CN111107085A - Safety communication method based on publish-subscribe mode - Google Patents

Safety communication method based on publish-subscribe mode Download PDF

Info

Publication number
CN111107085A
CN111107085A CN201911313447.3A CN201911313447A CN111107085A CN 111107085 A CN111107085 A CN 111107085A CN 201911313447 A CN201911313447 A CN 201911313447A CN 111107085 A CN111107085 A CN 111107085A
Authority
CN
China
Prior art keywords
terminal
key
certificate
master station
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911313447.3A
Other languages
Chinese (zh)
Inventor
张志亮
刘德波
郭攀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Lianzhong Zhixin Technology Co Ltd
Original Assignee
Qingdao Lianzhong Zhixin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Lianzhong Zhixin Technology Co Ltd filed Critical Qingdao Lianzhong Zhixin Technology Co Ltd
Priority to CN201911313447.3A priority Critical patent/CN111107085A/en
Publication of CN111107085A publication Critical patent/CN111107085A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present disclosure relates to a secure communication method based on a publish-subscribe mode, which ensures the security of a link and the confidentiality and the integrity of data by setting a secure management channel for multiplexing a plurality of security measures and sending a command message with a fixed format. In order to achieve the above purpose, the present disclosure is implemented by the following technical solutions: a safe communication method based on a publish-subscribe mode is based on an MQTT protocol and comprises an MQTT server, a main station and a terminal which are respectively in communication connection with the MQTT server, wherein message data are analyzed to generate an encryption chip interface command through self-defining the type of an MQTT message, and the command is written into an encryption chip to realize safe management. According to the technical scheme, the safety of a communication link between the terminal and the main station is ensured through the safety management channel, the confidentiality and the integrity of data transmission between the terminal and the main station are ensured, and meanwhile, the bidirectional identity authentication between the main station and the terminal is realized; and prevent malicious damage and attacks to the master station system and other illegal operations.

Description

Safety communication method based on publish-subscribe mode
Technical Field
The present disclosure relates to a remote control method, and more particularly, to a secure communication method based on a publish-subscribe mode.
Background
MQTT (Message Queuing Telemetry Transport) is an instant messaging protocol based on a publish/subscribe paradigm under the ISO standard (ISO/IEC PRF 20922) developed by IBM corporation. The protocol operates on the TCP/IP suite and is originally a publish/subscribe messaging protocol designed for remote devices with poor hardware performance and under harsh network conditions. However, after the era of internet of things, technicians find that the characteristics of simplicity, support of continuous call back control, provision of different transmission service qualities, strong customizability and the like of the internet of things are very consistent with the requirements of communication protocols of the internet of things. The requirements of a plurality of scenes can be met only by optimizing the safety and the transmission efficiency of the system.
In contrast, in the invention patent "a remote control method based on MQTT protocol" with publication number CN109088723A in the prior art, a remote control method based on MQTT protocol is disclosed, which includes: the control equipment end is connected with the MQTT server through a corresponding mobile platform, the server and the equipment end carry out bidirectional authentication, the control equipment end edits a control instruction containing a message unique ID and selects the service quality and the theme of the message, the message is encrypted and then sent to the MQTT server, the equipment end is connected with the MQTT server to subscribe the theme of the control equipment end issued message, the server forwards the message to the equipment end subscribing the message theme, the equipment end receives the message and decrypts the data to obtain original data, the equipment end executes the control instruction, then the control result and the received message unique ID of the control instruction are packaged, the data is encrypted and then the issued theme is selected and sent to the MQTT server, and the control terminal receives a control response message from the equipment end. The method of the invention can realize safe message transmission, the control message and the control response of the method are in one-to-one correspondence, and the method has the functions of user authentication and data encryption.
The scheme effectively improves the transmission efficiency and the safety of the whole system. But it also has the disadvantages that the bidirectional authentication is only carried out when the equipment side logs in the MQTT server for the first time, and only the data encryption is carried out in the later data exchange process, and the communication link of the whole data exchange is not protected. Thus, once a replay attack or the like is made, the entire system is easily invaded or destroyed. The MQTT protocol is originally directed to remote devices with low hardware performance, and if the device end is replaced comprehensively to improve the safety performance, the MQTT protocol goes against the original purpose. And more complicated encryption will increase the burden on the device side.
Disclosure of Invention
Aiming at the defects of the prior art, the disclosure relates to a secure communication method based on a publish-subscribe mode, which ensures the security of a link and the confidentiality and the integrity of data by setting a secure management channel for multiplexing a plurality of security measures, executing related security right commands in the secure management channel and sending a command message with a fixed format.
In order to achieve the above purpose, the present disclosure is implemented by the following technical solutions:
a safe communication method based on a publish-subscribe mode is based on an MQTT protocol and comprises an MQTT server, a main station and a terminal which are respectively in communication connection with the MQTT server, wherein message data are analyzed to generate an encryption chip interface command through self-defining the type of an MQTT message, and the command is written into an encryption chip to realize safe management.
Preferably, the system further comprises a secure management channel based on the publish-subscribe mode communication exchange, and the secure management command serving the secure management channel runs in the secure management channel.
Preferably, the management command implemented by sending the command packet with the fixed format to the encryption chip includes symmetric encryption, asymmetric encryption, bidirectional identity authentication, signature verification, time verification, certificate update, key update, certificate query, public key query, and key version query.
Preferably, the bidirectional identity authentication is based on a digital certificate, initiated by the master station, the terminal responds passively, one party fails to authenticate the other party, authentication failure information is returned, and data of the other party is not responded; the bidirectional identity authentication adopts an SM2 algorithm of an authentication process based on a public key, and comprises the following specific steps:
step 1: the method comprises the steps that a master station initiates a random number as a signature original text, and a terminal signs a master station random number R1 and a terminal random number R2 by using a private key and then sends the signature to the master station;
step 2: the master station verifies the terminal signature by using the terminal public key acquired from the terminal certificate;
and step 3: the master station signs a terminal random number R2 by using a private key corresponding to the certificate index and then sends the terminal random number R2 to the terminal;
and 4, step 4: the terminal verifies the signature of the master station by using the master station public key acquired from the master station certificate;
and 5: the terminal returns the verification result and the authentication process is finished.
And other management control work can be carried out only after the bidirectional authentication result meets the requirement.
Preferably, the certificate of the master station is downloaded to a security chip of the terminal before authentication, and the master station obtains the plaintext of the terminal certificate through a plaintext instruction at the authentication tag.
Preferably, the key updating management includes modifying the test key into a formal key before the terminal is put into operation and restoring the formal key into the test key when the terminal returns to the factory for maintenance, and the specific updating process includes:
step 1: the master station sends a key version number obtaining instruction to the terminal;
step 2: the terminal reads the version number of the symmetric key, takes the terminal random number and returns the terminal random number to the master station;
and step 3: the master station judges the key version of the terminal according to the key version number, determines whether to modify or recover the key, and determines a protection key required by key updating;
and 4, step 4: if the master station determines to update the key, deriving a symmetric key to be updated from the distribution network encryption authentication device, signing the derived data by using a master station private key, and sending the derived key data and a signature result to the terminal;
and 5: the terminal receives the secret key updating message, and sends the secret key data and the signature to the security chip to complete secret key updating;
step 6: and the terminal returns error information of successful update or unsuccessful update.
Preferably, the certificate updating process includes: the master station names a certificate identifier, a CA (certificate authority)/master station certificate, a gateway certificate and time information to be issued by using a private key to obtain a signature result, and encrypts the certificate identifier, the certificate, the time information, the signature result and a signature key identifier by using a downlink key to generate a certificate update ciphertext packet; continuously sending the certificate updating ciphertext packet to the terminal in frames; continuously issuing the framing data, and returning an execution result after the terminal receives all the data; the terminal decrypts the encrypted ciphertext to obtain plaintext data and verifies the correctness of the signature of the main station; executing relevant operation after verifying the signature of the master station is correct; and if the signature of the master station is verified to be incorrect, returning a master station error message.
Preferably, the safety management channel defines a message format, so as to guarantee the integrity of transmission data, and the message comprises a start, a length, a message type, an encapsulated data field, a checksum and an end symbol.
Preferably, the message type is used for defining an object for data interaction with the terminal and defining a security measure for encapsulating a data domain;
a) when the encapsulated data field is a ciphertext, the content comprises an encrypted ciphertext and MAC, and the encrypted content is 'application type + application data area + information security extension area';
b) and when the encapsulated data field is a plaintext, the data field content sequentially comprises an application type, an application data area and an information security expansion area.
Preferably, the application type is a type of an encapsulated data field, and is an application type related to an original service when the application data area is not empty, and is an application type related to an information security extension area when the application data area is empty.
According to the technical scheme, the safety of a communication link between the terminal and the main station is ensured through the safety management channel, the confidentiality and the integrity of data transmission between the terminal and the main station are ensured, and meanwhile, the bidirectional identity authentication between the main station and the terminal is realized; and malicious damage and attack to the main station system and other illegal operations in the forms of attacks such as forged terminal identity, replay attack and the like are prevented.
In addition, excessive encryption measures still affect the data processing efficiency of the terminal, and in order to balance efficiency and security, the communication security level of the security management channel can be defined at the terminal, so that the multiplexing security measures are reduced.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flow chart of a secure management channel data communication process according to the present disclosure.
Fig. 2 is a schematic diagram of a message structure according to the present disclosure.
Fig. 3 is a schematic diagram illustrating a structure change of a certificate update flow message according to the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The programming criteria followed by MQTT include: simple and without increasing the functions; minimizing the transmission amount to increase the transmission power; low bandwidth, high latency, unstable networks, etc. This results in that the communication security performance cannot be guaranteed. Especially, in some larger scenes, there are high security requirements for providing several key devices, and the MQTT-based communication scheme in the prior art is often difficult to satisfy. The MQTT communication method is improved, and the communication safety is remarkably improved by using lower improvement cost.
As shown in fig. 1, a secure communication method based on a publish-subscribe mode is based on MQTT protocol, and includes an MQTT server, and a master station and a terminal respectively connected to the MQTT server in a communication manner, and analyzes message data to generate an encryption chip interface command by customizing MQTT message types, and writes the command into an encryption chip to implement security management. The system also comprises a safety management channel based on the communication exchange of the publish-subscribe mode, and a safety management command serving the safety management channel runs in the safety management channel. The management command realized by sending the command message with a fixed format to the encryption chip comprises symmetric encryption, asymmetric encryption, bidirectional identity authentication, signature verification, time verification, certificate updating, key updating, certificate inquiry, public key inquiry and key version inquiry.
The certificate management services bidirectional authentication and signature verification, and updates or recovers the certificate stored on the terminal equipment through the certificate management to provide a credit certificate for identity authentication. All commands for managing the channels are prohibited from being executed until the two-way authentication is not performed.
The key updating and the key version inquiry belong to key management. The key in the key management is a symmetric key, and the management command is transmitted after being encrypted by the symmetric key in the management channel so as to ensure the data security. The key updating, namely the symmetric key exchange process, is executed after the bidirectional authentication, so as to ensure the identity security of the two exchange parties;
for a larger management command, a packetization operation is added during transmission, and each packet of packet information carries a key index asKID for verifying a signature so as to conveniently identify a data source.
Time verification, signature verification and random number verification are added to the management command data to prevent behaviors such as replay attack, forged information attack and the like.
After the management command is executed, various response states are defined aiming at different commands, so that the problem location is facilitated.
The standardized message format definition ensures the integrity of transmission data, the message contains CRC checksum, and the ciphertext data also contains MAC check.
As shown in fig. 2: the specific structure of the message disclosed in the present disclosure is as follows:
1. the length of the message is two bytes, and the high order is in front. The message length and the checksum refer to data from the beginning of the message type (including the message type) to the beginning of the checksum;
2. the message type is two bytes with the high order preceding. The message type is used for defining an object for data interaction with the terminal and defining a security measure for encapsulating a data domain;
a) when the encapsulated data field is a ciphertext, the content comprises an encrypted ciphertext and MAC, and the encrypted content is 'application type + application data area + information security extension area';
b) and when the encapsulated data field is a plaintext, the data field content sequentially comprises an application type, an application data area and an information security expansion area.
3. The application type is as follows: the method is a type of an encapsulated data field, wherein the application type is an application type related to an original service when an application data area is not empty, and the application type is an application type related to an information security extension area when the application data area is empty.
4. Application data area format: 1 byte length + message data;
5. information security extension area format: 2 bytes length + information safety extension information, if the information safety extension area is empty, the length of 2 bytes is still increased, and the content is 00;
6. if the application data area is empty and the information security extension area is not empty, the length of the application data area is empty.
7. The original message when the signature is calculated does not contain the application type (1 byte), the application data length (1 byte) and the secure extension length (2 bytes).
The present disclosure generally employs an ESAM (Embedded Secure Access Module) security Module as a security chip.
Two-way authentication is also mentioned in the prior art, but two-way encryption requires the terminal to provide a certificate signed by ca. The problems in the prior art are that: one share of MQTT server-side certificate is enough, and if millions of terminals are also provided with the certificate, the terminal is very troublesome, a special management organization is needed to generate the certificate, manage the certificate, issue the certificate to the terminal, carry out various configurations and manage the life cycle of the certificate, so that the terminal is troublesome. If only one ip is bound, each device is bound to a gateway with an independent ip, which is troublesome. The problem can be effectively solved by adopting the safety management channel as the certificate authority.
The specific scheme is as follows: bidirectional identity authentication based on digital certificates:
after a link is established between a terminal and a master station, two-way identity authentication is required before data message transmission is applied. The identity authentication is initiated by the master station, the terminal responds passively, one party fails to authenticate the other party, authentication failure information is returned, and the other party does not respond to data. The bidirectional identity authentication adopts an SM2 algorithm based on public key authentication process. The method comprises the following specific steps:
1. initiating a random number as a signature original text by a master station, using a private key by a terminal to sign the random number R1 of the master station and the random number R2 of the terminal, and then sending the signature to the master station;
the master station verifies the terminal signature (identity) by using the terminal public key acquired from the terminal certificate;
the master station signs a terminal random number R2 by using a private key (corresponding to a certificate index askid) and then sends the terminal random number to the terminal;
4, the terminal verifies the signature (identity) of the master station by using the master station public key acquired from the master station certificate;
and 5, the terminal returns the verification result and the authentication process is finished.
Through a complete bidirectional authentication process, the management channel uses the process for bidirectional authentication as one of the channel safety guarantee technologies.
The certificate of the main station is downloaded into the terminal security chip before authentication, and the main station acquires the plaintext of the terminal certificate through a plaintext instruction at the authentication tag.
Furthermore, it was also mentioned in the foregoing that the present disclosure relates particularly to applications for improving security for critical equipment in larger scenarios. The security management channel is provided in an important key device to purposely improve its security performance.
The method is particularly suitable for scenes of upgrading and accessing the old equipment with larger scale such as electric power and the like into the Internet of things. The power equipment is often divided into conventional consumable equipment and key core equipment, so that the safety performance of the core equipment is improved in a targeted manner, and the cost for replacing the equipment is reduced.
As shown in fig. 3, the present disclosure further includes a certificate update process: the master station names a certificate identifier, a CA (certificate authority)/master station certificate, a gateway certificate and time information to be issued by using a private key to obtain a signature result, and encrypts the certificate identifier, the certificate, the time information, the signature result and a signature key identifier by using a downlink key to generate a certificate update ciphertext packet; continuously sending the certificate updating ciphertext packet to the terminal in frames; continuously issuing the framing data, and returning an execution result after the terminal receives all the data; the terminal decrypts the encrypted ciphertext to obtain plaintext data and verifies the correctness of the signature of the main station; executing relevant operation after verifying the signature of the master station is correct; and if the signature of the master station is verified to be incorrect, returning a master station error message.
The present disclosure also includes a certificate update procedure: the key updating management comprises the steps of modifying a test key into a formal key before the terminal is put into operation and recovering the formal key into the test key when the terminal returns to the factory for maintenance, and the specific updating process comprises the following steps:
step 1: the master station sends a key version number obtaining instruction to the terminal;
step 2: the terminal reads the version number of the symmetric key, takes the terminal random number and returns the terminal random number to the master station;
and step 3: the master station judges the key version of the terminal according to the key version number, determines whether to modify or recover the key, and determines a protection key required by key updating;
and 4, step 4: if the master station determines to update the key, deriving a symmetric key to be updated from the distribution network encryption authentication device, signing the derived data by using a master station private key, and sending the derived key data and a signature result to the terminal;
and 5: the terminal receives the secret key updating message, and sends the secret key data and the signature to the security chip to complete secret key updating;
step 6: and the terminal returns error information of successful update or unsuccessful update.
The certificate comprises: the CA root certificate: for proving the identity of the certificate authority, it is typically installed inside the system by default.
And (3) master station certificate: the authentication system consists of user information, a user public key and a CA authentication signature; for verifying the master station signature.
Gateway certificate: the authentication system consists of user information, a user public key and a CA authentication signature; for verifying the gateway signature.
A terminal certificate: the authentication system consists of user information, a user public key and a CA authentication signature; for verifying the terminal signature.
In the specific implementation process, the management command setting of the terminal for the security management channel is also added. And the safety management channel is used for closing part of safety services of the safety management channel so as to improve the communication efficiency. This setting is performed after completion of performing the key update. This allows a balance between efficiency and safety to be found at higher data transmission pressures. This embodiment is typically used in emergency situations. And the modified safety strategy has a life cycle, and after the life cycle is finished, the state of safety protection selection by the safety management channel is automatically returned.
In any embodiment, the mode is based on conventional transmission of the existing MQTT protocol, and at least the following steps are implemented: symmetric encryption techniques are used to secure the communication link between the terminal and the master station. And the confidentiality of data transmitted between the terminal and the main station is ensured by using a symmetric encryption technology. And using encrypted data MAC check and message CRC check to ensure the integrity of data transmitted between the terminal and the master station. And bidirectional identity authentication between the master station and the terminal is realized by using a bidirectional authentication technology. The illegal operation of the main station system in attack forms such as signature verification, time verification range counterfeiting terminal identity, replay attack and the like is used, and on the basis, the safety performance in the communication process is enhanced through the safety management channel. And the cost of the improved terminal hardware and the cost of the modified terminal are not more than 200 elements/part, and the cost performance is very high.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above examples are only intended to illustrate the technical solutions of the present disclosure, not to limit them; although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.

Claims (10)

1. A safe communication method based on a publish-subscribe mode is based on an MQTT protocol and comprises an MQTT server, a main station and a terminal which are respectively in communication connection with the MQTT server, and is characterized in that: and analyzing the message data to generate an encryption chip interface command by self-defining the MQTT message type, and writing the command into an encryption chip to realize safety management.
2. The secure communication method according to claim 1, wherein the secure communication method comprises: the system also comprises a safety management channel based on the communication exchange of the publish-subscribe mode, and a safety management command serving the safety management channel runs in the safety management channel.
3. A secure communication method based on a publish-subscribe model as claimed in claim 1 or 2, wherein: the management command realized by sending the command message with a fixed format to the encryption chip comprises symmetric encryption, asymmetric encryption, bidirectional identity authentication, signature verification, time verification, certificate updating, key updating, certificate inquiry, public key inquiry and key version inquiry.
4. The secure communication method according to claim 3, wherein the secure communication method comprises: the bidirectional identity authentication is based on a digital certificate, initiated by a master station, and passively responded by a terminal, one party fails to authenticate the other party, authentication failure information is returned, and data of the other party is not responded; the bidirectional identity authentication adopts an SM2 algorithm of an authentication process based on a public key, and comprises the following specific steps:
step 1: the method comprises the steps that a master station initiates a random number as a signature original text, and a terminal signs a master station random number R1 and a terminal random number R2 by using a private key and then sends the signature to the master station;
step 2: the master station verifies the terminal signature by using the terminal public key acquired from the terminal certificate;
and step 3: the master station signs a terminal random number R2 by using a private key corresponding to the certificate index and then sends the terminal random number R2 to the terminal;
and 4, step 4: the terminal verifies the signature of the master station by using the master station public key acquired from the master station certificate;
and 5: the terminal returns the verification result and the authentication process is finished.
5. The secure communication method according to claim 4, wherein the secure communication method comprises: the certificate of the main station is downloaded into a security chip of the terminal before authentication, and the main station acquires the plaintext of the terminal certificate through a plaintext instruction at the authentication tag.
6. The secure communication method according to claim 3, wherein the secure communication method comprises: the key updating management comprises the steps of modifying a test key into a formal key before the terminal is put into operation and recovering the formal key into the test key when the terminal returns to the factory for maintenance, and the specific updating process comprises the following steps:
step 1: the master station sends a key version number obtaining instruction to the terminal;
step 2: the terminal reads the version number of the symmetric key, takes the terminal random number and returns the terminal random number to the master station;
and step 3: the master station judges the key version of the terminal according to the key version number, determines whether to modify or recover the key, and determines a protection key required by key updating;
and 4, step 4: if the master station determines to update the key, deriving a symmetric key to be updated from the distribution network encryption authentication device, signing the derived data by using a master station private key, and sending the derived key data and a signature result to the terminal;
and 5: the terminal receives the secret key updating message, and sends the secret key data and the signature to the security chip to complete secret key updating;
step 6: and the terminal returns error information of successful update or unsuccessful update.
7. The secure communication method according to claim 3, wherein the secure communication method comprises: the certificate updating process comprises the following steps: the master station names a certificate identifier, a CA (certificate authority)/master station certificate, a gateway certificate and time information to be issued by using a private key to obtain a signature result, and encrypts the certificate identifier, the certificate, the time information, the signature result and a signature key identifier by using a downlink key to generate a certificate update ciphertext packet; continuously sending the certificate updating ciphertext packet to the terminal in frames; continuously issuing the framing data, and returning an execution result after the terminal receives all the data; the terminal decrypts the encrypted ciphertext to obtain plaintext data and verifies the correctness of the signature of the main station; executing relevant operation after verifying the signature of the master station is correct; and if the signature of the master station is verified to be incorrect, returning a master station error message.
8. The secure communication method according to claim 1, wherein the secure communication method comprises: the safety management channel defines the format of the message and guarantees the integrity of the transmission data, and the message consists of a start part, a length part, a message type part, a packaging data field part, a check sum part and an end symbol part.
9. The secure communication method according to claim 8, wherein the secure communication method based on the publish-subscribe mode comprises: the message type is used for defining an object for data interaction with the terminal and defining a security measure for encapsulating a data domain;
a) when the encapsulated data field is a ciphertext, the content comprises an encrypted ciphertext and MAC, and the encrypted content is 'application type + application data area + information security extension area';
b) and when the encapsulated data field is a plaintext, the data field content sequentially comprises an application type, an application data area and an information security expansion area.
10. The secure communication method according to claim 8, wherein the secure communication method based on the publish-subscribe mode comprises: the application type is a type of an encapsulated data domain, and is an application type related to an original service when the application data area is not empty, and is an application type related to an information security extension area when the application data area is empty.
CN201911313447.3A 2019-12-18 2019-12-18 Safety communication method based on publish-subscribe mode Pending CN111107085A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911313447.3A CN111107085A (en) 2019-12-18 2019-12-18 Safety communication method based on publish-subscribe mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911313447.3A CN111107085A (en) 2019-12-18 2019-12-18 Safety communication method based on publish-subscribe mode

Publications (1)

Publication Number Publication Date
CN111107085A true CN111107085A (en) 2020-05-05

Family

ID=70422781

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911313447.3A Pending CN111107085A (en) 2019-12-18 2019-12-18 Safety communication method based on publish-subscribe mode

Country Status (1)

Country Link
CN (1) CN111107085A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111818517A (en) * 2020-06-16 2020-10-23 郑州信大捷安信息技术股份有限公司 Multi-channel secure communication module, communication system and method
CN112104604A (en) * 2020-08-07 2020-12-18 国电南瑞科技股份有限公司 System and method for realizing safety access service based on electric power internet of things management platform
CN113093678A (en) * 2021-04-07 2021-07-09 国能(泉州)热电有限公司 Data processing method for power plant DCS (distributed control System)
CN113239410A (en) * 2021-07-12 2021-08-10 中关村芯海择优科技有限公司 Terminal certificate updating method, terminal and computer readable storage medium
CN113630370A (en) * 2020-05-08 2021-11-09 许继集团有限公司 Communication system based on STM32 and Internet of things communication module and improved MQTT communication method
US20220353247A1 (en) * 2019-10-07 2022-11-03 British Telecommunications Public Limited Company Secure publish-subscribe communication methods and apparatus

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160301695A1 (en) * 2015-04-07 2016-10-13 Tyco Fire & Security Gmbh Machine-to-Machine and Machine to Cloud End-to-End Authentication and Security
CN107171805A (en) * 2017-05-17 2017-09-15 济南浪潮高新科技投资发展有限公司 A kind of internet-of-things terminal digital certificate signs and issues system and method
CN107800621A (en) * 2017-11-14 2018-03-13 宁波钧飞智能科技有限公司 A kind of novel intelligent home gateway for supporting a variety of access protocols
CN109257327A (en) * 2017-07-14 2019-01-22 中国电力科学研究院 A kind of the communication message safety interacting method and device of electrical power distribution automatization system
CN110442422A (en) * 2019-07-03 2019-11-12 阿里巴巴集团控股有限公司 Active response formula is credible Python virtual machine and its method of execution

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160301695A1 (en) * 2015-04-07 2016-10-13 Tyco Fire & Security Gmbh Machine-to-Machine and Machine to Cloud End-to-End Authentication and Security
CN107171805A (en) * 2017-05-17 2017-09-15 济南浪潮高新科技投资发展有限公司 A kind of internet-of-things terminal digital certificate signs and issues system and method
CN109257327A (en) * 2017-07-14 2019-01-22 中国电力科学研究院 A kind of the communication message safety interacting method and device of electrical power distribution automatization system
CN107800621A (en) * 2017-11-14 2018-03-13 宁波钧飞智能科技有限公司 A kind of novel intelligent home gateway for supporting a variety of access protocols
CN110442422A (en) * 2019-07-03 2019-11-12 阿里巴巴集团控股有限公司 Active response formula is credible Python virtual machine and its method of execution

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
易思瑶: "配电自动化终端安全防护方案的研究与实现", 《中国优秀硕士学位论文全文数据库 工程科技Ⅱ辑》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220353247A1 (en) * 2019-10-07 2022-11-03 British Telecommunications Public Limited Company Secure publish-subscribe communication methods and apparatus
US11658949B2 (en) * 2019-10-07 2023-05-23 British Telecommunications Public Limited Company Secure publish-subscribe communication methods and apparatus
CN113630370A (en) * 2020-05-08 2021-11-09 许继集团有限公司 Communication system based on STM32 and Internet of things communication module and improved MQTT communication method
CN113630370B (en) * 2020-05-08 2023-03-31 许继集团有限公司 Communication system based on STM32 and Internet of things communication module and improved MQTT communication method
CN111818517A (en) * 2020-06-16 2020-10-23 郑州信大捷安信息技术股份有限公司 Multi-channel secure communication module, communication system and method
CN111818517B (en) * 2020-06-16 2022-02-11 郑州信大捷安信息技术股份有限公司 Multi-channel secure communication module, communication system and method
CN112104604A (en) * 2020-08-07 2020-12-18 国电南瑞科技股份有限公司 System and method for realizing safety access service based on electric power internet of things management platform
CN112104604B (en) * 2020-08-07 2024-03-29 国电南瑞科技股份有限公司 System and method for realizing secure access service based on electric power Internet of things management platform
CN113093678A (en) * 2021-04-07 2021-07-09 国能(泉州)热电有限公司 Data processing method for power plant DCS (distributed control System)
CN113239410A (en) * 2021-07-12 2021-08-10 中关村芯海择优科技有限公司 Terminal certificate updating method, terminal and computer readable storage medium
CN113239410B (en) * 2021-07-12 2021-12-03 中关村芯海择优科技有限公司 Terminal certificate updating method, terminal and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN111107085A (en) Safety communication method based on publish-subscribe mode
US11943376B1 (en) Template based credential provisioning
CN107483509B (en) A kind of auth method, server and readable storage medium storing program for executing
CN112837160A (en) Block chain-based cross-chain transaction method and device and computer-readable storage medium
CN110267270B (en) Identity authentication method for sensor terminal access edge gateway in transformer substation
US11849052B2 (en) Certificate in blockchain network, storage medium, and computer device
CN101795263B (en) Secure broadband access method, authentication method, device and system
CN101964791A (en) Communication authenticating system and method of client and WEB application
CN105872848A (en) Credible two-way authentication method applicable to asymmetric resource environment
CN113364582B (en) Method for communication key configuration and update management in transformer substation
CN109120419A (en) Upgrade method, device and the storage medium of optical network unit ONU version
CN111435389A (en) Power distribution terminal operation and maintenance tool safety protection system
CN110943996B (en) Management method, device and system for business encryption and decryption
CN110120866B (en) User management method of field device
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN111740985A (en) TCP long connection security verification encryption method
CN112423277B (en) Security certificate recovery in bluetooth mesh networks
CN113169953B (en) Method and apparatus for authenticating a device or user
CN108683499B (en) Terminal equipment initial key distribution method and device for minimizing key management cost
CN114745138B (en) Equipment authentication method, device, control platform and storage medium
CN113037682A (en) Encrypted communication method, encrypted communication device, and encrypted communication system
CN115001701B (en) Method and device for authorization authentication, storage medium and electronic equipment
CN118041625A (en) Equipment login-free identity verification method and system based on renewable JWT and IP signature
CN112787709B (en) End-to-end identity authentication method suitable for satellite mobile communication system
CN112637122B (en) Test method, response method and system for access control of communication unit master station

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200505

RJ01 Rejection of invention patent application after publication