CN111464489A - A method and system for privacy protection of IoT devices - Google Patents

Abstract

Translated fromChinese

本发明提出一种物联网设备的隐私保护方法和系统，所述方法包括在物联网终端设备根据用户的语音激活信号，启动捕获用户的语音信息，并在其中添加用户标记信息，该用户标记信息用于标识用户是否允许将其语音信息在网络中保存；并发送给后端系统设备；所述后端系统设备接收所述用户标记信息的用户的语音，并根据用户标记信息判断用户是否允许隐私信息的保存，如果所述用户标记信息显示用户不允许其语音信息被保存时，则后端系统设备可丢弃上述语音信息，采用本发明的方案，可有效保护用户隐私，防止用户的语音信息被非法获取。

The present invention provides a privacy protection method and system for Internet of Things devices. The method includes, in the Internet of Things terminal device, according to a user's voice activation signal, starting to capture the user's voice information, and adding user marking information therein. The user marking information It is used to identify whether the user is allowed to save his voice information in the network; and send it to the back-end system device; the back-end system device receives the user's voice of the user's marking information, and judges whether the user allows privacy according to the user's marking information Information preservation, if the user marking information shows that the user does not allow his voice information to be saved, the back-end system equipment can discard the above-mentioned voice information, and the scheme of the present invention can effectively protect the user's privacy and prevent the user's voice information from being stored. Illegal acquisition.

Description

Translated fromChinese

一种用于物联网设备的隐私保护的方法和系统A method and system for privacy protection of IoT devices

技术领域technical field

本发明属物联网通信技术领域，涉及一种基于物联网设备的隐私保护方法和系统。The invention belongs to the technical field of Internet of Things communication, and relates to a privacy protection method and system based on Internet of Things devices.

背景技术Background technique

如今，能与人进行互动的智能音箱和智能家电一起走进我们的生活。但是，与智能音箱对话，甚至被智能音箱听到的对话，都有泄露出去的可能。美国媒体2019年4月11日爆料，科技巨头亚马逊就雇佣了上千名员工收听和分析被智能音箱录下来的对话。亚马逊的这款“回声”智能音箱搭载有语音助手“亚力克萨”，能根据用户指令完成对话、播放音乐等操作。亚马逊公司在全世界雇用上千名员工，收听其智能音箱产品录下的语音。他们每天工作9个小时，每人分析多达1000段音频。亚马逊表示这样做的目的是提升语音助手的语言理解能力，改善用户体验。尽管亚马逊表示员工不会获取用户的姓名等信息，但这种做法还是引起人们对隐私安全的关注。他们担心，一旦这些信息被泄露给第三方，后果将不堪设想。Today, smart speakers and smart home appliances that can interact with people have entered our lives together. However, conversations with smart speakers, or even conversations heard by smart speakers, have the potential to leak out. American media broke the news on April 11, 2019 that the technology giant Amazon hired thousands of employees to listen to and analyze the conversations recorded by smart speakers. Amazon's "Echo" smart speaker is equipped with a voice assistant "Alexa", which can complete conversations, play music and other operations according to user instructions. Amazon.com employs thousands of people around the world to listen to the voices recorded by its smart speakers. They work nine hours a day, each analyzing up to 1,000 pieces of audio. Amazon said the purpose of this is to improve the language understanding of the voice assistant and improve the user experience. Although Amazon said employees would not obtain information such as users' names, the practice has raised privacy concerns. They worry that if this information is leaked to third parties, the consequences will be dire.

类似的，国内众多硬件厂商也都推出了其各自品牌的智能音箱，或类似的智能语音设备，他们都试图通过采集和分析用户语音，提升其各自产品的智能化程度。如何在技术上保证用户隐私的保护，让用户在其知晓和允许的情况下获取用户音频，或是如何确保用户隐私在未经允许的条件下被非法收集和利用是我们亟待解决的问题。Similarly, many domestic hardware manufacturers have also launched their own brands of smart speakers or similar smart voice devices. They all try to improve the intelligence of their products by collecting and analyzing user voices. How to technically ensure the protection of user privacy, allow users to obtain user audio with their knowledge and permission, or how to ensure that user privacy is illegally collected and used without permission are issues that we need to solve urgently.

发明内容SUMMARY OF THE INVENTION

为解决上述技术问题，本发明提出了一种物联网设备的隐私保护方法，所述方法包括在物联网终端设备根据用户的语音激活信号，启动捕获用户的语音信息，并在其中添加用户标记信息，该用户标记信息用于标识用户是否允许将其语音信息在网络中保存；并发送给后端系统设备；所述后端系统设备接收所述用户标记信息的用户的语音，并根据用户标记信息判断用户是否允许隐私信息的保存，如果所述用户标记信息显示用户不允许其语音信息被保存时，则后端系统设备可丢弃上述语音信息。In order to solve the above-mentioned technical problems, the present invention proposes a privacy protection method for an Internet of Things device. The method includes, in the Internet of Things terminal device, according to a user's voice activation signal, starting to capture the user's voice information, and adding user marking information therein. , the user tag information is used to identify whether the user is allowed to save his voice information in the network; and send it to the back-end system equipment; the back-end system equipment receives the user's voice of the user tag information, and according to the user tag information It is judged whether the user allows the storage of private information, and if the user marking information shows that the user does not allow his voice information to be stored, the back-end system device may discard the voice information.

特别的，该用户标记信息中还包括用户的身份信息标识符。In particular, the user marking information also includes the user's identity information identifier.

特别的，该用户标记信息中以有声信号或无声信号的形式添加到用户的语音中。Particularly, the user marking information is added to the user's voice in the form of a voiced signal or a voiceless signal.

特别的，所述物联网终端设备将包含所述用户标记信息的用户的语音加密后发送到后端系统设备。In particular, the Internet of Things terminal device encrypts the user's voice containing the user tag information and sends it to the back-end system device.

特别的，将包含所述用户标记信息的用户的语音使用散列算法生成用户的语音的摘要，使用物联网设备的私钥对摘要进行加密生成物联网设备的签名；所述物联网设备生成会话密钥，使用所述会话密钥对包含所述用户标记信息的用户的语音加密；将使用后端系统设备的公钥对会话密钥加密生成加密的会话密钥，将所述的加密的会话密钥与所述加密的用户语音及用户签名三者合并后发送到后端系统设备。In particular, a hash algorithm is used to generate a digest of the user's voice from the user's voice containing the user's marking information, and the digest is encrypted with the private key of the IoT device to generate a signature of the IoT device; the IoT device generates a session key, use the session key to encrypt the user's voice containing the user tag information; use the public key of the back-end system device to encrypt the session key to generate an encrypted session key, and use the encrypted session key to encrypt the encrypted session key. The key is combined with the encrypted user voice and the user signature and sent to the back-end system device.

特别的，所述物联网终端设备在初次使用时，会生成非对称密钥对，其中的私钥由物联网设备中保存，公钥则发送到后端系统设备保存；后端系统设备将其公钥发送给所述物联网终端设备。In particular, when the IoT terminal device is used for the first time, an asymmetric key pair will be generated, in which the private key is stored in the IoT device, and the public key is sent to the back-end system device for storage; The public key is sent to the IoT terminal device.

特别的，后端系统设备在接收到合并的用户语音后，分割为加密的会话密钥，加密的用户语音，用户签名三个部分；后端系统设备使用其私钥对加密的会话密钥解密，得到会话密钥；使用会话密钥对加密的用户语音进行解密得到包含所述用户标记信息的用户的语音；后端系统设备使用物联网设备的公钥对所述物联网设备的签名解密，得到包含所述用户标记信息的用户语音的摘要；对上述包含所述用户标记信息的用户的语音进行散列计算后与用户语音的摘要进行比较，以确定用户的语音是否被篡改。In particular, after receiving the combined user voice, the back-end system device divides it into three parts: encrypted session key, encrypted user voice, and user signature; the back-end system device uses its private key to decrypt the encrypted session key , obtain the session key; use the session key to decrypt the encrypted user voice to obtain the user's voice containing the user tag information; the back-end system equipment uses the public key of the Internet of Things device to decrypt the signature of the Internet of Things device, Obtaining a summary of the user's voice including the user's marking information; hashing the above-mentioned user's voice containing the user's marking information and comparing with the summary of the user's voice to determine whether the user's voice has been tampered with.

特别的，用户的标记信息中的格式和含义可以基于用户与后端系统设备协商确定，所述用户的标记信息的格式和含义可定期改变，通过不同的版本号对用户标记信息进行识别。In particular, the format and meaning of the user's mark information can be determined based on negotiation between the user and the back-end system equipment, the format and meaning of the user's mark information can be changed periodically, and the user's mark information is identified by different version numbers.

本发明还提出了一种物联网设备的隐私保护系统，该系统包括物联网终端设备及后端系统设备；所述物联网终端设备根据用户的语音激活信号，启动捕获用户的语音信息，并在其中添加用户标记信息，该用户标记信息用于标识用户是否允许将其语音信息在网络中保存；并发送给后端系统设备；所述后端系统设备接收所述用户标记信息的用户的语音，并根据用户标记信息判断用户是否允许隐私信息的保存，如果所述用户标记信息显示用户不允许其语音信息被保存时，则后端系统设备可丢弃上述语音信息。The present invention also proposes a privacy protection system for Internet of Things equipment, the system includes Internet of Things terminal equipment and back-end system equipment; the Internet of Things terminal equipment starts to capture the user's voice information according to the user's voice activation signal, and is in the The user tag information is added, and the user tag information is used to identify whether the user is allowed to save his voice information in the network; and sent to the back-end system equipment; the back-end system equipment receives the user's voice of the user tag information, And according to the user marking information, it is judged whether the user allows the storage of private information. If the user marking information shows that the user does not allow the voice information to be stored, the back-end system device can discard the voice information.

采用本发明的方法和系统，可以防止用户的语音信息被未经许可的情况下被后台系统设备采集和保存，保证了用户的隐私不被泄露，解决了现有技术中物联网终端设备如智能音箱，智能家电随意获取用户语音信息的技术缺陷。The method and system of the present invention can prevent the user's voice information from being collected and stored by the background system equipment without permission, ensure that the user's privacy is not leaked, and solve the problem of the Internet of Things terminal equipment in the prior art such as intelligent Speakers and smart home appliances have the technical defects of freely obtaining user voice information.

附图说明Description of drawings

图1为本发明提出的物联网终端设备的隐私保护方法的步骤框图FIG. 1 is a block diagram of steps of a privacy protection method for an IoT terminal device proposed by the present invention

具体实施方式Detailed ways

以下结合附图对本发明的具体实施方式作出详细说明。The specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

本发明提出的物联网终端设备的隐私保护方法，在物联网终端设备首次使用时，用户会收到厂家发出的许可询问，具体涉及是否允许采集用户的语音信息的许可协议的相关内容，是否允许其语音内容被保存；根据用户对许可协议内容的选择，物联网终端设备可以对用客户的语音添加相应的标记信息，具体包括如下步骤：In the privacy protection method of the Internet of Things terminal device proposed by the present invention, when the Internet of Things terminal device is used for the first time, the user will receive a license inquiry issued by the manufacturer, which specifically relates to the relevant content of the license agreement for whether to allow the collection of the user's voice information, whether to allow Its voice content is saved; according to the user's selection of the content of the license agreement, the Internet of Things terminal device can add corresponding marking information to the voice of the user, which specifically includes the following steps:

S101，在物联网终端设备根据用户的语音激活信号，启动捕获用户的语音；S101, start capturing the user's voice in the Internet of Things terminal device according to the user's voice activation signal;

S102，所述物联网终端设备在其中添加标记信息，该标记信息用于标识用户是否愿意将其语音隐私信息被保存；S102, the Internet of Things terminal device adds tag information therein, and the tag information is used to identify whether the user is willing to save his voice privacy information;

S103，将包含标记信息的用户语音发送给后端系统设备。S103: Send the user voice including the marking information to the back-end system device.

具体地，这种标记信息可以嵌入在有声信号中；或者是嵌入在无声信号中，有声信号可以噪声的形式出现，具体可以通过放置在通常不被话音占用的频率范围中，其可以使任何人都可以听到的一个声音被嵌入到用户的语音中；标记信息也可以是无声的标记，该标记不能被人感知，例如，该标签可以是一个位于高频范围的声音信号，将其嵌入到用户的语音信号中。具体的，用户标记信息中可包括用户的身份标识。Specifically, this marker information can be embedded in a voiced signal; or in a voiceless signal, which can appear in the form of noise, specifically by placing it in a frequency range not normally occupied by speech, which can make anyone A sound that can be heard is embedded in the user's speech; the tag information can also be a silent tag that cannot be perceived by humans, for example, the tag can be a sound signal in the high frequency range, which is embedded in the in the user's voice signal. Specifically, the user tag information may include the user's identity identifier.

具体地，为了保证带有用户标记信息的用户语音在传输过程中被泄露或篡改，需要对用户的语音进行加密，并且提供相应的技术保证其标记信息不会被非法修改和剔除，需要添加严格而有效的保密措施。Specifically, in order to ensure that the user's voice with the user's marking information is leaked or tampered with during the transmission process, it is necessary to encrypt the user's voice, and provide corresponding technologies to ensure that the marking information will not be illegally modified or removed. and effective confidentiality measures.

具体地，将包含所述标记信息的用户的语音使用散列算法生成用户的语音的摘要；散列算法可以是各种HASH算法，本发明中并不作具体限定。Specifically, a hash algorithm is used to generate a summary of the user's speech from the user's speech including the marking information; the hash algorithm may be various HASH algorithms, which are not specifically limited in the present invention.

随后，使用物联网终端设备的私钥对摘要进行加密生成物联网设备的签名；通过数字签名可保证用户语音内容可以被追溯；所述物联网设备生成会话密钥，该会话密钥为对称加密密钥，可每隔一段时间自动更新，或者每次加密都采用不同的密钥；使用所述会话密钥对包含所述标记信息的用户的语音加密；将使用后端系统公钥对会话密钥加密，生成加密的会话密钥；将经过加密的会话密钥与所述加密的用户语音及用户签名三者合并后发送给后端系统。通过数字签名技术保证了对物联网终端设备的可追溯性；通过数字摘要技术防止包括用户标记信息的语音内容在传输过程中被非法篡改。Then, use the private key of the IoT terminal device to encrypt the digest to generate the signature of the IoT device; the digital signature can ensure that the user's voice content can be traced; the IoT device generates a session key, which is symmetric encryption The key can be automatically updated at regular intervals, or a different key is used for each encryption; the user's voice containing the marked information is encrypted using the session key; the session key will be encrypted using the back-end system public key. key encryption to generate an encrypted session key; the encrypted session key, the encrypted user voice and the user signature are combined and sent to the back-end system. The traceability of IoT terminal equipment is ensured through digital signature technology; the voice content including user-marked information is prevented from being illegally tampered with during transmission through digital digest technology.

为了保证上述加解密过程的顺利实施，物联网终端设备会生成公私密钥对，将私钥在其本地保存，公钥发送给后端系统保存；同时，后端系统设备的公钥也会提前发送给物联网终端设备。同时，为了保证不同厂商和不同设备之间的用户标记信息发生重复，或者被破解，用户的标记信息中的格式和含义可以基于用户与后端系统设备协商确定；具体可以事先在物联网终端设备和后端系统设备之间交换各自公钥时，将公钥信息与用户标记信息的格式和含义及加密用户语音数据的格式两者一起通过带外方式进行协商；标记信息的格式和含义可定义不同的版本，通过版本号进行识别，并可定期更换，如每隔半个月更新一次标记信息的格式和对应的含义，并通过新的版本号进行标记，通过上述方式可以使得与用户的标记信息不会轻易被破解，有效保障了用户的隐私。In order to ensure the smooth implementation of the above encryption and decryption process, the IoT terminal device will generate a public-private key pair, save the private key locally, and send the public key to the back-end system for storage; at the same time, the public key of the back-end system device will also be stored in advance. Sent to IoT terminal devices. At the same time, in order to ensure that the user marking information between different manufacturers and different devices is repeated or cracked, the format and meaning of the user's marking information can be determined based on the negotiation between the user and the back-end system equipment; When exchanging the respective public keys with the back-end system equipment, the public key information, the format and meaning of the user tag information and the format of the encrypted user voice data are negotiated together in an out-of-band manner; the format and meaning of the tag information can be defined Different versions are identified by the version number and can be changed regularly. For example, the format and corresponding meaning of the marking information are updated every two weeks, and marked with a new version number. Through the above method, the user can be marked with the user. Information will not be easily cracked, effectively protecting the privacy of users.

S104，后端系统设备接收用户的语音信息；S104, the back-end system device receives the user's voice information;

S105，所述后端系统设备解析其中的用户标记信息，并根据标记信息判断用户是否允许隐私信息的保存，如果标记信息显示用户不允许隐私信息被保存，则后端系统设备将会拒绝保存并丢弃上述用户语音信息。S105, the back-end system device parses the user tag information therein, and judges whether the user allows the storage of private information according to the tag information, if the tag information shows that the user does not allow the privacy information to be saved, the back-end system device will refuse to save and The above-mentioned user voice information is discarded.

具体的，当用户语音信息为加密信息时，后端系统设备在接收到用户语音后，首先将其分割为加密的会话密钥，加密的用户语音，用户签名三个部分；Specifically, when the user's voice information is encrypted information, after receiving the user's voice, the back-end system device first divides it into three parts: the encrypted session key, the encrypted user's voice, and the user's signature;

后端系统设备使用其私钥对加密的会话密钥解密，得到会话密钥；使用会话密钥对加密的用户语音进行解密得到包含所述标记信息的用户的语音；后端系统设备使用物联网设备的公钥对所述物联网设备的签名解密，得到包含所述用户标记信息的用户语音的摘要；对上述包含所述标记信息的用户的语音进行散列计算后与用户语音的摘要进行比较，如果两者一致，则表示用户的语音和标记信息未被篡改，否则可确定用户的语音信息或标记信息在传输过程中被篡改过，后端系统设备将会丢弃上述用户语音信息。The back-end system device uses its private key to decrypt the encrypted session key to obtain the session key; uses the session key to decrypt the encrypted user voice to obtain the user's voice containing the marked information; the back-end system device uses the Internet of Things The public key of the device decrypts the signature of the Internet of Things device to obtain a summary of the user's voice that includes the user's tag information; the user's voice containing the tag information is hashed and compared with the summary of the user's voice , if the two are consistent, it means that the user's voice and tag information have not been tampered with, otherwise it can be determined that the user's voice information or tag information has been tampered with during the transmission process, and the back-end system equipment will discard the above-mentioned user voice information.

具体的，为了保证不同厂商和不同设备之间的用户标记信息发生重复，或者被破解，用户的标记信息中的格式和含义可以基于用户与后端系统设备协商确定。用户标记信息中的格式和含义可分别定义不同的版本，通过版本号进行识别，并可定期更换，如每隔半个月更新一次标记信息的格式和对应的含义，并通过新的版本号进行标记。后端系统设备将用户的标识信息的版本号，用户的标识信息的格式和含义，与用户的身份标识形成对应关系，在本地保存。Specifically, in order to ensure that the user tag information between different manufacturers and different devices is repeated or cracked, the format and meaning of the user tag information can be determined based on negotiation between the user and the back-end system device. The format and meaning in the user's marking information can be defined in different versions, identified by the version number, and can be changed regularly. For example, the format and corresponding meaning of the marking information are updated every half month, and the new version number mark. The back-end system device forms a corresponding relationship between the version number of the user's identification information, the format and meaning of the user's identification information, and the user's identification, and saves it locally.

可选的，在物联网终端设备和后端系统设备之间交换各自公钥时，将公钥信息与用户标记信息的格式和含义及加密用户语音数据的格式和含义两者一起通过带外方式进行协商；后端系统设备通过带外方式的协商得到带有用户标记信息的语音信息时，根据其中的版本号得到对应的用户的语音标记信息的格式和对应的含义，通过解析得到的用户标记信息确定保存或是丢弃用户的语音。Optionally, when the respective public keys are exchanged between the IoT terminal device and the back-end system device, the public key information, the format and meaning of the user tag information, and the format and meaning of the encrypted user voice data are sent out-of-band together. Negotiation; when the back-end system equipment obtains the voice information with user tag information through out-of-band negotiation, it obtains the format and corresponding meaning of the corresponding user's voice tag information according to the version number, and the user tag obtained by parsing The information determines whether to save or discard the user's voice.

本发明提出了一种物联网终端设备的隐私保护系统，包括物联网终端设备和后端系统设备，通过前述的方法在物联网终端设备和后端系统设备中实现，有效保护的用户的隐私，保证用户的语音信息不被非法利用。The present invention proposes a privacy protection system for Internet of Things terminal equipment, including Internet of Things terminal equipment and back-end system equipment, which is implemented in the Internet of Things terminal equipment and back-end system equipment through the aforementioned method, effectively protecting the privacy of users, Ensure that the user's voice information is not illegally used.

对于本领域技术人员而言，显然本发明实施例不限于上述示范性实施例的细节，而且在不背离本发明实施例的精神或基本特征的情况下，能够以其他的具体形式实现本发明实施例。因此，无论从哪一点来看，均应将实施例看作是示范性的，而且是非限制性的，本发明实施例的范围由所附权利要求而不是上述说明限定，因此旨在将落在权利要求的等同要件的含义和范围内的所有变化涵括在本发明实施例内。不应将权利要求中的任何附图标记视为限制所涉及的权利要求。此外，显然“包括”一词不排除其他单元或步骤，单数不排除复数。系统、装置或终端权利要求中陈述的多个单元、模块或装置也可以由同一个单元、模块或装置通过软件或者硬件来实现。第一，第二等词语用来表示名称，而并不表示任何特定的顺序。For those skilled in the art, it is obvious that the embodiments of the present invention are not limited to the details of the above-mentioned exemplary embodiments, and the present invention can be implemented in other specific forms without departing from the spirit or essential features of the embodiments of the present invention example. Accordingly, the embodiments are to be considered in all respects as exemplary and not restrictive, the scope of the embodiments of the present invention being defined by the appended claims rather than the foregoing description, and are therefore intended to fall within the scope of All changes within the meaning and scope of equivalents of the claims are included in the embodiments of the present invention. Any reference signs in the claims shall not be construed as limiting the involved claim. Furthermore, it is clear that the word "comprising" does not exclude other units or steps and the singular does not exclude the plural. Multiple units, modules or means recited in the system, device or terminal claims can also be implemented by the same unit, module or means by software or hardware. The terms first, second, etc. are used to denote names and do not denote any particular order.

最后应说明的是，以上实施方式仅用以说明本发明实施例的技术方案而非限制，尽管参照以上较佳实施方式对本发明实施例进行了详细说明，本领域的普通技术人员应当理解，可以对本发明实施例的技术方案进行修改或等同替换都不应脱离本发明实施例的技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the embodiments of the present invention and not to limit them. Although the embodiments of the present invention have been described in detail with reference to the above preferred embodiments, those of ordinary skill in the art should Modifications or equivalent replacements to the technical solutions of the embodiments of the present invention should not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (9)

Translated fromChinese

1.一种物联网设备的隐私保护方法，其特征在于，所述方法包括如下步骤，S101：在物联网终端设备根据用户的语音激活信号，启动捕获用户的语音信息；S102：所述物联网终端并在其中添加用户标记信息，该用户标记信息用于标识用户是否允许将其语音信息在网络中保存；S103：将上述包含标记信息的语音信息发送给后端系统设备；S104：所述后端系统设备接收所述用户标记信息的用户的语音；S105：根据用户标记信息判断用户是否允许隐私信息的保存，如果所述用户标记信息显示用户不允许其语音信息被保存时，则后端系统设备可丢弃上述语音信息。1. A privacy protection method for an Internet of Things device, characterized in that the method comprises the following steps, S101 : in the Internet of Things terminal device, according to a user's voice activation signal, start to capture the user's voice information; S102: the Internet of Things terminal device terminal and add user tag information in it, the user tag information is used to identify whether the user is allowed to save his voice information in the network; S103: send the above-mentioned voice information including the tag information to the back-end system equipment; S104: the latter The end system device receives the user's voice of the user marking information; S105: Determine whether the user allows the storage of private information according to the user marking information, and if the user marking information shows that the user does not allow the voice information to be stored, the back-end system The device may discard the above-mentioned voice information.2.根据权利要求1所述的隐私保护方法，其特征在于：该用户标记信息中还包括用户的身份信息标识符。2 . The privacy protection method according to claim 1 , wherein the user marking information further includes the user's identity information identifier. 3 .3.根据权利要求1所述的隐私保护方法，其特征在于：该用户标记信息中以有声信号或无声信号的形式添加到用户的语音中。3 . The privacy protection method according to claim 1 , wherein the user marking information is added to the user's voice in the form of a voiced signal or a silent signal. 4 .4.根据权利要求1所述的隐私保护方法，其特征在于：所述物联网终端设备将包含所述用户标记信息的用户的语音加密后发送到后端系统设备。4 . The privacy protection method according to claim 1 , wherein the Internet of Things terminal device encrypts the user's voice including the user tag information and sends it to the back-end system device. 5 .5.根据权利要求4所述的隐私保护方法，其特征在于：将包含所述用户标记信息的用户的语音使用散列算法生成用户的语音的摘要，使用物联网设备的私钥对摘要进行加密生成物联网设备的签名；所述物联网设备生成会话密钥，使用所述会话密钥对包含所述用户标记信息的用户的语音加密；将使用后端系统设备的公钥对会话密钥加密生成加密的会话密钥，将所述的加密的会话密钥与所述加密的用户语音及用户签名三者合并后发送到后端系统设备。5. The privacy protection method according to claim 4, characterized in that: the user's voice containing the user marking information is generated using a hash algorithm to generate a digest of the user's voice, and the digest is encrypted using the private key of the Internet of Things device. Generate the signature of the Internet of Things device; the Internet of Things device generates a session key, and uses the session key to encrypt the user's voice containing the user's signature information; will use the public key of the back-end system device to encrypt the session key An encrypted session key is generated, and the encrypted session key, the encrypted user voice and the user signature are combined and sent to the back-end system device.6.根据权利要求5所述的隐私保护方法，其特征在于：所述物联网终端设备在初次使用时，会生成非对称密钥对，其中的私钥由物联网设备中保存，公钥则发送到后端系统设备保存；后端系统设备将其公钥发送给所述物联网终端设备。6. The privacy protection method according to claim 5, characterized in that: when the Internet of Things terminal device is used for the first time, an asymmetric key pair is generated, wherein the private key is stored in the Internet of Things device, and the public key is stored in the Internet of Things device. It is sent to the back-end system device for storage; the back-end system device sends its public key to the IoT terminal device.7.根据权利要求4所述的隐私保护方法，其特征在于：后端系统设备在接收到合并的用户语音后，分割为加密的会话密钥，加密的用户语音，用户签名三个部分；后端系统设备使用其私钥对加密的会话密钥解密，得到会话密钥；使用会话密钥对加密的用户语音进行解密得到包含所述用户标记信息的用户的语音；后端系统设备使用物联网设备的公钥对所述物联网设备的签名解密，得到包含所述用户标记信息的用户语音的摘要；对上述包含所述用户标记信息的用户的语音进行散列计算后与用户语音的摘要进行比较，以确定用户的语音是否被篡改。7. privacy protection method according to claim 4 is characterized in that: after receiving the combined user voice, the back-end system equipment is divided into encrypted session key, encrypted user voice, and three parts of user signature; The end system device uses its private key to decrypt the encrypted session key to obtain the session key; uses the session key to decrypt the encrypted user voice to obtain the user's voice containing the user tag information; the back-end system device uses the Internet of Things The public key of the device decrypts the signature of the Internet of Things device, and obtains a summary of the user's voice containing the user's marking information; hashing the above-mentioned user's voice containing the user's marking information is performed with the summary of the user's voice. comparison to determine whether the user's voice has been tampered with.8.根据权利要求1所述的隐私保护方法，其特征在于：用户的标记信息中的格式和含义可以基于用户与后端系统设备协商确定，所述用户的标记信息的格式和含义可定期改变，通过不同的版本号对用户标记信息进行识别。8. The privacy protection method according to claim 1, wherein the format and meaning of the user's marking information can be determined based on the negotiation between the user and the back-end system equipment, and the format and meaning of the user's marking information can be changed regularly , identify the user tag information through different version numbers.9.一种物联网设备的隐私保护系统，该系统包括物联网终端设备及后端系统设备；所述物联网终端设备根据用户的语音激活信号，启动捕获用户的语音信息，并在其中添加用户标记信息，该用户标记信息用于标识用户是否允许将其语音信息在网络中保存；并发送给后端系统设备；所述后端系统设备接收所述用户标记信息的用户的语音，并根据用户标记信息判断用户是否允许隐私信息的保存，如果所述用户标记信息显示用户不允许其语音信息被保存时，则后端系统设备可丢弃上述语音信息。9. A privacy protection system for an Internet of Things device, the system comprising an Internet of Things terminal device and a back-end system device; the Internet of Things terminal device starts to capture the user's voice information according to a user's voice activation signal, and adds the user to it Tag information, the user tag information is used to identify whether the user is allowed to save his voice information in the network; and sent to the back-end system equipment; the back-end system equipment receives the user's voice of the user tag information, and according to the user The marking information determines whether the user allows the storage of private information. If the user marking information shows that the user does not allow the storage of the voice information, the back-end system device may discard the voice information.

Images