CN110266485A - A kind of Internet of Things secure communication control method based on NB-IoT - Google Patents
A kind of Internet of Things secure communication control method based on NB-IoT Download PDFInfo
- Publication number
- CN110266485A CN110266485A CN201910582656.1A CN201910582656A CN110266485A CN 110266485 A CN110266485 A CN 110266485A CN 201910582656 A CN201910582656 A CN 201910582656A CN 110266485 A CN110266485 A CN 110266485A
- Authority
- CN
- China
- Prior art keywords
- key
- mould group
- server
- shared
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The Internet of Things secure communication control method based on NB-IoT that the present invention provides a kind of, comprising: server pre-generatmg data;Mould group determines tooling data according to the pre-generatmg data;Pre-generatmg data described in mould group and server by utilizing and tooling data carry out key agreement.It the present invention is based on the Internet of Things secure communication control method of NB-IoT, can effectively avoid transmitting in plain text, prevent key supposition, data tampering and Replay Attack.
Description
Technical field
The present invention relates to fields of communication technology, in particular to a kind of Internet of Things secure communication control based on NB-IoT
Method processed.
Background technique
Internet of things equipment currently on the market based on NB-IoT communications module is led to due to memory, flash resource constraint
Letter mode is mostly plaintext, or is encrypted through fixed key to business datum.And if plaintext communication, it is easy under attack
The illegal operations such as hijacking data, data tampering, the control playback of person.
And if carrying out data encryption by fixed key, attacker still can after collecting mass data
The anti-key for releasing the fixation, then subsequent ciphertext transmission is no different with plaintext transmission actually.
Summary of the invention
The problem to be solved in the present invention is the hijacking data, data tampering, control weight that plaintext communication is easy person under attack
The illegal operation such as put, and the communication of existing ciphertext carries out data encryption using fixed key, is easy to obtain fixation by counter push away of attacker
Key.
To solve the above problems, the present invention provides a kind of Internet of Things secure communication control method based on NB-IoT.
A kind of Internet of Things secure communication control method based on NB-IoT, comprising:
Server pre-generatmg data;
Mould group determines tooling data according to the pre-generatmg data;
Pre-generatmg data described in mould group and server by utilizing and tooling data carry out key agreement.
Pre-generatmg data described in mould group of the present invention and server by utilizing and tooling data carry out key agreement, compared in plain text
Communication effectively prevents the illegal operations such as the hijacking data, data tampering, control playback of attacker, and compared to existing using solid
Determine the ciphertext communication that key carries out data encryption, increases that attacker is counter to push away the difficulty for obtaining fixed key, improve communication
Safety.
Further, the pre-generatmg data include MAC Address, mould group hardware number, mould group public key, mould group private key, work
Factory's public key;The tooling data include mould group public key, mould group private key, factory's public key.
Further, the mould group and server are negotiated slowly when connecting for the first time;The mould group and server are in head
Negotiated fastly when being again coupled to after secondary connection.
Further, negotiated slowly when the mould group is connect for the first time with server, comprising:
The mould group initiates key negotiation request to the server;
The server handles the key negotiation request, and sends key agreement response to the mould group;
The mould group handles the key agreement response, and carries out key agreement confirmation;
The server carries out key agreement confirmation;
The mould group is securely communicated with the server.
Further, the mould group initiates key negotiation request to the server, comprising: the mould group generate mould group with
Machine number deviceNone carries out ECDH encryption to the mould group random number deviceNone using shared key 1, and is sent to institute
State server.
Further, the server handles the key negotiation request, and sends key association to the mould group
Quotient's response, comprising: the server by utilizing shared key 1 decrypts the mould group random number deviceNone, utilizes factory's private key
The mould group random number deviceNone is signed to obtain mould group signature deviceSign;The server generates server
Random number cloudNone, using shared key 1 to mould group signature deviceSign, server random number cloudNone, service
Device public key carries out ECDH encryption composition negotiation response bag and is sent to mould group.
Further, the mould group handles the key agreement response, and carries out key agreement confirmation, comprising:
The mould group carries out ECDH to the negotiation response bag using shared key 1 and decrypts to obtain mould group signature deviceSign, service
Device random number cloudNone, server public key, organizing die-filling group of private key and server public key is shared key 2, uses factory's public key
The legitimacy for verifying mould group signature deviceSign, is serviced using mould group private key signature server random number cloudNone
Device signature cloudSign carries out ECDH encryption to server signature cloudSign using shared key 1, and is sent to service
Device.
