[go: up one dir, main page]

WO2019010793A1 - Procédé et dispositif de chiffrement basé sur une période de temps concernant des données reçues par un point d'accès de l'internet des objets - Google Patents

Procédé et dispositif de chiffrement basé sur une période de temps concernant des données reçues par un point d'accès de l'internet des objets Download PDF

Info

Publication number
WO2019010793A1
WO2019010793A1 PCT/CN2017/100763 CN2017100763W WO2019010793A1 WO 2019010793 A1 WO2019010793 A1 WO 2019010793A1 CN 2017100763 W CN2017100763 W CN 2017100763W WO 2019010793 A1 WO2019010793 A1 WO 2019010793A1
Authority
WO
WIPO (PCT)
Prior art keywords
internet
data packet
things
things terminal
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/100763
Other languages
English (en)
Chinese (zh)
Inventor
杜光东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenglu IoT Communication Technology Co Ltd
Original Assignee
Shenzhen Shenglu IoT Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shenglu IoT Communication Technology Co Ltd filed Critical Shenzhen Shenglu IoT Communication Technology Co Ltd
Publication of WO2019010793A1 publication Critical patent/WO2019010793A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities

Definitions

  • the present invention claims the prior application priority of the application number No. 201710569500.0, which is filed on July 13, 2017, entitled “Scheduled Period Encryption Method and Apparatus for IoT Access Point Receiving Data", and the content of the above prior application is introduced. The way is incorporated into this text.
  • the present application relates to the field of communications, and in particular, to a time-phase encryption method and apparatus for receiving data by an access point (AP).
  • AP access point
  • the Internet of Things is an important part of the new generation of information technology, and an important stage of development in the era of "informatization.” Its English name is: “Internet of things (IoT)". As the name suggests, the Internet of Things is the Internet that connects things. This has two meanings: First, the core and foundation of the Internet of Things is still the Internet, which is an extended and extended network based on the Internet; Second, its client extends and extends to any item and item for information. Exchange and communication, that is, things and things. The Internet of Things is widely used in the convergence of networks through communication-aware technologies such as intelligent sensing, identification technology and pervasive computing. It is also called the third wave of the development of the world information industry after computers and the Internet.
  • the Internet of Things is the application expansion of the Internet. It is not so much that the Internet of Things is a network, but the Internet of Things is a business and application. Therefore, application innovation is the core of the development of the Internet of Things. Innovation 2.0 with user experience as the core is the soul of the development of the Internet of Things.
  • the Internet of Things solves the interconnection between objects and the exchange of data between objects.
  • the existing Internet of Things is connected to the Internet based on IoT access points when the Internet is connected.
  • the existing IoT APs receive corresponding data. After the data is not encrypted, the data will be encrypted, which will easily lead to the leakage of the Internet of Things devices, resulting in leakage of user privacy data, and the user experience is not high.
  • the application provides a time-phase encryption method for receiving data by an Internet of Things AP. Can improve the Internet of Things Data security and improved user experience.
  • a time-phase encryption method for receiving data by an Internet of Things AP comprising the following steps:
  • the IoT access point extracts a sending time of the data packet, and determines a working period of the Internet of Things terminal of the Internet of Things terminal according to the sending time, according to the working time of the Internet of Things terminal in a pre-configured Internet of Things a working period of the terminal and a first encryption unit corresponding to the working period of the Internet of Things terminal in the encryption unit mapping table;
  • the IoT access point invokes the first encryption unit to perform encryption processing on the data packet
  • the IoT access point sends the encrypted data packet to the gateway.
  • the method may further include: before the IoT access point sends the encrypted data packet to the gateway:
  • the alternate encryption unit of the first encryption unit is invoked to encrypt the data packet.
  • the requesting, by the IoT access point, the first encryption unit to perform encryption processing on the data packet includes:
  • the IoT access point extracts an 8-digit number from the media access terminal media access control MAC address according to an extraction policy corresponding to the working period of the Internet of Things terminal, and sequentially processes the 8-digit number and the sending time. Connecting together to obtain a numeric string, dividing the digit string by a set integer to obtain a value of the first remainder, and extracting a first value corresponding to the value of the first remainder from a mapping relationship between the pre-stored number and the public key The public key, the first encryption unit encrypts the data packet by using the first public key.
  • the requesting, by the IoT access point, the first encryption unit to perform encryption processing on the data packet includes:
  • the 8-bit numbers are combined in order and divided by 11 to obtain a remainder.
  • the public key corresponding to the remainder is selected from the 11 public keys stored in advance, and the data packet is encrypted by the public key.
  • the extraction strategy is specific, including:
  • MAC address of the Internet of Things terminal in the order of the serial number of the working period of the Internet of Things terminal The address is extracted from 8 digits and 8 digits.
  • the set integer is an integer greater than or equal to 6 and less than or equal to 11.
  • a time-slot encryption device for receiving data by an Internet of Things AP, and the device includes:
  • a receiving unit configured to receive a data packet sent by the Internet of Things terminal
  • a processing unit configured to extract a sending time of the data packet, determine, according to the sending time, a working period of the Internet of Things terminal of the Internet of Things terminal, according to a working time period of the Internet of Things terminal, in a pre-configured Internet of Things terminal
  • the first encryption unit corresponding to the working period of the Internet of Things terminal is queried in the working period and the encryption unit mapping table; the access point invokes the first encryption unit to perform encryption processing on the data packet;
  • a sending unit configured to send the encrypted data packet to the gateway.
  • the processing unit is configured to: when the first encryption unit fails to encrypt the data packet, invoke the alternate encryption unit of the first encryption unit to encrypt the data packet.
  • the processing unit is configured to extract an 8-bit number from the MAC address of the Internet of Things terminal according to an extraction policy corresponding to a working period of the Internet of Things terminal, and use the 8-bit number and the sending time.
  • the first public key, the first encryption unit encrypts the data packet by using the first public key.
  • the extraction strategy is specific, including:
  • the 8-bit number is extracted from the MAC address of the Internet of Things terminal in the order of the serial number of the working period of the Internet of Things terminal.
  • the set integer is an integer greater than or equal to 6 and less than or equal to 11.
  • a computer storage medium can store a program, and the program includes some or all of the time-phase encryption method of receiving any data of the Internet of Things AP according to the first aspect described above. step.
  • an access point device comprising: one or more processors, a memory, a bus system, a transceiver, and one or more programs, the processor, the memory, and The transceiver is coupled by the bus system; wherein the one or more programs are stored in the memory, and the one or more programs include instructions that, when executed by an access point, cause an access point to execute All of the first aspect and the first aspect described above are possible to design any of the provided methods.
  • the AP queries the first encryption unit corresponding to the working period of the Internet of Things terminal according to the working time of the Internet of Things terminal, and uses the first encryption unit to pair the data.
  • the IoT terminal does not need to configure encryption. All encryption settings are in the AP.
  • This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, because of its AP.
  • the following can connect a large number of IoT terminals, and only the configuration of the AP can reduce the overall cost of the Internet of Things.
  • the computing power of the AP is generally stronger than that of the Internet of Things terminals, so that the data transmission can be reduced when the encryption unit is operated. Delay, reduce network latency and improve user experience.
  • FIG. 1 is a schematic flow chart of an AP-based data routing method
  • FIG. 2 is a transmission flow chart of an IoT terminal transmitting a data packet to an AP
  • FIG. 3 is a flow chart of a time-phase encryption method for receiving data by an Internet of Things AP
  • FIG. 4 is a schematic diagram of a technical scenario provided by an embodiment of the present application.
  • FIG. 5 is a schematic diagram of a mapping relationship provided by an embodiment of the present application.
  • FIG. 6 is a schematic flowchart of a time-phase encryption method for receiving data by an Internet of Things AP according to another embodiment of the present application
  • FIG. 7 is a schematic structural diagram of a time-slot encryption apparatus for receiving data by an Internet of Things AP provided by the present application
  • FIG. 8 is a schematic structural diagram of a hardware of a gateway provided by the present application.
  • Computer device also referred to as “computer” in the context, is meant an intelligent electronic device that can perform predetermined processing, such as numerical calculations and/or logical calculations, by running a predetermined program or instruction, which can include a processor and The memory is executed by the processor to execute a predetermined process pre-stored in the memory to execute a predetermined process, or is executed by hardware such as an ASIC, an FPGA, a DSP, or the like, or a combination of the two.
  • Computer devices include, but are not limited to, servers, personal computers, notebook computers, tablets, smart phones, and the like.
  • first first
  • second second
  • first first
  • second second
  • a time-phase encryption method for receiving data by an Internet of Things access point AP is provided.
  • the method is applied to the Internet of Things network as shown in FIG. 1.
  • the Internet of Things includes: an Internet of Things terminal 10, an Internet of Things access point AP20, and a gateway 30.
  • the situation may have different manifestations.
  • the Internet of Things terminal may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions, such as a smart TV, a smart air conditioner, a smart water bottle or
  • the IoT terminal 10 is connected to the AP 20 in a wireless manner, and the AP 20 accesses the Internet through the gateway 30 through another mode (that is, a connection mode different from the wireless mode).
  • the wireless mode includes but is not limited to: Bluetooth, WIFI, etc., the other way may be LTE or wired, the above gateway specific It can be a mobile base station, a mobile relay station, a switch, and the like.
  • the wired mode is taken as an example, and for convenience of representation, only one solid line is shown here.
  • the above-mentioned gateway 30 may be a personal computer (PC) according to the size of the Internet of Things. In practice, it may be a plurality of PCs, servers, or server groups. The specific embodiment of the present invention is not limited. The specific manifestation of the above gateway 30.
  • PC personal computer
  • FIG. 2 is a transmission flowchart of uplink data transmission of an Internet of Things AP, as shown in FIG. 2, the process includes:
  • Step S201 the Internet of Things terminal 10 sends the data packet to be sent to the AP20 by wireless;
  • Step S202 AP20 forwards the data packet to the gateway 30;
  • Step S203 The gateway 30 transmits the data packet to the Internet.
  • FIG. 3 is a time-phase encryption method for receiving data by an Internet of Things AP according to the present invention.
  • the method is implemented under the network architecture shown in FIG. 4, as shown in FIG.
  • An Internet of Things terminal the AP may be a mobile phone that opens a hotspot, a personal computer that provides a wireless connection, or a conventional hotspot device such as a router.
  • the method is as shown in FIG. 3, and includes the following steps:
  • Step S301 The Internet of Things terminal sends a data packet to the AP20.
  • the object-to-network terminal in the above step S301 may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions, such as a smart TV, a smart air conditioner, a smart water bottle, a smart light, a smart switch, or Some IoT smart devices.
  • the manner in which the Internet of Things terminal sends a data packet to the AP 20 may be a method of sending a data packet by using a wireless connection, including but not limited to: Bluetooth, Wireless Fidelity (WIFI), or Zigbee.
  • a wireless connection including but not limited to: Bluetooth, Wireless Fidelity (WIFI), or Zigbee.
  • WIFI Wireless Fidelity
  • Zigbee Zigbee
  • the Internet of Things and APs here are only for wireless APs, because for the Internet of Things, the number of devices accessed by them is large.
  • the connection is through a wired connection, the number of APs to access first will be The limitation is, and for the family, the wired connection is unimaginable for the wiring of the home user, and the cost of the cable is also very high, so the Internet of Things terminal and the AP in the technical solution of the present invention The connection between them is limited to wireless connections.
  • Step S302 The AP20 extracts a sending time of the data packet, and determines a working period of the Internet of Things terminal of the Internet of Things terminal according to the sending time, according to a working period of the Internet of Things terminal, a working period and an encryption unit of the pre-configured IoT terminal.
  • the first encryption unit corresponding to the working period of the Internet of Things terminal is queried in the mapping table.
  • the type of the Internet of Things terminal in the above step S302 can be set according to the situation of the device.
  • the IoT terminal can specifically include: a smart electric light, a smart television, a smart cleaning device, a smart sleep device, an intelligent monitoring device, etc.
  • the form of performance can be various, for example, for a smart electric lamp, including but not limited to: a smart table lamp, a smart ceiling lamp, a smart wall lamp, etc., for example, for a smart TV, it can be a Samsung smart TV, of course It can also be a Sharp smart TV.
  • a smart cleaning device it can be a smart sweeping robot.
  • a smart vacuum cleaner for example, for a smart sleep device
  • a smart garbage processor for example, for a smart sleep device
  • the smart mattress for the smart mattress, the smart sofa, and the like
  • the smart monitoring device it may be an intelligent sphygmomanometer, a smart thermometer, etc., and the specific form, number, or type of the above-mentioned Internet of Things terminal is not limited.
  • mapping may be a one-to-one mapping, or may be a one-to-many mapping.
  • the AP 20 configures a plurality of mapping tables between the working time period and the encryption unit, and the mapping relationship between the working time period of each mapping table and the encryption unit is different, and the AP 20 receives the update instruction sent by the gateway, and the update is performed.
  • the instruction includes an identifier of the updated mapping table and an update time, and the AP 20 adopts the updated mapping table when the update time arrives.
  • AP20 The original mapping table and the updated mapping table can be simultaneously enabled to call two encryption units, and the two encryption units respectively encrypt the data to obtain the first encrypted data packet and the second encrypted data packet are sent to the gateway, and the AP 20 receives the gateway return.
  • the response message of the first encrypted data packet starts a mapping relationship corresponding to the first encryption unit of the first encrypted data packet.
  • This technical solution is to update and maintain the mapping relationship, which can improve security, because the fixed mapping relationship has a high possibility of leaking, which affects security, and periodically updates and maintains the mapping relationship, and all the mapping relationships are leaked in time.
  • the update and maintenance have a gateway to control, so it is not known that the time to start the mapping relationship cannot decrypt the corresponding data packet, so it improves security.
  • the encryption unit in the foregoing step S302 may be specifically a hardware encryption unit that is configured in the AP, and includes an encryption algorithm preset by the manufacturer.
  • the encryption unit may also be a software encryption unit configured in the AP. The invention does not limit the specific expression of the above encryption unit.
  • the encryption algorithm includes, but is not limited to, a triple data encryption algorithm (English: riple Data Encryption Algorithm, 3DES), a message digest algorithm (MD5), or an encryption algorithm such as RSA.
  • 3DES is a generic term for triple-data encryption algorithm block cipher. It is equivalent to applying three DES encryption algorithms to each data block. Due to the enhancement of computer computing power, the key length of the original DES cipher becomes easy to be brute-forced; 3DES is Designed to provide a relatively simple way to avoid similar attacks by increasing the key length of DES.
  • Step S303 The AP20 invokes the first encryption unit to perform encryption processing on the data packet.
  • the implementation method of the foregoing step S303 may specifically be:
  • the AP 20 invokes the 3DES encryption unit to perform 3DES encryption processing on the data packet.
  • the AP 20 invokes the RAS encryption unit to perform RAS encryption processing on the data packet.
  • the AP 20 invokes the MD5 encryption unit to perform MD5 encryption processing on the data packet.
  • the implementation method of the foregoing step S303 may specifically be:
  • the AP20 invokes the first encryption unit to perform encryption processing on the data packet. If the encryption succeeds, the subsequent step S304 is performed. If the encryption is unsuccessful, the standby encryption unit of the first encryption unit is called to the data. The packet is encrypted and the alternate encryption unit identifier is added to the header extension field of the encrypted packet.
  • Step S304 The AP20 sends the encrypted data packet to the gateway.
  • the implementation method of the above step S304 can be:
  • the encrypted data packet is sent to the gateway.
  • the IoT terminal is connected to the AP through the WIFI, and the AP20 can send the data packet to the gateway through the wired mode.
  • the AP20 can also pass the long-term. Evolution (English: Long Term Evolution, LTE) sends the encrypted data packet to the gateway.
  • LTE Long Term Evolution
  • the foregoing LTE or limited mode and the manner in which the Internet of Things terminal is connected to the AP through the WIFI are merely for illustrative purposes, and the present invention does not limit the specific manner of the foregoing connection.
  • the AP queries the encryption unit corresponding to the working period of the Internet of Things terminal according to the working period of the Internet of Things terminal of the Internet of Things terminal, and the encryption unit Data is encrypted.
  • the IoT terminal does not need to configure encryption. All encryption settings are in the AP.
  • This method can effectively reduce the cost of the IoT terminal, and for the entire Internet of Things, because of its A number of IoT terminals can be connected under the AP.
  • the AP configuration alone can also reduce the overall cost of the Internet of Things.
  • the computing power is generally stronger than the IoT terminal, so the data transmission can be reduced when the encryption unit is operated. The delay reduces the latency of the network and improves the user experience.
  • FIG. 6 is a time-phase encryption method for receiving data of an Internet of Things AP according to the present invention.
  • the method is implemented in a network architecture as shown in FIG. 4, as shown in FIG.
  • An Internet of Things terminal, the AP may be a mobile phone that opens a hotspot, a personal computer that provides a wireless connection, and the like.
  • the method is as shown in FIG. 6 and includes the following steps:
  • Step S601 The Internet of Things terminal sends a data packet to the AP20.
  • the IoT terminal in the above step S601 may specifically be: a mobile phone, a tablet computer, a computer, etc., of course, it may also include other devices with networking functions, such as a smart TV, a smart air conditioner, a smart water bottle, a smart light, a smart switch, or Some IoT smart devices.
  • the manner in which the Internet of Things terminal sends a data packet to the AP 20 may be wireless.
  • the method of connecting sends a data packet, including but not limited to: wireless mode such as Bluetooth, Wireless Fidelity (WIFI) or Zigbee, wherein the WIFI needs to comply with the IEEE802.11b standard.
  • wireless mode such as Bluetooth, Wireless Fidelity (WIFI) or Zigbee, wherein the WIFI needs to comply with the IEEE802.11b standard.
  • the Internet of Things and APs here are only for wireless APs, because for the Internet of Things, the number of devices accessed by them is large.
  • the connection is through a wired connection, the number of APs to access first will be The limitation is, and for the family, the wired connection is unimaginable for the wiring of the home user, and the cost of the cable is also very high, so the Internet of Things terminal and the AP in the technical solution of the present invention The connection between them is limited to wireless connections.
  • Step S602 The AP20 extracts a sending time of the data packet, and determines a working period of the Internet of Things terminal of the Internet of Things terminal according to the sending time, according to a working period of the Internet of Things terminal, a working period and an encryption unit of the pre-configured IoT terminal.
  • the first encryption unit corresponding to the working period of the Internet of Things terminal is queried in the mapping table.
  • the type of the Internet of Things terminal in the above step S602 can be set according to the situation of the device.
  • the IoT terminal can include: a smart light, a smart TV, a smart cleaning device, a smart sleep device, an intelligent monitoring device, etc.
  • the form of performance can be various, for example, for a smart electric lamp, including but not limited to: a smart table lamp, a smart ceiling lamp, a smart wall lamp, etc., for example, for a smart TV, it can be a Samsung smart TV, of course It can also be a Sharp smart TV.
  • a smart cleaning device it can be a smart sweeping robot.
  • a smart vacuum cleaner for example, for a smart sleep device
  • a smart garbage processor for example, for a smart sleep device
  • the smart mattress for the smart mattress, the smart sofa, and the like
  • the smart monitoring device it may be an intelligent sphygmomanometer, a smart thermometer, etc., and the specific form, number, or type of the above-mentioned Internet of Things terminal is not limited.
  • mapping may be a one-to-one mapping, or may be a one-to-many mapping.
  • the cryptographic unit in the foregoing step S602 may be a hardware cryptographic unit that is configured in the AP, and includes an encryption algorithm preset by the manufacturer.
  • the cryptographic unit may also be a software cryptographic unit configured in the AP. The invention does not limit the specific expression of the above encryption unit.
  • the foregoing encryption algorithm includes, but is not limited to, an encryption algorithm such as 3DES, MD5 or RSA, and the present invention is not limited to a specific encryption algorithm.
  • Step S603 The AP20 extracts an 8-digit number from the Internet Access Control (MAC) address of the Internet of Things terminal according to the extraction policy corresponding to the working period of the Internet of Things terminal, and the 8-digit number and the sending time. Connected in order to obtain a numeric string, the number is divided by a set integer (specifically, an integer greater than or equal to 6 and less than or equal to 11) to obtain the value of the first remainder, from the pre-stored digital and public key mapping relationship Extracting the first public key corresponding to the value of the first remainder, and invoking the first encryption unit to perform encryption processing on the data packet by using the first public key;
  • MAC Internet Access Control
  • multiple public keys need to be pre-configured in the AP. Since the integer here is 11 as an example, 11 public keys need to be configured, and 11 private keys are configured on the network side device.
  • the public key and the private key are Invariably, in this way, we can extract the 8-digit number of the MAC address according to the working period of the IoT terminal. For example, the time can be divided into 6 time periods according to the number of days, and the 8 numbers are extracted according to the sending time, and the extracted rules are extracted.
  • the first Internet of Things terminal working period extracts the first 8 bits of the number
  • the second Internet of Things terminal's working period extracts the 9-18th digit number
  • the numbers are connected in order and divided by 11, and the value corresponding to the obtained remainder determines the public key corresponding to the remainder of the 11 public keys, and the data packet is encrypted by the public key, and also on the network side device.
  • this method has a variety of advantages, priority, for the eavesdropper, it must be known to use that encryption unit to encrypt, in addition, it needs to know the specific private key, for private For the key and the public key, since it uses the MAC address, the MAC address is variability according to the IEEE802.11, so it has certain confidentiality. Processing, so it is more secure.
  • the implementation method of the foregoing step S603 may specifically be:
  • the AP 20 invokes the 3DES encryption unit to perform 3DES encryption processing on the data packet.
  • the AP 20 invokes the RAS encryption unit to perform RAS encryption processing on the data packet.
  • the AP 20 invokes the MD5 encryption unit to perform MD5 encryption processing on the data packet.
  • the implementation method of the foregoing step S603 may specifically be:
  • the AP20 invokes the first encryption unit to perform encryption processing on the data packet. If the encryption succeeds, the subsequent step S304 is performed. If the encryption is unsuccessful, the standby encryption unit of the first encryption unit is invoked to encrypt the data packet, and the standby encryption is used. The unit ID is added to the header extension field of the encrypted packet.
  • Step S604 The AP20 sends the encrypted data packet to the gateway.
  • the implementation method of the above step S304 can be:
  • the encrypted data packet is sent to the gateway.
  • the IoT terminal is connected to the AP through the WIFI, and the AP20 can send the data packet to the gateway through the wired mode.
  • the AP20 can also pass the long-term. Evolution (English: Long Term Evolution, LTE) sends the encrypted data packet to the gateway.
  • LTE Long Term Evolution
  • the foregoing LTE or limited mode and the manner in which the Internet of Things terminal is connected to the AP through the WIFI are merely for illustrative purposes, and the present invention does not limit the specific manner of the foregoing connection.
  • the technical solution adopted by the invention has the advantage of high safety.
  • the foregoing method may further include:
  • the IoT access point invokes the first encryption unit to perform unsuccessful encryption, and the IoT access point invokes a backup encryption unit of the first encryption unit to encrypt the data packet, and the standby encryption unit identifier is added.
  • FIG. 7 is a time-slot encryption apparatus 700 for receiving data by an Internet of Things AP, and the apparatus includes:
  • the receiving unit 701 is configured to receive a data packet sent by the Internet of Things terminal;
  • the processing unit 702 is configured to extract a sending time of the data packet, determine a working period of the Internet of Things terminal of the Internet of Things terminal according to the sending time, and pre-configure the Internet of Things terminal according to the working period of the Internet of Things terminal. a working period and a first encryption unit corresponding to the working period of the Internet of Things terminal in the encryption unit mapping table; the access point invoking the first encryption unit to perform encryption processing on the data packet;
  • the sending unit 703 is configured to send the encrypted data packet to the gateway.
  • the processing unit 702 is specifically configured to: when the first encryption unit fails to encrypt the data packet, invoke the alternate encryption unit of the first encryption unit to encrypt the data packet.
  • the processing unit 702 is configured to extract an 8-bit number from the MAC address of the Internet of Things terminal according to an extraction policy corresponding to the working period of the Internet of Things terminal, and sequentially output the 8-digit number and the sending time. Connecting together to obtain a numeric string, dividing the digit string by a set integer to obtain a value of the first remainder, and extracting a first public key corresponding to the value of the first remainder from a plurality of pre-stored public keys, The first encryption unit encrypts the data packet by using the first public key.
  • the extraction strategy is specific, including:
  • the 8-bit number is extracted from the MAC address of the Internet of Things terminal in the order of the serial number of the working period of the Internet of Things terminal.
  • the set integer is an integer greater than or equal to 6 and less than or equal to 11.
  • FIG. 8 is an IoT access point 800 provided by the present invention.
  • the IoT access point may be a node deployed in an Internet system, and the Internet system may further include: an Internet of Things terminal and an Internet of Things connection.
  • the access point and gateway, the Internet of Things access point 800 includes but is not limited to: a computer, a server, etc., as shown in FIG.
  • the IoT access point 800 includes: a processor 801, a memory 802, a transceiver 803, and a bus. 804.
  • the transceiver 803 is configured to transmit and receive data with an external device (eg, other devices in the interconnection system, including but not limited to: a repeater, a core network device, etc.).
  • the number of processors 801 in the Internet of Things access point 800 can be one or more.
  • processor 801, memory 802, and transceiver 803 may be connected by a bus system or other means.
  • FIG. 3 or FIG. 6 For the meanings and examples of the terms involved in this embodiment, reference may be made to the corresponding embodiment of FIG. 3 or FIG. 6 , and details are not described herein again.
  • the program code can be stored in the memory 802.
  • the processor 801 is configured to call program code stored in the memory 802 for performing the following operations:
  • the transceiver 803 is configured to receive a data packet sent by the Internet of Things terminal;
  • the processor 801 is configured to identify the type of the Internet of Things terminal, and query the working period of the Internet of Things terminal in the working period of the pre-configured IoT terminal and the encryption unit mapping table according to the working period of the Internet of Things terminal. And corresponding to the first encryption unit, invoking the first encryption unit to perform encryption processing on the data packet.
  • the transceiver 803 is further configured to send the encrypted data packet to the gateway.
  • processor 801 and the transceiver 803 are further configured to perform the refinement and the steps of the steps and steps in the embodiment shown in FIG. 3 or FIG. 6.
  • the processor 801 herein may be a processing component or a general term of multiple processing components.
  • the processing component may be a central processing unit (CPU), an application specific integrated circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present application.
  • CPU central processing unit
  • ASIC application specific integrated circuit
  • DSPs digital singal processors
  • FPGAs Field Programmable Gate Arrays
  • the memory 802 may be a storage device or a collective name of a plurality of storage elements, and is used to store executable program code or parameters, data, and the like required for the application running device to operate.
  • the memory 903 may include random access memory (RAM), and may also include non-volatile memory such as a magnetic disk memory, a flash memory, or the like.
  • the bus 804 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus.
  • ISA Industry Standard Architecture
  • PCI Peripheral Component
  • EISA Extended Industry Standard Architecture
  • the bus can be divided into an address bus, a data bus, a control bus, and the like.
  • the bus is represented by only one thick line, but does not mean that there is only one bus or one type of bus.
  • the user equipment may also include input and output devices coupled to bus 804 for connection to other portions, such as processor 801, via a bus.
  • the input/output device can provide an input interface for the operator, so that the operator can select the control item through the input interface, and can also be other interfaces through which other devices can be externally connected.
  • the storage medium may include: a flash drive, a read-only memory (English: Read-Only Memory, ROM for short), a random access memory (English: Random Access Memory, RAM for short), a magnetic disk or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

La présente invention concerne un procédé et un dispositif de chiffrement basé sur une période de temps concernant des données reçues par un point d'accès (AP) de l'internet des objets, le procédé comprenant les étapes suivantes : le point d'accès de l'internet des objets reçoit un paquet de données envoyé par un terminal de l'internet des objets ; le point d'accès de l'internet des objets extrait le moment auquel le paquet de données est envoyé, détermine, en fonction du moment d'envoi, une période de temps de travail du terminal de l'internet des objets, et en fonction de la période de temps de travail du terminal de l'internet des objets, interroge, à partir d'une table de mappage pré-configurée entre des périodes de temps de travail du terminal de l'internet des objets et des unités de chiffrement, une première unité de chiffrement correspondant à la période de temps de travail du terminal de l'internet des objets ; le point d'accès de l'internet des objets demande à la première unité de chiffrement d'effectuer un traitement de chiffrement du paquet de données ; et le point d'accès de l'internet des objets envoie le paquet de données chiffrées à une passerelle. La solution technique selon la présente invention présente les avantages d'une sécurité élevée et d'une meilleure expérience utilisateur.
PCT/CN2017/100763 2017-07-13 2017-09-06 Procédé et dispositif de chiffrement basé sur une période de temps concernant des données reçues par un point d'accès de l'internet des objets Ceased WO2019010793A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710569500.0A CN107483203B (zh) 2017-07-13 2017-07-13 物联网接入点接收数据的分时段加密方法及装置
CN201710569500.0 2017-07-13

Publications (1)

Publication Number Publication Date
WO2019010793A1 true WO2019010793A1 (fr) 2019-01-17

Family

ID=60596479

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/100763 Ceased WO2019010793A1 (fr) 2017-07-13 2017-09-06 Procédé et dispositif de chiffrement basé sur une période de temps concernant des données reçues par un point d'accès de l'internet des objets

Country Status (2)

Country Link
CN (1) CN107483203B (fr)
WO (1) WO2019010793A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113329399A (zh) * 2020-02-28 2021-08-31 阿里巴巴集团控股有限公司 数据传输、配网与管理方法、设备、系统及存储介质
CN114585048B (zh) * 2022-03-11 2023-12-08 可瑞尔科技(扬州)有限公司 一种多设备分时连入WiFi的控制方法、装置、设备及介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090222659A1 (en) * 2008-03-03 2009-09-03 Sony Corporation Communication device and communication method
CN104135366A (zh) * 2013-05-03 2014-11-05 北大方正集团有限公司 数据认证系统和数据认证方法
CN104780531A (zh) * 2014-01-15 2015-07-15 佳能株式会社 通信装置及其控制方法
CN105075342A (zh) * 2013-02-22 2015-11-18 诺基亚技术有限公司 用于分配负载的方法和装置

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006038591B4 (de) * 2006-08-17 2008-07-03 Siemens Ag Verfahren und Anordnung zum Bereitstellen eines drahtlosen Mesh-Netzwerks
CN101166088A (zh) * 2007-09-27 2008-04-23 航天信息股份有限公司 基于用户身份标识的加解密方法
CN101431455B (zh) * 2007-11-09 2011-03-23 北京华旗资讯数码科技有限公司 可实现无线局域网的保密通信的方法
JP2012009928A (ja) * 2010-06-22 2012-01-12 Toshiba Corp 暗号演算装置、記憶装置および暗号演算方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090222659A1 (en) * 2008-03-03 2009-09-03 Sony Corporation Communication device and communication method
CN105075342A (zh) * 2013-02-22 2015-11-18 诺基亚技术有限公司 用于分配负载的方法和装置
CN104135366A (zh) * 2013-05-03 2014-11-05 北大方正集团有限公司 数据认证系统和数据认证方法
CN104780531A (zh) * 2014-01-15 2015-07-15 佳能株式会社 通信装置及其控制方法

Also Published As

Publication number Publication date
CN107483203B (zh) 2020-09-04
CN107483203A (zh) 2017-12-15

Similar Documents

Publication Publication Date Title
US11917054B2 (en) Network key processing method and system and related device
EP3748928A1 (fr) Procédé et système pour appareil attendant une configuration de réseau pour accéder à un appareil de réseau de zone d'accès sans fil
WO2018120247A1 (fr) Procédé et dispositif de mise en correspondance de terminal
US20190191301A1 (en) Association Establishment Method in Wireless Local Area Network, Terminal, and Access Point
CN109996260B (zh) 配置系统、客户端设备、嵌入式设备配置方法及存储介质
CN103945369A (zh) 一种通过检查wifi数据包的长度实现wifi设备的上网配置方法
CN112566113B (zh) 密钥生成以及终端配网方法、装置、设备
US12207350B2 (en) System and methods for subscriber identifier authentication and privacy
CN113840266A (zh) 蓝牙配对方法、装置、系统、电子设备和存储介质
CN111787540A (zh) 接入物联网的方法、装置、电子设备及可读存储介质
WO2017133021A1 (fr) Procédé de traitement de sécurité et dispositif pertinent
WO2022183350A1 (fr) Procédé de configuration de réseau pour un dispositif de l'internet des objets, dispositif terminal et dispositif de l'internet des objets
CN113923655B (zh) 基于相邻节点的数据解密接收方法及装置
WO2019019282A1 (fr) Procédé permettant à un terminal de l'internet des objets de chiffrer de manière séquentielle des données, et appareil
CN115942331A (zh) Matter设备的配网方法和系统
WO2018053894A1 (fr) Procédé et dispositif de transfert de point d'accès de l'internet des objets sur la base d'un débit de transmission
WO2019010796A1 (fr) Procédé et dispositif de cryptage par sous-dispositif pour recevoir des données d'ap de l'internet des objets
WO2019019280A1 (fr) Procédé pour terminal de l'internet des objets pour chiffrer des données selon des périodes de temps, et appareil
WO2018053895A1 (fr) Dispositif et procédé de commande de cryptage de données de liaison montante basés sur un type destinés à un point d'accès à l'internet des objets
WO2019010793A1 (fr) Procédé et dispositif de chiffrement basé sur une période de temps concernant des données reçues par un point d'accès de l'internet des objets
CN107360566B (zh) 物联网终端基于类型的上行数据加密控制方法及装置
WO2019015041A1 (fr) Procédé et dispositif de chiffrement par répartition dans le temps pour des données d'un répéteur de l'internet des objets
CN107493571B (zh) 物联网中继器基于类型的上行数据加密控制方法及装置
WO2019015037A1 (fr) Dispositif et procédé fondés sur un point d'accès de l'internet des objets et destinés au chiffrement sélectif
WO2019019287A1 (fr) Procédé et appareil de chiffrement aléatoire de données de terminal de l'internet des objets

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17917372

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 26/05/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17917372

Country of ref document: EP

Kind code of ref document: A1