技术领域technical field
本发明涉及通信技术领域,具体而言,涉及一种基于NB-IoT的物联网安全通信控制方法。The present invention relates to the field of communication technology, in particular, to an NB-IoT-based secure communication control method for the Internet of Things.
背景技术Background technique
目前市场上基于NB-IoT通信模组的物联网设备,由于内存、flash资源限制,其通信方式多为明文,或者是经固定密钥对业务数据进行加密。而明文通信的话,容易受到攻击者的数据劫持、数据篡改、控制重放等不法操作。At present, the Internet of Things devices based on NB-IoT communication modules on the market, due to the limitation of memory and flash resources, mostly communicate in plain text, or encrypt business data with a fixed key. However, plaintext communication is vulnerable to illegal operations such as data hijacking, data tampering, and replay control by attackers.
而如果经过固定密钥进行数据加密的话,攻击者在经过搜集大量数据后,仍旧能反推出该固定的密钥,则后续的密文传送实则与明文传送无异。However, if the data is encrypted with a fixed key, the attacker can still deduce the fixed key after collecting a large amount of data, and the subsequent ciphertext transmission is actually the same as the plaintext transmission.
发明内容Contents of the invention
本发明要解决的问题是明文通信容易受到攻击者的数据劫持、数据篡改、控制重放等不法操作,而现有密文通信采用固定密钥进行数据加密,容易被攻击者反推得出固定密钥。The problem to be solved by the present invention is that plaintext communications are vulnerable to illegal operations such as data hijacking, data tampering, and control replay by attackers, while existing ciphertext communications use a fixed key for data encryption, which is easily deduced by attackers to obtain a fixed key. key.
为解决上述问题,本发明提供一种基于NB-IoT的物联网安全通信控制方法。In order to solve the above problems, the present invention provides an NB-IoT-based secure communication control method for the Internet of Things.
一种基于NB-IoT的物联网安全通信控制方法,包括:A NB-IoT-based secure communication control method for the Internet of Things, comprising:
服务器预生成数据;Server pre-generated data;
模组根据所述预生成数据确定工装数据;The module determines tooling data according to the pre-generated data;
模组与服务器利用所述预生成数据及工装数据进行密钥协商。The module and the server use the pre-generated data and tooling data to negotiate keys.
本发明模组与服务器利用所述预生成数据及工装数据进行密钥协商,相较于明文通信有效避免了攻击者的数据劫持、数据篡改、控制重放等不法操作,而相较于现有采用固定密钥进行数据加密的密文通信,增加了攻击者反推得出固定密钥的难度,提高了通信的安全性。The module and the server of the present invention use the pre-generated data and tooling data to carry out key negotiation, which effectively avoids illegal operations such as data hijacking, data tampering, and control replay by attackers compared with plaintext communication. The ciphertext communication using a fixed key for data encryption increases the difficulty for an attacker to deduce the fixed key and improves the security of communication.
进一步的,所述预生成数据包括MAC地址、模组硬件编号、模组公钥、模组私钥、工厂公钥;所述工装数据包括模组公钥、模组私钥、工厂公钥。Further, the pre-generated data includes MAC address, module hardware number, module public key, module private key, and factory public key; the tooling data includes module public key, module private key, and factory public key.
进一步的,所述模组与服务器在首次连接时进行慢协商;所述模组与服务器在首次连接之后的再次连接时进行快协商。Further, the module and the server perform slow negotiation when connecting for the first time; the module and the server perform fast negotiation when connecting again after the first connection.
进一步的,所述模组与服务器首次连接时进行慢协商,包括:Further, when the module is connected to the server for the first time, it performs slow negotiation, including:
所述模组向所述服务器发起密钥协商请求;The module initiates a key negotiation request to the server;
所述服务器对所述密钥协商请求进行处理,并向所述模组发送密钥协商应答;The server processes the key agreement request, and sends a key agreement response to the module;
所述模组对所述密钥协商应答进行处理,并进行密钥协商确认;The module processes the key agreement response and confirms the key agreement;
所述服务器进行密钥协商确认;The server confirms the key agreement;
所述模组与所述服务器进行安全通信。The module securely communicates with the server.
进一步的,所述模组向所述服务器发起密钥协商请求,包括:所述模组产生模组随机数deviceNone,使用共享密钥1对所述模组随机数deviceNone进行ECDH加密,并发送给所述服务器。Further, the module initiates a key negotiation request to the server, including: the module generates a module random number deviceNone, uses the shared key 1 to perform ECDH encryption on the module random number deviceNone, and sends it to the server.
进一步的,所述服务器对所述密钥协商请求进行处理,并向所述模组发送密钥协商应答,包括:所述服务器利用共享密钥1解密所述模组随机数deviceNone,利用工厂私钥对所述模组随机数deviceNone进行签名得到模组签名deviceSign;所述服务器产生服务器随机数cloudNone,使用共享密钥1对模组签名deviceSign、服务器随机数cloudNone、服务器公钥进行ECDH加密组成协商应答包发送给模组。Further, the server processes the key negotiation request, and sends a key negotiation response to the module, including: the server uses the shared key 1 to decrypt the random number deviceNone of the module, and uses the factory private key The key signs the module random number deviceNone to obtain the module signature deviceSign; the server generates the server random number cloudNone, and uses the shared key 1 to perform ECDH encryption composition negotiation on the module signature deviceSign, server random number cloudNone, and server public key The response packet is sent to the module.
进一步的,所述模组对所述密钥协商应答进行处理,并进行密钥协商确认,包括:所述模组使用共享密钥1对所述协商应答包进行ECDH解密得到模组签名deviceSign、服务器随机数cloudNone、服务器公钥,组装模组私钥与服务器公钥为共享密钥2,使用工厂公钥验证模组签名deviceSign的合法性,使用模组私钥签名服务器随机数cloudNone得到服务器签名cloudSign,使用共享密钥1对服务器签名cloudSign进行ECDH加密,并发送给服务器。Further, the module processes the key negotiation response, and confirms the key negotiation, including: the module uses the shared key 1 to perform ECDH decryption on the negotiation response packet to obtain a module signature deviceSign, Server random number cloudNone, server public key, assembly module private key and server public key are shared key 2, use the factory public key to verify the legitimacy of the module signature deviceSign, use the module private key to sign the server random number cloudNone to get the server signature cloudSign, use the shared key 1 to encrypt the server signature cloudSign with ECDH and send it to the server.
进一步的,所述服务器进行密钥协商确认,包括:服务器使用共享密钥1对ECDH加密的服务器签名cloudSign进行ECDH解密,使用模组公钥验证服务器签名cloudSign的合法性,组装服务器私钥与模组公钥得到共享密钥2,产生会话密钥sessionKey,使用共享密钥2对会话密钥sessionKey进行ECDH加密。Further, the server confirms the key negotiation, including: the server uses the shared key 1 to perform ECDH decryption on the ECDH-encrypted server signature cloudSign, uses the module public key to verify the legitimacy of the server signature cloudSign, and assembles the server private key and the module The group public key obtains the shared key 2, generates the session key sessionKey, and uses the shared key 2 to perform ECDH encryption on the session key sessionKey.
本发明在初次连接服务器进行慢协商,通过双向认证保证了服务器与模组端的合法性。The present invention performs slow negotiation when connecting to the server for the first time, and ensures the legitimacy of the server and the module side through two-way authentication.
进一步的,所述模组与服务器在首次连接之后的再次连接时进行快协商,包括:Further, the module and the server perform fast negotiation when connecting again after the first connection, including:
所述模组向所述服务器发送密钥协商请求;The module sends a key negotiation request to the server;
所述服务器进行密钥协商应答和密钥协商确认;The server performs key agreement response and key agreement confirmation;
所述模组与所述服务器进行安全通信。The module securely communicates with the server.
进一步的,所述模组向所述服务器发送密钥协商请求,包括:所述模组使用共享密钥1、共享密钥2先后对所述模组产生的模组随机数deviceNone进行ECDH加密,并送给所述服务器;Further, the module sends a key negotiation request to the server, including: the module uses shared key 1 and shared key 2 to successively perform ECDH encryption on the module random number deviceNone generated by the module, and sent to the server;
所述服务器进行密钥协商应答和密钥协商确认,包括:所述服务器使用共享密钥2、共享密钥1先后对所述ECDH加密的模组随机数deviceNone进行解密和验证,并使用共享密钥2加密所述服务器产生的会话密钥sessionKey发送给所述模组。The server performs the key agreement response and key agreement confirmation, including: the server uses the shared key 2 and the shared key 1 to decrypt and verify the ECDH encrypted module random number deviceNone successively, and uses the shared key Key 2 encrypts the session key sessionKey generated by the server and sends it to the module.
本发明在再次连接服务器使用快协商,缩短了协商时间,提高了用户体验。The present invention uses fast negotiation when reconnecting to the server, which shortens the negotiation time and improves user experience.
进一步的,所述共享密钥1为模组私钥与工厂公钥的拼接,或者所述共享密钥1为模组公钥与工厂私钥的拼接;所述共享密钥2为模组私钥与服务器公钥的拼接,或者所述共享密钥2为模组公钥与服务器私钥的拼接;所述工厂私钥是利用MAC地址从服务器获取,所述服务器公钥和服务器私钥为服务器生成。Further, the shared key 1 is the splicing of the module private key and the factory public key, or the shared key 1 is the splicing of the module public key and the factory private key; the shared key 2 is the module private key key and the server public key, or the shared key 2 is the splicing of the module public key and the server private key; the factory private key is obtained from the server using the MAC address, and the server public key and the server private key are Server generated.
进一步的,所述模组与所述服务器进行安全通信,包括:对所述模组与所述服务器通信的业务数据进行安全封装。Further, the secure communication between the module and the server includes: securely encapsulating the business data communicated between the module and the server.
进一步的,对所述模组与所述服务器通信的业务数据进行安全封装,包括:Further, securely encapsulate the business data communicated between the module and the server, including:
所述模组使用会话密钥sessionKey对明文进行加密得到密文,将密文和哈希值发送给服务器;The module uses the session key sessionKey to encrypt the plaintext to obtain the ciphertext, and sends the ciphertext and the hash value to the server;
所述服务器使用会话密钥sessionKey对接收到的所述密文进行解密,得到报文计数与业务数据,并计算哈希值,确认计算得到哈希值与接收到的哈希值是否一致。The server uses the session key sessionKey to decrypt the received ciphertext, obtains message count and service data, calculates a hash value, and confirms whether the calculated hash value is consistent with the received hash value.
本发明通过对所述模组与所述服务器通信的业务数据进行安全封装,有效防止了数据被暴力破解、数据篡改及重放攻击。The present invention effectively prevents data from being cracked by violence, data tampering and replay attacks by securely encapsulating the business data communicated between the module and the server.
附图说明Description of drawings
图1为依据本发明基于NB-IoT的物联网安全通信控制方法流程图;Fig. 1 is a flow chart of an NB-IoT-based secure communication control method for the Internet of Things according to the present invention;
图2为依据本发明慢协商流程图;Fig. 2 is a flow chart of slow negotiation according to the present invention;
图3为依据本发明快协商流程图。Fig. 3 is a flowchart of fast negotiation according to the present invention.
具体实施方式Detailed ways
为使本发明的上述目的、特征和优点能够更为明显易懂,下面结合附图对本发明的具体实施例做详细的说明。In order to make the above objects, features and advantages of the present invention more comprehensible, specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.
请参照图1-3所示,本发明基于NB-IoT(窄带物联网)的物联网安全通信控制方法具体包括:Please refer to Figures 1-3, the present invention based on NB-IoT (Narrowband Internet of Things) secure communication control method for the Internet of Things specifically includes:
S1、服务器(云端)预生成数据;具体的,由所述服务器的DNS生命周期系统预生成数据,所述预生成数据包括MAC地址、模组硬件编号、模组公钥、模组私钥、工厂公钥。S1. The server (cloud) pre-generates data; specifically, the DNS life cycle system of the server pre-generates data, and the pre-generated data includes MAC address, module hardware number, module public key, module private key, Factory public key.
S2、模组(设备)根据所述预生成数据确定工装数据;作为模组与服务器密钥协商的前提,需要模组出厂前通过产线工装进一系列数据,用于后续连云后进行密钥协商。所述工装数据包括模组公钥、模组私钥、工厂公钥。S2. The module (equipment) determines the tooling data according to the pre-generated data; as a prerequisite for the key negotiation between the module and the server, it is necessary to enter a series of data through the tooling of the production line before the module leaves the factory for subsequent encryption after connecting to the cloud. key negotiation. The tooling data includes a module public key, a module private key, and a factory public key.
S3、模组与服务器利用所述预生成数据及工装数据进行密钥协商。S3. The module and the server perform key negotiation using the pre-generated data and tooling data.
本发明模组与服务器利用所述预生成数据及工装数据进行密钥协商,相较于明文通信有效避免了攻击者的数据劫持、数据篡改、控制重放等不法操作,而相较于现有采用固定密钥进行数据加密的密文通信,增加了攻击者反推得出固定密钥的难度,提高了通信的安全性。The module and the server of the present invention use the pre-generated data and tooling data to carry out key negotiation, which effectively avoids illegal operations such as data hijacking, data tampering, and control replay by attackers compared with plaintext communication. The ciphertext communication using a fixed key for data encryption increases the difficulty for an attacker to deduce the fixed key and improves the security of communication.
在模组首次连接服务器时,需要双向认证,即模组需认证服务器的合法性,服务器也需要认证模组的合法性,因此第一次密钥协商逻辑流程较多,这里称之为慢协商。When the module connects to the server for the first time, two-way authentication is required, that is, the module needs to authenticate the legitimacy of the server, and the server also needs to authenticate the legitimacy of the module. Therefore, there are many logical processes for the first key negotiation, which is called slow negotiation here. .
在慢协商通过后,模组再次连接服务器时,则可以省略认证流程,这样可以大幅度缩短协商时间,这里称之为快协商。After the slow negotiation is passed, when the module connects to the server again, the authentication process can be omitted, which can greatly shorten the negotiation time, which is called fast negotiation here.
S3.1慢协商流程如下,请参照图2所示:The S3.1 slow negotiation process is as follows, please refer to Figure 2:
a)所述模组端发起密钥协商请求:a) The module side initiates a key negotiation request:
所述模组产生模组随机数deviceNone,使用共享密钥1对模组随机数deviceNone进行ECDH加密后,将其发送给所述服务器。The module generates the module random number deviceNone, uses the shared key 1 to encrypt the module random number deviceNone with ECDH, and sends it to the server.
b)所述服务器对协商请求包进行处理:b) The server processes the negotiation request packet:
根据模组的MAC地址从DNS生命周期系统(也称license服务器)中获取模组公钥与工厂私钥,组成共享密钥1后,解密所述模组随机数deviceNone。Obtain the module public key and factory private key from the DNS lifecycle system (also called the license server) according to the MAC address of the module, and after composing the shared key 1, decrypt the random number deviceNone of the module.
c)所述服务器进行密钥协商应答:c) The server responds with key agreement:
c1所述服务器使用工厂私钥对模组随机数deviceNone进行签名得到模组签名deviceSign;The server described in c1 uses the factory private key to sign the module random number deviceNone to obtain the module signature deviceSign;
c2所述服务器产生服务器随机数cloudNone,然后使用共享密钥1对模组签名deviceSign、服务器随机数cloudNone、服务器公钥(可由服务器生成服务器公私钥对)进行ECDH加密组成协商应答包;The server in c2 generates the server random number cloudNone, and then uses the shared key 1 to perform ECDH encryption on the module signature deviceSign, the server random number cloudNone, and the server public key (the server public-private key pair can be generated by the server) to form a negotiation response packet;
c3所述服务器发送所述协商应答包给模组。c3 The server sends the negotiation response packet to the module.
d)所述模组对所述协商应答包进行处理:d) The module processes the negotiation response packet:
d1所述模组使用共享密钥1对所述协商应答包进行ECDH解密,得到deviceSign、服务器公钥、服务器随机数cloudNone;The module in d1 uses the shared key 1 to perform ECDH decryption on the negotiation response packet to obtain deviceSign, server public key, and server random number cloudNone;
d2组装模组私钥与服务器公钥为共享密钥2;d2 Assembly module private key and server public key are shared key 2;
d3使用工厂公钥验证模组签名deviceSign合法性;d3 uses the factory public key to verify the legality of the module signature deviceSign;
d4使用模组私钥签名服务器随机数cloudNone得到服务器签名cloudSign。d4 uses the module private key to sign the server random number cloudNone to obtain the server signature cloudSign.
e)所述模组进行密钥协商确认:e) The module confirms the key agreement:
e1所述使用共享密钥1对服务器签名cloudSign进行ECDH加密;Use the shared key 1 to perform ECDH encryption on the server signature cloudSign as described in e1;
e2发送密文(所述ECDH加密的服务器签名cloudSign)给服务器。e2 sends the ciphertext (the ECDH encrypted server signature cloudSign) to the server.
f)所述服务器进行密钥协商确认:f) The server confirms the key agreement:
f1所述服务器使用共享密钥1对接收的密文(所述ECDH加密的服务器签名cloudSign)进行ECDH解密;The server described in f1 uses the shared key 1 to perform ECDH decryption on the received ciphertext (the server signature cloudSign encrypted by ECDH);
f2使用模组公钥验签服务器签名cloudSign的合法性;f2 uses the module public key to verify the legitimacy of cloudSign signed by the server;
f3组装服务器私钥与模组公钥得到共享密钥2;f3 assembles the server private key and the module public key to obtain the shared key 2;
f4服务器产生随机数sessionKey作为会话密钥,使用共享密钥2对所述会话密钥ECDH加密;The f4 server generates a random number sessionKey as a session key, and uses the shared key 2 to encrypt the session key with ECDH;
f5将ECDH加密的会话密钥发送给所述模组。f5 sends the session key encrypted by ECDH to the module.
g)安全通信:g) secure communication:
对所述模组与所述服务器通信的业务数据进行安全封装,保证数据安全。Securely encapsulate the business data communicated between the module and the server to ensure data security.
本发明在初次连接服务器进行慢协商,通过双向认证保证了服务器与模组端的合法性。The present invention performs slow negotiation when connecting to the server for the first time, and ensures the legitimacy of the server and the module side through two-way authentication.
S3.2快协商流程如下,请参照图3所示:The S3.2 fast negotiation process is as follows, please refer to Figure 3:
a)密钥协商请求:a) Key agreement request:
a1所述模组使用共享密钥1、共享密钥2先后对产生的所述模组随机数deviceNone进行ECDH加密,得到密文;a1 The module uses the shared key 1 and the shared key 2 to perform ECDH encryption on the generated random number deviceNone of the module successively to obtain the ciphertext;
a2所述模组将密文(ECDH加密的模组随机数deviceNone)发送给所述服务器。a2 The module sends the ciphertext (ECDH encrypted module random number deviceNone) to the server.
b)密钥协商应答:b) Key agreement response:
所述服务器使用共享密钥2、共享密钥1先后对接收包(接收到的ECDH加密的模组随机数deviceNone)进行解密并验证。The server uses the shared key 2 and the shared key 1 to decrypt and verify the received packet (the received ECDH encrypted module random number deviceNone) successively.
c)密钥协商确认:c) Key agreement confirmation:
所示服务器使用共享密钥2加密sessionKey发送所述模组。The server shown encrypts the sessionKey using the shared key 2 to send the module.
d)安全通信:d) secure communication:
对所述模组与所述服务器通信的业务数据进行安全封装,保证数据安全。Securely encapsulate the business data communicated between the module and the server to ensure data security.
其中,共享密钥1=模组私钥与工厂公钥的拼接=模组公钥与工厂私钥的拼接;共享密钥2=模组私钥与服务器公钥的拼接=模组公钥与服务器私钥的拼接;模组公私钥对、工厂公私钥对均由DNS生命周期系统服务器产生。Among them, shared key 1 = splicing of module private key and factory public key = splicing of module public key and factory private key; shared key 2 = splicing of module private key and server public key = module public key and The server private key splicing; module public-private key pair, factory public-private key pair are all generated by the DNS lifecycle system server.
本发明在再次连接服务器使用快协商,缩短了协商时间,提高了用户体验。The present invention uses fast negotiation when reconnecting to the server, which shortens the negotiation time and improves user experience.
下面详细介绍在慢协商和快协商过程中所涉及的业务数据安全封装的具体流程。The following describes in detail the specific process of secure encapsulation of service data involved in the slow negotiation and fast negotiation processes.
为防止数据被暴力破解、数据篡改、重放攻击,需要应对攻击手段进行全面安全封装。所述安全封装流程如下:In order to prevent data from being cracked by violence, data tampering, and replay attacks, it is necessary to fully securely encapsulate the attack methods. The security encapsulation process is as follows:
a)先对业务数据明文进行哈希值计算,基于SM3哈希算法的不可逆性,用于验证数据是否篡改(只要数据被修改,则通过SM3算法计算的哈希值与原哈希值必然不同)。a) First calculate the hash value of the plain text of the business data, based on the irreversibility of the SM3 hash algorithm, to verify whether the data has been tampered with (as long as the data is modified, the hash value calculated by the SM3 algorithm must be different from the original hash value ).
b)传输协议添加报文计数,用于防止数据重放,且保证报文计数不被修改,需和业务数据一起加密。b) The transmission protocol adds packet counts to prevent data replay, and to ensure that the packet counts are not modified, and need to be encrypted together with business data.
c)使用密钥协商出的会话密钥sessionKey对报文计数与业务数据一起进行对称加密,进行密文传递。具体流程如下:c) Symmetrically encrypt the message count and business data together with the session key obtained through key negotiation, and transmit the ciphertext. The specific process is as follows:
c1所述模组端使用sessionKey对明文(即:报文计数与业务数据)进行加密,得到密文,发送给服务器;The module side described in c1 uses the sessionKey to encrypt the plaintext (ie: message count and business data), obtain the ciphertext, and send it to the server;
c2所述服务器使用sessionKey对接收到的密文进行解密,得到报文计数与业务数据。The server described in c2 uses the sessionKey to decrypt the received ciphertext to obtain message count and service data.
下面详细介绍在慢协商和快协商过程中所涉及的合法性检查的具体流程。合法性检查的流程如下:The specific flow of the legality check involved in the slow negotiation and fast negotiation is introduced in detail below. The legality check process is as follows:
a)接收方使用sessionKey解密后,SM3校验失败,断连,重新协商。a) After the recipient uses the sessionKey to decrypt, the SM3 verification fails, the connection is disconnected, and renegotiation is required.
b)接收报文计数值小于等于上次计数值,判定重放,断连,重新协商。b) The count value of the received message is less than or equal to the last count value, judge to replay, disconnect, and renegotiate.
本发明在应用层上通过安全封装进行数据传递,对常见物联网攻击进行防护,提高了通信安全性。The invention transmits data through secure encapsulation on the application layer, protects common Internet of Things attacks, and improves communication security.
本发明中模组也称设备,服务器也称云端,相应的,模组公钥也称设备公钥,模组私钥也称设备私钥,模组签名也称设备签名,模组随机数也称设备随机数,服务器公钥也称云端公钥,服务器私钥也称云端私钥,服务器签名也称云端签名,服务器随机数也称云端随机数。In the present invention, the module is also called the device, and the server is also called the cloud. Correspondingly, the module public key is also called the device public key, the module private key is also called the device private key, the module signature is also called the device signature, and the module random number is also called It is called the device random number, the server public key is also called the cloud public key, the server private key is also called the cloud private key, the server signature is also called the cloud signature, and the server random number is also called the cloud random number.
综上,本发明基于NB-IoT的物联网安全通信控制方法,NB模组与服务器通过数据工装、密钥协商、安全封装来实现通信数据的安全传输,避免明文传送,防止密钥推测,防止数据篡改,防止重放攻击。并且加解密轻便,占用空间小,适于资源受限的物联网设备使用。In summary, the present invention is based on the NB-IoT secure communication control method for the Internet of Things. The NB module and the server realize the secure transmission of communication data through data tooling, key negotiation, and secure encapsulation, avoiding plaintext transmission, preventing key guessing, and preventing Data tampering, preventing replay attacks. In addition, the encryption and decryption are portable, occupying a small space, and are suitable for resource-constrained Internet of Things devices.
虽然本发明披露如上,但本发明并非限定于此。任何本领域技术人员,在不脱离本发明的精神和范围内,均可作各种更动与修改,因此本发明的保护范围应当以权利要求所限定的范围为准。Although the present invention is disclosed above, the present invention is not limited thereto. Any person skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, so the protection scope of the present invention should be based on the scope defined in the claims.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910582656.1ACN110266485B (en) | 2019-06-28 | 2019-06-28 | A secure communication control method for the Internet of Things based on NB-IoT |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910582656.1ACN110266485B (en) | 2019-06-28 | 2019-06-28 | A secure communication control method for the Internet of Things based on NB-IoT |
| Publication Number | Publication Date |
|---|---|
| CN110266485Atrue CN110266485A (en) | 2019-09-20 |
| CN110266485B CN110266485B (en) | 2022-06-24 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910582656.1AActiveCN110266485B (en) | 2019-06-28 | 2019-06-28 | A secure communication control method for the Internet of Things based on NB-IoT |
| Country | Link |
|---|---|
| CN (1) | CN110266485B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865956A (en)* | 2020-07-13 | 2020-10-30 | 杭州萤石软件有限公司 | System, method, device and storage medium for preventing service hijacking |
| CN111935166A (en)* | 2020-08-18 | 2020-11-13 | 杭州萤石软件有限公司 | Communication authentication method, system, electronic device, server, and storage medium |
| US11949781B2 (en) | 2020-08-31 | 2024-04-02 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data transmission method, device, apparatus and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005359A (en)* | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
| CN102264068A (en)* | 2010-05-28 | 2011-11-30 | 中国移动通信集团公司 | Shared key negotiation method and system, network platform and terminal |
| CN104219217A (en)* | 2013-06-05 | 2014-12-17 | 中国移动通信集团公司 | SA (security association) negotiation method, device and system |
| US20170006003A1 (en)* | 2015-07-03 | 2017-01-05 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (iot) system |
| US20170006643A1 (en)* | 2015-07-03 | 2017-01-05 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (iot) system |
| CN106603485A (en)* | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
| WO2018076365A1 (en)* | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN108282336A (en)* | 2017-01-06 | 2018-07-13 | 北京京东尚科信息技术有限公司 | Device subscription verification method and device |
| CN108809643A (en)* | 2018-07-11 | 2018-11-13 | 飞天诚信科技股份有限公司 | A kind of method, system and the equipment of equipment and high in the clouds arranging key |
| CN109040149A (en)* | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN109040132A (en)* | 2018-09-26 | 2018-12-18 | 南京南瑞继保电气有限公司 | One kind being based on the randomly selected encryption communication method of shared key |
| CN109120649A (en)* | 2018-11-02 | 2019-01-01 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN109347809A (en)* | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
| CN109768948A (en)* | 2017-11-10 | 2019-05-17 | 中国电信股份有限公司 | Information push method, system and messaging device |
| CN109768982A (en)* | 2019-01-23 | 2019-05-17 | 深圳市元征科技股份有限公司 | A kind of encrypted transmission method and device based on Internet of Things |
| CN109787758A (en)* | 2019-01-18 | 2019-05-21 | 如般量子科技有限公司 | Anti- quantum calculation MQV cryptographic key negotiation method and system based on private key pond and Elgamal |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005359A (en)* | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
| CN102264068A (en)* | 2010-05-28 | 2011-11-30 | 中国移动通信集团公司 | Shared key negotiation method and system, network platform and terminal |
| CN104219217A (en)* | 2013-06-05 | 2014-12-17 | 中国移动通信集团公司 | SA (security association) negotiation method, device and system |
| US20170006003A1 (en)* | 2015-07-03 | 2017-01-05 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (iot) system |
| US20170006643A1 (en)* | 2015-07-03 | 2017-01-05 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (iot) system |
| CN106603485A (en)* | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
| WO2018076365A1 (en)* | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN108282336A (en)* | 2017-01-06 | 2018-07-13 | 北京京东尚科信息技术有限公司 | Device subscription verification method and device |
| CN109768948A (en)* | 2017-11-10 | 2019-05-17 | 中国电信股份有限公司 | Information push method, system and messaging device |
| CN108809643A (en)* | 2018-07-11 | 2018-11-13 | 飞天诚信科技股份有限公司 | A kind of method, system and the equipment of equipment and high in the clouds arranging key |
| CN109347809A (en)* | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
| CN109040132A (en)* | 2018-09-26 | 2018-12-18 | 南京南瑞继保电气有限公司 | One kind being based on the randomly selected encryption communication method of shared key |
| CN109120649A (en)* | 2018-11-02 | 2019-01-01 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN109040149A (en)* | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN109787758A (en)* | 2019-01-18 | 2019-05-21 | 如般量子科技有限公司 | Anti- quantum calculation MQV cryptographic key negotiation method and system based on private key pond and Elgamal |
| CN109768982A (en)* | 2019-01-23 | 2019-05-17 | 深圳市元征科技股份有限公司 | A kind of encrypted transmission method and device based on Internet of Things |
| Title |
|---|
| M HUSSAIN等: ""Analysis of session key negotiation & distribution protocols in Wireless Sensor Networks"", 《IEEE》* |
| 罗铭等: ""一种面向SIP通信的域间认证与密钥协商机制"", 《东北大学学报(自然科学版)》* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865956A (en)* | 2020-07-13 | 2020-10-30 | 杭州萤石软件有限公司 | System, method, device and storage medium for preventing service hijacking |
| CN111935166A (en)* | 2020-08-18 | 2020-11-13 | 杭州萤石软件有限公司 | Communication authentication method, system, electronic device, server, and storage medium |
| US11949781B2 (en) | 2020-08-31 | 2024-04-02 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data transmission method, device, apparatus and storage medium |
| Publication number | Publication date |
|---|---|
| CN110266485B (en) | 2022-06-24 |
| Publication | Publication Date | Title |
|---|---|---|
| CN109347809B (en) | Application virtualization secure communication method oriented to autonomous controllable environment | |
| CN105162772B (en) | A method and device for authentication and key agreement of Internet of Things equipment | |
| CN103532713B (en) | Sensor authentication and shared key production method and system and sensor | |
| CN105049401B (en) | A kind of safety communicating method based on intelligent vehicle | |
| CN105141636B (en) | Suitable for the HTTP safety communicating methods and system of CDN value-added service platforms | |
| CN107105060A (en) | A kind of method for realizing electric automobile information security | |
| CN104506534A (en) | Safety communication secret key negotiation interaction scheme | |
| WO2018076365A1 (en) | Key negotiation method and device | |
| CN103095696A (en) | Identity authentication and key agreement method suitable for electricity consumption information collection system | |
| US10158636B2 (en) | Method for setting up a secure end-to-end communication between a user terminal and a connected object | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN114422205B (en) | Method for establishing network layer data tunnel of special CPU chip for electric power | |
| KR101481403B1 (en) | Data certification and acquisition method for vehicle | |
| CN111970699B (en) | Terminal WIFI login authentication method and system based on IPK | |
| CN104219217A (en) | SA (security association) negotiation method, device and system | |
| KR20140023799A (en) | Method for guarantying the confidentiality and integrity of a data in controller area networks | |
| KR101704540B1 (en) | A method of managing group keys for sharing data between multiple devices in M2M environment | |
| CN103905384A (en) | Embedded inter-terminal session handshake realization method based on security digital certificate | |
| CN102724041A (en) | Steganography-based key transmission and key updating method | |
| CN105282179A (en) | Family Internet of things security control method based on CPK | |
| US11088835B1 (en) | Cryptographic module to generate cryptographic keys from cryptographic key parts | |
| TW201537937A (en) | Unified identity authentication platform and authentication method thereof | |
| CN101296083A (en) | An encrypted data transmission method and system | |
| CN110266485B (en) | A secure communication control method for the Internet of Things based on NB-IoT | |
| CN114650173A (en) | An encrypted communication method and system |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address | Address after:315191 No. 1166 Mingguang North Road, Jiangshan Town, Ningbo, Zhejiang, Yinzhou District Patentee after:NINGBO AUX ELECTRIC Co.,Ltd. Country or region after:China Patentee after:AUX AIR CONDITIONING LIMITED BY SHARE Ltd. Address before:No. 1166 Mingguang North Road, Jiangshan Town, Ningbo, Zhejiang, Yinzhou District Patentee before:NINGBO AUX ELECTRIC Co.,Ltd. Country or region before:China Patentee before:AUX AIR CONDITIONING LIMITED BY SHARE Ltd. |