WO2018233035A1 - Procédé et système de chiffrement pour transmission de données d'internet des objets - Google Patents

Procédé et système de chiffrement pour transmission de données d'internet des objets Download PDF

Info

Publication number
WO2018233035A1
WO2018233035A1 PCT/CN2017/099671 CN2017099671W WO2018233035A1 WO 2018233035 A1 WO2018233035 A1 WO 2018233035A1 CN 2017099671 W CN2017099671 W CN 2017099671W WO 2018233035 A1 WO2018233035 A1 WO 2018233035A1
Authority
WO
WIPO (PCT)
Prior art keywords
access node
indication information
device type
internet
encryption indication
Prior art date
Application number
PCT/CN2017/099671
Other languages
English (en)
Chinese (zh)
Inventor
杜光东
Original Assignee
深圳市盛路物联通讯技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市盛路物联通讯技术有限公司 filed Critical 深圳市盛路物联通讯技术有限公司
Publication of WO2018233035A1 publication Critical patent/WO2018233035A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Definitions

  • the present invention relates to the field of Internet of Things technologies, and in particular, to an encryption method and system for data transmission of an Internet of Things.
  • the Internet of Things manages a large number of IoT terminals.
  • the IoT terminals access the Internet through the access nodes to report the collected data to the aggregation unit.
  • the aggregation unit completes the analysis and processing of the data, and finally implements the Internet of Things terminals. Control, management, etc.
  • the encryption method generally uses the fixed encryption algorithm for the IoT terminal to encrypt, and the aggregation unit uses the asymmetric decryption algorithm for decryption. This encryption and decryption method has the problems of easy cracking and low security.
  • the embodiment of the invention discloses an encryption method and system for data transmission of the Internet of Things, which is used for solving the problem of low security in the existing data transmission process of the Internet of Things.
  • the first aspect of the present invention discloses an encryption method for data transmission of an Internet of Things, which may include:
  • the access node receives the first encryption indication information and the second encryption indication information that are sent by the aggregation unit.
  • the first encryption indication information includes a device type and first encryption information that are interested in the aggregation unit, and the first encryption information. a device identifier and a time point of reporting data;
  • the second encryption indication information includes a device type and second encryption information that are interested in the aggregation unit, and the second encryption information includes a node identifier;
  • the first encryption indication information And the device type that is interested in the convergence unit included in the second encryption indication information is the same type;
  • the Internet of Things terminal After receiving the first encryption indication information, the Internet of Things terminal acquires its own device identifier and the time point of reporting the data, and signs and encrypts the data to be sent according to its own device identifier and the time point of reporting the data. Obtaining a first data packet, where the first data packet carries a device type of the Internet of Things terminal;
  • the access node When the device type of the IoT terminal is determined to be the device type of interest of the aggregation unit, the access node acquires its own node identifier according to the second encryption indication information, and according to its own node identifier. Signing and encrypting the first data packet to obtain a second data packet;
  • the access node sends the second data packet to the aggregation unit.
  • the method further includes:
  • the aggregation unit receives the second data packet sent by the access node
  • the aggregation unit performs verification and decryption on the second data packet according to the node identifier of the access node to obtain the first data packet;
  • the aggregation unit performs verification and decryption on the first data packet according to the device identifier of the Internet of Things terminal and the time point of reporting the data to obtain the to-be-sent data.
  • the access node forwards the first encryption indication information to a device type that is interested in the convergence unit in a coverage area of the wireless network.
  • IoT terminals including:
  • the access node sends a broadcast message in the coverage of the wireless network, the broadcast message carrying the first encryption indication information, so that the Internet of Things terminal in the coverage of the wireless network of the access node listens to the a broadcast message sent by the access node, extracting the first encryption indication information from the broadcast message, and determining a device type of the convergence unit included in the first device and the first encryption indication information When matched, the second encryption indication information is received and saved.
  • the method further includes:
  • the access node broadcasts a listening message within its wireless network coverage
  • the access node determines whether the device type of the new Internet of Things terminal matches the device type of interest of the aggregation unit;
  • the access node sends the first encryption indication information to the new Internet of Things terminal when determining that the device type of the new Internet of Things terminal matches the device type of interest of the aggregation unit.
  • the access node when determining that the device type of the new Internet of Things terminal matches the device type of interest of the aggregation unit, Before the first encryption indication information is sent to the new Internet of Things terminal, the method further includes:
  • the second aspect of the present invention discloses an encryption system for Internet of Things data transmission, which may include:
  • the aggregation unit is configured to send the first encryption indication information and the second encryption indication information to the access node, where the first encryption indication information includes a device type and first encryption information that are interested in the convergence unit, where the first The encryption information includes a device identifier and a time point of reporting the data; the second encryption indication information includes a device type and second encryption information that are interested in the aggregation unit, and the second encryption information includes a node identifier; the first encryption The indication information and the device type of the convergence unit included in the second encryption indication information are of the same type;
  • An access node configured to receive the first encryption indication information and the second encryption indication information, where the access node is further configured to forward the first encryption indication information to the wireless network coverage area
  • An IoT terminal corresponding to a device type of interest to the aggregation unit
  • the IoT terminal is configured to acquire a device identifier of the device and a time point for reporting the data after receiving the first encryption indication information, and perform data to be sent according to the device identifier and the time point of reporting the data. Signing and encrypting, obtaining a first data packet, where the first data packet carries a device type of the Internet of Things terminal;
  • the Internet of Things terminal is further configured to send the first data packet to the access node when a time point of reporting data of itself is reached;
  • the access node is further configured to receive the first data packet, and obtain a device type of the Internet of Things terminal from the first data packet;
  • the access node is further configured to: when determining that the device type of the Internet of Things terminal is a device type that is interested in the aggregation unit, acquire, according to the second encryption indication information, its own node identifier, and according to the The node identifier signs and encrypts the first data packet to obtain a second data packet;
  • the access node is further configured to send the second data packet to the convergence unit.
  • the aggregation unit is further configured to receive the second data packet sent by the access node;
  • the aggregation unit is further configured to feed the second data packet according to the node identifier of the access node. Line verification and decryption to obtain the first data packet;
  • the aggregation unit is further configured to perform verification and decryption on the first data packet according to the device identifier of the Internet of Things terminal and a time point of reporting data to obtain the to-be-sent data.
  • the access node is further configured to forward the first encryption indication information to a device that is interested in the convergence unit in a coverage of the wireless network.
  • the way of the IoT terminal corresponding to the type is as follows:
  • the access node is further configured to send a broadcast message in a coverage of the wireless network, where the broadcast message carries the first encryption indication information, so that the Internet of Things terminal in the wireless network coverage of the access node Listening to the broadcast message sent by the access node, extracting the first encryption indication information from the broadcast message, and determining that the device type and the first encryption indication information are included in the convergence unit are interested in When the device types match, the second encryption indication information is received and saved.
  • the access node is further configured to: after receiving the first encryption indication information and the second encryption indication information sent by the aggregation unit, Broadcast listening messages within the network coverage;
  • the access node is further configured to receive a response message that is returned by the Internet of Things terminal in the coverage of the wireless network for the interception message;
  • the access node is further configured to determine, according to the response message, whether a new Internet of Things terminal is accessed within a coverage of the wireless network;
  • the access node is further configured to acquire, when the new Internet of Things terminal is accessed within the coverage of the wireless network, the device type of the new Internet of Things terminal;
  • the access node is further configured to determine whether a device type of the new IoT terminal matches a device type that is interested in the aggregation unit;
  • the access node is further configured to send the first encryption indication information to the new Internet of Things terminal when determining that the device type of the new Internet of Things terminal matches the device type of interest of the aggregation unit .
  • the access node is further configured to: when determining that a device type of the new IoT terminal matches a device type that is interested in the aggregation unit Determining whether the first encryption indication information is in a valid period;
  • the access node is further configured to: when determining that the first encryption indication information is in a valid period, perform sending the first encryption indication information to the new Internet of Things terminal.
  • the embodiment of the invention has the following beneficial effects:
  • the access node forwards the first encryption indication information sent by the aggregation unit to the end of the Internet of Things corresponding to the device type of interest in the convergence unit in the coverage of the wireless network.
  • the Internet of Things terminal After receiving the first encryption indication information, the Internet of Things terminal obtains its own device identifier and the time point of reporting the data, and then uses its own device identifier and the time point of reporting the data to sign and encrypt the sent data to obtain the first a data packet, where the first data packet carries a device type of the Internet of Things terminal; when the time point of the data communication terminal arrives, the Internet of Things terminal sends a first data packet to the access node, and the access node acquires the Internet of Things from the first data packet.
  • the device type of the terminal and when the device type of the IoT terminal is the device type of interest of the aggregation unit, obtains its own node identifier according to the second encryption indication information, and signs the first data packet according to its own node identifier. Encrypting, obtaining the second data packet, and transmitting the second data packet to the convergence unit; as shown in the embodiment of the present invention, the data reported by the Internet of Things terminal of the device type of interest to the convergence unit is in the data transmission process
  • the device identifier is used to sign and encrypt the time point of the data, and the access section is used.
  • the node identifier is used for signature and encryption, so that the data can be signed and encrypted in each transmission channel in the transmission link to enhance the communication security of the transmission link, reduce the risk of being stolen and decrypted, and improve data transmission. Security.
  • FIG. 1 is a schematic diagram of an Internet of Things architecture disclosed by some embodiments of the present invention.
  • FIG. 2 is a schematic flowchart of an encryption method for data transmission of an Internet of Things according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of another method for encrypting an Internet of Things data transmission according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of an encryption system for data network data transmission disclosed in an embodiment of the present invention.
  • the embodiment of the invention discloses an encryption method for data transmission of the Internet of Things, which is used for enhancing communication security of the transmission link, reducing the risk of being stolen and decrypted, and improving the security of data transmission.
  • the embodiment of the invention also correspondingly discloses an encryption system for Internet of Things data transmission.
  • FIG. 1 is a schematic diagram of an Internet of Things architecture disclosed in some embodiments of the present invention. It should be noted that FIG. 1 is only some implementations of the present invention. The schematic diagram of the disclosed Internet of Things architecture, and other schematic diagrams obtained by optimizing or deforming on the basis of FIG. 1 are all within the scope of protection of the present invention, and are not exemplified herein.
  • the IoT architecture shown in FIG. 1 may include three layers of a terminal layer, an access node layer, and an aggregation layer according to functions.
  • the terminal layer may include a mass-scale IoT terminal, such as a hygrometer, a smoke sensor, a ventilation device, a rain sensor, an irrigation valve, etc.;
  • the access node layer may include a large number of access nodes connected by the network, and the access node
  • the device may include a router, a repeater, an access point, and the like, which are not limited by the embodiment of the present invention;
  • the access node may use any standard networking protocol, and the access node may implement data parsing between different network standards;
  • the layer may include a convergence unit, and the aggregation unit may perform high-level management on each access node of the access node layer, thereby implementing control of data transmission frequency, network topology, and other networking functions; the aggregation unit may not only generate the massive IoT terminal.
  • IoT data can be analyzed and decided. It can also be used to obtain information or configure IoT terminal parameters (the data transmission is directed to the IoT terminal); the aggregation unit can also introduce various services, from big data to social networks. Even from social tools "likes" to weather sharing and more.
  • each access node can provide IoT data receiving and receiving services for massive IoT terminals within its own wireless network coverage, where each access node has its own wireless network coverage.
  • Each IoT terminal can have a built-in wireless communication module, which enables each access node to communicate wirelessly with each IoT terminal within its own wireless network coverage via wireless network communication.
  • the wireless communication module built into the IoT terminal can input the upper frequency point 470MHz and the lower frequency point 510MHz during production, so that the wireless communication module can automatically define the communication frequency band as 470MHz ⁇ 510MHz.
  • the wireless communication module can automatically define the communication frequency band as 868MHz ⁇ 908MHz, in order to comply with the European ETSI standard; or, you can enter The upper frequency point is 918MHz and the lower frequency point is 928MHz, so that the wireless communication module can automatically define the communication frequency band as 918MHz ⁇ 928MHz to meet the requirements of the US FCC standard; or, the communication frequency band of the wireless communication module can also be defined as conforming to the Japanese ARIB standard or The provisions of the Canadian IC standard are not limited in the embodiment of the present invention.
  • the Internet of Things terminal can use Frequency Division Multiple Access (FDMA), The combination of Frequency-Hopping Spread Spectrum (FHSS), Dynamic Time Division Multiple Access (DTDMA), and Backoff Multiplexing (CSMA) solves the interference problem.
  • FDMA Frequency Division Multiple Access
  • FHSS Frequency-Hopping Spread Spectrum
  • DTDMA Dynamic Time Division Multiple Access
  • CSMA Backoff Multiplexing
  • FIG. 2 is a schematic flowchart of an encryption method for data transmission of the Internet of Things according to an embodiment of the present invention
  • an encryption method for data transmission of the Internet of Things may include:
  • the access node receives the first encryption indication information and the second encryption indication information that are sent by the aggregation unit.
  • the first encryption indication information includes a device type and first encryption information that are interested in the aggregation unit, where the first encryption information includes the device. a time point of identifying and reporting data;
  • the second encryption indication information includes a device type and a second encryption information that are interested in the aggregation unit, the second encryption information includes a node identifier, and the first encryption indication information and the second encryption indication information are included
  • the types of devices of interest to the aggregation unit are of the same type.
  • the aggregation unit needs to strengthen the data sent by the IoT terminal of this type of device for the type of device that it is interested in (which can be some IoT terminals that collect important data). Further, in the embodiment of the present invention, the aggregation unit may set a corresponding encryption manner for these device types.
  • the first encryption indication information is used to indicate how the Internet of Things terminal corresponding to the device type that the aggregation unit is interested in
  • the second encryption indication information is a device type used to indicate how the access node is interested in the aggregation unit.
  • the data sent by the networked terminal is encrypted.
  • the access node forwards the first encryption indication information to the Internet of Things terminal corresponding to the device type that is interested in the aggregation unit in the coverage of the wireless network.
  • the access node forwards the first encryption indication information to the Internet of Things terminal corresponding to the device type of interest in the aggregation unit in the coverage of the wireless network, including: the access node is in the wireless The broadcast message is sent in the network coverage, and the broadcast message carries the first encryption indication information, so that the IoT terminal in the coverage of the wireless network of the access node listens to the broadcast message sent by the access node, and extracts the first encryption indication information from the broadcast message. And receiving and saving the second encryption indication information when it is determined that its own device type matches the device type of interest of the aggregation unit included in the first encryption indication information.
  • the access node forwards the first encryption indication information to the Internet of Things terminal corresponding to the device type of interest in the aggregation unit in the coverage of the wireless network, including: the access node determines the An IoT terminal that matches a device type of interest to the aggregation unit within the coverage of the wireless network, and then transmits the first encryption indication information to the corresponding Internet of Things terminal.
  • the Internet of Things terminal After receiving the first encryption indication information, the Internet of Things terminal obtains its own device identifier and the time point of reporting the data, and treats according to its own device identifier and the time point of reporting the data.
  • the data is sent for signature and encryption to obtain a first data packet, and the first data packet carries the device type of the Internet of Things terminal.
  • the aggregation unit may specify the time point for reporting the data to the Internet of Things terminal, and send the time point of reporting the data to the Internet of Things terminal through the access node, so that the IoT terminal can set the time point at which the data is reported.
  • the Internet of Things terminal uses a preset encryption algorithm to encrypt the reported data to obtain the encrypted report data, and then uses the device identifier to sign the encrypted report data to obtain the first data. package.
  • the IoT terminal sends the first data packet to the access node when the time point of the data reporting terminal arrives.
  • the sending, by the IoT terminal, the first data packet to the access node includes: acquiring, by the Internet of Things terminal, the target transmission frequency band, and then determining the time-frequency resource corresponding to the target transmission frequency band, and performing the time-frequency resource on the time-frequency resource The access node sends the first data packet.
  • the access node receives the first data packet, and obtains a device type of the Internet of Things terminal from the first data packet.
  • the access node obtains its own node identifier according to the second encryption indication information when determining that the device type of the Internet of Things terminal is the device type of interest of the aggregation unit, and performs the first data packet according to its own node identifier. Sign and encrypt to get the second packet.
  • the access node uses a preset encryption algorithm to encrypt the first data packet, obtains the encrypted first data packet, and then uses the node identifier to sign the encrypted first data packet to obtain the second data packet.
  • the access node sends the second data packet to the convergence unit.
  • the sending, by the access node, the second data packet to the aggregation unit includes: determining, by using an hopping manner, the frequency domain of the physical resource block used to send the second data packet by using the frequency hopping manner a location, where the second data packet is sent to the aggregation unit on the time-frequency resource corresponding to the determined frequency domain location of the physical resource block.
  • the convergence unit after receiving the second data packet sent by the access node, performs verification and decryption on the second data packet according to the node identifier of the access node to obtain the first data packet;
  • the first data packet is verified and decrypted according to the device identifier of the Internet of Things terminal and the time point of reporting the data to obtain data to be transmitted.
  • the aggregation unit performs verification and decryption on the second data packet according to the node identifier of the access node to obtain the first data packet, including:
  • the aggregation unit performs verification and decryption on the second data packet according to the node identifier of the access node;
  • the aggregation unit obtains the first data packet when the second data packet is successfully verified and decrypted
  • the aggregation unit When the aggregation unit fails to verify and decrypt the second data packet, the aggregation unit sends a decryption failure notification to the forwarding node.
  • the aggregation unit performs verification and decryption on the first data packet according to the device identifier of the Internet of Things terminal and the time point of reporting the data, to obtain data to be sent, including:
  • the aggregation unit verifies and decrypts the first data packet according to the device identifier of the Internet of Things terminal and the time point of reporting the data;
  • the aggregation unit obtains data to be sent when the first data packet is successfully verified and decrypted
  • the aggregation unit When the aggregation unit fails to verify and decrypt the first data packet, the aggregation unit sends a decryption failure notification to the forwarding node.
  • the access node forwards the first encryption indication information sent by the aggregation unit to the Internet of Things terminal corresponding to the device type of the convergence unit in the coverage of the wireless network, and the Internet of Things terminal receives the first After encrypting the indication information, obtaining the device identifier of the device and the time point of reporting the data, and then signing and encrypting the data to be sent by using the device identifier and the time point of reporting the data, and acquiring the first data packet, the first data
  • the device type of the IoT terminal is carried; the IoT terminal sends the first data packet to the access node when the time point of reporting the data arrives, and the access node acquires the device type of the Internet of Things terminal from the first data packet, and
  • the node identifier is obtained according to the second encryption indication information, and the first data packet is signed and encrypted according to the node identifier of the IoT device
  • the data reported by the IoT terminal of the device type of interest, in the data transmission process uses the device identifier and the time point of reporting the data for signature and encryption, and the access node uses the node identifier for signature and encryption.
  • This data can be signed and encrypted in the transmission link through each device to enhance the communication security of the transmission link, reduce the risk of being stolen and decrypted, and improve the security of data transmission.
  • FIG. 3 is a schematic flowchart of another method for encrypting an Internet of Things data transmission according to an embodiment of the present invention.
  • an encryption method for data transmission of an Internet of Things may include:
  • the access node receives the first encryption indication information and the second encryption indication information that are sent by the aggregation unit.
  • the first encryption indication information includes a device type and a first encryption information that are interested in the aggregation unit, where the first encryption information includes the device identifier. And a time point of reporting the data;
  • the second encryption indication information includes a device type and a second encryption information that are interested in the aggregation unit, and the second encryption information includes a node identifier; the convergence included in the first encryption indication information and the second encryption indication information
  • the device types of interest to the unit are of the same type.
  • the access node receives the first encryption indication information and the second encryption indication message delivered by the aggregation unit. After the message, the listening message is broadcast within its wireless network coverage.
  • the access node After receiving the first encryption indication information and the second encryption indication information sent by the aggregation unit, the access node forwards the first encryption indication information to the device type in the coverage of the wireless network that matches the information of the convergence unit.
  • the IoT terminal after which broadcasts a listening message within its wireless network coverage to listen to the incoming new IoT terminal in real time.
  • the access node also broadcasts a listening message within its wireless network coverage to listen to the IoT terminal that is offline for a long time in real time to update the routing table in real time.
  • the access node receives a response message that the IoT terminal in the coverage of the wireless network is in response to the feedback of the interception message.
  • the access node determines, according to the response message, whether the new Internet of Things terminal is accessed in the coverage of the wireless network. If the determination result is yes, the process proceeds to step 305. If the determination result is negative, the process ends.
  • the access node acquires a device type of the new IoT terminal.
  • the access node determines whether the device type of the new IoT terminal matches the device type that is interested in the aggregation unit. If the determination result is yes, the process proceeds to step 307. If the determination result is negative, the process ends.
  • the access node sends the first encryption indication information to the new Internet of Things terminal.
  • the access node determines whether the first encryption indication information is in a valid period; and determines the first encryption.
  • the access node sends the first encryption indication information to the new Internet of Things terminal.
  • the convergence unit carries the validity period in the first encryption indication information, and during the validity period, the access node may send the first encryption indication information to the new Internet of Things terminal, so that the new Internet of Things terminal can be encrypted according to the first The indication information signs and encrypts the data.
  • the access node after receiving the first encryption indication information and the second encryption indication information sent by the aggregation unit, the access node forwards the first encryption indication information to the matching aggregation unit in the coverage of the wireless network.
  • the terminal device of the interest device type after which the real-time interception of the wireless network coverage is performed, and when the new IoT terminal is detected, the first encrypted indication information is sent to the new IoT terminal, so that the new IoT terminal can be based on
  • the first encryption indication information signs and encrypts the data to improve data security in the data transmission link.
  • FIG. 4 is a schematic structural diagram of an encryption system for Internet of Things data transmission according to an embodiment of the present invention.
  • an encryption system for Internet of Things data transmission may include:
  • the aggregation unit 410 is configured to send the first encryption indication information and the second encryption to the access node 420.
  • the first encryption indication information includes a device type of interest and a first encryption information, where the first encryption information includes a device identifier and a time point at which the data is reported;
  • the second encryption indication information includes a device that is interested in the aggregation unit 410.
  • the type and the second encryption information, the second encryption information includes a node identifier; the first encryption indication information and the second encryption indication information are included in the same type of device type that the aggregation unit 410 is interested in;
  • the access node 420 is configured to receive the first encryption indication information and the second encryption indication information.
  • the access node 420 is further configured to forward the first encryption indication information to a device type that is interested in the convergence unit 410 in the coverage of the wireless network.
  • the IoT terminal 430 is configured to acquire a device identifier and a time point for reporting the data after receiving the first encryption indication information, and sign and encrypt the data to be sent according to the device identifier and the time point of reporting the data. Obtaining a first data packet, where the first data packet carries the device type of the Internet of Things terminal 430;
  • the Internet of Things terminal 430 is further configured to send the first data packet to the access node 420 when the time point of reporting the data itself arrives;
  • the access node 420 is further configured to receive the first data packet, and acquire a device type of the Internet of Things terminal 430 from the first data packet;
  • the access node 420 is further configured to: when determining that the device type of the Internet of Things terminal 430 is a device type of interest to the aggregation unit 410, obtain the node identifier of the node according to the second encryption indication information, and according to the node identifier of the node A data packet is signed and encrypted to obtain a second data packet;
  • the access node 420 is further configured to send the second data packet to the convergence unit 410.
  • the Internet of Things terminal 430 encrypts the reported data by using a preset encryption algorithm to obtain the encrypted report data, and then uses the device identifier to sign the encrypted report data to obtain the first data pack.
  • the access node 420 encrypts the first data packet by using a preset encryption algorithm, obtains the encrypted first data packet, and then uses the node identifier to encrypt the first data packet. Sign the signature to get the second packet.
  • the sending, by the IoT terminal 430, the first data packet to the access node 420 specifically includes: the Internet of Things terminal 430 acquires a target transmission frequency band, and then determines a time-frequency resource corresponding to the target transmission frequency band, where The first data packet is sent to the access node 420 on the time-frequency resource.
  • the sending, by the access node 420, the second data packet to the aggregation unit 410 includes: the access node 420 determining, by using a frequency hopping manner, a physical medium for transmitting the second data packet from the target transmission frequency band. The frequency domain location of the resource block; the second data packet is sent to the aggregation unit 410 on the time-frequency resource corresponding to the frequency domain location of the determined physical resource block.
  • the aggregation unit 410 is further configured to receive the access node 420.
  • the aggregation unit 410 is further configured to perform verification and decryption on the second data packet according to the node identifier of the access node 420 to obtain the first data packet.
  • the aggregation unit 410 is further configured to verify and decrypt the first data packet according to the device identifier of the Internet of Things terminal 430 and the time point of reporting the data to obtain data to be sent.
  • the manner in which the access node 420 is further configured to forward the first encryption indication information to the Internet of Things terminal 430 corresponding to the device type of interest in the convergence unit 410 in the coverage of the wireless network is specifically :
  • the access node 420 is further configured to send a broadcast message in the coverage of the wireless network, and the broadcast message carries the first encryption indication information, so that the IoT terminal in the coverage of the wireless network of the access node 420 monitors the broadcast sent by the access node 420.
  • the message extracts the first encryption indication information from the broadcast message, and receives and saves the second encryption indication information when it determines that the device type of the device matches the device type of interest of the aggregation unit 410 included in the first encryption indication information.
  • the access node 420 is configured to forward the first encryption indication information to the Internet of Things terminal 430 corresponding to the device type that is interested in the aggregation unit 410 in the coverage of the wireless network, including: The ingress node 420 determines the IoT terminal 430 that matches the device type of interest of the aggregation unit 410 within its wireless network coverage, and then transmits the first encryption indication information to the corresponding IoT terminal 430.
  • the access node 420 is further configured to: after receiving the first encryption indication information and the second encryption indication information that are sent by the aggregation unit 410, broadcast the interception message within the coverage of the wireless network;
  • the access node 420 is further configured to receive a response message that the IoT terminal 430 in the coverage of the wireless network is feedback for the interception message;
  • the access node 420 is further configured to determine, according to the response message, whether the new Internet of Things terminal 430 is accessed within the coverage of the wireless network;
  • the access node 420 is further configured to acquire the device type of the new IoT terminal 430 when it is determined that the new IoT terminal 430 is accessed within the coverage of the wireless network;
  • the access node 420 is further configured to determine whether the device type of the new IoT terminal 430 matches the device type that the aggregation unit 410 is interested in;
  • the access node 420 is further configured to send the first encryption indication information to the new Internet of Things terminal 430 when it is determined that the device type of the new IoT terminal 430 matches the device type of interest of the aggregation unit 410.
  • the access node 420 is further configured to determine the first encryption when determining that the device type of the new IoT terminal 430 matches the device type of interest of the aggregation unit 410. Indicate whether the information is valid.
  • the access node 420 is further configured to: when the first encryption indication information is determined to be in the validity period, send the first encryption indication information to the new Internet of Things terminal 430.
  • the access node 420 will also broadcast a listening message within its wireless network coverage to listen to the IoT terminal that is offline for a long time in real time to update the routing table in real time.
  • the access node after receiving the first encryption indication information and the second encryption indication information sent by the aggregation unit, the access node forwards the first encryption indication information to the matching aggregation unit in the coverage of the wireless network.
  • the terminal device of the device type after which the real-time interception of the wireless network coverage is performed, and when the new IoT terminal is detected, the first encrypted indication information is sent to the new IoT terminal, so that the new IoT terminal can be An encryption indication information signs and encrypts the data to improve data security in the data transmission link.
  • the IoT terminal uses the device identifier and the time point of reporting the data for signature and encryption, and the access node adopts the node.
  • the identification is signed and encrypted so that the data can be signed and encrypted in the transmission link as it passes through each device to enhance the communication security of the transmission link, reduce the risk of being stolen and decrypted, and improve the security of data transmission. Sex.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • PROM Programmable Read-Only Memory
  • EPROM Erasable Programmable Read Only Memory
  • OTPROM One-Time Programmable Read-Only Memory
  • EEPROM Electronically-Erasable Programmable Read-Only Memory
  • CD-ROM Compact Disc Read-Only Memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé et un système de chiffrement pour transmission de données d'Internet des objets, le procédé comportant les étapes suivantes: un nœud d'accès reçoit des premières informations d'indication de chiffrement et des secondes informations d'indication de chiffrement qui sont délivrées par une unité d'agrégation, et transmet les premières informations d'indication de chiffrement à un terminal d'Internet des objets qu'indiquent les premières informations d'indication de chiffrement; selon un identifiant de dispositif du terminal d'Internet des objets et un instant de compte rendu de données, le terminal d'Internet des objets signe et chiffre des données à émettre de façon à acquérir un premier paquet de données, et lorsque l'instant de compte rendu de données est atteint, envoie le premier paquet de données au nœud d'accès; le nœud d'accès acquiert le type de dispositif du terminal d'Internet des objets à partir du premier paquet de données, et lorsque le type de dispositif du terminal d'Internet des objets est un type de dispositif qui est indiqué par les secondes informations d'indication de chiffrement, signe et chiffre le premier paquet de données selon un identifiant de nœud du nœud d'accès de façon à obtenir un second paquet de données, et envoie le second paquet de données à l'unité d'agrégation. Les modes de réalisation de la présente invention peuvent rendre plus sûre la communication sur une liaison de transmission, réduire le risque de vol et de déchiffrement, et accroître la sécurité d'une transmission de données.
PCT/CN2017/099671 2017-06-21 2017-08-30 Procédé et système de chiffrement pour transmission de données d'internet des objets WO2018233035A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710473237.5 2017-06-21
CN201710473237.5A CN107196958B (zh) 2017-06-21 2017-06-21 一种物联网数据传输的加密方法及系统

Publications (1)

Publication Number Publication Date
WO2018233035A1 true WO2018233035A1 (fr) 2018-12-27

Family

ID=59878178

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/099671 WO2018233035A1 (fr) 2017-06-21 2017-08-30 Procédé et système de chiffrement pour transmission de données d'internet des objets

Country Status (2)

Country Link
CN (1) CN107196958B (fr)
WO (1) WO2018233035A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848029A (zh) * 2018-06-12 2018-11-20 迈普通信技术股份有限公司 链路汇聚方法、装置及可读存储介质
CN109618371B (zh) * 2018-11-19 2020-07-07 中国科学院信息工程研究所 一种数据按需汇聚方法及装置
CN117294530B (zh) * 2023-11-24 2024-05-14 深圳市中燃科技有限公司 工业互联网标识解析二级节点数据安全管理方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067497A (zh) * 2012-12-27 2013-04-24 北京时代凌宇科技有限公司 一种物联网系统
CN104158710A (zh) * 2014-08-15 2014-11-19 深圳市蜂联科技有限公司 基于开放式智能网关平台的业务应用通道自动切换方法
CN104202365A (zh) * 2014-08-15 2014-12-10 深圳市蜂联科技有限公司 一种集群式智能网关平台及其部署扩展业务应用的方法
CN105745945A (zh) * 2013-11-13 2016-07-06 华为技术有限公司 控制移动通信系统中的机器类通信的数据传输

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8527748B2 (en) * 2010-10-01 2013-09-03 Schneider Electric USA, Inc. System and method for hosting encrypted monitoring data
US9497102B2 (en) * 2011-12-06 2016-11-15 Qualcomm Incorporated Systems and methods for machine to machine device control and triggering
CN104428826B (zh) * 2013-04-15 2017-05-17 自动连接控股有限责任公司 用于车辆交通的自动化控制的中央网络

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067497A (zh) * 2012-12-27 2013-04-24 北京时代凌宇科技有限公司 一种物联网系统
CN105745945A (zh) * 2013-11-13 2016-07-06 华为技术有限公司 控制移动通信系统中的机器类通信的数据传输
CN104158710A (zh) * 2014-08-15 2014-11-19 深圳市蜂联科技有限公司 基于开放式智能网关平台的业务应用通道自动切换方法
CN104202365A (zh) * 2014-08-15 2014-12-10 深圳市蜂联科技有限公司 一种集群式智能网关平台及其部署扩展业务应用的方法

Also Published As

Publication number Publication date
CN107196958B (zh) 2020-04-07
CN107196958A (zh) 2017-09-22

Similar Documents

Publication Publication Date Title
CN107770182B (zh) 家庭网关的数据存储方法及家庭网关
CN105119939B (zh) 无线网络的接入方法与装置、提供方法与装置以及系统
Chakrabarty et al. Black SDN for the Internet of Things
US8094822B2 (en) Broadcast encryption key distribution system
CN107454079B (zh) 基于物联网平台的轻量级设备认证及共享密钥协商方法
CN107113594B (zh) 设备到设备通信系统的安全发送和接收发现消息的方法
CN106330856A (zh) 听力设备和听力设备通信的方法
US9119077B2 (en) Wireless network security
CN104410970A (zh) 一种无线智能接入方法
US10637651B2 (en) Secure systems and methods for resolving audio device identity using remote application
WO2018233048A1 (fr) Procédé et système de commande de communication d'un dispositif terminal de l'internet des objets
WO2018233046A1 (fr) Procédé et système de contrôle de communication basés sur un type de données
CN103188351A (zh) IPv6 环境下IPSec VPN 通信业务处理方法与系统
CN102546184B (zh) 传感网内消息安全传输或密钥分发的方法和系统
CN105025472B (zh) 一种wifi接入点加密隐藏及发现的方法及其系统
WO2018233035A1 (fr) Procédé et système de chiffrement pour transmission de données d'internet des objets
KR20180130203A (ko) 사물인터넷 디바이스 인증 장치 및 방법
CN106789476A (zh) 一种网关通讯方法及系统
CN110943835A (zh) 一种发送无线局域网信息的配网加密方法及系统
CN111447283A (zh) 一种用于实现配电站房系统信息安全的方法
CN104883372B (zh) 一种基于无线自组织网的防欺骗和抗攻击的数据传输方法
CN108092958A (zh) 信息认证方法、装置、计算机设备及存储介质
WO2018233041A1 (fr) Procédé et système de chiffrement de données de l'internet des objets basé sur la position
CN102045343B (zh) 基于数字证书的通讯加密安全控制方法、服务器及系统
WO2018233044A1 (fr) Procédé et système de filtrage de données de l'internet des objets, basés sur une passerelle de filtrage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17914197

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 15.05.2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17914197

Country of ref document: EP

Kind code of ref document: A1