Further, the server carries out key agreement confirmation, comprising: server adds ECDH using shared key 1
Close server signature cloudSign carries out ECDH decryption, uses the legal of mould group public key verifications server signature cloudSign
Property, it assembles privacy key and mould group public key obtains shared key 2, generate session key sessionKey, use shared key 2
ECDH encryption is carried out to session key sessionKey.
The present invention is negotiated slowly in connection server for the first time, ensure that the conjunction of server Yu mould group end by two-way authentication
Method.
Further, the mould group and server are negotiated when being again coupled to fastly after connecting for the first time, comprising:
The mould group sends key negotiation request to the server;
The server carries out key agreement response and key agreement confirmation;
The mould group is securely communicated with the server.
Further, the mould group sends key negotiation request to the server, comprising: the mould group use is shared close
Key 1, shared key 2 successively carry out ECDH encryption to the mould group random number deviceNone that the mould group generates, and give described
Server;
The server carries out key agreement response and key agreement confirmation, comprising: the server uses shared key
2, shared key 1 is successively decrypted and verifies to the mould group random number deviceNone of ECDH encryption, and using shared
Key 2 encrypts the session key sessionKey that the server generates and is sent to the mould group.
The present invention is being again coupled to server using fast negotiation, shortens negotiation time, improves user experience.
Further, the shared key 1 is the splicing of mould group private key and factory's public key or the shared key 1 is
The splicing of mould group public key and factory's private key;The shared key 2 is the splicing or described total of mould group private key and server public key
Enjoy the splicing that key 2 is mould group public key and privacy key;Factory's private key is to be obtained using MAC Address from server, institute
Server public key and privacy key are stated as server generation.
Further, the mould group is securely communicated with the server, comprising: to the mould group and the server
The business datum of communication carries out secure package.
Further, secure package is carried out to the business datum of the mould group and the server communication, comprising:
To being encrypted to obtain ciphertext in plain text, ciphertext and cryptographic Hash are sent out using session key sessionKey for the mould group
Give server;
The server is decrypted the ciphertext received using session key sessionKey, obtains message meter
Several and business datum, and calculate cryptographic Hash, whether cryptographic Hash is calculated in confirmation consistent with the cryptographic Hash that receives.
The present invention carries out secure package by the business datum to the mould group and the server communication, effectively prevents
Data are by Brute Force, data tampering and Replay Attack.
Detailed description of the invention
Fig. 1 is the Internet of Things secure communication control method flow chart based on NB-IoT according to the present invention;
Fig. 2 is to negotiate flow chart slowly according to the present invention;
Fig. 3 is to negotiate flow chart fastly according to the present invention.
Specific embodiment
To make the above purposes, features and advantages of the invention more obvious and understandable, with reference to the accompanying drawing to the present invention
Specific embodiment be described in detail.
It please refers to shown in Fig. 1-3, the present invention is based on the Internet of Things secure communication control methods of NB-IoT (narrowband Internet of Things)
It specifically includes:
S1, server (cloud) pre-generatmg data;Specifically, by the DNS Life Cycle System pre-generatmg of the server
Data, the pre-generatmg data include MAC Address, mould group hardware number, mould group public key, mould group private key, factory's public key.
S2, mould group (equipment) determine tooling data according to the pre-generatmg data;Negotiate as mould group and server key
Premise, need before the factory of mould group through producing line tooling into volume of data, for carrying out key agreement after subsequent even cloud.It is described
Tooling data include mould group public key, mould group private key, factory's public key.
Pre-generatmg data described in S3, mould group and server by utilizing and tooling data carry out key agreement.
Pre-generatmg data described in mould group of the present invention and server by utilizing and tooling data carry out key agreement, compared in plain text
Communication effectively prevents the illegal operations such as the hijacking data, data tampering, control playback of attacker, and compared to existing using solid
Determine the ciphertext communication that key carries out data encryption, increases that attacker is counter to push away the difficulty for obtaining fixed key, improve communication
Safety.
When mould group connects server for the first time, two-way authentication is needed, i.e. the mould group legitimacy that needs certificate server, server
It is also required to the legitimacy of certification mould group, therefore first time key agreement logic flow is more, negotiated referred to herein as slow.
After slow negotiation passes through, when mould group is again coupled to server, then identifying procedure can be omitted, it in this way can be significantly
Shorten negotiation time, negotiates referred to herein as fast.
It is as follows that S3.1 negotiates process slowly, referring to figure 2. shown in:
A) key negotiation request is initiated at mould group end:
The mould group generates mould group random number deviceNone, using shared key 1 to mould group random number deviceNone
After carrying out ECDH encryption, the server is sent it to.
B) server handles negotiation request packet:
According to the MAC Address of mould group from DNS Life Cycle System (also referred to as license server) obtaining module public key with
Factory's private key decrypts the mould group random number deviceNone after forming shared key 1.
C) server carries out key agreement response:
Server described in c1 signs mould group random number deviceNone using factory's private key to obtain mould group signature
deviceSign;
Server described in c2 generates server random number cloudNone, is then signed using shared key 1 to mould group
DeviceSign, server random number cloudNone, server public key (can generate server public private key pair by server) carry out
ECDH encryption composition negotiates response bag;
Server described in c3 sends the negotiation response bag and gives mould group.
D) the mould group handles the negotiation response bag:
Mould group described in d1 carries out ECDH decryption to the negotiation response bag using shared key 1, obtains deviceSign, clothes
Business device public key, server random number cloudNone;
Die-filling group of private key of d2 group and server public key are shared key 2;
D3 uses factory's public key verifications mould group signature deviceSign legitimacy;
D4 obtains server signature cloudSign using mould group private key signature server random number cloudNone.
E) the mould group carries out key agreement confirmation:
ECDH encryption is carried out to server signature cloudSign using shared key 1 described in e1;
E2 sends ciphertext (the server signature cloudSign of the ECDH encryption) to server.
F) server carries out key agreement confirmation:
Server described in f1 is using shared key 1 to the received ciphertext (server signature of the ECDH encryption
CloudSign ECDH decryption) is carried out;
F2 uses the legitimacy of mould group public key sign test server signature cloudSign;
F3 assembling privacy key and mould group public key obtain shared key 2;
F4 server generates random number sessionKey as session key, using shared key 2 to the session key
ECDH encryption;
The ECDH session key encrypted is sent to the mould group by f5.
G) secure communication:
Secure package is carried out to the business datum of the mould group and the server communication, is guaranteed data security.
The present invention is negotiated slowly in connection server for the first time, ensure that the conjunction of server Yu mould group end by two-way authentication
Method.
It is as follows that S3.2 negotiates process fastly, referring to figure 3. shown in:
A) key negotiation request:
Mould group described in a1 is using shared key 1, shared key 2 successively to the mould group random number deviceNone of generation
ECDH encryption is carried out, ciphertext is obtained;
Ciphertext (the mould group random number deviceNone of ECDH encryption) is sent to the server by mould group described in a2.
B) key agreement response:
The server uses shared key 2, shared key 1 successively docking packet receiving (the mould group of the ECDH encryption received
Random number deviceNone) it is decrypted and verifies.
C) key agreement confirms:
Shown server encrypts sessionKey using shared key 2 and sends the mould group.
D) secure communication:
Secure package is carried out to the business datum of the mould group and the server communication, is guaranteed data security.
Wherein, splicing=mould group public key and factory's private key splicing of shared key 1=mould group private key and factory's public key;Altogether
Enjoy splicing=mould group public key and privacy key splicing of key 2=mould group private key and server public key;Mould group public private key pair,
Factory's public private key pair is generated by DNS Life Cycle System server.
The present invention is being again coupled to server using fast negotiation, shortens negotiation time, improves user experience.
It is described in detail below in the slow detailed process negotiated with business datum secure package involved in fast negotiations process.
To prevent data by Brute Force, data tampering, Replay Attack, need that comprehensive security envelope should be carried out to attack means
Dress.The secure package process is as follows:
A) cryptographic Hash calculating is first carried out in plain text to business datum, based on the irreversibility of SM3 hash algorithm, for verifying number
According to whether distorting (as long as data are modified, the cryptographic Hash and former cryptographic Hash calculated by SM3 algorithm is inevitable different).
B) transport protocol adds packet counting, for preventing data playback, and guarantees that packet counting is not modified, need and industry
Business data encrypt together.
C) packet counting is carried out together with business datum symmetrically using the session key sessionKey that key agreement goes out
Encryption carries out ciphertext transmitting.Detailed process is as follows:
Mould group end described in c1 encrypts (that is: packet counting and business datum) in plain text using sessionKey, obtains
Ciphertext is sent to server;
Server described in c2 is decrypted the ciphertext received using sessionKey, obtains packet counting and business number
According to.
It is described in detail below in the slow detailed process negotiated with validity checking involved in fast negotiations process.Legitimacy
The process of inspection is as follows:
A) after recipient is using sessionKey decryption, SM3 verification failure, disconnection is renegotiated.
B) it receives packet counting value and is less than or equal to last time count value, determine to reset, disconnection renegotiates.
The present invention carries out data transmitting by secure package on the application layer, protects the attack of common Internet of Things, mentions
High communications security.
Mould group is also referred to as equipment in the present invention, and server is also referred to as cloud, correspondingly, mould group public key is also referred to as equipment public key, mould group
Private key is also referred to as device private, and mould group signature is also referred to as device subscription, and mould group random number is also referred to as equipment random number, and server public key is also referred to as
Cloud public key, privacy key are also referred to as cloud private key, and server signature is also referred to as cloud signature, server random number be also referred to as cloud with
Machine number.
To sum up, the present invention is based on the Internet of Things secure communication control method of NB-IoT, NB mould group and servers to pass through data
Tooling, key agreement, secure package realize the safe transmission of communication data, avoid transmitting in plain text, prevent key from speculating, prevent
Data tampering prevents Replay Attack.And encryption and decryption is light, occupies little space, and uses suitable for resource-constrained internet of things equipment.
Although present disclosure is as above, present invention is not limited to this.Anyone skilled in the art are not departing from this
It in the spirit and scope of invention, can make various changes or modifications, therefore protection scope of the present invention should be with claim institute
Subject to the range of restriction.
Claims (13)
1. a kind of Internet of Things secure communication control method based on NB-IoT characterized by comprising
Server pre-generatmg data;
Mould group determines tooling data according to the pre-generatmg data;
Pre-generatmg data described in mould group and server by utilizing and tooling data carry out key agreement.
2. the method according to claim 1, wherein the pre-generatmg data include MAC Address, mould group hardware volume
Number, mould group public key, mould group private key, factory's public key;The tooling data include mould group public key, mould group private key, factory's public key.
3. the method according to claim 1, wherein the mould group and server are assisted slowly when connecting for the first time
Quotient;The mould group and server are negotiated when being again coupled to fastly after connecting for the first time.
4. according to the method described in claim 3, it is characterized in that, the mould group is assisted slowly when connecting for the first time with server
Quotient, comprising:
The mould group initiates key negotiation request to the server;
The server handles the key negotiation request, and sends key agreement response to the mould group;
The mould group handles the key agreement response, and carries out key agreement confirmation;
The server carries out key agreement confirmation;
The mould group is securely communicated with the server.
5. according to the method described in claim 4, it is characterized in that, the mould group is asked to server initiation key agreement
It asks, comprising: the mould group generates mould group random number deviceNone, using shared key 1 to the mould group random number
DeviceNone carries out ECDH encryption, and is sent to the server.
6. according to the method described in claim 4, it is characterized in that, the server to the key negotiation request at
Reason, and key agreement response is sent to the mould group, comprising: it is random that the server by utilizing shared key 1 decrypts the mould group
Number deviceNone signs the mould group random number deviceNone using factory's private key to obtain mould group signature
deviceSign;The server generates server random number cloudNone, is signed using shared key 1 to mould group
DeviceSign, server random number cloudNone, server public key carry out ECDH encryption composition negotiation response bag and are sent to mould
Group.
7. according to the method described in claim 4, it is characterized in that, the mould group handles the key agreement response,
And carry out key agreement confirmation, comprising: the mould group carries out ECDH to the negotiation response bag using shared key 1 and decrypts to obtain
Mould group signature deviceSign, server random number cloudNone, server public key, organize die-filling group of private key and server public key
Mould group private key signature server is used using the legitimacy of factory's public key verifications mould group signature deviceSign for shared key 2
Random number cloudNone obtains server signature cloudSign, is carried out using shared key 1 to server signature cloudSign
ECDH encryption, and it is sent to server.
8. according to the method described in claim 4, it is characterized in that, the server carries out key agreement confirmation, comprising: service
Device carries out ECDH decryption to the server signature cloudSign that ECDH is encrypted using shared key 1, is taken using mould group public key verifications
The legitimacy of business device signature cloudSign, assembling privacy key and mould group public key obtain shared key 2, generate session key
SessionKey carries out ECDH encryption to session key sessionKey using shared key 2.
9. according to the method described in claim 3, it is characterized in that, the mould group and server after connecting for the first time again
Negotiated fastly when connection, comprising:
The mould group sends key negotiation request to the server;
The server carries out key agreement response and key agreement confirmation;
The mould group is securely communicated with the server.
10. according to the method described in claim 9, it is characterized in that,
The mould group sends key negotiation request to the server, comprising: the mould group uses shared key 1, shared key 2
ECDH encryption successively is carried out to the mould group random number deviceNone that the mould group generates, and gives the server;
The server carries out key agreement response and key agreement confirmation, comprising: the server uses shared key 2, is total to
It enjoys key 1 successively the mould group random number deviceNone of ECDH encryption is decrypted and is verified, and uses shared key 2
It encrypts the session key sessionKey that the server generates and is sent to the mould group.
11. according to method described in claim 5,6,7,8 or 10, which is characterized in that the shared key 1 be mould group private key with
The splicing of factory's public key or the shared key 1 are the splicing of mould group public key and factory's private key;The shared key 2 is mould
The splicing of group private key and server public key or the shared key 2 are the splicing of mould group public key and privacy key;The work
Factory's private key is to be obtained using MAC Address from server, and the server public key and privacy key are server generation.
12. the method according to claim 4 or 9, which is characterized in that the mould group and the server carry out safety and lead to
Letter, comprising: secure package is carried out to the business datum of the mould group and the server communication.
13. according to the method for claim 12, which is characterized in that the business number of the mould group and the server communication
According to progress secure package, comprising:
To being encrypted to obtain ciphertext in plain text, ciphertext and cryptographic Hash are sent to using session key sessionKey for the mould group
Server;
The server is decrypted the ciphertext received using session key sessionKev, obtain packet counting with
Business datum, and calculate cryptographic Hash, whether cryptographic Hash is calculated in confirmation consistent with the cryptographic Hash that receives.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910582656.1A CN110266485B (en) | 2019-06-28 | 2019-06-28 | Internet of things safety communication control method based on NB-IoT |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910582656.1A CN110266485B (en) | 2019-06-28 | 2019-06-28 | Internet of things safety communication control method based on NB-IoT |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110266485A true CN110266485A (en) | 2019-09-20 |
CN110266485B CN110266485B (en) | 2022-06-24 |
Family
ID=67923399
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910582656.1A Active CN110266485B (en) | 2019-06-28 | 2019-06-28 | Internet of things safety communication control method based on NB-IoT |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110266485B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111865956A (en) * | 2020-07-13 | 2020-10-30 | 杭州萤石软件有限公司 | System, method, device and storage medium for preventing service hijacking |
CN111935166A (en) * | 2020-08-18 | 2020-11-13 | 杭州萤石软件有限公司 | Communication authentication method, system, electronic device, server, and storage medium |
US11949781B2 (en) | 2020-08-31 | 2024-04-02 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data transmission method, device, apparatus and storage medium |
Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005359A (en) * | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
CN102264068A (en) * | 2010-05-28 | 2011-11-30 | ***通信集团公司 | Shared key consultation method, system, network platform and terminal |
CN104219217A (en) * | 2013-06-05 | 2014-12-17 | ***通信集团公司 | SA (security association) negotiation method, device and system |
US20170006003A1 (en) * | 2015-07-03 | 2017-01-05 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (iot) system |
US20170006643A1 (en) * | 2015-07-03 | 2017-01-05 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (iot) system |
CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
CN108282336A (en) * | 2017-01-06 | 2018-07-13 | 北京京东尚科信息技术有限公司 | Device subscription verification method and device |
CN108809643A (en) * | 2018-07-11 | 2018-11-13 | 飞天诚信科技股份有限公司 | A kind of method, system and the equipment of equipment and high in the clouds arranging key |
CN109040132A (en) * | 2018-09-26 | 2018-12-18 | 南京南瑞继保电气有限公司 | One kind being based on the randomly selected encryption communication method of shared key |
CN109040149A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
CN109120649A (en) * | 2018-11-02 | 2019-01-01 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
CN109347809A (en) * | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
CN109768948A (en) * | 2017-11-10 | 2019-05-17 | 中国电信股份有限公司 | Information push method, system and messaging device |
CN109768982A (en) * | 2019-01-23 | 2019-05-17 | 深圳市元征科技股份有限公司 | A kind of encrypted transmission method and device based on Internet of Things |
CN109787758A (en) * | 2019-01-18 | 2019-05-21 | 如般量子科技有限公司 | Anti- quantum calculation MQV cryptographic key negotiation method and system based on private key pond and Elgamal |
-
2019
- 2019-06-28 CN CN201910582656.1A patent/CN110266485B/en active Active
Patent Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005359A (en) * | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
CN102264068A (en) * | 2010-05-28 | 2011-11-30 | ***通信集团公司 | Shared key consultation method, system, network platform and terminal |
CN104219217A (en) * | 2013-06-05 | 2014-12-17 | ***通信集团公司 | SA (security association) negotiation method, device and system |
US20170006003A1 (en) * | 2015-07-03 | 2017-01-05 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (iot) system |
US20170006643A1 (en) * | 2015-07-03 | 2017-01-05 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (iot) system |
CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
CN108282336A (en) * | 2017-01-06 | 2018-07-13 | 北京京东尚科信息技术有限公司 | Device subscription verification method and device |
CN109768948A (en) * | 2017-11-10 | 2019-05-17 | 中国电信股份有限公司 | Information push method, system and messaging device |
CN108809643A (en) * | 2018-07-11 | 2018-11-13 | 飞天诚信科技股份有限公司 | A kind of method, system and the equipment of equipment and high in the clouds arranging key |
CN109347809A (en) * | 2018-09-25 | 2019-02-15 | 北京计算机技术及应用研究所 | A kind of application virtualization safety communicating method towards under autonomous controllable environment |
CN109040132A (en) * | 2018-09-26 | 2018-12-18 | 南京南瑞继保电气有限公司 | One kind being based on the randomly selected encryption communication method of shared key |
CN109040149A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
CN109120649A (en) * | 2018-11-02 | 2019-01-01 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
CN109787758A (en) * | 2019-01-18 | 2019-05-21 | 如般量子科技有限公司 | Anti- quantum calculation MQV cryptographic key negotiation method and system based on private key pond and Elgamal |
CN109768982A (en) * | 2019-01-23 | 2019-05-17 | 深圳市元征科技股份有限公司 | A kind of encrypted transmission method and device based on Internet of Things |
Non-Patent Citations (2)
Title |
---|
M HUSSAIN等: ""Analysis of session key negotiation & distribution protocols in Wireless Sensor Networks"", 《IEEE》 * |
罗铭等: ""一种面向SIP通信的域间认证与密钥协商机制"", 《东北大学学报(自然科学版)》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111865956A (en) * | 2020-07-13 | 2020-10-30 | 杭州萤石软件有限公司 | System, method, device and storage medium for preventing service hijacking |
CN111935166A (en) * | 2020-08-18 | 2020-11-13 | 杭州萤石软件有限公司 | Communication authentication method, system, electronic device, server, and storage medium |
US11949781B2 (en) | 2020-08-31 | 2024-04-02 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data transmission method, device, apparatus and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110266485B (en) | 2022-06-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109347809B (en) | Application virtualization secure communication method oriented to autonomous controllable environment | |
CN110380852B (en) | Bidirectional authentication method and communication system | |
CN106603485B (en) | Key agreement method and device | |
CN105471833B (en) | A kind of safe communication method and device | |
CN112887338B (en) | Identity authentication method and system based on IBC identification password | |
CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
CN104702611B (en) | A kind of device and method for protecting Secure Socket Layer session key | |
CN108599925B (en) | Improved AKA identity authentication system and method based on quantum communication network | |
CN111756529B (en) | Quantum session key distribution method and system | |
WO2016058404A1 (en) | Entity authentication method and device based on pre-shared key | |
CN103338215A (en) | Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm | |
CN104168267A (en) | Identity authentication method for accessing SIP security video monitoring system | |
CN103763631A (en) | Authentication method, server and television | |
CN103095696A (en) | Identity authentication and key agreement method suitable for electricity consumption information collection system | |
CN101409619A (en) | Flash memory card and method for implementing virtual special network key exchange | |
CN111756528B (en) | Quantum session key distribution method, device and communication architecture | |
CN110266485A (en) | A kind of Internet of Things secure communication control method based on NB-IoT | |
CN109151508A (en) | A kind of video encryption method | |
CN110022320A (en) | A kind of communication partner method and communication device | |
CN102868531A (en) | Networked transaction certification system and method | |
CN108632042A (en) | A kind of class AKA identity authorization systems and method based on pool of symmetric keys | |
CN108599926A (en) | A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys | |
CN107635227A (en) | A kind of group message encryption method and device | |
KR102128244B1 (en) | Ssl/tls based network security apparatus and method | |
CN111130775A (en) | Key negotiation method, device and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |