CN110868294A - Key updating method, device and equipment - Google Patents
Key updating method, device and equipment Download PDFInfo
- Publication number
- CN110868294A CN110868294A CN201911252703.2A CN201911252703A CN110868294A CN 110868294 A CN110868294 A CN 110868294A CN 201911252703 A CN201911252703 A CN 201911252703A CN 110868294 A CN110868294 A CN 110868294A
- Authority
- CN
- China
- Prior art keywords
- key
- internet
- target
- updating
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application discloses a method, a device and equipment for updating a secret key, which comprise the following steps: the target configuration parameters of the internet of things device at least comprise first indication information for indicating a target key in a key set, wherein the key set can be stored in the internet of things device in advance, and comprises a plurality of different keys; the internet of things equipment updates the key configuration parameters of the internet of things equipment into the acquired target configuration parameters, and the key configuration parameters are used for indicating the communication keys of the internet of things equipment. Therefore, in the process of updating the key, the target key is not transmitted between the Internet of things and the network, and the target configuration parameters are transmitted, so that the security of updating the key is improved.
Description
Technical Field
The present application relates to the field of key updating technologies, and in particular, to a method, an apparatus, and a device for updating a key.
Background
With the development of the internet of things technology, more and more internet of things devices start to access a network, the internet of everything is interconnected, and the internet of things device is widely applied to multiple application fields such as smart homes, intelligent transportation, intelligent medical treatment and smart cities, and more permeate all aspects of the society.
In practical application, in the process of bringing the internet of things equipment to the market, the information interaction safety between the internet of things equipment and the network is a non-negligible problem. Therefore, interactive data between the internet of things device and the network are usually encrypted by adopting a data encryption mode, but the existing data encryption mode has low security, so that the interactive data is easy to attack, and the security of the interactive data cannot be guaranteed.
Disclosure of Invention
The embodiment of the application provides a method, a device and equipment for updating a secret key, so that the safety of data communication and the safety during secret key updating are improved.
In a first aspect, an embodiment of the present application provides a key updating method, where the method is applied to an internet of things device, and the method includes:
acquiring target configuration parameters from key updating equipment, wherein the target configuration parameters at least comprise first indication information aiming at a target key, the first indication information is used for indicating the target key in a key set, the key set is stored in the internet of things equipment in advance, and the key set comprises a plurality of different keys;
updating the key configuration parameters of the internet of things equipment to the target configuration parameters, wherein the key configuration parameters are used for indicating the communication keys of the internet of things equipment.
In some possible embodiments, the updating the key configuration parameter of the internet of things device to the target configuration parameter further includes updating verification information, and the updating the key configuration parameter of the internet of things device to the target configuration parameter includes:
and updating the key configuration parameters of the equipment of the Internet of things to the target configuration parameters when the key of the equipment of the Internet of things is determined to be updated according to the updating verification information.
In some possible embodiments, the updating the key configuration parameter of the internet of things device to the target configuration parameter when it is determined to update the key of the internet of things device according to the key update check information includes:
determining an original key from the key set according to the key configuration parameters before updating;
decrypting the target configuration parameter by using the original key to obtain plaintext data of the target configuration parameter;
if the plaintext data of the updated verification information in the target configuration parameter is consistent with the plaintext data pre-stored by the internet of things equipment, determining to update the key of the internet of things equipment, and updating the key configuration parameter of the internet of things equipment into the plaintext data of the target configuration parameter.
In some possible embodiments, the update check information includes any one or more of an identifier of the internet of things device, a random number, and a key update time.
In some possible embodiments, the target configuration parameters further include second indication information for a target encryption algorithm, the second indication information is used to determine a target encryption algorithm, and when the key configuration parameters of the internet of things device are updated to the target configuration parameters, the key encryption algorithm of the internet of things device is updated to the target encryption algorithm.
In some possible embodiments, the method further comprises:
sending verification information to key updating equipment so that the key updating equipment verifies whether the Internet of things equipment is allowed to access the key updating equipment or not based on the verification information;
the verification information comprises plaintext information and ciphertext information obtained by encrypting the plaintext information by using the target key.
In some possible embodiments, the first indication information includes a key selection mode, a key position, an order, and a ciphertext grouping mode.
In some possible embodiments, the method further comprises:
and receiving the key matrix sent by the key updating device.
In a second aspect, an embodiment of the present application further provides a key updating method, where the method is applied to a key updating device, and the method includes:
determining target configuration parameters in response to a preset key updating strategy, wherein the target configuration parameters at least comprise first indication information aiming at a target key, the first indication information is used for indicating the target key in a key set, the key set is stored in the key updating device in advance, and the key set comprises a plurality of different keys;
updating the key configuration parameters of the key updating device to the target configuration parameters, wherein the key configuration parameters of the key updating device are used for indicating the communication keys of the key updating device;
sending the target configuration parameter to an internet of things device so that the internet of things device updates a key configuration parameter of the internet of things device to the target configuration parameter, wherein the key configuration parameter of the internet of things device is used for indicating a communication key of the internet of things device.
In some possible embodiments, the target configuration parameters further include second indication information for a target encryption algorithm, where the second indication information is used to determine the target encryption algorithm, and when the key configuration parameters of the internet of things device are updated to the target configuration parameters, the key encryption algorithm of the internet of things device is updated to the target encryption algorithm.
In some possible embodiments, the determining the target configuration parameter includes:
determining an original key from the key set according to key configuration parameters pre-stored on the key encryption equipment;
and encrypting the key configuration parameters to be encrypted by using the original key to obtain the target configuration parameters.
In some possible embodiments, the method further comprises:
receiving verification information, wherein the verification information comprises first plaintext information and ciphertext information obtained by encrypting the first plaintext information by using the target key;
decrypting the ciphertext information by using the target key to obtain second plaintext information;
when the first plaintext information is consistent with the second plaintext information, determining that the Internet of things device is allowed to access the key updating device.
In some possible embodiments, the key update indication information includes any one or more of an identifier of the internet of things device, a random number, and a key update number.
In some possible embodiments, the first indication information includes a key selection mode, a key position, an order, and a ciphertext grouping mode.
In some possible embodiments, the method further comprises:
and sending the key configuration parameters and the key matrix to the Internet of things equipment.
In a third aspect, an embodiment of the present application further provides a key updating apparatus, where the apparatus is applied to an internet of things device, and the apparatus includes:
an obtaining module, configured to obtain target configuration parameters from a key update device, where the target configuration parameters at least include first indication information for a target key, where the first indication information is used to indicate the target key in a key set, the key set is pre-stored in the internet of things device, and the key set includes multiple different keys;
an updating module, configured to update a key configuration parameter of the internet of things device to the target configuration parameter, where the key configuration parameter is used to indicate a communication key of the internet of things device.
