein the first key is a key used by the first terminal for encryption communication in a network; and the home gateway sends an access response to the first terminal, wherein the access response carries ciphertext information, and the ciphertext information is ciphertext obtained by encrypting the first key.
Optionally, the access request includes at least one of the following information: a trusted certificate of the first terminal, an identity of the first terminal, a cell for requesting access to the network, or an identity of the network; the identity of the first terminal, the cell used to request access to the network, and the identity of the network are used to jointly indicate the network in which the first terminal requests access to the home gateway.
Optionally, the system is configured to: the home gateway performs signature verification on the trusted certificate of the first terminal; under the condition that the verification sign passes, the home gateway determines that the first terminal is credible; the verification means that the home gateway verifies whether the signature of the trusted certificate of the first terminal is signed by a trusted authority and is not tampered, if the signature of the trusted certificate of the first terminal is signed by the trusted authority and is not tampered, the verification is passed, otherwise, the verification is failed.
Optionally, the system is configured to: the home gateway takes at least one item of information and a root key preconfigured by the home gateway as input parameters, and deduces the input parameters to obtain a first key.
Optionally, the home gateway comprises a homomorphic encryption module and a homomorphic calculation module, wherein the homomorphic encryption module is connected with the homomorphic calculation module through a communication proxy interface and is used for allowing the homomorphic calculation module to access only through the communication proxy interface; the system is configured to: the homomorphic encryption module homomorphic encrypts at least one item of information into homomorphic ciphertext; the homomorphic encryption module sends homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface; the homomorphic calculating module receives homomorphic ciphertext from the homomorphic encrypting module through the communication proxy interface; the homomorphic calculation module takes the homomorphic ciphertext and the root key preconfigured by the homomorphic calculation module in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a key derivation algorithm to obtain the homomorphic ciphertext of the first key, wherein the homomorphic ciphertext of the first key is ciphertext information; the root key is a key which is preset by a homomorphic computing module in factory, or is derived by the homomorphic encrypting module in the process that the home gateway is used as user equipment to register in an operator network under the condition that the home gateway has the capability of the user equipment, and after the homomorphic encrypting module sends the key Kausf or the key Kseaf to the homomorphic computing module through a communication proxy interface for storage, the homomorphic encrypting module locally releases the key Kausf or the key Kseaf; accordingly, the system is configured to: the homomorphic calculation module sends ciphertext information to the homomorphic encryption module through the communication proxy interface; the homomorphic encryption module receives ciphertext information from the homomorphic calculation module through the communication proxy interface; and the homomorphic encryption module sends an access response to the first terminal according to the ciphertext information.
Optionally, the system is configured to: the home gateway takes at least one item of information and a key of a terminal accessed to the network as input parameters, and deduces the input parameters to obtain a first key.
Optionally, the home gateway comprises a homomorphic encryption module and a homomorphic calculation module, wherein the homomorphic encryption module is connected with the homomorphic calculation module through a communication proxy interface and is used for allowing the homomorphic calculation module to access only through the communication proxy interface; the system is configured to: the homomorphic encryption module homomorphic encrypts at least one item of information into homomorphic ciphertext; the homomorphic encryption module sends homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface; the homomorphic calculating module receives homomorphic ciphertext from the homomorphic encrypting module through the communication proxy interface; if the terminal accessed to the network is a second terminal, the homomorphic calculation module takes the homomorphic ciphertext and a second secret key of the second terminal in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a secret key derivation algorithm to obtain the homomorphic ciphertext of the first secret key; the homomorphic ciphertext of the first key is ciphertext information, and the second key is a key used by the second terminal for encryption communication in the network; if the terminals accessed to the network are a plurality of terminals, the homomorphic calculation module selects a second terminal and a third terminal from the plurality of terminals, takes a homomorphic ciphertext, a second key of the second terminal in the homomorphic ciphertext state and a third key of the third terminal in the homomorphic ciphertext state as input parameters, and executes homomorphic calculation for calculating the input parameters through a key derivation algorithm to obtain homomorphic ciphertext of the first key; the homomorphic ciphertext of the first key is ciphertext information, and the third key is a key used by the third terminal for encryption communication in the network; the second terminal and the third terminal are terminals with high reliability of front 2 in the plurality of terminals; accordingly, the system is configured to: the homomorphic calculation module sends ciphertext information to the homomorphic encryption module through the communication proxy interface; the homomorphic encryption module receives ciphertext information from the homomorphic calculation module through the communication proxy interface; and the homomorphic encryption module sends an access response to the first terminal according to the ciphertext information.
Alternatively, the terminal can perform homomorphic decryption on the ciphertext information to obtain plaintext of the first key.
Optionally, the system is configured to: under the condition that the first terminal requests to establish PC5 connection with other terminals in the network, the home gateway sends a key sharing instruction to the other terminals, wherein the key sharing instruction carries ciphertext information and an identifier of the first terminal, and the other terminals can also execute homomorphic decryption on the ciphertext information to obtain plaintext of the first key. The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions in accordance with the embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.) means. Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc. that contain one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. In addition, the character "/" herein generally indicates that the associated object is an "or" relationship, but may also indicate an "and/or" relationship, and may be understood by referring to the context.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the partitioning of elements is merely a logical functional partitioning, and there may be additional partitioning in actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some feature fields may be omitted, or not implemented. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes or substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. An intelligent home interaction method based on an embedded home gateway is characterized by being applied to the home gateway, and comprises the following steps:
the home gateway receives an access request from a first terminal, wherein the access request is used for the first terminal to request to access a network where the home gateway is located;
under the condition that the home gateway determines that the first terminal is trusted according to the access request, the home gateway obtains a first key of the first terminal, wherein the first key is a key used by the first terminal for encryption communication in the network;
and the home gateway sends an access response to the first terminal, wherein the access response carries ciphertext information, and the ciphertext information is ciphertext obtained by encrypting the first key.
2. The method of claim 1, wherein the access request includes at least one of the following information: a trusted certificate of the first terminal, an identity of the first terminal, a cell for requesting access to a network, or an identity of the network; the identifier of the first terminal, the cell used for requesting access to the network and the identifier of the network are used for jointly indicating the network where the first terminal requests access to the home gateway.
3. The method according to claim 2, wherein the home gateway determining that the first terminal is trusted according to the access request comprises:
the home gateway performs signature verification on the trusted certificate of the first terminal;
under the condition that the verification sign passes, the home gateway determines that the first terminal is credible; the verification means that the home gateway verifies whether the signature of the trusted certificate of the first terminal is signed by a trusted authority and is not tampered, if the signature of the trusted certificate of the first terminal is signed by the trusted authority and is not tampered, the verification is passed, otherwise, the verification is failed.
4. A method according to claim 2 or 3, wherein the home gateway obtaining the first key of the first terminal comprises:
The home gateway takes the at least one item of information and a root key preconfigured by the home gateway as input parameters, and deduces the input parameters to obtain the first key.
5. The method of claim 4, wherein the home gateway comprises a homomorphic encryption module and a homomorphic calculation module, the homomorphic encryption module and the homomorphic calculation module are connected through a communication proxy interface, so that the homomorphic calculation module only allows the homomorphic encryption module to access through the communication proxy interface; the home gateway takes the at least one item of information and a root key preconfigured by the home gateway as input parameters, and deduces the input parameters to obtain the first key, and the method comprises the following steps:
the homomorphic encryption module homomorphic encrypts the at least one item of information into homomorphic ciphertext;
the homomorphic encryption module sends the homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface;
the homomorphic calculation module receives the homomorphic ciphertext from the homomorphic encryption module through the communication proxy interface;
the homomorphic calculation module takes the homomorphic ciphertext and the root key preconfigured by the homomorphic calculation module in the homomorphic ciphertext state as the input parameter, and executes homomorphic calculation for calculating the input parameter through a key derivation algorithm to obtain the homomorphic ciphertext of the first key, wherein the homomorphic ciphertext of the first key is the ciphertext information;
The root key is a preset key of the homomorphic computing module, or is a key Kausf or a key Kseaf deduced by the homomorphic encrypting module in the process that the home gateway is registered to an operator network as user equipment under the condition that the home gateway has the capability of the user equipment, and the homomorphic encrypting module locally releases the key Kausf or the key Kseaf after sending the key Kausf or the key Kseaf to the homomorphic computing module through the communication proxy interface for storage;
correspondingly, the home gateway sends an access response to the first terminal, including:
the homomorphic calculation module sends the ciphertext information to the homomorphic encryption module through the communication proxy interface;
the homomorphic encryption module receives the ciphertext information from the homomorphic calculation module through the communication proxy interface;
and the homomorphic encryption module sends the access response to the first terminal according to the ciphertext information.
6. A method according to claim 2 or 3, wherein the home gateway obtaining the first key of the first terminal comprises:
And the home gateway takes the at least one item of information and the key of the terminal accessed to the network as input parameters, and deduces the input parameters to obtain the first key.
7. The method of claim 6, wherein the home gateway comprises a homomorphic encryption module and a homomorphic calculation module, the homomorphic encryption module and the homomorphic calculation module being connected by a communication proxy interface, such that the homomorphic calculation module only allows access to the homomorphic encryption module by the communication proxy interface; the home gateway takes the at least one item of information and a key of a terminal accessed to the network as input parameters, and deduces the input parameters to obtain the first key, and the method comprises the following steps:
the homomorphic encryption module homomorphic encrypts the at least one item of information into homomorphic ciphertext;
the homomorphic encryption module sends the homomorphic ciphertext to the homomorphic calculation module through the communication proxy interface;
the homomorphic calculation module receives the homomorphic ciphertext from the homomorphic encryption module through the communication proxy interface;
if the terminal accessed to the network is a second terminal, the homomorphic calculation module takes the homomorphic ciphertext and a second secret key of the second terminal in the homomorphic ciphertext state as the input parameters, and executes homomorphic calculation for calculating the input parameters through a secret key derivation algorithm to obtain the homomorphic ciphertext of the first secret key; the homomorphic ciphertext of the first key is the ciphertext information, and the second key is a key used by the second terminal for encrypting communication in the network;
If the terminals accessed to the network are a plurality of terminals, the homomorphic calculation module selects a second terminal and a third terminal from the plurality of terminals, takes the second secret key of the second terminal in the homomorphic ciphertext state and the third secret key of the third terminal in the homomorphic ciphertext state as the input parameters, and executes homomorphic calculation for calculating the input parameters through a secret key derivation algorithm to obtain the homomorphic ciphertext of the first secret key; the homomorphic ciphertext of the first key is the ciphertext information, and the third key is a key used by the third terminal for encrypted communication in the network;
the second terminal and the third terminal are terminals with high reliability of 2 times in the plurality of terminals;
correspondingly, the home gateway sends an access response to the first terminal, including:
the homomorphic calculation module sends the ciphertext information to the homomorphic encryption module through the communication proxy interface;
the homomorphic encryption module receives the ciphertext information from the homomorphic calculation module through the communication proxy interface;
and the homomorphic encryption module sends the access response to the first terminal according to the ciphertext information.
8. A method according to claim 5 or 7, wherein the terminal is able to perform homomorphic decryption of the ciphertext information to obtain plaintext of the first key.
9. The method of claim 1, wherein the method further comprises;
and under the condition that the first terminal requests to establish PC5 connection with other terminals in the network, the home gateway sends a key sharing instruction to the other terminals, wherein the key sharing instruction carries the ciphertext information and the identification of the first terminal, and the other terminals can also execute homomorphic decryption on the ciphertext information to obtain the plaintext of the first key.
10. An interactive system for smart home based on an embedded home gateway, the system comprising a home gateway, the system configured to:
the home gateway receives an access request from a first terminal, wherein the access request is used for the first terminal to request to access a network where the home gateway is located;
under the condition that the home gateway determines that the first terminal is trusted according to the access request, the home gateway obtains a first key of the first terminal, wherein the first key is a key used by the first terminal for encryption communication in the network;
And the home gateway sends an access response to the first terminal, wherein the access response carries ciphertext information, and the ciphertext information is ciphertext obtained by encrypting the first key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410149901.0A CN117692902B (en) | 2024-02-02 | 2024-02-02 | Intelligent home interaction method and system based on embedded home gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410149901.0A CN117692902B (en) | 2024-02-02 | 2024-02-02 | Intelligent home interaction method and system based on embedded home gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117692902A true CN117692902A (en) | 2024-03-12 |
| CN117692902B CN117692902B (en) | 2024-06-25 |
Family
ID=90135720
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410149901.0A Active CN117692902B (en) | 2024-02-02 | 2024-02-02 | Intelligent home interaction method and system based on embedded home gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117692902B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150404A (en) * | 2006-09-21 | 2008-03-26 | 国际商业机器公司 | System and method for managing and generating device cipher key used for cipher communication |
| CN102695168A (en) * | 2012-05-21 | 2012-09-26 | 中国联合网络通信集团有限公司 | Terminal equipment, encrypted gateway and method and system for wireless network safety communication |
| CN107786328A (en) * | 2017-09-01 | 2018-03-09 | 深圳市金立通信设备有限公司 | A kind of method, service node device and computer-readable medium for generating key |
| US20200403788A1 (en) * | 2018-04-08 | 2020-12-24 | Huawei Technologies Co., Ltd. | Information Sending Method, Key Generation Method, and Apparatus |
| CN112291230A (en) * | 2020-10-26 | 2021-01-29 | 公安部第一研究所 | Data security authentication transmission method and device for terminal of Internet of things |
| WO2021218851A1 (en) * | 2020-04-27 | 2021-11-04 | 华为技术有限公司 | Method and device for secure communication |
| CN114189338A (en) * | 2021-12-07 | 2022-03-15 | 浙江大学 | SM9 secret key safety distribution and management system and method based on homomorphic encryption technology |
| WO2023283789A1 (en) * | 2021-07-12 | 2023-01-19 | Oppo广东移动通信有限公司 | Secure communication method and apparatus, terminal device, and network device |
| CN116709312A (en) * | 2023-07-06 | 2023-09-05 | 中国电信股份有限公司技术创新中心 | Safety protection method and device and electronic equipment |
-
2024
- 2024-02-02 CN CN202410149901.0A patent/CN117692902B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150404A (en) * | 2006-09-21 | 2008-03-26 | 国际商业机器公司 | System and method for managing and generating device cipher key used for cipher communication |
| CN102695168A (en) * | 2012-05-21 | 2012-09-26 | 中国联合网络通信集团有限公司 | Terminal equipment, encrypted gateway and method and system for wireless network safety communication |
| CN107786328A (en) * | 2017-09-01 | 2018-03-09 | 深圳市金立通信设备有限公司 | A kind of method, service node device and computer-readable medium for generating key |
| US20200403788A1 (en) * | 2018-04-08 | 2020-12-24 | Huawei Technologies Co., Ltd. | Information Sending Method, Key Generation Method, and Apparatus |
| WO2021218851A1 (en) * | 2020-04-27 | 2021-11-04 | 华为技术有限公司 | Method and device for secure communication |
| CN112291230A (en) * | 2020-10-26 | 2021-01-29 | 公安部第一研究所 | Data security authentication transmission method and device for terminal of Internet of things |
| WO2023283789A1 (en) * | 2021-07-12 | 2023-01-19 | Oppo广东移动通信有限公司 | Secure communication method and apparatus, terminal device, and network device |
| CN114189338A (en) * | 2021-12-07 | 2022-03-15 | 浙江大学 | SM9 secret key safety distribution and management system and method based on homomorphic encryption technology |
| CN116709312A (en) * | 2023-07-06 | 2023-09-05 | 中国电信股份有限公司技术创新中心 | Safety protection method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117692902B (en) | 2024-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jover et al. | Security and protocol exploit analysis of the 5G specifications | |
| CN110324287B (en) | Access authentication method, device and server | |
| CN103596173B (en) | Wireless network authentication method, client and service end wireless network authentication device | |
| EP2666316B1 (en) | Method and apparatus for authenticating a communication device | |
| CN108293223B (en) | Data transmission method, user equipment and network side equipment | |
| US8347090B2 (en) | Encryption of identifiers in a communication system | |
| KR101438243B1 (en) | Sim based authentication | |
| CN108880813B (en) | Method and device for realizing attachment process | |
| CN112514436B (en) | Secure authenticated communication between initiator and responder | |
| CN112512045B (en) | Communication system, method and device | |
| CN107094127B (en) | Processing method and device, and obtaining method and device of security information | |
| MX2007009790A (en) | Context limited shared secret. | |
| CN111212426B (en) | Terminal access method, terminal, micro base station and access system | |
| US20230344626A1 (en) | Network connection management method and apparatus, readable medium, program product, and electronic device | |
| CN110366175B (en) | Security negotiation method, terminal equipment and network equipment | |
| Khan et al. | Improving air interface user privacy in mobile telephony | |
| KR102491403B1 (en) | Method for enhancing security of subscriber identification module based on physical unclonable function and apparatus and system therefor | |
| Saeed et al. | Pseudonym Mutable Based Privacy for 5G User Identity. | |
| CN114189343A (en) | Mutual authentication method and device | |
| Holtrup et al. | 5g system security analysis | |
| Damir et al. | A beyond-5G authentication and key agreement protocol | |
| JP7231010B2 (en) | CONTROL DEVICE, WIRELESS COMMUNICATION SYSTEM, CONTROL METHOD AND PROGRAM | |
| CN102202291B (en) | Card-free terminal, service access method and system thereof, terminal with card and bootstrapping server function (BSF) | |
| CN110830421B (en) | Data transmission method and device | |
| CN116318795A (en) | Network security protection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |