WO2019015038A1 - Procédé et dispositif de contrôle de chiffrement pour des données de liaison montante basés sur le type de répéteur d'internet des objets - Google Patents

Procédé et dispositif de contrôle de chiffrement pour des données de liaison montante basés sur le type de répéteur d'internet des objets Download PDF

Info

Publication number
WO2019015038A1
WO2019015038A1 PCT/CN2017/100751 CN2017100751W WO2019015038A1 WO 2019015038 A1 WO2019015038 A1 WO 2019015038A1 CN 2017100751 W CN2017100751 W CN 2017100751W WO 2019015038 A1 WO2019015038 A1 WO 2019015038A1
Authority
WO
WIPO (PCT)
Prior art keywords
internet
things
type
data packet
encryption
Prior art date
Application number
PCT/CN2017/100751
Other languages
English (en)
Chinese (zh)
Inventor
杜光东
Original Assignee
深圳市盛路物联通讯技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市盛路物联通讯技术有限公司 filed Critical 深圳市盛路物联通讯技术有限公司
Publication of WO2019015038A1 publication Critical patent/WO2019015038A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Definitions

  • the present invention claims the prior application priority of the application No. 201710593623.8, entitled “IoT Repeater Type-Based Uplink Data Encryption Control Method and Apparatus", filed on July 20, 2017, the content of the above-mentioned prior application is introduced The way is incorporated into this text.
  • the present application relates to the field of communications, and in particular, to an IoT repeater type-based uplink data encryption control method and apparatus.
  • the Internet of Things is an important part of the new generation of information technology, and an important stage of development in the era of "informatization.” Its English name is: “Internet of things (IoT)". As the name suggests, the Internet of Things is the Internet that connects things. This has two meanings: First, the core and foundation of the Internet of Things is still the Internet, which is an extended and extended network based on the Internet; Second, its client extends and extends to any item and item for information. Exchange and communication, that is, things and things. The Internet of Things is widely used in the convergence of networks through communication-aware technologies such as intelligent sensing, identification technology and pervasive computing. It is also called the third wave of the development of the world information industry after computers and the Internet.
  • the Internet of Things is the application expansion of the Internet. It is not so much that the Internet of Things is a network, but the Internet of Things is a business and application. Therefore, application innovation is the core of the development of the Internet of Things. Innovation 2.0 with user experience as the core is the soul of the development of the Internet of Things.
  • the Internet of Things solves the interconnection between objects and the exchange of data between objects.
  • the existing Internet of Things is based on IoT repeaters to send data to the IoT point of interest when it is connected to the Internet (English: access point, AP) to access the Internet, the data security of the Internet of Things is low, so the user experience is low.
  • the application provides an IoT repeater type-based uplink data encryption control method. It can improve the security of IoT data and improve the user experience.
  • an uplink type data encryption control method for an Internet of Things repeater includes the following steps:
  • the Internet of Things relay receives a data packet sent by the Internet of Things terminal
  • the IoT repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type;
  • the Internet of Things repeater invokes the first encryption unit to perform encryption processing on the data packet
  • the IoT repeater sends the encrypted data packet to an IoT access point.
  • the IoT repeater identifies the type of the Internet of Things terminal, including:
  • the Internet of Things repeater identifies the type of the Internet of Things terminal by the identifier of the Internet of Things terminal; the type includes: a smart light, a smart TV, a smart cleaning device, a smart sleep device, or an intelligent monitoring device.
  • the IoT repeater identifies the type of the Internet of Things terminal, including:
  • the Internet of Things repeater sends an IoT terminal type table to the Internet of Things terminal,
  • the Internet of Things relay receives the type of the Internet of Things terminal that is matched by the Internet of Things terminal type table according to the Internet of Things terminal type.
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, the subsequent steps are performed. If the encryption is unsuccessful, the IoT repeater calls the standby of the first encryption unit. The encryption unit encrypts the data packet, and adds the alternate encryption unit identifier to the header extension field of the encrypted data packet.
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
  • the IoT repeater parses the data packet to obtain a signal modulation mode of the data packet as quadrature phase shift keying QPSK, the phase number with energy in the QPSK is obtained, and the phase number is sequentially sorted.
  • the value is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
  • the method further includes:
  • the IoT repeater generates a key pair, the key pair includes: a public key and a private key, and the IoT repeater encrypts the data packet by using the public key through the first encryption unit, and encrypts the data packet After The data packet is sent through the first path, and the private key is sent through the second path.
  • an IoT repeater type-based uplink data encryption control apparatus comprising:
  • a receiving unit configured to receive a data packet sent by the Internet of Things terminal
  • An identification unit configured to identify a type of the Internet of Things terminal
  • a searching unit configured to query, according to the type, a first encryption unit corresponding to the type in a pre-configured type and an encryption unit mapping table;
  • An encryption unit configured to invoke the first encryption unit to perform encryption processing on the data packet
  • the sending unit is configured to send the encrypted data packet to the Internet of Things access point.
  • the identifying unit is specifically configured to identify, by using an identifier of the Internet of Things terminal, a type of the Internet of Things terminal, where the type includes: a smart light, a smart television, a smart cleaning device, a smart sleep device, or an intelligent monitoring device. .
  • the identifying unit is configured to send an IoT terminal type table to the Internet of Things terminal, and receive, by the IoT terminal, the IoT terminal type that matches the IoT terminal type table according to the IoT terminal type table.
  • the encryption unit is configured to invoke the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, perform subsequent steps. If the encryption is unsuccessful, the backup encryption unit of the first encryption unit is invoked. The data packet is encrypted, and the alternate encryption unit identifier is added to the header extension field of the encrypted data packet.
  • the cryptographic unit is configured to: if the signal modulation mode of the data packet is obtained by parsing the data packet into a quadrature phase shift keying QPSK, obtain a phase number with energy in the QPSK, The value obtained by sequentially sorting the phase numbers is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
  • the encryption unit is specifically configured to generate a key pair, where the key pair includes: a public key and a private key, and the data packet is encrypted by the first encryption unit by using a public key, where the sending unit is configured to: The method is configured to send the encrypted data packet through the first path, and send the private key through the second path.
  • a computer storage medium may store a program, where the program is executed, including any one of the Internet of Things repeater type-based uplink data encryption control methods described in the first aspect. Some or all of the steps.
  • an access point device comprising: one or more processors, a memory, a bus system, a transceiver, and one or more programs, the processor, the memory, and The transceiver is coupled by the bus system; wherein the one or more programs are stored in the memory, the one or more programs including instructions that, when executed by an access point, cause an access point to perform the In one aspect and in the first aspect, it is entirely possible to design any of the methods provided.
  • the Internet of Things repeater After the Internet of Things terminal of the technical solution provided by the present invention sends the data packet to the Internet of Things repeater, the Internet of Things repeater queries the corresponding encryption unit according to the type of the Internet of Things terminal, and encrypts the data through the encryption unit.
  • the IoT terminal does not need to configure encryption. All encryption settings are in the IoT repeater. This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, because of its An IoT repeater can connect to a large number of IoT terminals.
  • the IoT repeater configuration can also reduce the overall cost of the Internet of Things.
  • the computing power is generally stronger than that of the IoT repeater.
  • the networked terminal can reduce the delay of data transmission when running the encryption unit, reduce the delay of the network, and improve the user experience.
  • 1 is a schematic flow chart of a repeater-based data routing method
  • FIG. 2 is a flow chart of transmission of a packet sent by an Internet of Things terminal to a gateway
  • Figure 3 is a transmission flow chart of the gateway transmitting the data packet to the Internet of Things terminal
  • FIG. 4 is a schematic flowchart of a repeater-based data automatic routing method according to an embodiment of the present application.
  • FIG. 5 is a schematic diagram of an implementation scenario of an embodiment of the present application.
  • FIG. 6 is a schematic flowchart of a repeater-based data automatic routing method according to another embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a repeater-based data automatic routing apparatus provided by the present application.
  • FIG. 8 is a schematic structural diagram of an Internet of Things repeater device provided by the present application.
  • FIG. 9 is a schematic structural diagram of hardware of an Internet of Things repeater provided by the present application.
  • Computer device also referred to as “computer” in the context, is meant an intelligent electronic device that can perform predetermined processing, such as numerical calculations and/or logical calculations, by running a predetermined program or instruction, which can include a processor and The memory is executed by the processor to execute a predetermined process pre-stored in the memory to execute a predetermined process, or is executed by hardware such as an ASIC, an FPGA, a DSP, or the like, or a combination of the two.
  • Computer devices include, but are not limited to, servers, personal computers, notebook computers, tablets, smart phones, and the like.
  • an uplink data transmission method of an Internet of Things AP is provided.
  • the method is applied to the object network shown in FIG. 1.
  • the object network includes: the Internet of Things terminal 10, the Internet of Things access point AP20, the Internet of Things repeater 40, and the wireless connection.
  • the above-mentioned Internet of Things terminal may have different expressions according to different situations.
  • the Internet of Things terminal may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions.
  • the IoT terminal 10 is connected to the AP 20 in a wireless manner, and the AP 20 accesses the Internet through the gateway 12 by using another method (that is, a connection mode different from the wireless mode).
  • the wireless mode includes but is not limited to: Bluetooth, WIFI, and the like.
  • the other way of the above may be LTE or wired.
  • the wired mode is taken as an example, and for convenience of representation, only one solid line is shown here.
  • the above-mentioned wireless access controller 30 may be a personal computer (PC) according to the size of the Internet of Things. Of course, in practical applications, it may also be multiple PCs or servers.
  • PC personal computer
  • the specific embodiment of the present invention is not limited. The specific manifestation of the above wireless access controller.
  • FIG. 2 is a transmission flow chart of uplink data transmission of an Internet of Things repeater. As shown in FIG. 2, the process includes:
  • Step S201 the Internet of Things terminal 10 wirelessly transmits the data packet to be sent to the Internet of Things repeater;
  • Step S202 the Internet of Things repeater sends the data packet to the AP20;
  • Step S203 The AP20 forwards the data packet to the radio access controller 30.
  • FIG. 3 is a schematic diagram of a type-based uplink data encryption control method for an Internet of Things repeater according to the present invention.
  • the method is implemented in a network architecture as shown in FIG. 4, as shown in FIG.
  • Multiple IoT terminals can be connected.
  • the AP can be a relay station.
  • it can also be a router or other network device with wireless connection and data forwarding function, such as a mobile phone that provides hotspots and a personal computer that provides wireless connection.
  • Such equipment includes the following steps:
  • Step S301 The Internet of Things terminal sends a data packet to the Internet of Things relay.
  • the object-to-network terminal in the above step S301 may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions, such as a smart TV, a smart air conditioner, a smart water bottle, a smart light, a smart switch, or Some IoT smart devices.
  • the manner in which the Internet of Things terminal sends a data packet to the Internet of Things relay may be a method of transmitting a data packet by using a wireless connection, including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
  • a wireless connection including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
  • the Internet of Things and IoT repeaters here are only for wireless IoT repeaters, because for the Internet of Things, the number of devices it accesses is large, for IoT repeaters, if With wired connections, the number of IoT repeaters will be limited first, and for the home, wired connections are unimaginable for home users' wiring, and the cost of this cable is also very high. Therefore, the connection between the Internet of Things terminal and the Internet of Things relay in the technical solution of the present invention is limited to a wireless connection.
  • Step S302 The Internet of Things repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type.
  • the types of the Internet of Things terminals in the above step S302 can be set according to the situation of the device.
  • the types of the Internet of Things terminals can include: smart lights, smart TVs, smart cleaning devices, smart sleep devices, intelligent monitoring devices, etc.
  • the form of performance can be varied.
  • the smart electric light includes, but is not limited to, a smart table lamp, a smart ceiling lamp, a smart wall lamp, etc.
  • a smart TV it can be a Samsung smart TV.
  • it can also be a Sharp smart TV.
  • a smart cleaning device it can be a smart sweeping robot.
  • a smart vacuum cleaner for example, for a smart sleep device
  • It can be: a smart mattress, a smart sofa, etc., for example, for an intelligent monitoring device, or it can be an intelligent blood pressure meter, a smart thermometer, etc., the specific types and types of the above-mentioned Internet of Things terminals of the present invention. Not limited.
  • the type and encryption unit mapping table in the above steps are as shown in FIG. 5, and the foregoing mapping may be a one-to-one mapping, and may of course be a one-to-many mapping.
  • the encryption unit in the above step S302 may specifically be a hardware encryption set in the Internet of Things repeater.
  • the unit includes an encryption algorithm preset by the manufacturer.
  • the encryption unit may also be a software encryption unit configured in the Internet of Things repeater, and the present invention does not limit the specific expression of the encryption unit.
  • the foregoing encryption algorithms include, but are not limited to, triple data encryption algorithm block cipher (English: riple Data Encryption Algorithm, 3DES), message digest algorithm (English: Message Digest Algorithm, MD5) or RSA (Rivest, Shamir, Adleman) and other encryption algorithms.
  • the invention is not limited to specific encryption algorithms.
  • 3DES is a generic term for triple-data encryption algorithm block ciphers. It is equivalent to applying three DES encryption algorithms to each data block. Due to the increased computing power of the computer, the key length of the original DES password becomes vulnerable to brute force; 3DES is designed to provide a relatively simple method to avoid similar attacks by increasing the key length of DES.
  • Step S303 The Internet of Things repeater invokes the first encryption unit to perform encryption processing on the data packet.
  • the implementation method of the foregoing step S303 may specifically be:
  • the first encryption unit is a 3DES encryption unit, and the Internet of Things relay invokes the 3DES encryption unit to perform 3DES encryption processing on the data packet.
  • the first encryption unit is a RAS encryption unit, and the Internet of Things relay invokes the RAS encryption unit to perform RAS encryption processing on the data packet.
  • the Internet of Things relay invokes the MD5 encryption unit to perform MD5 encryption processing on the data packet.
  • the implementation method of the foregoing step S303 may specifically be:
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, the subsequent step S304 is performed. If the encryption is unsuccessful, the standby encryption unit of the first encryption unit is called to encrypt the data packet. The alternate encryption unit identifier is added to the header extension field of the encrypted packet.
  • Step S304 The Internet of Things relay sends the encrypted data packet to the wireless access controller.
  • the implementation method of the above step S304 can be:
  • the encrypted data packet is sent to the wireless access controller in another manner.
  • the AP 20 can send the data packet to the wired device to The radio access controller, of course, in practical applications, the AP 20 can also send the encrypted data packet to the radio access controller through Long Term Evolution (LTE).
  • LTE Long Term Evolution
  • the foregoing LTE or limited mode and the manner in which the Internet of Things terminal is connected to the AP through the WIFI are merely for illustrative purposes, and the present invention does not limit the specific manner of the foregoing connection.
  • the IoT repeater invokes the first encryption unit to perform encryption processing on the data packet, including:
  • the IoT repeater parses the data packet to obtain a signal modulation mode of the data packet, which is Quadrature Phase Shift Keying (QPSK), obtain a phase number with energy in the QPSK, and The value obtained by sequentially sorting the phase numbers is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
  • QPSK Quadrature Phase Shift Keying
  • the phase number with energy refers to the energy of the QPSK subcarrier, that is, the subcarrier transmits the number 1, and the corresponding phase number may specifically be the phase number of the phase, for example, the first phase row number is 1, the second The phase number is 2, and the 15th phase has a row number of 15. In this way, it is difficult to obtain a secret key to be decrypted, and the security is further improved.
  • the IoT repeater queries the corresponding encryption unit according to the type of the Internet of Things terminal, and performs data on the data through the encryption unit. Encryption, for the Internet of Things, the IoT terminal does not need to configure encryption. All encryption settings are in the IoT repeater.
  • This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, One of the IoT repeaters can connect to many IoT terminals.
  • the IoT repeater configuration can also reduce the overall cost of the Internet of Things.
  • the computing power is generally stronger than that of IoT repeaters.
  • the Internet of Things terminal can reduce the delay of data transmission when running the encryption unit, reduce the delay of the network, and improve the user experience.
  • FIG. 6 is a method for controlling uplink type data encryption of an Internet of Things repeater according to the present invention.
  • the method is implemented in a network architecture as shown in FIG. 4, as shown in FIG.
  • Multiple IoT terminals can be connected under the repeater.
  • the IoT repeater can be a relay station. Of course, in practical applications, it can also be a router or other network device with wireless connection and data forwarding function, for example, hotspots are opened.
  • Step S601 The Internet of Things terminal sends a data packet to the Internet of Things relay.
  • the IoT terminal in the above step S601 may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions, such as a smart TV, a smart air conditioner, a smart water bottle, a smart light, a smart switch, or Some IoT smart devices.
  • the manner in which the Internet of Things terminal sends a data packet to the Internet of Things relay may be a method of sending a data packet by using a wireless connection, including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
  • a wireless connection including but not limited to: Bluetooth, Wireless Fidelity (WIFI) Or a wireless method such as Zigbee, wherein the above WIFI needs to comply with the IEEE802.11b standard.
  • the Internet of Things and IoT repeaters here are only for wireless APs, because for the Internet of Things, the number of devices connected to them is large. For IoT repeaters, if they are connected by wire, First, the number of accesses of the Internet of Things repeater is limited, and for the home, wired connections are unimaginable for the wiring of the home users, and the cost of the cable is also very high, so the present invention
  • the connection between the Internet of Things terminal and the Internet of Things repeater in the technical solution is limited to wireless connection.
  • Step S602 the Internet of Things repeater identifies the type of the Internet of Things terminal, and queries the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type;
  • the types of the Internet of Things terminals in the above step S602 can be set according to the situation of the device.
  • the types of the Internet of Things terminals can include: smart lights, smart TVs, smart cleaning devices, smart sleep devices, intelligent monitoring devices, etc.
  • the form of performance can be varied.
  • the smart electric light includes, but is not limited to, a smart table lamp, a smart ceiling lamp, a smart wall lamp, etc.
  • a smart TV it can be a Samsung smart TV.
  • it can also be a Sharp smart TV.
  • a smart cleaning device it can be a smart sweeping robot.
  • a smart vacuum cleaner for example, for a smart sleep device
  • It can be: a smart mattress, a smart sofa, etc., for example, for an intelligent monitoring device, or it can be an intelligent blood pressure meter, a smart thermometer, etc., the specific types and types of the above-mentioned Internet of Things terminals of the present invention. Not limited.
  • the specific implementation method for identifying the type of the Internet of Things terminal by the Internet of Things repeater in the above step S602 Can be:
  • the Internet of Things repeater identifies the type of the Internet of Things terminal through the identification of the Internet of Things terminal, including but not limited to: the media access address (English: Media Access Control, MAC) of the Internet of Things terminal, the IP address, or the Internet of Things terminal. Name and so on, of course, in practical applications, the AP20 and the Internet of Things terminal can also determine the type of the above-mentioned Internet of Things terminal through information interaction. As shown in FIG. 7, the flow of the information interaction may specifically be:
  • Step S701 The Internet of Things terminal sends a connection request to the Internet of Things repeater.
  • Step S702 the Internet of Things repeater returns a connection response to the Internet of Things terminal, and establishes a wireless connection with the Internet of Things terminal;
  • Step S703 the Internet of Things repeater sends the IoT terminal type table in the Internet of Things relay to the Internet of Things terminal through the wireless connection;
  • Step S704 The Internet of Things terminal searches for the type of the Internet of Things terminal that matches the self of the Internet of Things terminal type table;
  • Step S705 The Internet of Things terminal reports the type of the Internet of Things terminal to the Internet of Things repeater.
  • the type and encryption unit mapping table in the above steps are as shown in FIG. 5, and the foregoing mapping may be a one-to-one mapping, and may of course be a one-to-many mapping.
  • the cryptographic unit in the above step S602 may specifically be a hardware cryptographic unit disposed in the Internet of Things repeater, and includes an encryption algorithm preset by the manufacturer.
  • the cryptographic unit may also be configured in the Internet of Things relay.
  • the software encryption unit in the device does not limit the specific expression of the above encryption unit.
  • the foregoing encryption algorithm includes, but is not limited to, an encryption algorithm such as 3DES, MD5 or RSA, and the present invention is not limited to a specific encryption algorithm.
  • Step S603 the Internet of Things repeater generates a key pair, the secret key pair includes a private key and a public key, and the Internet of Things repeater uses a public key to encrypt the data packet according to the first encryption unit;
  • the implementation method of the foregoing step S603 may specifically be:
  • the first encryption unit is a 3DES encryption unit
  • the Internet of Things relay invokes the 3DES encryption unit to perform 3DES encryption processing on the data packet.
  • the AP 20 invokes the RAS encryption unit to perform RAS encryption processing on the data packet.
  • the Internet of Things repeater calls the MD5 encryption unit to perform MD5 encryption on the data packet. deal with.
  • Step S604 The Internet of Things relay sends the encrypted data packet to the wireless access controller through the first path, and the Internet of Things relay sends the private key to the wireless access controller through the second path.
  • the implementation method of the above step S604 can be:
  • the encrypted data packet is sent to the wireless access controller in another manner.
  • the Internet of Things terminal is connected to the AP through the WIFI, and then the AP20 can send the data packet to the wireless access controller by wire, of course, in practice.
  • the AP20 can also send the encrypted data packet to the radio access controller through Long Term Evolution (LTE).
  • LTE Long Term Evolution
  • the foregoing LTE or limited mode and the manner in which the Internet of Things terminal is connected to the AP through the WIFI are merely for illustrative purposes, and the present invention does not limit the specific manner of the foregoing connection.
  • the first path and the second path are different paths, and the first path may be calculated by using a different path algorithm, including but not limited to: a shortest path first algorithm or a shortest time delay first algorithm, of course, the first path And the second path may also be calculated by using different path algorithms.
  • the first path may be calculated by using a shortest path first algorithm
  • the second path may be calculated by a shortest delay first algorithm.
  • the IoT repeater queries the corresponding encryption unit according to the type of the Internet of Things terminal, and performs data on the data through the encryption unit. Encryption, for the Internet of Things, the IoT terminal does not need to configure encryption. All encryption settings are in the IoT repeater.
  • This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, One AP can connect to many IoT terminals, and the IoT repeater configuration can also reduce the overall cost of the Internet of Things.
  • the computing power is generally stronger than the IoT terminal.
  • the delay of data transmission can be reduced, the delay of the network can be reduced, and the user experience can be improved.
  • the method shown in FIG. 6 uses different paths when transmitting encrypted data packets and private keys, which increases the difficulty of information interception, which can further improve data security.
  • the present invention also provides a computer storage medium, wherein the computer storage medium can store a program, the program including any type of Internet of Things repeater described in the first aspect, based on type Some or all of the steps of the uplink data encryption control method.
  • FIG. 8 is an IoT repeater device 800 according to the present invention.
  • the device includes:
  • the receiving unit 801 is configured to receive a data packet sent by the Internet of Things terminal;
  • the identifying unit 802 is configured to identify a type of the Internet of Things terminal
  • the searching unit 803 is configured to query, according to the type, the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table;
  • the encryption unit 804 is configured to invoke the first encryption unit to perform encryption processing on the data packet.
  • the sending unit 805 is configured to send the encrypted data packet to the radio access controller.
  • the identifying unit 802 is specifically configured to identify, by using the identifier of the Internet of Things terminal, a type of the Internet of Things terminal.
  • the identifying unit 805 is specifically configured to send the IoT terminal type table to the Internet of Things terminal, and receive the IoT terminal type that is matched by the IoT terminal according to the IoT terminal type table.
  • the encryption unit 804 is specifically configured to invoke the first encryption unit to perform encryption processing on the data packet. If the encryption is successful, perform subsequent steps. If the encryption is unsuccessful, the standby encryption unit pair of the first encryption unit is invoked. The data packet is subjected to an encryption process, and the alternate encryption unit identifier is added to the header extension field of the encrypted data packet.
  • the encryption unit 804 is specifically configured to: if the signal modulation mode of the data packet is obtained by parsing the data packet into a quadrature phase shift keying QPSK, obtain a phase number with energy in the QPSK, and obtain the phase
  • the value obtained by sequentially sorting the numbers is used as a secret key, and the encryption unit is called by the secret key to perform encryption processing on the data packet.
  • the encryption unit 804 is specifically configured to generate a key pair, where the key pair includes: a public key and a private key, and the data packet is encrypted by the first encryption unit by using a public key, where the sending unit uses The encrypted data packet is sent through the first path, and the private key is sent through the second path.
  • FIG. 9 is an Internet of Things repeater 900 provided by the present invention.
  • the Internet of Things relay can be a node deployed in an Internet system, and the Internet system can further include: an Internet of Things terminal and wireless access.
  • the controller, the Internet of Things repeater 900 includes but is not limited to: a computer, a server, etc., as shown in FIG. 9, the Internet of Things repeater 900 includes: a processor 901, a memory 902, and a transceiver 903 and bus 904.
  • the transceiver 903 is configured to transmit and receive data with an external device (eg, other devices in the interconnection system, including but not limited to: a repeater, a core network device, etc.).
  • the number of processors 901 in the Internet of Things repeater 900 may be one or more.
  • processor 901, memory 902, and transceiver 903 may be connected by a bus system or other means.
  • bus system or other means.
  • the program code can be stored in the memory 902.
  • the processor 901 is configured to call the program code stored in the memory 902, and is configured to perform the following operations:
  • the transceiver 903 is configured to receive a data packet sent by the Internet of Things terminal;
  • the processor 901 is configured to identify the type of the Internet of Things terminal, query the first encryption unit corresponding to the type in the pre-configured type and the encryption unit mapping table according to the type, and invoke the first encryption unit pair.
  • the data packet is encrypted.
  • the transceiver 903 is further configured to send the encrypted data packet to the wireless access controller.
  • processor 901 and the transceiver 903 can also be used to perform the refinement and the steps of the steps and steps in the embodiment shown in FIG. 3 or FIG. 6.
  • the processor 901 herein may be a processing component or a general term of multiple processing components.
  • the processing component may be a central processing unit (CPU), an application specific integrated circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present application.
  • CPU central processing unit
  • ASIC application specific integrated circuit
  • DSPs digital singal processors
  • FPGAs Field Programmable Gate Arrays
  • the memory 903 may be a storage device or a collective name of a plurality of storage elements, and is used to store executable program code or parameters, data, and the like required for the application running device to operate. And the memory 903 may include random access memory (RAM), and may also include non-volatile memory such as a magnetic disk memory, a flash memory, or the like.
  • RAM random access memory
  • non-volatile memory such as a magnetic disk memory, a flash memory, or the like.
  • the bus 904 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus.
  • ISA Industry Standard Architecture
  • PCI Peripheral Component
  • EISA Extended Industry Standard Architecture
  • the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 9. But it does not mean that there is only one bus or one type of bus.
  • the user equipment may also include input and output means coupled to bus 904 for connection to other portions, such as processor 901, via a bus.
  • the input/output device can provide an input interface for the operator, so that the operator can select the control item through the input interface, and can also be other interfaces through which other devices can be externally connected.
  • the program may be stored in a computer readable storage medium, and the storage medium may include: Flash disk, read-only memory (English: Read-Only Memory, referred to as: ROM), random accessor (English: Random Access Memory, referred to as: RAM), disk or optical disk.
  • ROM Read-Only Memory
  • RAM Random Access Memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

La présente invention concerne un procédé de commande de chiffrement pour des données de liaison montante basé sur le type de répéteur de l'Internet des objets, le procédé comprenant les étapes suivantes: le répéteur de l'Internet des objets reçoit un paquet de données envoyé par un terminal de l'Internet des objets; le répéteur de l'Internet des objets identifie le type du terminal de l'Internet des objets, et interroge, selon le type, une première unité de chiffrement correspondant au type à partir d'une table de mappage préconfigurée entre des types et des unités de chiffrement; le répéteur de l'Internet des objets invoque la première unité de chiffrement pour chiffrer le paquet de données; et le répéteur de l'Internet des objets envoie le paquet de données chiffrées à un point d'accès de l'Internet des objets. La présente invention présente l'avantage d'une bonne expérience d'utilisateur.
PCT/CN2017/100751 2017-07-20 2017-09-06 Procédé et dispositif de contrôle de chiffrement pour des données de liaison montante basés sur le type de répéteur d'internet des objets WO2019015038A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710593623.8A CN107493571B (zh) 2017-07-20 2017-07-20 物联网中继器基于类型的上行数据加密控制方法及装置
CN201710593623.8 2017-07-20

Publications (1)

Publication Number Publication Date
WO2019015038A1 true WO2019015038A1 (fr) 2019-01-24

Family

ID=60644580

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/100751 WO2019015038A1 (fr) 2017-07-20 2017-09-06 Procédé et dispositif de contrôle de chiffrement pour des données de liaison montante basés sur le type de répéteur d'internet des objets

Country Status (2)

Country Link
CN (1) CN107493571B (fr)
WO (1) WO2019015038A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114724297A (zh) * 2020-12-22 2022-07-08 深圳Tcl新技术有限公司 排号方法、装置、终端设备及计算机可读存储介质

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740109A (zh) * 2018-07-18 2020-01-31 慧与发展有限责任合伙企业 网络设备、用于安全的方法和计算机可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202296A (zh) * 2010-03-25 2011-09-28 巴比禄股份有限公司 无线局域网中继装置、无线通信系统、无线局域网中继装置的控制方法
CN104539439A (zh) * 2015-01-12 2015-04-22 中国联合网络通信集团有限公司 数据传输方法及终端
CN105337981A (zh) * 2015-11-18 2016-02-17 上海新储集成电路有限公司 一种中继装置、更新方法及设备间进行数据交互的方法
CN106254327A (zh) * 2016-07-28 2016-12-21 努比亚技术有限公司 信息处理装置及方法

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2518257A (en) * 2013-09-13 2015-03-18 Vodafone Ip Licensing Ltd Methods and systems for operating a secure mobile device
CN105281904B (zh) * 2014-06-06 2019-05-31 佛山市顺德区美的电热电器制造有限公司 报文数据的加密方法、系统、物联网服务器和物联网终端
CN104394143A (zh) * 2014-11-24 2015-03-04 青岛海尔软件有限公司 一种物联网设备与物联网服务器通信方法及装置
CN105722069A (zh) * 2016-03-24 2016-06-29 深圳市创百通讯科技有限公司 一种可对语音信息进行加密的移动终端及其加密方法
CN105897784B (zh) * 2016-07-01 2019-03-26 三星电子(中国)研发中心 物联网终端设备加密通信方法和装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202296A (zh) * 2010-03-25 2011-09-28 巴比禄股份有限公司 无线局域网中继装置、无线通信系统、无线局域网中继装置的控制方法
CN104539439A (zh) * 2015-01-12 2015-04-22 中国联合网络通信集团有限公司 数据传输方法及终端
CN105337981A (zh) * 2015-11-18 2016-02-17 上海新储集成电路有限公司 一种中继装置、更新方法及设备间进行数据交互的方法
CN106254327A (zh) * 2016-07-28 2016-12-21 努比亚技术有限公司 信息处理装置及方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114724297A (zh) * 2020-12-22 2022-07-08 深圳Tcl新技术有限公司 排号方法、装置、终端设备及计算机可读存储介质

Also Published As

Publication number Publication date
CN107493571A (zh) 2017-12-19
CN107493571B (zh) 2020-04-14

Similar Documents

Publication Publication Date Title
US20220060416A1 (en) Routing Rule Management Method and Communications Apparatus
JP6929390B2 (ja) ワイヤレス・ローカル・エリア・ネットワーク構成方法及びデバイス
US11943695B2 (en) Network channel switching method and apparatus, device, and storage medium
WO2018120247A1 (fr) Procédé et dispositif de mise en correspondance de terminal
JP2019506049A (ja) 複数のセキュリティレベルを備える無線通信システム
EP3840518A1 (fr) Procédé, dispositif et système de connexion rrc
CN112566113B (zh) 密钥生成以及终端配网方法、装置、设备
WO2018098633A1 (fr) Procédé de transmission de données, appareil de transmission de données, dispositif électronique et produit programme informatique
WO2018053894A1 (fr) Procédé et dispositif de transfert de point d'accès de l'internet des objets sur la base d'un débit de transmission
WO2015065210A1 (fr) Accès mobile sécurisé à des ressources dans un réseau privé
WO2023001082A1 (fr) Procédé et appareil de configuration de réseau
WO2023185804A1 (fr) Procédé et appareil d'équilibrage de charge multi-flux pour vpn, et système et support de stockage
TWI733408B (zh) 物聯網網路組網認證系統及其方法
WO2018053895A1 (fr) Dispositif et procédé de commande de cryptage de données de liaison montante basés sur un type destinés à un point d'accès à l'internet des objets
WO2019019282A1 (fr) Procédé permettant à un terminal de l'internet des objets de chiffrer de manière séquentielle des données, et appareil
WO2019019280A1 (fr) Procédé pour terminal de l'internet des objets pour chiffrer des données selon des périodes de temps, et appareil
WO2022142933A1 (fr) Procédé et système d'accès à un réseau de point d'accès sans fil, ainsi qu'ap et support d'enregistrement
CN105657040A (zh) 一种设备间内网通信的方法和系统
WO2019015038A1 (fr) Procédé et dispositif de contrôle de chiffrement pour des données de liaison montante basés sur le type de répéteur d'internet des objets
WO2019015041A1 (fr) Procédé et dispositif de chiffrement par répartition dans le temps pour des données d'un répéteur de l'internet des objets
WO2019010793A1 (fr) Procédé et dispositif de chiffrement basé sur une période de temps concernant des données reçues par un point d'accès de l'internet des objets
WO2019010796A1 (fr) Procédé et dispositif de cryptage par sous-dispositif pour recevoir des données d'ap de l'internet des objets
WO2019015039A1 (fr) Procédé et appareil basés sur un répéteur de l'internet des objets pour un chiffrement sélectif
WO2019019279A1 (fr) Procédé et appareil de commande de chiffrement de données de liaison montante basés sur un type pour terminal de l'internet des objets
US20230188510A1 (en) Distributed Trust-Based Communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17918040

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/05/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17918040

Country of ref document: EP

Kind code of ref document: A1