阅读说明：本技术 一种安全性更高的用于物联网设备的网络安全防护方法 (Network security protection method with higher security for Internet of things equipment ) 是由 孟令明 彭菲 傅思维 高宇 于 2021-07-13 设计创作，主要内容包括：本发明公开了一种安全性更高的用于物联网设备的网络安全防护方法,包括以下步骤,步骤一,系统对数据包进行添加身份标识,目标点首先获取身份标识,然后将所述身份标识发送至策略层,判断信息是否存在威胁；如果是,发出停止接收指令并丢弃数据包；如果否,则向所述目标点发出接收指令；步骤二,所述目标点接收数据包后并对其进行读取,所述目标点读取的同时生成读取日志,所述读取日志记录读取时间以及数据包内容类型；步骤三,所述目标点读取数据包后,对所述数据包内容通过特定算法进行筛选,筛选出所对应的物联网端部设备的执行命令条目,并将所述执行命令条目进行复制备份后保存至本地存储模块,然后控制所述物联网端部设备对执行命令条目进行执行。(The invention discloses a network security protection method for Internet of things equipment with higher security, which comprises the following steps that firstly, a system adds an identity to a data packet, a target point firstly acquires the identity, and then sends the identity to a policy layer to judge whether information has a threat; if yes, sending a receiving stopping instruction and discarding the data packet; if not, sending a receiving instruction to the target point; step two, the target point receives and reads the data packet, a reading log is generated while the target point reads the data packet, and the reading log records reading time and the content type of the data packet; and thirdly, after the target point reads the data packet, screening the content of the data packet through a specific algorithm, screening out an execution command item of the corresponding end equipment of the Internet of things, copying and backing up the execution command item, storing the copied execution command item to a local storage module, and then controlling the end equipment of the Internet of things to execute the execution command item.)

1. A network security protection method for Internet of things equipment with higher security is characterized in that: comprises the following steps of (a) carrying out,

firstly, a system adds an identity identifier to a data packet, when the data packet is transmitted to a target point, the target point firstly obtains the identity identifier attached to the data packet, then sends the identity identifier to a strategy layer, and the strategy layer reads the identity identifier and judges whether the information has a threat; if yes, sending a receiving stopping instruction to the target point and discarding the data packet; if not, sending a receiving instruction to the target point;

step two, the target point receives and reads the data packet, a reading log is generated while the target point reads the data packet, and the reading log records reading time and the content type of the data packet;

and thirdly, after the target point reads the data packet, screening the content of the data packet through a specific algorithm, screening out an execution command item of the corresponding end equipment of the Internet of things, copying and backing up the execution command item, storing the copied execution command item to a local storage module, and then controlling the end equipment of the Internet of things to execute the execution command item.

2. The network security protection method for the internet of things equipment with higher security according to claim 1, wherein the network security protection method comprises the following steps: and the information contained in the identity is encrypted and stored through a specific code, the strategy layer receives the identity and then decrypts the identity, and the decrypted information is sent to the target point.

3. The network security protection method for the internet of things equipment with higher security according to claim 1, wherein the network security protection method comprises the following steps: and the read log is stored after being recorded once and is sent to a cloud server for storage.

4. The network security protection method for the internet of things equipment with higher security according to claim 1, wherein the network security protection method comprises the following steps: the system additionally adds a corresponding secret key to the data packet according to different target points, and the strategy layer firstly compares the secret key sent by the local secret key module and the secret key sent by the system before reading the information of the identity, and then reads the information after the comparison is passed.

Technical Field

The invention relates to the technical field of network security, in particular to a network security protection method with higher security for Internet of things equipment.

Background

The internet of things originates from the field of media, and means that any object is connected with a network through information sensing equipment according to an agreed protocol, and the object performs information exchange and communication through an information transmission medium so as to realize functions of intelligent identification, positioning, tracking, supervision and the like; data transmission and information synchronization are carried out between the existing Internet of things equipment in a wireless or wired network connection mode, and the network safety of the Internet of things equipment has great hidden danger due to the direct connection relationship; in the prior art, the network security of the internet of things generally improves the security degree by methods such as isolating networks or strengthening the complexity degree of passwords, but the methods affect the use efficiency and the cost.

Disclosure of Invention

The purpose of the invention is as follows: in order to overcome the defects in the prior art, the invention provides a network security protection method for Internet of things equipment, which has higher security and can effectively improve the security of the Internet of things equipment when the Internet of things equipment is connected with the Internet.

The technical scheme is as follows: in order to achieve the above object, the network security protection method for internet of things devices with higher security of the present invention includes the following steps,

firstly, a system adds an identity identifier to a data packet, when the data packet is transmitted to a target point, the target point firstly obtains the identity identifier attached to the data packet, then sends the identity identifier to a strategy layer, and the strategy layer reads the identity identifier and judges whether the information has a threat; if yes, sending a receiving stopping instruction to the target point and discarding the data packet; if not, sending a receiving instruction to the target point;

step two, the target point receives and reads the data packet, a reading log is generated while the target point reads the data packet, and the reading log records reading time and the content type of the data packet;

and thirdly, after the target point reads the data packet, screening the content of the data packet through a specific algorithm, screening out an execution command item of the corresponding end equipment of the Internet of things, copying and backing up the execution command item, storing the copied execution command item to a local storage module, and then controlling the end equipment of the Internet of things to execute the execution command item.

Further, the information contained in the identity is encrypted and stored through a specific code, the strategy layer receives the identity and then decrypts the information, and the decrypted information is sent to the target point.

Furthermore, the read log is stored after being recorded once and is sent to the cloud server for storage.

Further, the policy layer is provided with a local key module, the system additionally adds a corresponding key to the data packet according to different target points, before information reading is performed on the identity, the policy layer firstly compares the local key module with a key sent by the system, and after the comparison, information reading is performed.

Has the advantages that: the network security protection method for the Internet of things equipment with higher security can effectively improve the security of the Internet of things equipment when the Internet of things equipment is connected, and comprises the following technical effects:

1) setting a strategy layer to read and evaluate the identity identification, and if the identity identification has a threat, sending a receiving stopping instruction to a target point and discarding a data packet to avoid the target point from being threatened or invaded;

2) the data packet is read through the target point and the read log is generated at the same time, so that the source tracing is facilitated after a safety problem occurs, and the time and the efficiency for solving the problem are improved;

3) the data packet contents are screened through a specific algorithm, the corresponding execution command items of the end equipment of the Internet of things are screened out, then the target points execute the execution command items, and the situation that the equipment is threatened by safety due to the fact that the data packet contents contain dangerous commands can be effectively avoided.

Detailed Description

A network security protection method for equipment of the Internet of things with higher security comprises the following steps,

firstly, a system adds an identity identifier to a data packet, when the data packet is transmitted to a target point, the target point firstly obtains the identity identifier attached to the data packet, then sends the identity identifier to a strategy layer, and the strategy layer reads the identity identifier and judges whether the information has a threat; if yes, sending a receiving stopping instruction to the target point and discarding the data packet; if not, sending a receiving instruction to the target point;

step two, the target point receives and reads the data packet, a reading log is generated while the target point reads the data packet, and the reading log records reading time and the content type of the data packet;

and thirdly, after the target point reads the data packet, screening the content of the data packet through a specific algorithm, screening out an execution command item of the corresponding end equipment of the Internet of things, copying and backing up the execution command item, storing the copied execution command item to a local storage module, and then controlling the end equipment of the Internet of things to execute the execution command item.

And the information contained in the identity is encrypted and stored through a specific code, the strategy layer receives the identity and then decrypts the identity, and the decrypted information is sent to the target point.

And the read log is stored after being recorded once and is sent to a cloud server for storage.

The system additionally adds a corresponding secret key to the data packet according to different target points, and the strategy layer firstly compares the secret key sent by the local secret key module and the secret key sent by the system before reading the information of the identity, and then reads the information after the comparison is passed.

The above description is only of the preferred embodiments of the present invention, and it should be noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention and these are intended to be within the scope of the invention.