In a possible implementation manner, the target configuration parameter further includes update verification information, and the update module is specifically configured to:
and updating the key configuration parameters of the equipment of the Internet of things to the target configuration parameters when the key of the equipment of the Internet of things is determined to be updated according to the updating verification information.
In one possible implementation, the update module includes:
a first determining unit, configured to determine an original key from the key set according to a key configuration parameter before updating;
the decryption unit is used for decrypting the target configuration parameter by using the original key to obtain plaintext data of the target configuration parameter;
a second determining unit, configured to determine to update the key of the internet of things device and update the key configuration parameter of the internet of things device to the plaintext data of the target configuration parameter if the plaintext data of the update check information in the target configuration parameter is consistent with the plaintext data pre-stored by the internet of things device.
In a possible implementation manner, the update check information includes any one or more of an identifier of the internet of things device, a random number, and a key update time.
In a possible implementation manner, the target configuration parameters further include second indication information for a target encryption algorithm, where the second indication information is used to determine a target encryption algorithm, and when the key configuration parameters of the internet of things device are updated to the target configuration parameters, the key encryption algorithm of the internet of things device is updated to the target encryption algorithm.
In a possible embodiment, the apparatus further comprises:
the sending module is used for sending verification information to the key updating equipment so that the key updating equipment can verify whether the Internet of things equipment is allowed to access the key updating equipment or not based on the verification information;
the verification information comprises plaintext information and ciphertext information obtained by encrypting the plaintext information by using the target key.
In one possible embodiment, the first indication information includes a key selection mode, a key position, an order, and a ciphertext grouping mode.
In a possible embodiment, the apparatus further comprises:
and the receiving module is used for receiving the key matrix sent by the key updating equipment.
In a fourth aspect, an embodiment of the present application further provides a key update apparatus, where the apparatus is applied to a key update device, and the apparatus includes:
a first determining module, configured to determine a target configuration parameter in response to a preset key update policy, where the target configuration parameter includes at least first indication information for a target key, the first indication information is used to indicate a target key in a key set, the key set is stored in the key update device in advance, and the key set includes a plurality of different keys;
an updating module, configured to update a key configuration parameter of the key update apparatus to the target configuration parameter, where the key configuration parameter of the key update apparatus is used to indicate a communication key of the key update apparatus;
the first sending module is configured to send the target configuration parameter to an internet of things device, so that the internet of things device updates a key configuration parameter of the internet of things device to the target configuration parameter, and the key configuration parameter of the internet of things device is used for indicating a communication key of the internet of things device.
In some possible embodiments, the target configuration parameters further include update verification information, and the update verification information is used to determine to update a key of the internet of things device.
In some possible embodiments, the target configuration parameters further include second indication information for a target encryption algorithm, where the second indication information is used to determine the target encryption algorithm, and when the key configuration parameters of the internet of things device are updated to the target configuration parameters, the key encryption algorithm of the internet of things device is updated to the target encryption algorithm.
In some possible embodiments, the first determining module includes:
a determining unit, configured to determine an original key from the key set according to a key configuration parameter pre-stored in the key encryption device;
and the encryption unit is used for encrypting the key configuration parameters to be encrypted by using the original key to obtain the target configuration parameters.
In some possible embodiments, the apparatus further comprises:
a receiving module, configured to receive verification information, where the verification information includes first plaintext information and ciphertext information obtained by encrypting the first plaintext information using the target key;
the decryption module is used for decrypting the ciphertext information by using the target key to obtain second plaintext information;
and the second determining module is used for determining that the Internet of things equipment is allowed to access the key updating equipment when the first plaintext information is consistent with the second plaintext information.
In some possible embodiments, the key update indication information includes any one or more of an identifier of the internet of things device, a random number, and a key update number.
In some possible embodiments, the first indication information includes a key selection mode, a key position, an order, and a ciphertext grouping mode.
In some possible embodiments, the apparatus further comprises:
and the second sending module is used for sending the key configuration parameters and the key matrix to the internet of things equipment.
In a fifth aspect, an embodiment of the present application further provides a key updating apparatus, where the apparatus includes a memory and a processor;
the memory is used for storing a computer program;
the processor is configured to execute the key update method according to any one of the above-mentioned first aspects or the key update method according to any one of the above-mentioned second aspects according to the computer program.
In the implementation manner of the embodiment of the application, the internet of things device may obtain a target configuration parameter, where the target configuration parameter may include at least first indication information for a target key, where the first indication information is used to indicate the target key in a key set, the target key is also a key used by the internet of things device after the target key is updated, the key set may be stored in the internet of things device in advance, and the key set includes a plurality of different keys; then, the internet of things device may update its key configuration parameter to the obtained target configuration parameter, where the key configuration parameter is used to indicate a communication key of the internet of things device. As can be seen, in the process of updating the communication key of the internet of things device, the key configuration parameter of the internet of things device is updated, on one hand, since the target configuration parameter can indicate the target key, after the key configuration parameter is updated to the target configuration parameter, the communication key of the internet of things device can also be updated to the target key, thereby completing the update of the key; on the other hand, in the process of updating the key, the target key is not transmitted between the internet of things and the network, and the target configuration parameter is transmitted, so that even if the target configuration parameter is attacked in the transmission process, the target configuration parameter does not contain the key data but contains the indication information of the key, and therefore, the key data updated by the internet of things cannot be leaked, and the security of key updating is improved; on the other hand, the key of the internet of things device can be updated, so that the safety of data communication between the internet of things device and the network can be further improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a schematic diagram of an application scenario in an embodiment of the present application;
FIG. 2 is a schematic diagram of another application scenario in the embodiment of the present application;
fig. 3 is a schematic flowchart of a key updating method in an embodiment of the present application;
fig. 4 is a schematic signaling interaction diagram of a key update method in an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a key update apparatus according to an embodiment of the present application;
FIG. 6 is a schematic structural diagram of another key update apparatus according to an embodiment of the present application;
fig. 7 is a schematic hardware structure diagram of an apparatus in an embodiment of the present application.
Detailed Description
In practical application, when information interaction is performed between the internet of things device and a network, encryption processing is usually required to be performed on communication data, so that the security of data interaction between the internet of things device and the network is improved. However, the existing internet of things equipment can only meet basic interaction with a network, has limited data processing capacity and computing resources, cannot perform a complex data processing process, such as a sensor for monitoring temperature or humidity, and cannot provide an advanced security function. Therefore, in general, a symmetric encryption algorithm is adopted between the internet of things device and the network to encrypt communication data of both parties, that is, a secret key is agreed between the internet of things device and the network, the data is sent and the communication data is encrypted by using the secret key, and a data receiver decrypts received ciphertext data by using the secret key to obtain communicated plaintext data.
However, the inventor has found through research that, in a manner of performing data encryption communication by using a symmetric encryption algorithm, although the encryption speed is high, the security of data is relatively low, and since the encryption key used is relatively fixed, the key is easily attacked, and the security of the key is low. Even if the key for data encryption is updated regularly, the key is vulnerable to malicious attacks during the transmission process to the internet of things device and/or the network device.
Based on this, the embodiment of the present application provides a key updating method to improve security during key updating. Specifically, the internet of things device may obtain a target configuration parameter, where the target configuration parameter may at least include first indication information for a target key, where the first indication information is used to indicate a target key in a key set, the target key is a key used by the internet of things device after the target key is updated, the key set may be stored in the internet of things device in advance, and the key set includes a plurality of different keys; then, the internet of things device may update its key configuration parameter to the obtained target configuration parameter, where the key configuration parameter is used to indicate a communication key of the internet of things device. As can be seen, the process of updating the communication key of the internet of things device is to update the key configuration parameter of the internet of things device, and on one hand, since the target configuration parameter can indicate the target key, after the key configuration parameter is updated to the target configuration parameter, the communication key of the internet of things device can also be updated to the target key, thereby completing the update of the key; on the other hand, in the process of updating the key, the target key is not transmitted between the internet of things and the network, and the target configuration parameter is transmitted, so that even if the target configuration parameter is attacked in the transmission process, the target configuration parameter does not contain the key data but contains the indication information of the key, and therefore, the key data updated by the internet of things cannot be leaked, and the security of key updating is improved; on the other hand, the key of the internet of things device can be updated, so that the safety of data communication between the internet of things device and the network can be further improved.
As an example, the embodiment of the present application may be applied to an exemplary application scenario as shown in fig. 1. In this scenario, data communication between internet of things device 101 and key update device 103 (e.g., key update server, etc.) may be performed through secure access gateway 102. When a communication key on the internet of things device 101 needs to be updated, the key updating device 103 may send a target configuration parameter to the secure access gateway 102, where the target configuration parameter includes at least first indication information for a target key, the first indication information is used to indicate the target key in a key set, the target set is stored in advance in the internet of things device, and the key set may include a plurality of different keys; the secure access gateway 102 may forward the received target configuration parameters to the internet of things device 101; after receiving the target configuration parameter, the internet of things device 101 may update its key configuration parameter to the target configuration parameter, where the key configuration parameter on the internet of things device 101 is used to indicate a communication key of the internet of things device 101, and therefore, after updating the key configuration to the target configuration parameter, the key on the internet of things device 101 may be updated to the target key, thereby completing the key update on the internet of things device 101.
It is to be understood that the above scenario is only one example of a scenario provided in the embodiment of the present application, and the embodiment of the present application is not limited to this scenario. For example, in other possible application scenarios, one or more intermediate nodes may exist between the key update device 103 and the secure access gateway 102, and the target configuration parameters sent by the key update device 103 to the secure access gateway 102 may be forwarded through the intermediate nodes; for another example, in the scenario shown in fig. 2, the internet of things device 101 may be directly connected to the key updating device 103, so that data communication between the internet of things device 101 and the key updating device 103 does not need to be forwarded through the secure access gateway. In summary, the embodiments of the present application may be applied in any applicable scenario and are not limited to the scenario examples described above.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, various non-limiting embodiments accompanying the present application examples are described below with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 3, fig. 3 is a schematic flowchart illustrating a key updating method according to an embodiment of the present application. The method may be applied to the above exemplary application scenarios, such as the scenarios shown in fig. 1 or fig. 2. The method specifically comprises the following steps:
s301: the key updating device responds to a preset key updating strategy, and determines a target configuration parameter, wherein the target configuration parameter at least comprises first indication information aiming at a target key, the first indication information is used for indicating the target key in a key set, the target set is stored in the key updating device in advance, and the key set comprises a plurality of different keys.
In this embodiment, a key update policy may be preset, so that the key update device is triggered to update the communication key of the internet of things device based on the key update policy. As an example, the key update policy may specifically be the number of communications of the internet of things device, a key update interval duration, some forced update policies, and the like. For example, if the number of times of communication between the internet of things device and the network reaches a preset number of times (e.g., 100 times), or a time interval from the last key update of the internet of things device reaches a preset duration, or a user triggers to perform forced update on the internet of things device, the key update device may perform an update process on the key of the internet of things device. Of course, in practical applications, the key update policy may not be limited to the above example, but may be set according to requirements of practical applications.
In specific implementation, when a preset key update policy is satisfied, the key update device may determine a target configuration parameter required for updating a communication key of the internet of things device in response to the key update policy. The determined target configuration parameters may include at least first indication information for a target key, where the first indication information may indicate the target key in a key set, and the target key is a communication key updated by the internet of things device this time. It should be noted that the key set may be simultaneously stored on the key updating device and the internet of things device, the key set may be pre-loaded to the internet of things device by the key updating device, and the key set may include a plurality of different keys. When the key updating device updates the key of the internet of things device, the key updating device may select a target key from a plurality of keys included in the key set, and generate indication information (hereinafter, referred to as first indication information for convenience of description) for the target key based on the key selection manner, so that the internet of things device may determine the same target key based on the first indication information. As an example, the key set may specifically be a key matrix, such as a key matrix W [3] [3] { { a, B, C }, { D, E, F }, { G, H, I } } containing 9 different keys (of course, in practical application, 256 bytes of data may be used, a key matrix of 16 is formed, and the like), and then the 2 nd key may be sequentially selected from the key matrix as the target key, that is, W [0] [1] (key B) is selected as the target key, and the like, and then corresponding first indication information may be generated based on the selection manner to indicate how to determine the target key from the key matrix.
In a possible implementation manner of practical application, the first indication information may specifically be any optional combination of a key selection manner, a key position, an order, and a ciphertext grouping mode. The key selection mode refers to a mode of selecting a target key from a key set, such as continuous selection, line selection, jump selection, random selection and the like; the key position may be specific position information characterizing the target key in the key set, for example, when the key set is specifically a key matrix, the key position may be specific subscript information of the target key in the key matrix (for example, subscript information of key B is [0] [1 ]); sequence, which refers to the sequence when selecting the target key, such as positive sequence, negative sequence, etc.; the Cipher text Block scheme refers to an operation mode of a Block Cipher, such as an Electronic Codebook (ECB) mode, a Cipher text Block Chaining (CBC) mode, and the like.
It should be noted that the key update device mentioned in this embodiment may be a pre-established key update server, or may include a key update server and a secure access gateway, or other network devices for implementing similar functions.
S302: the key updating device updates the key configuration parameter of the key updating device to a target configuration parameter, wherein the key configuration parameter is used for indicating the communication key of the key updating device.
It can be understood that when the key of the internet of things device is updated by the key updating device, the key of the key updating device needs to be updated, so that after the key of the internet of things device is updated, the communication keys on the internet of things device and the key updating device can be kept consistent, that is, both the communication keys are target keys.
S303: and the key updating equipment sends the target configuration parameters to the Internet of things equipment.
It should be noted that, in this embodiment, a direct connection channel may exist between the key updating device and the internet of things device, and the key updating device may directly send the target configuration parameter to the internet of things device based on the direct connection channel; in other embodiments, an indirect connection channel may exist between the key updating device and the internet of things device, and the key updating device may send the target configuration parameter to the internet of things device through an intermediate node (e.g., a secure access gateway).
S304: the internet of things equipment updates the key configuration parameters of the internet of things equipment to target configuration parameters, and the key configuration parameters are used for indicating the communication keys of the internet of things equipment.
The internet of things device may be pre-stored with a key set, the key set may also include a plurality of different keys, and the key set on the internet of things device is consistent with the key set on the key update device, so that after receiving the target configuration parameter from the key update device, the internet of things device may determine the target key from the key set according to the first indication information in the target configuration parameter.
When the internet of things device performs data communication with the key updating device, an encryption key for the communication is determined from a key set stored in advance according to key configuration parameters on the internet of things device, and communication data is encrypted by using the encryption key. Therefore, when the communication key on the internet of things device needs to be updated, the key configuration parameter on the internet of things device can be updated to the target configuration parameter, so that when the internet of things device performs data communication with the key updating device next time, the target key can be determined according to the first indication information in the target configuration parameter, and then the target key is used for encrypting the communication data, thereby updating the communication key of the internet of things device. In the process of updating the key, the data transmitted between the internet of things device and the key updating device is not the key but the target configuration parameter, so that even if the data is attacked in the data transmission process, the leaked target configuration parameter is not the communication key of the internet of things device and the key updating device, the communication key of the internet of things device and the key updating device cannot be leaked, and the security of updating the key can be improved.
It is to be noted that, in a further possible implementation, before updating the key configuration parameter of the internet of things device to the target configuration parameter, the internet of things device may further perform validity check. In specific implementation, the target configuration parameters received by the internet of things device may further include an update verification parameter, and the update verification parameter may be used to perform validity verification on the update operation of the key configuration parameter. Then, the internet of things device may determine whether to allow updating of the key of the internet of things device according to the update check information in the target configuration parameter, and when it is determined that updating is performed, the internet of things device may update the key configuration parameter to the target configuration parameter, and when it is determined that updating is not legal at this time, the internet of things device may refuse to update the key configuration parameter to the target configuration parameter, and continue to use the current communication key for data encryption.
As an example of verification, the internet of things device may specifically perform verification by performing an update operation in a data comparison manner. In specific implementation, the target configuration parameter received by the internet of things device is ciphertext data subjected to encryption processing, for example, the key updating device may determine an original key from the key set according to a pre-stored key configuration parameter, and encrypt the key configuration parameter to be encrypted by using the original key to obtain the encrypted target configuration parameter. Under normal conditions, the encryption key is a communication key of the internet of things device and the key updating device. The internet of things device can determine an original key (i.e., a key currently used when communicating with the key update device) from the key set according to the key configuration parameter before update (i.e., the key configuration parameter currently used). Then, the internet of things equipment can decrypt the target configuration parameter by using the original secret key to obtain plaintext data of the target configuration parameter, and if the plaintext data of the updated verification information in the target configuration parameter is consistent with the plaintext data pre-stored by the internet of things equipment, the secret key of the internet of things equipment is determined to be updated, and the secret key configuration parameter is updated to the target configuration parameter; and if the plaintext data of the updated verification information in the target configuration parameters is inconsistent with the plaintext data pre-stored by the Internet of things equipment, determining that the key of the Internet of things equipment is not updated at this time.
Optionally, the update verification information may specifically be one or more of an identifier of the internet of things device, a random number, and a key update frequency. For example, before the key update device sends the target configuration parameter to the internet of things device, the internet of things device or the key update device may generate and locally store a random number, and send the random number to the other party. Therefore, the key updating device can send the random number serving as updating verification information to the Internet of things device along with the target configuration parameters. For the number of key updates, the number may be stored in both the internet of things device and the key update device, and the initial value may be 0. And each time the communication key on the internet of things equipment is updated once, the key updating times on the internet of things equipment and the key updating equipment can be increased by 1, so that the values of the key updating times on the internet of things equipment and the key updating equipment are kept consistent under normal conditions.
In a further possible implementation manner, in this embodiment, the key updating device may update not only the communication key of the internet of things device, but also the encryption algorithm of the internet of things device. In a specific implementation, the target configuration parameter sent by the key updating device may further include second indication information, where the second indication information may be used to determine the target encryption algorithm. In this way, after the key configuration parameter is updated to the target configuration parameter by the internet of things device, the key encryption algorithm on the internet of things device is also updated to the target encryption algorithm indicated by the second indication information in the target configuration parameter.
In practical applications, the internet of things device may include a plurality of Encryption algorithms, for example, may include symmetric Encryption algorithms such as Triple Data Encryption Algorithm (TDEA), Advanced Encryption Standard (AES), SM4 (packet Data Algorithm of wireless lan Standard), and SSF33 Algorithm. The internet of things equipment can determine which symmetric encryption algorithm is adopted to encrypt the communication data according to the second indication information in the target configuration parameters. Of course, in other possible embodiments, the key updating device may also directly send the updated encryption algorithm to the internet of things device along with the target configuration parameter, so that the internet of things device encrypts the communication data based on the received encryption algorithm, and the like.
In practical application, the key updating device can also verify the access permission of the internet of things device, and when the internet of things device does not have the permission of accessing the key updating device, data communication with the internet of things device and updating of the key of the internet of things device can be refused. Therefore, before updating the key of the internet of things device, the internet of things device may send verification information to the key updating device, where the verification information may specifically include plaintext information (for convenience of description, hereinafter referred to as first plaintext information) and ciphertext information obtained by encrypting the first plaintext information with the original key. Correspondingly, after receiving the verification information, the key updating device can decrypt ciphertext information in the verification information by using a corresponding key stored in the key updating device to obtain second plaintext information, then the key updating device can compare whether first plaintext information in the verification information is consistent with the second plaintext information obtained by decryption, when the first plaintext information is consistent with the second plaintext information, the key updating device can determine that the internet of things device allows access, and when the first plaintext information is inconsistent with the second plaintext information, the key updating device can refuse the access of the internet of things device. It should be noted that, after the key update of the internet of things device is completed, when the internet of things device requests to access the key update device again, the key used by the key update device to perform the above verification process is the target key.
In this embodiment, the internet of things device may obtain a target configuration parameter, where the target configuration parameter may at least include first indication information for a target key, where the first indication information is used to indicate a target key in a key set, the target key is also a key used by the internet of things device after the target key is updated, the key set may be stored in the internet of things device in advance, and the key set includes a plurality of different keys; then, the internet of things device may update its key configuration parameter to the obtained target configuration parameter, where the key configuration parameter is used to indicate a communication key of the internet of things device. As can be seen, in the process of updating the communication key of the internet of things device, the key configuration parameter of the internet of things device is updated, on one hand, since the target configuration parameter can indicate the target key, after the key configuration parameter is updated to the target configuration parameter, the communication key of the internet of things device can also be updated to the target key, thereby completing the update of the key; on the other hand, in the process of updating the key, the target key is not transmitted between the internet of things and the network, and the target configuration parameter is transmitted, so that even if the target configuration parameter is attacked in the transmission process, the target configuration parameter does not contain the key data but contains the indication information of the key, and therefore, the key data updated by the internet of things cannot be leaked, and the security of key updating is improved; on the other hand, the key of the internet of things device can be updated, so that the safety of data communication between the internet of things device and the network can be further improved.
In order to facilitate understanding of the technical solution of the embodiment of the present application, the technical solution of the embodiment of the present application is described in detail below with reference to specific application scenarios. In this scenario, the internet of things device and the key update server (that is, the key update device) are connected through a secure access gateway, and the secure access gateway can lighten the weight of the internet of things device. Referring to fig. 4, fig. 4 shows a signaling interaction diagram of a key updating method in this scenario in the embodiment of the present application, where the method specifically may include:
s401: the internet of things equipment encrypts the verification information according to an encryption key K1 indicated by the current key configuration parameter to obtain ciphertext data C1 of the verification information, wherein the verification information comprises an identification ID of the internet of things equipment, the number of times of key updating COUNT1, and random numbers R1 and K1 generated by the internet of things equipment.
In this embodiment, the internet of things device may request to access the key updating server in advance, and perform access authentication. In a specific implementation, the internet of things device may first generate encrypted verification information, where a key used for encryption is a key indicated by a key configuration parameter F1 currently used by the internet of things device, and according to F1, K1 may be determined from a key matrix pre-loaded on the internet of things device, where the key matrix includes a plurality of different keys. The adopted encryption algorithm can be the encryption algorithm currently used by the internet of things equipment. The verification information may include an identification ID of the internet of things device, the number of times COUNT1 of key update, a random number R1 generated by the internet of things device, and an encryption key K1. Specifically, the identification ID of the internet of things device, the number of times of key update COUNT1, the random number R1 generated by the internet of things device, and the encryption key K1 may be sequentially combined into a character string according to a rule negotiated with the key update server in advance, and the combined character string may be encrypted to obtain encrypted verification information.
S402: and the Internet of things equipment sends the identification ID of the Internet of things equipment, the number of times of key updating COUNT1 and the ciphertext data C1 of the verification information to the security access gateway.
S403: the security access gateway detects whether the ID and COUNT1 are legal, and if the ID is legal, searches for the key configuration parameter F2 stored at the security access gateway by the physical network device corresponding to the ID according to the ID, and if the key is not updated, where F1 is F2, the security access gateway may transmit F2 stored therein to the key update server corresponding to the ID to complete key selection, and send the ID, F2, and C1 to the key update server.
When the security access gateway detects the validity of the ID and the COUNT1, it may specifically detect whether the ID is an ID registered in the security access gateway in advance or whether the format of the ID is valid, and whether the COUNT1 value corresponding to the ID matches the COUNT1 value stored in the security access gateway.
After determining that the ID is legal with COUNT1, the security access gateway may further determine a key configuration parameter F2 corresponding to the ID. The key configuration parameters F2 and COUNT1 of the internet of things device may be stored in the secure access gateway in advance in correspondence with the ID of the internet of things device, and the F2 may include a key selection method, a key position, an order, and a ciphertext grouping mode, or any optional combination of one or more of them. The secure access gateway may then send the ID, the determined key configuration parameters F2, and K1 to the key update server.
S404: and the key updating server searches a corresponding key matrix according to the received ID, determines a key K2 from the key matrix according to F2, determines a corresponding encryption and decryption algorithm, and decrypts the received C1 by using the encryption and decryption algorithm and the key K2 to obtain plaintext data P1.
In this embodiment, similar to the internet of things device, the key update server also stores a key matrix, so that the key update server may determine the key matrix corresponding to the internet of things device according to the received ID of the physical network device, determine a key K2 from the key matrix based on the received F2, and decrypt the received C1 by using the K2 and a corresponding encryption and decryption algorithm (the same as the encryption and decryption algorithm used by the internet of things device), so as to obtain plaintext data P1.
S405: the rekeying server returns the plaintext data P1 to the secure access gateway.
S406: and judging whether the ID of the Internet of things equipment in the plaintext data P1 is consistent with the ID and the COUNT1 sent by the COUNT1 and the Internet of things equipment, if so, allowing the Internet of things equipment to be accessed by the security access gateway.
After receiving the plaintext data P1, the security access gateway may determine whether the ID of the internet of things device in the plaintext data P1 is consistent with the COUNT1 and the ID and the COUNT1 sent by the internet of things device, and if so, allow the internet of things device to access, as shown by a dotted line in fig. 4, the security access gateway accesses the internet of things device; and if the access authentication is inconsistent with the access authentication, the access of the equipment of the Internet of things can be refused, so that the access authentication of the equipment of the Internet of things is completed.
S407: the security access gateway responds to the key updating strategy, obtains the ID of the Internet of things equipment to be updated, updated key configuration parameters F3, and the key updating times COUNT2 after adding 1, and generates a random number R2.
In this embodiment, a key update policy may be preset, and the key update policy may trigger updating of a key of the internet of things device. As an example, the key updating policy may specifically be that the number of communications between the internet of things device and the network reaches a preset number, or a time interval from the last key updating of the internet of things device reaches a preset duration, or a user triggers to perform forced updating on the internet of things device, and the like.
When the internet of things device satisfies the key updating policy, the secure access gateway may obtain the identification ID of the internet of things device, and further determine an updated key configuration parameter F3 according to the ID. Meanwhile, the security access gateway may calculate a new COUNT2 value, where the COUNT2 value may be obtained by calculating the COUNT1 value and adding 1, and a certain random algorithm is used to calculate a new random number R2.
S408: the secure access gateway generates plaintext data P2, the plaintext data P2 including ID, F3, COUNT2, and R2, and transmits ID, P2, and F3 to the key update server in the form of ciphertext.
In specific implementation, the security access gateway may perform string combination on the ID of the internet of things device, the updated key configuration parameter F3, the calculated number of times of key update COUNT2, and the generated random number R2 to obtain plaintext data P2, where the plaintext data P2 may be combined in a certain order. In other possible embodiments, the plaintext data P2 may further include a random number R1, or the plaintext data does not include a random number, etc.
Then, the security access gateway may encrypt the generated P2 and ID, F3 using an asymmetric encryption/decryption algorithm and a pre-agreed key, and send the encrypted P2 and ID, F3 to the key update server. It can be understood that after the security access gateway encrypts the P2, the ID and the F3 by using the asymmetric encryption and decryption algorithm, the P2, the ID and the F3 are transmitted between the security access gateway and the key update server in a ciphertext form, so that the security protection of the transmitted data can be realized, and the data transmission security in the key update process can be further improved.
Of course, in other possible embodiments, the ID, P2 and F3 may also be sent to the key update server in a plaintext manner, and may be set according to the needs of the actual application in the specific implementation, which is not described herein.
S409: the key update server may search a key matrix and key configuration parameters F2 corresponding to the internet of things device according to the received ID, and further determine a key K2 and a corresponding encryption and decryption algorithm from the key matrix through F2.
S410: and the key updating server encrypts the P2 by using the determined K2 by using a corresponding encryption and decryption algorithm to obtain ciphertext data C2.
S411: and the key updating server sends the ciphertext data C2 to the Internet of things equipment through the secure access gateway.
S412: the internet of things device decrypts the received C2 by using the K1 to obtain plaintext data P2 ', and determines whether to update the key of the internet of things device according to the COUNT2 and the ID in the P2'.
In specific implementation, the internet of things device decrypts the received C2 by using the currently used communication key K1 to obtain plaintext data P2 ', and then determines the COUNT2 value and ID in P2'. If COUNT2 in P2 'is greater than COUNT1, and the ID in P2' is consistent with the ID stored in the internet of things device itself, the internet of things device may determine to update the key of the internet of things device. Of course, if the ID in P2' is not consistent with the ID stored in the internet of things device itself, the internet of things device may refuse to update the key this time.
In practical application, the plaintext data P2 'may further include a random number R1 generated when the internet of things device performs access authentication, and then the internet of things device may further check whether the random number R1 stored by the internet of things device is the same as the random number R1 in P2', and when COUNT2, ID, and R1 in P2 'all satisfy the update condition, the internet of things device determines that the key update may be performed, and when any one of COUNT2, ID, and R1 in P2' does not satisfy the update condition, for example, COUNT2 is not greater than COUNT1, the internet of things device may reject the key update.
S413: when the key of the internet of things device is determined to be updated, the internet of things device updates the key configuration parameter F1 of the internet of things device to F3 in P2 'and updates COUNT1 to COUNT2 in P2'.
In a specific implementation, the internet of things device may update its key configuration parameter F1 to F3, and use the key indicated by F3 as the communication key. After the key configuration parameters of the internet of things equipment are updated to F3, when data communication is performed between the internet of things equipment and the key updating server, the communication data are encrypted according to the updated key indicated by F3, and therefore updating of the key is completed. In addition, in the key process, the key is not transmitted between the internet of things device and the key updating server, and the key configuration parameter F3 is transmitted, so that even if the data is attacked in the data transmission process, the obtained data is only the key configuration parameter F3, and the communication key between the internet of things device and the key updating server cannot be obtained, so that the security of key updating can be improved. Moreover, the communication key of the internet of things equipment is not fixed, but can be updated and changed, so that the safety in data communication can be further improved.
Further, for convenience of next key update, the internet of things device may update the value of COUNT1 to COUNT2, which indicates that the key on the internet of things device is successfully updated once again.
In addition, the embodiment of the application also provides a key updating device. Referring to fig. 5, fig. 5 shows a schematic structural diagram of a key updating apparatus in an embodiment of the present application, where the apparatus 500 may be applied to an internet of things device, and the apparatus 500 includes:
an obtaining module 501, configured to obtain target configuration parameters from a key update device, where the target configuration parameters at least include first indication information for a target key, where the first indication information is used to indicate the target key in a key set, the key set is pre-stored in the internet of things device, and the key set includes multiple different keys;
an updating module 502, configured to update a key configuration parameter of the internet of things device to the target configuration parameter, where the key configuration parameter is used to indicate a communication key of the internet of things device.
In a possible implementation manner, the target configuration parameter further includes update check information, and the update module 502 is specifically configured to:
and updating the key configuration parameters of the equipment of the Internet of things to the target configuration parameters when the key of the equipment of the Internet of things is determined to be updated according to the updating verification information.
In a possible implementation, the update module 502 includes:
a first determining unit, configured to determine an original key from the key set according to a key configuration parameter before updating;
the decryption unit is used for decrypting the target configuration parameter by using the original key to obtain plaintext data of the target configuration parameter;
a second determining unit, configured to determine to update the key of the internet of things device and update the key configuration parameter of the internet of things device to the plaintext data of the target configuration parameter if the plaintext data of the update check information in the target configuration parameter is consistent with the plaintext data pre-stored by the internet of things device.
In a possible implementation manner, the update check information includes any one or more of an identifier of the internet of things device, a random number, and a key update time.
In a possible implementation manner, the target configuration parameters further include second indication information for a target encryption algorithm, where the second indication information is used to determine a target encryption algorithm, and when the key configuration parameters of the internet of things device are updated to the target configuration parameters, the key encryption algorithm of the internet of things device is updated to the target encryption algorithm.
In a possible implementation, the apparatus 500 further includes:
the sending module is used for sending verification information to the key updating equipment so that the key updating equipment can verify whether the Internet of things equipment is allowed to access the key updating equipment or not based on the verification information;
the verification information comprises plaintext information and ciphertext information obtained by encrypting the plaintext information by using the target key.
In one possible embodiment, the first indication information includes a key selection mode, a key position, an order, and a ciphertext grouping mode.
In a possible implementation, the apparatus 500 further includes:
and the receiving module is used for receiving the key matrix sent by the key updating equipment.
It should be noted that, for the contents of information interaction, execution process, and the like between the modules and units of the apparatus, since the same concept is based on the method embodiment in the embodiment of the present application, the technical effect brought by the contents is the same as that of the method embodiment in the embodiment of the present application, and specific contents may refer to the description in the foregoing method embodiment in the embodiment of the present application, and are not described herein again.
In addition, the embodiment of the application also provides a key updating device. Referring to fig. 6, fig. 6 shows a schematic structural diagram of a further key update apparatus in an embodiment of the present application, where the apparatus 600 may be applied to a key update device, and the apparatus 600 includes:
a first determining module 601, configured to determine a target configuration parameter in response to a preset key update policy, where the target configuration parameter includes at least first indication information for a target key, where the first indication information is used to indicate a target key in a key set, the key set is stored in the key update apparatus in advance, and the key set includes a plurality of different keys;
an updating module 602, configured to update a key configuration parameter of the key update apparatus to the target configuration parameter, where the key configuration parameter of the key update apparatus is used to indicate a communication key of the key update apparatus;
a first sending module 603, configured to send the target configuration parameter to an internet of things device, so that the internet of things device updates a key configuration parameter of the internet of things device to the target configuration parameter, where the key configuration parameter of the internet of things device is used to indicate a communication key of the internet of things device.
In some possible embodiments, the target configuration parameters further include update verification information, and the update verification information is used to determine to update a key of the internet of things device.
In some possible embodiments, the target configuration parameters further include second indication information for a target encryption algorithm, where the second indication information is used to determine the target encryption algorithm, and when the key configuration parameters of the internet of things device are updated to the target configuration parameters, the key encryption algorithm of the internet of things device is updated to the target encryption algorithm.
In some possible embodiments, the first determining module 601 includes:
a determining unit, configured to determine an original key from the key set according to a key configuration parameter pre-stored in the key encryption device;
and the encryption unit is used for encrypting the key configuration parameters to be encrypted by using the original key to obtain the target configuration parameters.
In some possible embodiments, the apparatus 600 further includes:
a receiving module, configured to receive verification information, where the verification information includes first plaintext information and ciphertext information obtained by encrypting the first plaintext information using the target key;
the decryption module is used for decrypting the ciphertext information by using the target key to obtain second plaintext information;
and the second determining module is used for determining that the Internet of things equipment is allowed to access the key updating equipment when the first plaintext information is consistent with the second plaintext information.
In some possible embodiments, the key update indication information includes any one or more of an identifier of the internet of things device, a random number, and a key update number.
In some possible embodiments, the first indication information includes a key selection mode, a key position, an order, and a ciphertext grouping mode.
In some possible embodiments, the apparatus 600 further includes:
and the second sending module is used for sending the key configuration parameters and the key matrix to the internet of things equipment.
It should be noted that, for the contents of information interaction, execution process, and the like between the modules and units of the apparatus, since the same concept is based on the method embodiment in the embodiment of the present application, the technical effect brought by the contents is the same as that of the method embodiment in the embodiment of the present application, and specific contents may refer to the description in the foregoing method embodiment in the embodiment of the present application, and are not described herein again.
In addition, the embodiment of the application also provides equipment. Referring to fig. 7, fig. 7 is a schematic diagram illustrating a hardware structure of an apparatus in an embodiment of the present application, where the apparatus 700 may include a processor 701 and a memory 702.
Wherein, the memory 702 is used for storing computer programs;
the processor 701 is configured to execute the following steps according to the computer program:
acquiring target configuration parameters from key updating equipment, wherein the target configuration parameters at least comprise first indication information aiming at a target key, the first indication information is used for indicating the target key in a key set, the key set is stored in the internet of things equipment in advance, and the key set comprises a plurality of different keys;
updating the key configuration parameters of the internet of things equipment to the target configuration parameters, wherein the key configuration parameters are used for indicating the communication keys of the internet of things equipment.
Alternatively, the processor 701 is configured to execute the following steps according to the computer program:
determining target configuration parameters in response to a preset key updating strategy, wherein the target configuration parameters at least comprise first indication information aiming at a target key, the first indication information is used for indicating the target key in a key set, the key set is stored in the key updating device in advance, and the key set comprises a plurality of different keys;
updating the key configuration parameters of the key updating device to the target configuration parameters, wherein the key configuration parameters of the key updating device are used for indicating the communication keys of the key updating device;
sending the target configuration parameter to an internet of things device so that the internet of things device updates a key configuration parameter of the internet of things device to the target configuration parameter, wherein the key configuration parameter of the internet of things device is used for indicating a communication key of the internet of things device.
In some possible embodiments, the processor 701 is further configured to execute, according to the computer program, other method steps performed by the internet of things device in the above method embodiment, or perform other method steps performed by the key update device in the above method embodiment.
In the names of "first plaintext information", "first determining module", and the like, the "first" mentioned in the embodiments of the present application is used merely as a name identification, and does not represent the first in sequence. The same applies to "second" etc.
As can be seen from the above description of the embodiments, those skilled in the art can clearly understand that all or part of the steps in the above embodiment methods can be implemented by software plus a general hardware platform. Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a read-only memory (ROM)/RAM, a magnetic disk, an optical disk, or the like, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network communication device such as a router) to execute the method according to the embodiments or some parts of the embodiments of the present application.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only an exemplary embodiment of the present application, and is not intended to limit the scope of the present application.
Claims (10)
1. A secret key updating method is applied to equipment of the Internet of things, and comprises the following steps:
acquiring target configuration parameters from key updating equipment, wherein the target configuration parameters at least comprise first indication information aiming at a target key, the first indication information is used for indicating the target key in a key set, the key set is stored in the internet of things equipment in advance, and the key set comprises a plurality of different keys;
updating the key configuration parameters of the internet of things equipment to the target configuration parameters, wherein the key configuration parameters are used for indicating the communication keys of the internet of things equipment.
2. The method of claim 1, wherein the target configuration parameters further include update verification information, and wherein the updating the key configuration parameters of the internet of things device to the target configuration parameters includes:
and updating the key configuration parameters of the equipment of the Internet of things to the target configuration parameters when the key of the equipment of the Internet of things is determined to be updated according to the updating verification information.
3. The method of claim 2, wherein the updating the key configuration parameters of the internet of things device to the target configuration parameters when it is determined to update the key of the internet of things device according to the key update verification information comprises:
determining an original key from the key set according to the key configuration parameters before updating;
decrypting the target configuration parameter by using the original key to obtain plaintext data of the target configuration parameter;
if the plaintext data of the updated verification information in the target configuration parameter is consistent with the plaintext data pre-stored by the internet of things equipment, determining to update the key of the internet of things equipment, and updating the key configuration parameter of the internet of things equipment into the plaintext data of the target configuration parameter.
4. The method according to claim 2 or 3, wherein the update check information includes any one or more of an identifier of the internet of things device, a random number, and a key update time.
5. The method of claim 1, wherein the target configuration parameters further include second indication information for a target encryption algorithm, the second indication information is used for determining a target encryption algorithm, and when the key configuration parameters of the internet of things device are updated to the target configuration parameters, the key encryption algorithm of the internet of things device is updated to the target encryption algorithm.
6. The method of claim 1, further comprising:
sending verification information to key updating equipment so that the key updating equipment verifies whether the Internet of things equipment is allowed to access the key updating equipment or not based on the verification information;
the verification information comprises plaintext information and ciphertext information obtained by encrypting the plaintext information by using the target key.
7. A key update method, applied to a key update device, the method comprising:
determining target configuration parameters in response to a preset key updating strategy, wherein the target configuration parameters at least comprise first indication information aiming at a target key, the first indication information is used for indicating the target key in a key set, the key set is stored in the key updating device in advance, and the key set comprises a plurality of different keys;
updating the key configuration parameters of the key updating device to the target configuration parameters, wherein the key configuration parameters of the key updating device are used for indicating the communication keys of the key updating device;
sending the target configuration parameter to an internet of things device so that the internet of things device updates a key configuration parameter of the internet of things device to the target configuration parameter, wherein the key configuration parameter of the internet of things device is used for indicating a communication key of the internet of things device.
8. A key updating device is applied to Internet of things equipment and comprises:
an obtaining module, configured to obtain target configuration parameters from a key update device, where the target configuration parameters at least include first indication information for a target key, where the first indication information is used to indicate the target key in a key set, the key set is pre-stored in the internet of things device, and the key set includes multiple different keys;
an updating module, configured to update a key configuration parameter of the internet of things device to the target configuration parameter, where the key configuration parameter is used to indicate a communication key of the internet of things device.
9. A key renewal apparatus applied to a key renewal device, the apparatus comprising:
a first determining module, configured to determine a target configuration parameter in response to a preset key update policy, where the target configuration parameter includes at least first indication information for a target key, the first indication information is used to indicate a target key in a key set, the key set is stored in the key update device in advance, and the key set includes a plurality of different keys;
an updating module, configured to update a key configuration parameter of the key update apparatus to the target configuration parameter, where the key configuration parameter of the key update apparatus is used to indicate a communication key of the key update apparatus;
the first sending module is configured to send the target configuration parameter to an internet of things device, so that the internet of things device updates a key configuration parameter of the internet of things device to the target configuration parameter, and the key configuration parameter of the internet of things device is used for indicating a communication key of the internet of things device.
10. An apparatus, comprising a memory and a processor;
the memory is used for storing a computer program;
the processor is configured to perform the key update method of any one of claims 1-6 or to perform the key update method of claim 7 according to the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911252703.2A CN110868294B (en) | 2019-12-09 | 2019-12-09 | Key updating method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911252703.2A CN110868294B (en) | 2019-12-09 | 2019-12-09 | Key updating method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110868294A true CN110868294A (en) | 2020-03-06 |
| CN110868294B CN110868294B (en) | 2023-03-24 |
Family
ID=69658693
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911252703.2A Active CN110868294B (en) | 2019-12-09 | 2019-12-09 | Key updating method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110868294B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111641636A (en) * | 2020-05-28 | 2020-09-08 | 中国联合网络通信集团有限公司 | Method, system, equipment and storage medium for data security communication of Internet of things |
| CN111901101A (en) * | 2020-06-24 | 2020-11-06 | 烽火通信科技股份有限公司 | Key updating method and system |
| CN114598465A (en) * | 2022-03-08 | 2022-06-07 | 潍柴动力股份有限公司 | Data updating method and controller |
| CN115174040A (en) * | 2022-02-22 | 2022-10-11 | 重庆长安汽车股份有限公司 | Method, system, vehicle and medium for injecting and updating secret key of in-vehicle controller |
| CN117354061A (en) * | 2023-12-04 | 2024-01-05 | 上海天使印记信息科技有限公司 | Network data security management method based on artificial intelligence |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN109194701A (en) * | 2018-11-30 | 2019-01-11 | 北京百悟科技有限公司 | A kind of data processing method and device |
| CN110266480A (en) * | 2019-06-13 | 2019-09-20 | 腾讯科技(深圳)有限公司 | Data transmission method, device and storage medium |
| CN110430218A (en) * | 2019-08-23 | 2019-11-08 | 深圳和而泰家居在线网络科技有限公司 | Data transmission security control method and device, computer equipment and Internet of things system |
-
2019
- 2019-12-09 CN CN201911252703.2A patent/CN110868294B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN109194701A (en) * | 2018-11-30 | 2019-01-11 | 北京百悟科技有限公司 | A kind of data processing method and device |
| CN110266480A (en) * | 2019-06-13 | 2019-09-20 | 腾讯科技(深圳)有限公司 | Data transmission method, device and storage medium |
| CN110430218A (en) * | 2019-08-23 | 2019-11-08 | 深圳和而泰家居在线网络科技有限公司 | Data transmission security control method and device, computer equipment and Internet of things system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111641636A (en) * | 2020-05-28 | 2020-09-08 | 中国联合网络通信集团有限公司 | Method, system, equipment and storage medium for data security communication of Internet of things |
| CN111901101A (en) * | 2020-06-24 | 2020-11-06 | 烽火通信科技股份有限公司 | Key updating method and system |
| CN115174040A (en) * | 2022-02-22 | 2022-10-11 | 重庆长安汽车股份有限公司 | Method, system, vehicle and medium for injecting and updating secret key of in-vehicle controller |
| CN114598465A (en) * | 2022-03-08 | 2022-06-07 | 潍柴动力股份有限公司 | Data updating method and controller |
| CN114598465B (en) * | 2022-03-08 | 2024-05-17 | 潍柴动力股份有限公司 | Data updating method and controller |
| CN117354061A (en) * | 2023-12-04 | 2024-01-05 | 上海天使印记信息科技有限公司 | Network data security management method based on artificial intelligence |
| CN117354061B (en) * | 2023-12-04 | 2024-02-02 | 上海天使印记信息科技有限公司 | Network data security management method based on artificial intelligence |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110868294B (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110868294B (en) | Key updating method, device and equipment | |
| EP3090520B1 (en) | System and method for securing machine-to-machine communications | |
| KR102116399B1 (en) | Content security at the service layer | |
| US20170208049A1 (en) | Key agreement method and device for verification information | |
| CN107295011B (en) | Webpage security authentication method and device | |
| US9189632B2 (en) | Method for protecting security of data, network entity and communication terminal | |
| CA2913444C (en) | System and method for user authentication | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN110198295A (en) | Safety certifying method and device and storage medium | |
| CN108347419A (en) | Data transmission method and device | |
| US8819415B2 (en) | Method and device for authenticating personal network entity | |
| CN109688098B (en) | Method, device and equipment for secure communication of data and computer readable storage medium | |
| CN110545252B (en) | Authentication and information protection method, terminal, control function entity and application server | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN108989325A (en) | Encryption communication method, apparatus and system | |
| CN107205208B (en) | Authentication method, terminal and server | |
| CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
| CN113572791B (en) | Video Internet of things big data encryption service method, system and device | |
| CN104868998A (en) | System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices | |
| CN112311769B (en) | Method, system, electronic device and medium for security authentication | |
| CN112989426A (en) | Authorization authentication method and device, and resource access token acquisition method | |
| US10122755B2 (en) | Method and apparatus for detecting that an attacker has sent one or more messages to a receiver node | |
| CN110383755A (en) | The network equipment and trusted third party's equipment | |
| CN103138923B (en) | A kind of internodal authentication, Apparatus and system | |
| CN116599719A (en) | User login authentication method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |