CN117596083B - Intelligent Internet of things data aggregation method and device based on data desensitization - Google Patents

Intelligent Internet of things data aggregation method and device based on data desensitization Download PDF

Info

Publication number
CN117596083B
CN117596083B CN202410077636.XA CN202410077636A CN117596083B CN 117596083 B CN117596083 B CN 117596083B CN 202410077636 A CN202410077636 A CN 202410077636A CN 117596083 B CN117596083 B CN 117596083B
Authority
CN
China
Prior art keywords
internet
data
things
things equipment
control center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410077636.XA
Other languages
Chinese (zh)
Other versions
CN117596083A (en
Inventor
王滨
沈剑
王聪聪
王晨
陈加栋
王国云
谢瀛辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hikvision Digital Technology Co Ltd
Original Assignee
Hangzhou Hikvision Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hikvision Digital Technology Co Ltd filed Critical Hangzhou Hikvision Digital Technology Co Ltd
Priority to CN202410077636.XA priority Critical patent/CN117596083B/en
Publication of CN117596083A publication Critical patent/CN117596083A/en
Application granted granted Critical
Publication of CN117596083B publication Critical patent/CN117596083B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment provides an intelligent Internet of things data aggregation method and device based on data desensitization. According to the method, the aggregation gateway selects n pieces of Internet of things equipment to be aggregated based on counter values carried by data to be aggregated, the first type data of the n pieces of Internet of things equipment are respectively subjected to specified encryption processing such as data scrambling and the like under the data desensitization requirement under a trusted execution environment, the specified encryption processing such as scrambling and the like required by the data desensitization of the first type data of the n pieces of Internet of things equipment is respectively performed, and the method is different from the existing differential privacy noise adding processing mode, so that intelligent Internet of things data aggregation based on data desensitization is realized, and the problem caused by differential privacy is avoided.

Description

Intelligent Internet of things data aggregation method and device based on data desensitization
Technical Field
The application relates to the field of Internet of things, in particular to an intelligent Internet of things data aggregation method and device based on data desensitization.
Background
In applications of the internet of things, such as smart grids, a differential privacy mode is often adopted to protect data, such as intelligent internet of things data (for short, internet of things data). The differential privacy is to confuse the internet of things data by adding noise data to the internet of things data (such as sensitive data) which needs to be protected, such as a smart meter, of each internet of things device so as to achieve the purpose of protecting the internet of things data.
However, because the nature of the differential privacy is to add noise data into the data of the internet of things to be protected, this has a certain influence on the data quality of the data of the internet of things to be protected, and the accuracy and usability of the data of the internet of things to be protected may be reduced. In addition, noise data needs to be added to each piece of data of the internet of things to be protected by differential privacy, and the large-scale data processing also has the problems of calculation complexity, storage space and the like.
Disclosure of Invention
The embodiment of the application provides an intelligent Internet of things data aggregation method and device based on data desensitization, so as to realize intelligent Internet of things data (simply called Internet of things data) aggregation based on data desensitization and avoid the problem caused by differential privacy.
The embodiment of the application provides an intelligent Internet of things data aggregation method based on data desensitization, which is applied to an aggregation gateway, wherein the aggregation gateway is configured to operate to provide a trusted execution environment, and the trusted execution environment prohibits external access of the aggregation gateway, and the method comprises the following steps of:
negotiating an encryption key K with the control center so that the aggregation gateway and the control center share the encryption key K;
when any one of the Internet of things equipment is monitored to be connected to the Internet of things, negotiating with the Internet of things equipment under a trusted execution environment to complete initialization, so that the time of the aggregation gateway is synchronous with the time of the Internet of things equipment, and the local counter value of the aggregation gateway is synchronous with the local counter value of the Internet of things equipment;
Receiving data to be aggregated sent by any Internet of things equipment, and if the counter value and the timestamp carried by the data to be aggregated are found to pass verification in a trusted execution environment, using the private key PK of the aggregation gateway AG Decrypting ciphertext carried by the data to be aggregated to obtain the data of the Internet of things; any one of the Internet of things equipment increases the local counter value by a set value when sending data to be aggregated;any data to be aggregated sent by the Internet of things equipment at least carries ciphertext, a local timestamp of the Internet of things equipment and a local latest counter value; ciphertext is public key PK using aggregation gateway AG Encrypting the Internet of things data, wherein the Internet of things data comprises first-class data and second-class data; the first type of data is sensitive data to be protected, and the second type of data is non-sensitive data;
respectively carrying out appointed encryption processing on first class data of n pieces of Internet of things equipment under a trusted execution environment under the data desensitization requirement, aggregating second class data of n pieces of Internet of things equipment and the processed first class data, encrypting an aggregation result by using the encryption key K to obtain a target ciphertext, and sending the target ciphertext to a control center so that the control center decrypts the target ciphertext by using the encryption key K; the n pieces of internet of things equipment refer to the internet of things equipment with a local latest counter value which is a designated value and carried by the transmitted data to be aggregated, and n is larger than 1.
An intelligent internet of things data aggregation apparatus based on data desensitization, the apparatus being applied to an aggregation gateway configured to operate to provide a trusted execution environment that prohibits external access to the aggregation gateway, the apparatus comprising:
a negotiation unit for negotiating an encryption key K with the control center so that the aggregation gateway and the control center share the encryption key K; when any one of the Internet of things equipment is monitored to be connected to the Internet of things, negotiating with the Internet of things equipment under a trusted execution environment to complete initialization, so that the time of the aggregation gateway is synchronous with the time of the Internet of things equipment, and the local counter value of the aggregation gateway is synchronous with the local counter value of the Internet of things equipment;
the receiving unit is used for receiving the data to be aggregated sent by any Internet of things equipment, and if the counter value and the timestamp carried by the data to be aggregated are found to pass verification in the trusted execution environment, the private key PK of the aggregation gateway is used AG Decrypting ciphertext carried by the data to be aggregated to obtain the data of the Internet of things; any one of the Internet of things equipment increases the local counter value by a set value when sending data to be aggregated; waiting for transmission of any Internet of things equipment The aggregated data at least carries ciphertext, a local timestamp of the Internet of things device and a local latest counter value; ciphertext is public key PK using aggregation gateway AG Encrypting the Internet of things data, wherein the Internet of things data comprises first-class data and second-class data; the first type of data is sensitive data to be protected, and the second type of data is non-sensitive data;
the aggregation unit is used for respectively carrying out appointed encryption processing on the first type data of the n pieces of internet of things equipment under the data desensitization requirement under the trusted execution environment, aggregating the second type data of the n pieces of internet of things equipment and the processed first type data, encrypting an aggregation result by using the encryption key K to obtain a target ciphertext, and sending the target ciphertext to the control center so that the control center can decrypt the target ciphertext by using the encryption key K; the n pieces of internet of things equipment refer to the internet of things equipment with a local latest counter value which is a designated value and carried by the transmitted data to be aggregated, and n is larger than 1.
The embodiment of the application provides electronic equipment, the electronic equipment includes: a processor and a memory; wherein the memory is configured to store machine-executable instructions; the processor is configured to read and execute the machine executable instructions stored in the memory to implement the method as above.
Embodiments of the present application provide a computer program product having a computer program stored therein, which when executed by a processor, implements a method as above.
As can be seen, in this embodiment, the aggregation gateway selects n pieces of internet of things equipment to be aggregated (the transmitted pieces of internet of things equipment with the counter value carried by the data to be aggregated being a specified value) based on the counter value carried by the data to be aggregated sent by each piece of internet of things equipment, performs specified encryption processing such as data scrambling and the like under the data desensitization requirement on the first type of data of the n pieces of internet of things equipment under a trusted execution environment, aggregates the second type of data of the n pieces of internet of things equipment and the processed first type of data, encrypts the aggregation result by using the encryption key K negotiated with the control center to obtain a target ciphertext and sends the target ciphertext to the control center, and the specified encryption processing such as scrambling processing and the like required for performing data desensitization on the first type of data of the n pieces of internet of things equipment is different from the existing processing mode of differential privacy adding noise, so that intelligent internet of things data aggregation based on data desensitization is realized, and the problem caused by differential privacy is avoided.
Further, in this embodiment, when monitoring that any one of the devices of the internet of things is connected to the internet of things, the aggregation gateway negotiates with the device of the internet of things under a trusted execution environment to complete initialization, so that a local counter value of the aggregation gateway is synchronized with a local counter value of the device of the internet of things; the aggregation gateway selects n pieces of internet of things equipment needing to be aggregated according to the local counter value of the internet of things equipment, the data of all pieces of internet of things equipment are not blindly aggregated, the data of n pieces of internet of things equipment meeting the requirements are aggregated, resources are saved, and the data of all pieces of internet of things equipment meeting the requirements can be accurately aggregated. Further, in this embodiment, the aggregation gateway can resist external attack by running the trusted execution environment, so as to further ensure data security.
Drawings
FIG. 1 is a flow chart of a method shown in an embodiment of the present application;
fig. 2 is a schematic diagram of a networking structure according to an embodiment of the present disclosure;
FIG. 3 is a key agreement flow chart shown in an embodiment of the present application;
FIG. 4 is an initialization flow chart provided by an embodiment of the present application;
FIG. 5 is a block diagram of an apparatus according to an embodiment of the present application;
fig. 6 is a block diagram of an electronic device shown in an embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first message may also be referred to as a second message, and similarly, a second message may also be referred to as a first message, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
The embodiment provides an intelligent Internet of things data (simply referred to as Internet of things data) aggregation method based on data desensitization. Here, data desensitization is a method for protecting data security, and the specified encryption processing under the data desensitization requirement can be performed on the sensitive data, such as the encryption processing such as character replacement by adopting an algorithm under the advanced encryption standard (AES: advanced Encryption Standard), before the data (recorded as sensitive data) of the internet of things, which needs to be protected, is used or transmitted, so as to reduce the risk of leakage and abuse of the sensitive data. Here, the appointed encryption processing under the data desensitization requirement is different from the mode of adding noise under the differential privacy, the data quality of the sensitive data is not affected, the calculation complexity and the storage space requirement are low, the sensitive data is ensured to have no error, and the usability and the precision of the sensitive data are ensured.
As an embodiment, the sensitive data may be, for example, an identifier of a smart meter applied to a smart grid, and the embodiment is not particularly limited.
The following describes the method provided in the embodiments of the present application:
referring to fig. 1, fig. 1 is a flowchart of a method provided in an embodiment of the present application. This procedure applies to an Aggregation Gateway (AG). In this embodiment, the aggregation gateway is installed with a hardware module that can implement a trusted execution environment (also called an isolation environment) by running an enclave (enclave), which prohibits access outside the aggregation gateway, such as by a user. The method applied to the aggregation gateway provided by the embodiment is mainly executed by the aggregation gateway under the trusted execution environment, so that the safety of the processing process of the whole method is ensured.
Alternatively, the hardware module may be Penglai (Penglai) hardware, for implementing the trusted execution environment.
Fig. 2 illustrates a networking structure of the above method by way of example. As shown in fig. 2, the aggregation gateway is respectively connected with a Control Center (CC) and a plurality of internet of things devices. The internet of things device can be a Smart Meter (SM) applied to a Smart grid. Taking a smart meter as an example, each fixed area is provided with a smart meter, and the smart meter can be used for collecting electric energy data in the area where the smart meter is located. For example: the electrical energy data in the area is collected every half an hour.
Based on the networking structure shown in fig. 2, as shown in fig. 1, the process may include the following steps:
step 101, negotiating an encryption key K with the control center, so that the aggregation gateway and the control center share the encryption key K.
Optionally, as an embodiment, the encryption key K is used to encrypt data that is subsequently sent by the aggregation gateway to the control center.
As an embodiment, the negotiation of the encryption key K may occur in the initialization process of the aggregation gateway and the control center, which will be described by way of example below and will not be repeated here.
Step 102, negotiating with the internet of things equipment to finish initialization under the trusted execution environment when any internet of things equipment is monitored to access the internet of things, so that the time of the aggregation gateway is synchronous with the time of the internet of things equipment, and the local counter value of the aggregation gateway is synchronous with the local counter value of the internet of things equipment.
When the internet of things Device is first accessed to the internet of things such as a smart meter, the embodiment first installs an official application of the internet of things Device on a User Device (UD: user Device) associated with the internet of things Device, so as to authenticate the trusted execution environment of the aggregation gateway, and after authentication is completed, the aggregation gateway negotiates with the internet of things Device under the trusted execution environment to complete initialization, so that time of the aggregation gateway is synchronized with time of the internet of things Device, and a local counter value of the aggregation gateway is synchronized with a local counter value of the internet of things Device.
It should be noted that, in the process of negotiating and initializing the aggregation gateway and the internet of things device, the aggregation gateway will send the public key PK of the aggregation gateway AG The method comprises the steps of feeding Internet of things equipment; PK here AG The method is used for encrypting the internet of things data sent to the aggregation gateway by the internet of things equipment.
Step 103, receiving data to be aggregated sent by any internet of things device, and after finding that the counter value and the timestamp carried by the data to be aggregated pass verification in the trusted execution environment, using the private key PK of the aggregation gateway AG Decrypting the ciphertext carried by the data to be aggregated to obtain the data of the Internet of things.
In this embodiment, when sending data to be aggregated, any one of the devices of the internet of things increases the local counter value by a set value, for example, 1, that is, when the latest local counter value of the device of the internet of things is increased by the set value compared with the previous value.
In this embodiment, the data to be aggregated sent by any one of the devices of the internet of things at least carries: ciphertext, the internet of things device local timestamp and a local latest counter value. Here, ciphertext is obtained by using the public key PK of the aggregation gateway AG Internet of things for local Internet of things equipmentAnd encrypting the network data. Optionally, the internet of things data may include first class data and second class data of the internet of things device. The first type of data is sensitive data to be protected, and the second type of data is non-sensitive data. Taking the internet of things device as an example of the intelligent electric meter, the first type of data can be identification ID of the intelligent electric meter, and the second type of data can be electric energy data collected by the intelligent electric meter.
As an embodiment, based on the time synchronization of the aggregation gateway and the time synchronization of the internet of things device, and the local counter value of the aggregation gateway and the local counter value of the internet of things device synchronization, in step 101, finding that the counter value and the timestamp carried by the data to be aggregated pass verification in the trusted execution environment refers to: subtracting the set value from a counter value carried by the data to be aggregated in the trusted execution environment, and if the obtained result is the same as the local counter value of the aggregation gateway, determining that the counter value carried by the data to be aggregated passes verification; and checking that the time difference between the time stamp carried by the data to be aggregated and the local time stamp of the aggregation gateway is within a set time difference range, and determining that the time stamp carried by the data to be aggregated passes the verification. It should be noted that the above-mentioned set time difference range may be set according to an actual application scenario, and the present embodiment is not particularly limited. In general, the time difference between the timestamp carried by the data to be aggregated and the local meter timestamp of the aggregation gateway is smaller.
It can be seen that, in this embodiment, after receiving the data to be aggregated, the aggregation gateway verifies the timestamp and the counter value carried by the data to be aggregated, and further decrypts the ciphertext carried by the data to be aggregated only after the timestamp and the counter value carried by the data to be aggregated pass the verification, thereby ensuring the integrity and confidentiality of the data. And the aggregation gateway executes steps under a trusted execution environment, even if an administrator in the aggregation gateway cannot access the execution process and the result, replay attack, fake attack, eavesdropping attack and the like can be resisted.
Optionally, after the counter value carried by the data to be aggregated passes verification, the aggregation gateway updates the local counter value of the aggregation gateway to the counter value carried by the data to be aggregated.
Step 104, respectively carrying out appointed encryption processing on first class data of n pieces of internet of things equipment under a trusted execution environment under the data desensitization requirement, aggregating second class data of n pieces of internet of things equipment and the processed first class data, encrypting an aggregation result by using the encryption key K to obtain a target ciphertext, and sending the target ciphertext to a control center so that the control center uses the encryption key K to decrypt the target ciphertext; the n pieces of internet of things equipment refer to the internet of things equipment with a local latest counter value which is a designated value and carried by the transmitted data to be aggregated, and n is larger than 1.
Optionally, in this embodiment, according to the description of step 103, the aggregation gateway receives the data to be aggregated sent by many internet of things devices, and when receiving the data to be aggregated sent by any internet of things device, performs the description of step 103, and obtains the first type data of the internet of things device.
If the first type data of the n pieces of internet of things equipment (the counter value carried by the sent data to be aggregated is the specified value) is obtained, as described in step 104, specified encryption processing under the data desensitization requirement is performed on the first type data of the n pieces of internet of things equipment under the trusted execution environment, for example, the specified encryption processing is taken as data scrambling, and scrambling processing is performed on the first type data of each piece of internet of things equipment in the n pieces of internet of things equipment based on a random scrambling function. The disturbing processing mode is essentially modification of the first type of data of the Internet of things equipment so as to protect the safety of the first type of data of the Internet of things equipment.
In this embodiment, in step 104, there are many implementation manners for aggregating the second type data and the processed first type data of the n pieces of internet of things equipment when implementing the aggregation, for example, for each piece of internet of things equipment in the n pieces of internet of things equipment, the processed first type data of the piece of internet of things equipment is correspondingly combined with the second type data of the piece of internet of things equipment, so as to obtain combined data; and aggregating the combination data of the internet of things devices according to the Hoener rule. In view of the fine granularity characteristic of the hall rule, the embodiment aggregates the combined data of the internet of things equipment through the hall rule, compared with the conventional data aggregation which only can obtain the sum of n data and obtains the variance based on some methods, the embodiment can ensure that the control center directly obtains the internet of things data (such as the electricity utilization data of a single intelligent ammeter) of the single internet of things equipment, the embodiment can directly and simply calculate the statistical values of the data sum, the average value, the variance and the like, and can realize the expansion of the functions of the intelligent internet of things system, such as abnormal feedback, and make up the functional defects of the single internet of things equipment such as load prediction and accurate electricity charge. In addition, if load prediction, accurate electric charge and the like are carried out, the training of the data model can be more accurately completed, a more accurate prediction effect is achieved, and the method is applicable to various scenes.
It should be noted that, the foregoing combining the processed first type data of the internet of things device with the second type data of the internet of things device is essentially to use the processed first type data of the internet of things device as an index of the second type data of the internet of things device to indicate which first type data corresponds to any second type data, but since the first type data corresponding to any second type data is the first type data processed by the above specified encryption process, such as scrambling process, even if an attacker intercepts the aggregation result in the process of transmitting the aggregation result to the control center by the aggregation gateway, or the control center receives the aggregation result, it cannot accurately know the accurate correspondence between the first type data and the second type data, thereby ensuring the security of the sensitive data in the internet of things device.
Thus, the flow shown in fig. 1 is completed.
As can be seen from the flow shown in fig. 1, in this embodiment, the aggregation gateway selects n pieces of internet of things equipment to be aggregated (the transmitted pieces of internet of things equipment with the counter value carried by the data to be aggregated being a specified value) based on the counter value carried by the data to be aggregated sent by each piece of internet of things equipment, performs specified encryption processing such as data scrambling and the like under the data desensitization requirement on the first type of data of the n pieces of internet of things equipment under the trusted execution environment, aggregates the second type of data of the n pieces of internet of things equipment and the processed first type of data, encrypts the aggregation result by using the encryption key K negotiated with the control center to obtain a target ciphertext, and sends the target ciphertext to the control center.
Further, in this embodiment, when monitoring that any one of the devices of the internet of things is connected to the internet of things, the aggregation gateway negotiates with the device of the internet of things under a trusted execution environment to complete initialization, so that a local counter value of the aggregation gateway is synchronized with a local counter value of the device of the internet of things; the aggregation gateway selects n pieces of internet of things equipment needing to be aggregated according to the local counter value of the internet of things equipment, the data of all pieces of internet of things equipment are not blindly aggregated, the data of n pieces of internet of things equipment meeting the requirements are aggregated, resources are saved, and the data of all pieces of internet of things equipment meeting the requirements can be accurately aggregated.
Further, in this embodiment, the aggregation gateway can resist external attack by running a trusted execution environment.
How the aggregation gateway negotiates the encryption key K with the control center is described below:
referring to fig. 3, fig. 3 is a flowchart of encryption key K negotiation provided in an embodiment of the present application. As shown in fig. 3, the process may include the steps of:
step 301, the control center randomly selects the first number p and the second number g, publishes the first number p and the second number g to the aggregation gateway, and calculates a second value according to the first number p and the second number g, and the randomly selected second random number v and a set algorithm.
Optionally, in this embodiment, the first number p may be a relatively large prime number (such as ten thousand, hundred thousand) so as to meet the requirement that the first number p cannot be decomposed by the computer in a limited time under the cryptographic protocol.
As one example, the second value (denoted v 2) may be represented by the following formula: v2=g v mod p; v is the firstTwo random numbers.
Step 302, the aggregation gateway calculates a first value according to a set algorithm based on the first number p and the second number g notified by the control center and the first random number λ selected randomly.
Referring to the second value expression described above, the first value (denoted as v 1) can be represented by the following formula: v1=g λ mod p。
In step 303, the aggregation gateway sends a first value to the control center.
In step 304, the control center sends a second value and T1 to the aggregation gateway, where T1 represents the local time of the control center.
Step 303 and step 304 are not in a fixed chronological order.
Step 305, the aggregation gateway calculates a reference key k based on the first value and the second value sent by the control center, and encrypts T1 by using the reference key k to obtain T2; and sending T2 to a control center.
In step 306, the control center calculates a reference key K based on the second value and the first value sent by the aggregation gateway, and when T2 is received, decrypts T2 by using the reference key K to obtain T3, and finds that T3 matches T1 (for example, the time difference is within a set range), sends a confirmation message ACK to the aggregation gateway, and calculates the encryption key K based on the reference key K.
In this embodiment, whether the aggregation gateway or the control center calculates the reference key k, it does not analyze the first random number and the second random number, but directly calculates based on the first value and the second value, for example, by considering the expression of the first value and the second value, the product of the first value and the second value can be calculated, and the reference key k is determined according to the product. For example, k=g λν mod p。
In step 307, the aggregation gateway receives the acknowledgement message ACK sent by the control center and calculates the encryption key K using the reference key K.
Optionally, in this embodiment, the acknowledgement message ACK may further carry a timestamp that the control center sends the acknowledgement message ACK. When executing the step 307, the aggregation gateway will verify the timestamp a priori, for example, verify whether the time difference between the timestamp and the timestamp local to the aggregation gateway is within the set time difference range, if so, confirm that the timestamp carried by the acknowledgement message ACK passes the verification, and continue to execute the step of calculating the encryption key K by using the reference key K.
Alternatively, in this embodiment, there are many ways to calculate the encryption key K by using the reference key K, for example, a hash function is used to process the reference key K, and the result is the encryption key K. Namely: k=h (K). It should be noted that, before step 306 and step 307, the aggregation gateway and the control center may pre-negotiate which hash function to use, for example, negotiate to use SHA-256 to hash the reference key k, so as to ensure that the hash function is input long enough to avoid a hash collision attack.
The flow shown in fig. 3 is described above. After negotiating the encryption key K, the aggregation gateway may initialize the Count value Count of the local counter to a preset value, such as 0.
The following describes a process of negotiating with the internet of things device to complete initialization by the aggregation gateway in a trusted execution environment:
referring to fig. 4, fig. 4 is an initialization flowchart provided in an embodiment of the present application. As shown in fig. 4, the process may include the steps of:
step 401, an aggregation gateway receives a remote authentication request for an internet of things device, and sends a public key PK of the aggregation gateway to the internet of things device AG
In this embodiment, the UD sends a remote authentication request to the aggregation gateway to implement that the aggregation gateway receives the remote authentication request for the internet of things device. Correspondingly, after the aggregation gateway receives the remote authentication request for the internet of things device, the aggregation gateway returns the public key PK of the aggregation gateway to the UD AG . UD receives public key PK of aggregation gateway AG The public key PK is then used AG Sending the public key PK to the Internet of things equipment, and finally realizing that the aggregation gateway sends the public key PK of the aggregation gateway to the Internet of things equipment AG。
Step 402, receiving a first initialization message sent by an internet of things device; the first initialization message carries a third Counting ciphertext; the third cipher text is the public key PK using the aggregation gateway AG Third number gamma selected for the internet of things device i And (5) encrypting to obtain the product.
Alternatively, in this embodiment, the internet of things device may generate a random number (denoted as a third number) γi using a pseudo-random number generator. Thereafter, public key PK using aggregation gateway AG For the third number gamma i And encrypting to obtain a third number ciphertext. The internet of things device will firstly carry the third number ciphertext in the first initialization message (Int) and send the third number ciphertext to the UD, and the UD sends the first initialization message to the aggregation gateway, so that the aggregation gateway can finally receive the first initialization message sent by the internet of things device.
Step 403, private key PK using the present aggregation gateway AG Decrypting the third number ciphertext carried by the first initialization message to obtain a fourth number gamma i ' local time, fourth number gamma i And the' and local latest counter value is carried in a second initialization message and is sent to the Internet of things equipment, so that the Internet of things equipment updates the local counter value into the counter value carried in the second initialization message and updates the local time into the time carried in the second initialization message when the fourth number is verified to be matched with the third number.
Optionally, in this embodiment, when the internet of things device verifies that the fourth number and the third number match (for example, are the same), the local counter value is updated to the counter value carried by the second initialization message, and the local time is updated to the time carried by the second initialization message, so that the aggregation gateway and the internet of things device negotiate to complete initialization under the trusted execution environment.
Thus, the flow shown in fig. 4 is completed.
The process shown in fig. 4 realizes that the aggregation gateway negotiates with the internet of things equipment to finish initialization under the trusted execution environment.
It should be noted that, in this embodiment, the data to be aggregated sent by any one of the devices of the internet of things further carries: ciphertext signature. The ciphertext signature is obtained by signing the ciphertext by using an internet of things private key ri.
Based on this, in this embodiment, in step 104, encrypting the aggregation result with the encryption key K to obtain the target ciphertext and sending the target ciphertext to the control center further includes: and aggregating ciphertext signatures in the data to be aggregated, which are sent by the n pieces of internet of things equipment, to obtain ciphertext signature aggregation, and sending the ciphertext signature aggregation and the internet of things public key sets of the n pieces of internet of things equipment to the control center.
Here, the internet of things public key of any internet of things device in the internet of things public key set corresponds to the internet of things private key used by the internet of things device to sign the ciphertext, and the internet of things public key set is used by the control center to verify ciphertext signature aggregation. Specifically, when the control center receives the aggregation result, the ciphertext signature aggregation and the internet of things public key sets of n pieces of internet of things equipment, each internet of things public key in the internet of things public key set is used for verifying the ciphertext signature corresponding to the ciphertext signature aggregation, so that data integrity is verified.
Further, in this embodiment, encrypting the aggregation result by using the encryption key K to obtain the target ciphertext and sending the target ciphertext to the control center further includes: the local timestamp and the local latest counter value are sent to the control center. When the control center verifies that the ciphertext signature passes the verification, the timestamp and the counter value sent by the aggregation gateway are further verified, and the verification mode is similar to that of the step 103, and is not repeated. After the timestamp and the counter value sent by the aggregation gateway pass verification, the control center decrypts the aggregation result, such as extracting corresponding Hoener parameters, and presumes the corresponding data plaintext. Under the condition of protecting privacy, plaintext data is operated, so that rich functional requirements such as functions of load prediction, dynamic pricing, data sum and variance calculation and the like are directly carried out on the plaintext data, and the calculation cost is smaller.
The method provided by the embodiment of the present application is described above, and the device provided by the embodiment of the present application is described below:
referring to fig. 5, fig. 5 is a block diagram of an apparatus according to an embodiment of the present application. The apparatus applies to an aggregation gateway configured to operate to provide a trusted execution environment that prohibits external access to the aggregation gateway, as shown in fig. 5, the apparatus may include:
a negotiation unit for negotiating an encryption key K with the control center so that the aggregation gateway and the control center share the encryption key K; when any one of the Internet of things equipment is monitored to be connected to the Internet of things, negotiating with the Internet of things equipment under a trusted execution environment to complete initialization, so that the time of the aggregation gateway is synchronous with the time of the Internet of things equipment, and the local counter value of the aggregation gateway is synchronous with the local counter value of the Internet of things equipment;
the receiving unit is used for receiving the data to be aggregated sent by any Internet of things equipment, and if the counter value and the timestamp carried by the data to be aggregated are found to pass verification in the trusted execution environment, the private key PK of the aggregation gateway is used AG Decrypting ciphertext carried by the data to be aggregated to obtain the data of the Internet of things; any one of the Internet of things equipment increases the local counter value by a set value when sending data to be aggregated; any data to be aggregated sent by the Internet of things equipment at least carries ciphertext, a local timestamp of the Internet of things equipment and a local latest counter value; ciphertext is public key PK using aggregation gateway AG Encrypting the Internet of things data, wherein the Internet of things data comprises first-class data and second-class data; the first type of data is sensitive data to be protected, and the second type of data is non-sensitive data;
the aggregation unit is used for respectively carrying out appointed encryption processing on the first type data of the n pieces of internet of things equipment under the data desensitization requirement under the trusted execution environment, aggregating the second type data of the n pieces of internet of things equipment and the processed first type data, encrypting an aggregation result by using the encryption key K to obtain a target ciphertext, and sending the target ciphertext to the control center so that the control center can decrypt the target ciphertext by using the encryption key K; the n pieces of internet of things equipment refer to the internet of things equipment with a local latest counter value which is a designated value and carried by the transmitted data to be aggregated, and n is larger than 1.
As an embodiment, said negotiating an encryption key K with the control center comprises:
transmitting a first value to the control center, and receiving a second value and T1 transmitted by the control center; the T1 represents the local time of the control center; the first value is calculated according to a set algorithm based on a first random number selected by the aggregation gateway, a first number p and a second number g selected and notified by the control center, and the second value is calculated according to a set algorithm based on a second random number selected by the control center, the first number p and the second number g;
Calculating a reference key k based on the first value and the second value, and encrypting the T1 by using the reference key k to obtain T2; transmitting T2 to the control center, so that the control center decrypts the T2 by using the reference key k calculated by the first value and the second value to obtain T3;
receiving an acknowledgement message ACK sent by the control center, and calculating the encryption key K by using a reference key K; the ACK is sent by the control center when the T3 is matched with the T1; the control center is also configured to calculate the encryption key K based on the reference key K when the T3 matches the T1.
As an embodiment, the first value is represented by the following formula: v1=g λ mod p; lambda is a first random number; the second value is represented by the following formula: v2=g v mod p; v is a second random number;
said calculating a reference key k based on said first value and said second value comprises: and calculating the product of the first value and the second value, and determining the reference key k according to the product.
As one embodiment, negotiating with the internet of things device under the trusted execution environment to complete initialization includes:
receiving a remote authentication request aiming at an Internet of things device, and sending a public key PK of an aggregation gateway to the Internet of things device AG
Receiving a first initialization message sent by the Internet of things equipment; the first initialization message carries a third number of ciphertexts; the third oneThe digital cipher text is the public key PK using the aggregation gateway AG Third number gamma selected for the internet of things device i Encrypting to obtain;
private key PK using the present aggregation gateway AG Decrypting the third number ciphertext carried by the first initialization message to obtain a fourth number gamma i And', carrying the local time, the fourth number and the local latest counter value in a second initialization message, and sending the second initialization message to the Internet of things equipment, so that the Internet of things equipment updates the local counter value to the counter value carried by the second initialization message when verifying that the fourth number and the third number are matched, and updates the local time to the time carried by the second initialization message.
As an embodiment, the performing the specified encryption processing on the first type data of the n pieces of internet of things equipment in the trusted execution environment includes:
and for the first type of data of each of the n pieces of Internet of things equipment, carrying out scrambling processing on the first type of data based on a random scrambling function.
As an embodiment, the aggregating the second class data and the processed first class data of the n pieces of internet of things equipment includes:
For each of n pieces of internet of things equipment, correspondingly combining the processed first type data of the internet of things equipment with the second type data of the internet of things equipment to obtain combined data;
and aggregating the combination data of the internet of things devices according to the Hoener rule.
As an embodiment, the data to be aggregated further carries: the method comprises the steps that a ciphertext signature is obtained by signing a ciphertext by using an Internet of things private key ri through Internet of things equipment;
encrypting the aggregation result by using the encryption key K to obtain a target ciphertext and sending the target ciphertext to a control center further comprises: aggregating ciphertext signatures in data to be aggregated, which are sent by n pieces of internet of things equipment, to obtain ciphertext signature aggregation, and sending the ciphertext signature aggregation and an internet of things public key set of the n pieces of internet of things equipment to the control center; the internet of things public key of any internet of things device in the internet of things public key set corresponds to an internet of things private key used by the internet of things device to sign ciphertext, and the internet of things public key set is used by the control center to verify ciphertext signature aggregation.
The structural description of the apparatus shown in fig. 5 is thus completed.
Correspondingly, the embodiment of the application also provides a hardware structure diagram of the device shown in fig. 5, and in particular, as shown in fig. 6, the electronic device may be a device for implementing the method. As shown in fig. 6, the hardware structure includes: a processor and a memory.
Wherein the memory is configured to store machine-executable instructions;
the processor is configured to read and execute the machine executable instructions stored in the memory to implement the method embodiments as described above.
The memory may be any electronic, magnetic, optical, or other physical storage device that may contain or store information, such as executable instructions, data, or the like, for one embodiment. For example, the memory may be: volatile memory, nonvolatile memory, or similar storage medium. In particular, the memory may be RAM (Radom Access Memory, random access memory), flash memory, a storage drive (e.g., hard drive), a solid state disk, any type of storage disk (e.g., optical disk, DVD, etc.), or a similar storage medium, or a combination thereof.
Based on the same inventive concept, the present embodiment also provides a computer-readable storage medium. The computer readable storage medium storing a computer program; the computer program, when being executed by a processor, implements the method embodiments as described above.
Based on the same inventive concept, the present embodiment also provides a computer program product having a computer program stored therein, which, when being executed by a processor, implements the method embodiments as described above.
The foregoing describes specific embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the present application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
The foregoing description of the preferred embodiments of the present invention is not intended to limit the invention to the precise form disclosed, and any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. An intelligent internet of things data aggregation method based on data desensitization, characterized in that the method is applied to an aggregation gateway configured to operate to provide a trusted execution environment that prohibits external access to the aggregation gateway, the method comprising:
negotiating an encryption key K with the control center so that the aggregation gateway and the control center share the encryption key K;
when any one of the Internet of things equipment is monitored to be connected to the Internet of things, negotiating with the Internet of things equipment under a trusted execution environment to complete initialization, so that the time of the aggregation gateway is synchronous with the time of the Internet of things equipment, and the local counter value of the aggregation gateway is synchronous with the local counter value of the Internet of things equipment;
Receiving data to be aggregated sent by any Internet of things equipment, and if the counter value and the timestamp carried by the data to be aggregated are found to pass verification in a trusted execution environment, using the private key PK of the aggregation gateway AG Decrypting ciphertext carried by the data to be aggregated to obtain the data of the Internet of things; any one of the Internet of things equipment increases the local counter value by a set value when sending data to be aggregated; any data to be aggregated sent by the Internet of things equipment at least carries ciphertext, a local timestamp of the Internet of things equipment and a local latest counter value; ciphertext is public key PK using aggregation gateway AG Encrypting the Internet of things data, wherein the Internet of things data comprises first-class data and second-class data; the first type of data is sensitive data to be protected, and the second type of data is non-sensitive data;
respectively carrying out appointed encryption processing on first class data of n pieces of Internet of things equipment under a trusted execution environment under the data desensitization requirement, aggregating second class data of n pieces of Internet of things equipment and the processed first class data, encrypting an aggregation result by using the encryption key K to obtain a target ciphertext, and sending the target ciphertext to a control center so that the control center decrypts the target ciphertext by using the encryption key K; the n pieces of internet of things equipment refer to the internet of things equipment with a local latest counter value which is a designated value and carried by the transmitted data to be aggregated, and n is larger than 1.
2. The method of claim 1, wherein negotiating an encryption key K with a control center comprises:
transmitting a first value to the control center, and receiving a second value and T1 transmitted by the control center; the T1 represents the local time of the control center; the first value is calculated according to a set algorithm based on a first random number selected by the aggregation gateway, a first number p and a second number g selected and notified by the control center, and the second value is calculated according to a set algorithm based on a second random number selected by the control center, the first number p and the second number g;
calculating a reference key k based on the first value and the second value, and encrypting the T1 by using the reference key k to obtain T2; transmitting T2 to the control center, so that the control center decrypts the T2 by using the reference key k calculated by the first value and the second value to obtain T3;
receiving an acknowledgement message ACK sent by the control center, and calculating the encryption key K by using a reference key K; the ACK is sent by the control center when the T3 is matched with the T1; the control center is also configured to calculate the encryption key K based on the reference key K when the T3 matches the T1.
3. The method of claim 2, wherein the step of determining the position of the substrate comprises,
the first value is represented by the following formula: v1=g λ mod p; lambda is a first random number;
the second value is represented by the following formula: v2=g v mod p; v is a second random number;
said calculating a reference key k based on said first value and said second value comprises: and calculating the product of the first value and the second value, and determining the reference key k according to the product.
4. The method of claim 1, wherein negotiating with the internet of things device in the trusted execution environment to complete initialization comprises:
receiving a remote authentication request aiming at an Internet of things device, and sending a public key PK of an aggregation gateway to the Internet of things device AG
Receiving a first initialization message sent by the Internet of things equipment; the first initialization message carries a third number of ciphertexts; the third cipher text is the public key PK using the aggregation gateway AG Third number gamma selected for the internet of things device i Encrypting to obtain;
private key PK using the present aggregation gateway AG Decrypting the third number ciphertext carried by the first initialization message to obtain a fourth number gamma i And', carrying the local time, the fourth number and the local latest counter value in a second initialization message, and sending the second initialization message to the Internet of things equipment, so that the Internet of things equipment updates the local counter value to the counter value carried by the second initialization message when verifying that the fourth number and the third number are matched, and updates the local time to the time carried by the second initialization message.
5. The method according to claim 1, wherein the performing the specified encryption processing on the first type of data of the n pieces of internet of things devices in the trusted execution environment includes:
and for the first type of data of each of the n pieces of Internet of things equipment, carrying out scrambling processing on the first type of data based on a random scrambling function.
6. The method of claim 1, wherein aggregating the second type of data and the processed first type of data for the n internet of things devices comprises:
for each of n pieces of internet of things equipment, correspondingly combining the processed first type data of the internet of things equipment with the second type data of the internet of things equipment to obtain combined data;
and aggregating the combination data of the internet of things devices according to the Hoener rule.
7. The method of claim 1, wherein the data to be aggregated further carries: the method comprises the steps that a ciphertext signature is obtained by signing a ciphertext by using an Internet of things private key ri through Internet of things equipment;
encrypting the aggregation result by using the encryption key K to obtain a target ciphertext and sending the target ciphertext to a control center further comprises: aggregating ciphertext signatures in data to be aggregated, which are sent by n pieces of internet of things equipment, to obtain ciphertext signature aggregation, and sending the ciphertext signature aggregation and an internet of things public key set of the n pieces of internet of things equipment to the control center; the internet of things public key of any internet of things device in the internet of things public key set corresponds to an internet of things private key used by the internet of things device to sign ciphertext, and the internet of things public key set is used by the control center to verify ciphertext signature aggregation.
8. An intelligent internet of things data aggregation device based on data desensitization, characterized in that the device is applied to an aggregation gateway, the aggregation gateway is configured to run a trusted execution environment, the trusted execution environment prohibits external access of the aggregation gateway, the device comprises:
a negotiation unit for negotiating an encryption key K with the control center so that the aggregation gateway and the control center share the encryption key K; when any one of the Internet of things equipment is monitored to be connected to the Internet of things, negotiating with the Internet of things equipment under a trusted execution environment to complete initialization, so that the time of the aggregation gateway is synchronous with the time of the Internet of things equipment, and the local counter value of the aggregation gateway is synchronous with the local counter value of the Internet of things equipment;
the receiving unit is used for receiving the data to be aggregated sent by any Internet of things equipment, and if the counter value and the timestamp carried by the data to be aggregated are found to pass verification in the trusted execution environment, the private key PK of the aggregation gateway is used AG Decrypting ciphertext carried by the data to be aggregated to obtain the data of the Internet of things; any one of the Internet of things equipment increases the local counter value by a set value when sending data to be aggregated; any data to be aggregated sent by the Internet of things equipment at least carries ciphertext, a local timestamp of the Internet of things equipment and a local latest counter value; ciphertext is public key PK using aggregation gateway AG Encrypting the Internet of things data, wherein the Internet of things data comprises first-class data and second-class data; the first type of data is sensitive data to be protected, and the second type of data is non-sensitive data;
the aggregation unit is used for respectively carrying out appointed encryption processing on the first type data of the n pieces of internet of things equipment under the data desensitization requirement under the trusted execution environment, aggregating the second type data of the n pieces of internet of things equipment and the processed first type data, encrypting an aggregation result by using the encryption key K to obtain a target ciphertext, and sending the target ciphertext to the control center so that the control center can decrypt the target ciphertext by using the encryption key K; the n pieces of internet of things equipment refer to the internet of things equipment with a local latest counter value which is a designated value and carried by the transmitted data to be aggregated, and n is larger than 1.
9. An electronic device, characterized in that the electronic device comprises: a processor and a memory;
wherein the memory is configured to store machine-executable instructions;
the processor is configured to read and execute the machine executable instructions stored in the memory to implement the steps in the method according to any one of claims 1 to 7.
10. A computer program product, characterized in that the computer program product has stored therein a computer program which, when executed by a processor, implements the method of any of claims 1-7.
CN202410077636.XA 2024-01-18 2024-01-18 Intelligent Internet of things data aggregation method and device based on data desensitization Active CN117596083B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410077636.XA CN117596083B (en) 2024-01-18 2024-01-18 Intelligent Internet of things data aggregation method and device based on data desensitization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410077636.XA CN117596083B (en) 2024-01-18 2024-01-18 Intelligent Internet of things data aggregation method and device based on data desensitization

Publications (2)

Publication Number Publication Date
CN117596083A CN117596083A (en) 2024-02-23
CN117596083B true CN117596083B (en) 2024-04-12

Family

ID=89917016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410077636.XA Active CN117596083B (en) 2024-01-18 2024-01-18 Intelligent Internet of things data aggregation method and device based on data desensitization

Country Status (1)

Country Link
CN (1) CN117596083B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995843A (en) * 2018-01-02 2019-07-09 ***通信有限公司研究院 A kind of terminal verification method and device based on narrowband Internet of Things
CN110474921A (en) * 2019-08-28 2019-11-19 中国石油大学(北京) A kind of perception layer data fidelity method towards local Internet of Things
CN111385306A (en) * 2020-03-18 2020-07-07 重庆邮电大学 Anonymous authentication method and system based on tamper-proof equipment in smart power grid
CN113079132A (en) * 2021-02-26 2021-07-06 西安电子科技大学 Mass Internet of things equipment authentication method, storage medium and information data processing terminal
CN114143117A (en) * 2022-02-08 2022-03-04 阿里云计算有限公司 Data processing method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201413836D0 (en) * 2014-08-05 2014-09-17 Arm Ip Ltd Device security apparatus and methods
US11228434B2 (en) * 2019-03-20 2022-01-18 Zettaset, Inc. Data-at-rest encryption and key management in unreliably connected environments

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995843A (en) * 2018-01-02 2019-07-09 ***通信有限公司研究院 A kind of terminal verification method and device based on narrowband Internet of Things
CN110474921A (en) * 2019-08-28 2019-11-19 中国石油大学(北京) A kind of perception layer data fidelity method towards local Internet of Things
CN111385306A (en) * 2020-03-18 2020-07-07 重庆邮电大学 Anonymous authentication method and system based on tamper-proof equipment in smart power grid
CN113079132A (en) * 2021-02-26 2021-07-06 西安电子科技大学 Mass Internet of things equipment authentication method, storage medium and information data processing terminal
CN114143117A (en) * 2022-02-08 2022-03-04 阿里云计算有限公司 Data processing method and device
WO2023151479A1 (en) * 2022-02-08 2023-08-17 阿里云计算有限公司 Data processing method, and device

Also Published As

Publication number Publication date
CN117596083A (en) 2024-02-23

Similar Documents

Publication Publication Date Title
Checkoway et al. A systematic analysis of the Juniper Dual EC incident
EP3318043B1 (en) Mutual authentication of confidential communication
EP3257227B1 (en) Confidential communication management
US10027654B2 (en) Method for authenticating a client device to a server using a secret element
US11349675B2 (en) Tamper-resistant and scalable mutual authentication for machine-to-machine devices
Cohney et al. Pseudorandom black swans: Cache attacks on CTR_DRBG
EP2423843A1 (en) Secure field-programmable gate array (FPGA) architecture
CN111708991A (en) Service authorization method, service authorization device, computer equipment and storage medium
EP3694243A1 (en) Method and device for network connection authentication
CN110891061B (en) Data encryption and decryption method and device, storage medium and encrypted file
CN113691502B (en) Communication method, device, gateway server, client and storage medium
US20170244566A1 (en) Component for connecting to a data bus, and methods for implementing a cryptographic functionality in such a component
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
Schläpfer et al. Security on IoT devices with secure elements
Hu et al. Gatekeeper: A gateway-based broadcast authentication protocol for the in-vehicle Ethernet
US11496287B2 (en) Privacy preserving fully homomorphic encryption with circuit verification
CN115348023A (en) Data security processing method and device
CN115549910B (en) Data transmission method, equipment and storage medium
CN117596083B (en) Intelligent Internet of things data aggregation method and device based on data desensitization
CN114338091B (en) Data transmission method, device, electronic equipment and storage medium
US20230068650A1 (en) Method for testing if a data element belongs to a list of reference data elements
CN114553566A (en) Data encryption method, device, equipment and storage medium
EP3800825A1 (en) Method and device for configuring alias credential
CN114866409B (en) Password acceleration method and device based on password acceleration hardware
Tritilanunt et al. A secure authentication protocol using HOTP on USB storage devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant