WO2011116617A1 - 结合网络及无线传感器网络终端加入网络的方法 - Google Patents
结合网络及无线传感器网络终端加入网络的方法 Download PDFInfo
- Publication number
- WO2011116617A1 WO2011116617A1 PCT/CN2010/080265 CN2010080265W WO2011116617A1 WO 2011116617 A1 WO2011116617 A1 WO 2011116617A1 CN 2010080265 W CN2010080265 W CN 2010080265W WO 2011116617 A1 WO2011116617 A1 WO 2011116617A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- wireless sensor
- wsn terminal
- sensor network
- network
- gateway
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Definitions
- the invention relates to a network technology, in particular to a combined network and a wireless sensor network
- wireless sensor networks are a new information acquisition and processing technology. Due to recent improvements in microfabrication technology, communication technology, and battery technology, tiny sensor terminals have the ability to sense, wirelessly communicate and process information. Such sensor terminals can not only sense and detect the target of the environment and its changes, but also process the collected data and send the processed data to the data collection center by wireless transmission.
- These sensor terminals typically consist of a power supply, sensing components, an embedded processor, memory, communication components, and execution software. Among them, the power supply provides the sensor node with the energy necessary for normal operation.
- the sensing component is used to sense, acquire, and convert external information into digital signals.
- the embedded processor is responsible for coordinating the work of various parts of the node, such as performing necessary processing, saving, and controlling the operating mode of the sensing component and the power supply.
- the communication component is responsible for communicating with other sensors or observers.
- Execution software provides the necessary software support for sensor terminals, such as embedded operating systems, embedded database systems, and more. Detecting thermal, infrared, sonar, radar and seismic signals in the surrounding environment of the sensor terminal by means of a variety of sensing components built into the sensor terminal, thereby detecting temperature, humidity, noise, light intensity, pressure, soil composition , a lot of information such as the size, speed and direction of moving objects. Sensor terminals typically form a network in a self-organizing or pre-configured manner.
- short-range wireless low-power communication technology is most suitable for use of a sensor network, and is generally called a wireless sensor network.
- IEEE 802.15.4 is a low-speed wireless personal area network (WPAN) standard developed by IEEE. IEEE 802.15.4 specifies the physical layer and medium access control layer (MAC, Media Access Control) standards. The IEEE 802.15.4 compliant communication module features low cost, low power consumption, and small size.
- WPAN wireless personal area network
- IEEE 802.15.4 specifies the physical layer and medium access control layer (MAC, Media Access Control) standards.
- MAC medium access control layer
- the IEEE 802.15.4 compliant communication module features low cost, low power consumption, and small size.
- the Zigbee Alliance is an organization dedicated to developing reliable, low-cost, low-power, wireless network connectivity monitoring and control products based on open global standards.
- the Zigbee standard physical layer and MAC layer use IEEE 802.15.4 technology, and the network layer, security management, application layer specifications, and interoperability are developed by the Zigbee Alliance.
- the Zigbee smart energy public applications profile and the Zigbee home automation public applications profile in the Zigbee standard are for business environment applications and home applications.
- the WSN terminal's micro-processing capabilities and wireless communication capabilities make wireless sensor networks a promising application for military applications, biological and environmental monitoring, health applications, home applications, industrial control and monitoring.
- Wireless sensor network combined with telecommunication network, such as second generation (2G, 2nd Generation) mobile communication, third generation (3G, 3rd Generation) mobile communication, xDSL (x Digital Subscriber line), FTTx (Fiber To The x, x is Home, building, node, premises), wireless access, satellite/microwave, etc.
- telecommunication network such as second generation (2G, 2nd Generation) mobile communication, third generation (3G, 3rd Generation) mobile communication, xDSL (x Digital Subscriber line), FTTx (Fiber To The x, x is Home, building, node, premises), wireless access, satellite/microwave, etc.
- 2G, 2nd Generation third generation
- 3G, 3rd Generation Third generation
- FTTx Wireless To The x, x is Home, building, node, premises
- wireless access satellite/microwave, etc.
- the wireless sensor network can effectively transmit the data perceived by the wireless sensor network to the data center. By sorting and analyzing the data, the way of acquiring data of the natural world can
- the combination of a wireless sensor network and a telecommunication network refers to connecting a wireless sensor network with a telecommunication network, and utilizing the telecommunication network to monitor, manage, and complete the service carrying and cooperation of the wireless sensor network and the services provided by the telecommunication network, and expand the telecom network.
- the services provided by wireless sensor networks is generally a wireless sensor network connected to a telecommunications network platform through a gateway device.
- the WSN terminal is a sensor node constituting the wireless sensor network, and is connected to the gateway through one or more hops.
- the WSN terminal is responsible for collecting and uploading data, as well as receiving and executing commands.
- the number of devices that make up a wireless sensor network is as few as a few hundreds, and devices can be networked in a star, tree, or mesh (MESH) manner, some of which have strong networking and Data forwarding capability.
- wireless sensor networks and telecommunication networks After the combination of the wireless sensor network and the telecommunication network, it is necessary to consider the management and security issues of the WSN terminal.
- the security threats faced by wireless sensor networks and telecommunication networks include:
- the attacker uses some devices to impersonate the WSN terminal to join the wireless sensor network, perform incorrect data reporting, and interfere with the normal operation of the sensing system.
- the attacker uses some devices to listen to data transmitted in the wireless sensor network and modify the data to interfere with communication within the wireless sensor network.
- the attacker picks up the attack means and continuously reports the data through the gateway, thereby increasing the traffic of the communication network and making the telecommunication network unable to work normally.
- the main object of the present invention is to provide a method for joining a network and a WSN terminal to join a network, which can combine the wireless sensor network and the telecommunication network and ensure network security.
- the technical solution of the present invention is achieved as follows:
- a method for a WSN terminal to join a network comprising a wireless sensor network and a telecommunication network, wherein the wireless sensor network is provided with a WSN terminal and a gateway; and the telecommunication network is provided with a wireless sensor network management platform; :
- the gateway performs identity authentication on the WSN terminal, and after the authentication is passed, the WSN terminal is allowed to join the wireless sensor network;
- the WSN terminal joins the wireless sensor network.
- the WSN terminal joins the wireless sensor network, which is:
- the WSN terminal joins the requested wireless sensor network with the network configuration parameters.
- the method further includes: after receiving the request of the WSN terminal to join the wireless sensor network, the gateway notifying the wireless sensor network management platform that a new WSN terminal joins And carrying the identification information of the WSN terminal;
- the wireless sensor network management platform sends the WSN terminal authentication related information to the gateway.
- the WSN terminal is provided with an identity identification module, and the gateway identifies the WSN terminal by using the information in the identity identification module to perform identity authentication on the WSN terminal.
- the management platform or the service platform sets setting information of the wireless sensor network that the WSN terminal can join.
- the method further includes: after receiving the request of the WSN terminal to join the wireless sensor network, the gateway notifying the wireless sensor network management platform that a new WSN terminal joins And carrying the identification information of the WSN terminal and the identifier information of the requested wireless sensor network;
- the wireless sensor network management platform obtains setting information of the wireless sensor network that the WSN terminal can join, and determines, according to the information, whether the WSN terminal is allowed to join the wireless sensor network that is requested to join, and authenticates the WSN terminal when allowed.
- Related information is sent to the gateway.
- the method further includes: after receiving the request of the WSN terminal to join the wireless sensor network, the gateway notifying the wireless sensor network management platform that a new WSN terminal joins And carrying the identification information of the WSN terminal;
- the wireless sensor network management platform obtains setting information of the wireless sensor network that the WSN terminal can join and sends the information to the gateway;
- the gateway determines whether the WSN terminal is allowed to join the wireless sensor network that is requested to join, and obtains the WSN terminal authentication related information from the wireless sensor network management platform when allowed.
- the telecommunication network is provided with a WSN terminal information storage unit, configured to store information of the WSN terminal, including identifier information of the WSN terminal, authentication information used by the WSN terminal identity authentication, and a wireless sensor network that the WSN terminal can join.
- a WSN terminal information storage unit configured to store information of the WSN terminal, including identifier information of the WSN terminal, authentication information used by the WSN terminal identity authentication, and a wireless sensor network that the WSN terminal can join. Setting information;
- the wireless sensor network management platform obtains, from the WSN terminal information storage unit, setting information of the wireless sensor network that the WSN terminal can join, and WSN terminal authentication related information.
- the WSN terminal information storage unit is located in a wireless sensor network management platform, or in a service platform, or other network element entity in the telecommunication network.
- a combined network comprising a wireless sensor network WSN and a telecommunication network, wherein the wireless sensor network is provided with a WSN terminal and a gateway; wherein the telecommunication network is provided with a wireless sensor network management platform;
- a gateway configured to perform identity authentication on the WSN terminal, and after the authentication is passed, allow the WSN terminal to join the wireless sensor network;
- the WSN terminal joins the wireless sensor network.
- the network configuration parameter of the requested wireless sensor network is sent to the WSN terminal;
- the WSN terminal joins the corresponding wireless sensor network according to the network configuration parameter.
- the gateway After the gateway receives the request of the WSN terminal to join the wireless sensor network, the gateway notifies the wireless sensor network management platform that a new WSN terminal joins, and carries the identification information of the WSN terminal;
- the wireless sensor network management platform sends the WSN terminal authentication related information to the gateway.
- the WSN terminal is provided with an identity identification module, and the gateway identifies the WSN terminal by using the information in the identity identification module to perform identity authentication on the WSN terminal.
- the management platform or the service platform sets setting information of the wireless sensor network that the WSN terminal can join.
- the gateway After receiving the request of the WSN terminal to join the wireless sensor network, the gateway notifies the wireless sensor network management platform that a new WSN terminal joins, and carries the identifier information of the WSN terminal and the requested wireless sensor. Identification information of the network;
- the wireless sensor network management platform obtains setting information of the wireless sensor network that the WSN terminal can join, and determines, according to the information, whether the WSN terminal is allowed to join the wireless sensor network that is requested to join, and when the WSN terminal is allowed, Authentication related information is sent to the gateway.
- the gateway After receiving the request of the WSN terminal to join the wireless sensor network, the gateway notifies the wireless sensor network management platform that a new WSN terminal joins, and carries the identifier information of the WSN terminal;
- the wireless sensor network management platform obtains setting information of the wireless sensor network that the WSN terminal can join and sends the information to the gateway;
- the gateway determines whether the WSN terminal is allowed to join the wireless sensor network that is requested to join, and obtains the WSN terminal authentication related information from the wireless sensor network management platform when allowed.
- the telecommunication network is provided with a WSN terminal information storage unit, configured to store information of the WSN terminal, including identifier information of the WSN terminal, authentication information used by the WSN terminal identity authentication, and a wireless sensor network that the WSN terminal can join.
- a WSN terminal information storage unit configured to store information of the WSN terminal, including identifier information of the WSN terminal, authentication information used by the WSN terminal identity authentication, and a wireless sensor network that the WSN terminal can join. Setting information;
- the wireless sensor network management platform obtains, from the WSN terminal information storage unit, setting information of the wireless sensor network that the WSN terminal can join, and WSN terminal authentication related information.
- the WSN terminal information storage unit is located in a wireless sensor network management platform, or in a service platform, or other network element entity in the telecommunication network.
- the application function of the wireless sensor network is greatly expanded, and the wireless sensor network management platform for managing the network nodes in the wireless sensor network is set in the combined network and
- the wireless sensor network service client implements the authentication and joining of the WSN terminal, and does not cause the illegal WSN terminal to join the wireless sensor network, thereby ensuring network security.
- FIG. 1 is a schematic diagram of a combined network structure of the present invention
- FIG. 2 is a flowchart of a method for a WSN terminal to join a network according to the present invention
- FIG. 3 is a flowchart of a method for a second WSN terminal to join a network according to the present invention
- FIG. 4 is a flow chart of a method for a third WSN terminal to join a network according to the present invention. detailed description
- the basic idea of the present invention is: By combining a wireless sensor network and a telecommunication network, the application function of the wireless sensor network is greatly expanded, and a wireless sensor network for managing network nodes in the wireless sensor network is set in the combined network. Management platform and wireless The sensor network service client implements the authentication and joining of the WSN terminal, and does not cause the illegal WSN terminal to join the wireless sensor network, thereby ensuring network security.
- the wireless sensor network is a wireless network composed of a group of sensor node devices in a self-organizing manner, and the sensor node devices communicate by short-range wireless communication technology.
- Wireless sensor networks are typically deployed in areas ranging from a few meters to a few hundred meters, where sensor node devices are typically battery powered, with lower power consumption and cost.
- Near field communication technology generally uses Zigbee and IEEE 802.15.4 technology.
- the combination of the wireless sensor network and the telecommunication network refers to connecting the wireless sensor network with the telecommunication network, and using the telecommunication network to monitor, manage, and complete the service bearer and cooperation implementation of the wireless sensor network and the services provided by the telecommunication network, and Extend the services provided by wireless sensor networks through telecommunications networks.
- the telecommunication network includes various communication networks such as mobile communication networks, xDSL, FTTx, and satellite communication.
- the wireless sensor network is composed of a WSN terminal and a gateway device, and the WSN terminal and the gateway can be set up according to relevant technical standards of the wireless sensor network, and the short-range communication technology that can be used to form the wireless sensor network includes the Zigbee technology and the IEEE 802.15.4 standard. Wait.
- the wireless sensor network is connected to the telecommunications network through a gateway, and establishes communication with a wireless sensor network management platform in the telecommunications network.
- the bonding network of the present invention includes a wireless sensor network and a telecommunication network, and the wireless sensor network is provided with a WSN terminal and a gateway; Wireless sensor network management platform;
- a gateway configured to perform identity authentication on the WSN terminal, and after the authentication is passed, allow the WSN terminal to join the wireless sensor network;
- the WSN terminal joins the wireless sensor network. After the gateway authenticates the WSN terminal, the network configuration parameter of the requested wireless sensor network is sent to the WSN terminal;
- the WSN terminal joins the corresponding wireless sensor network according to the network configuration parameter.
- the gateway After the gateway receives the request of the WSN terminal to join the wireless sensor network, the gateway notifies the wireless sensor network management platform that a new WSN terminal joins, and carries the identifier information of the WSN terminal;
- the wireless sensor network management platform sends the WSN terminal authentication related information to the gateway.
- the WSN terminal is provided with an identity identification module, and the gateway identifies the WSN terminal by using the information in the identity identification module to perform identity authentication on the WSN terminal.
- Setting information of the wireless sensor network that the WSN terminal can join is set in the management platform or the service platform.
- the gateway After receiving the request of the WSN terminal to join the wireless sensor network, the gateway notifies the wireless sensor network management platform that a new WSN terminal joins, and carries the identifier information of the WSN terminal and the identifier of the requested wireless sensor network.
- the wireless sensor network management platform obtains setting information of the wireless sensor network that the WSN terminal can join, and determines, according to the information, whether the WSN terminal is allowed to join the wireless sensor network that is requested to join, and when the WSN terminal is allowed, Authentication related information is sent to the gateway.
- the gateway After receiving the request of the WSN terminal to join the wireless sensor network, the gateway notifies the wireless sensor network management platform that a new WSN terminal joins, and carries the identifier information of the WSN terminal;
- the wireless sensor network management platform obtains setting information of the wireless sensor network that the WSN terminal can join and sends the information to the gateway;
- the WSN terminal information storage unit is configured to store the information of the WSN terminal, including the identifier information of the WSN terminal, the authentication information used by the WSN terminal identity authentication, and the setting information of the wireless sensor network that the WSN terminal can join. ;
- the wireless sensor network management platform obtains, from the WSN terminal information storage unit, setting information of the wireless sensor network that the WSN terminal can join, and WSN terminal authentication related information.
- the WSN terminal information storage unit is located in the wireless sensor network management platform, or in the service platform, or other network element entities in the telecommunication network.
- the gateway determines an identity authentication random number for the WSN terminal, and sends the identity authentication random number to the WSN terminal;
- the WSN terminal calculates an identity authentication key according to the identity authentication random number and a predetermined encryption algorithm, and sends the identity authentication key to the gateway;
- the gateway determines that the identity authentication key matches, the WSN terminal identity authentication passes, and when the identity does not match, the identity authentication fails.
- the network configuration parameter includes: an authentication key and a gateway address of the WSN terminal to be joined to the wireless sensor network;
- the WSN terminal joins the requested wireless sensor network by using the network configuration parameter, as follows:
- the gateway authenticates the WSN terminal according to the authentication key, and allows the gateway to join after the authentication is passed.
- the authentication key includes a primary authentication key, a link key, and a network key.
- the wireless sensor network further includes a routing node disposed between the WSN terminal and the gateway.
- the WSN terminal sends a join request to the gateway through the routing node; wherein the primary authentication key is used by the gateway to join the WSN terminal for authentication; the link key is used by the WSN terminal and the route Join authentication between nodes, and join authentication between routing nodes.
- the wireless sensor network management platform is further configured to periodically update the primary authentication key, the link key, and the network key, and notify the gateway, the WSN terminal, and the routing node correspondingly.
- the above wireless sensor network can use Zigbee technology for networking, or use other communication technologies for networking.
- the wireless sensor network is a wireless network composed of a group of sensor node devices in a self-organizing manner, and the sensor node devices communicate by short-range wireless communication technology.
- Wireless sensor networks are typically deployed in areas ranging from a few meters to a few hundred meters, where sensor node devices are typically battery powered, with lower power consumption and cost.
- Near field communication technology generally uses Zigbee and IEEE 802.15.4 technology.
- the combination of the wireless sensor network and the telecommunication network refers to connecting the wireless sensor network with the telecommunication network, and using the telecommunication network to monitor, manage, and complete the service bearer and cooperation implementation of the wireless sensor network and the services provided by the telecommunication network, and Extend the services provided by wireless sensor networks through telecommunications networks.
- the telecommunication network includes various communication networks such as mobile communication networks, xDSL, FTTx, and satellite communication.
- the wireless sensor network accesses the telecommunication network through the gateway and is connected to the service platform, the wireless sensor network management platform and other network element entities in the telecommunication network via the telecommunication network.
- the WSN terminal is connected to the telecommunication network platform through a gateway device.
- the WSN terminal device is a sensor node constituting the wireless sensor network, and is connected to the gateway by one or more hops.
- the WSN terminal device is responsible for collecting and uploading data, and receiving and executing commands.
- the devices that make up the WSN are as few as a few hundreds, and the devices can be networked in a star, tree, or MESH mode, some of which have strong networking and data forwarding capabilities.
- the WSN terminal is the end of the extended network.
- the gateway is responsible for connecting the wireless sensor network and the telecommunication network, and mainly performs functions such as protocol conversion, address mapping, and data forwarding, and can also integrate functions such as security and charging.
- the functions that the gateway can support include: Support for data collaboration and aggregation within the sensor network;
- One or more types of long-distance communication access methods such as 2G mobile communication, 3G mobile communication, xDSL, FTTx, broadband wireless access, satellite/microwave, etc., transmit aggregated data to the communication peer; support service platform and remote management Server authentication and user authentication for the WSN gateway; supporting parameters and software configuration of the WSN gateway by the service platform and the remote management server; supporting user authentication, service security, and device management security mechanisms.
- the service platform is a functional entity that operates and manages the services combined with the wireless sensor network in the telecommunication network. It is responsible for integrating the services provided by each service provider and providing them to the end users, and managing the use of the services by the users.
- the service platform cooperates with other functional entities in the telecommunication network to complete the entire business process according to the needs of different services, such as AAA, Authentication Authorization and Accounting.
- the business platform may also be connected to a remote server to update the business directly.
- the wireless sensor network management platform is an entity that implements management functions for the wireless sensor network and is composed of a remote management server.
- the remote management server implements basic management functions for the wireless sensor network over the telecommunications network.
- the WSN terminal has an identity identification module that can be recognized by the WSN terminal authentication network element entity, and the identity identification module can identify the WSN terminal and authenticate the wireless sensor network device.
- the gateway of the wireless sensor network is responsible for authenticating the WSN terminal.
- the identity module can include the identity of the device, the key used by the terminal authentication, and other information.
- the identity module may be written by the wireless sensor network device provider to the WSN terminal, and the information in the identity module is also saved by the network entity unit responsible for saving the WSN terminal identity module, which may be a wireless sensor network management.
- a platform or service platform, or other network element entity in the telecommunication network such as in a mobile communication network Home Location Register (HLR) / Home Subscriber Server (HSS) server.
- HLR Home Location Register
- HSS Home Subscriber Server
- only the authenticated WSN terminal can join the wireless sensor network and become a node of the wireless sensor network.
- the gateway performs authentication on the WSN terminal.
- the identity module of the WSN terminal required for terminal authentication can be obtained by the gateway from the network element entity responsible for saving the WSN terminal identity module.
- the WSN terminal device joins the wireless sensor network
- the WSN terminal is first authenticated by the gateway. After the authentication is passed, the WSN terminal can join the wireless sensor network; if the authentication fails, the WSN terminal cannot join the wireless sensor network.
- the WSN terminal When performing WSN terminal authentication, the WSN terminal establishes a connection with the gateway; the WSN terminal authentication uses the identity identification module of the WSN terminal.
- the identity module of the wireless sensor network can be used to establish a secure connection between the WSN terminal and the gateway.
- the network configuration parameters required for joining the wireless sensor network can be securely sent to the WSN terminal.
- the WSN terminal, the WSN terminal joins the wireless sensor network through the network configuration parameter.
- the network configuration parameter of the wireless sensor network is a network configuration parameter related to the wireless sensor network required for the WSN terminal to join the wireless sensor network, and may include but not limited to a gateway address, and a key required for verifying the WSN terminal. And other information. WSN terminals that do not have wireless sensor network configuration parameters cannot join the wireless sensor network.
- the network configuration parameters added to the wireless sensor network may be provided by the gateway and sent to the WSN terminal.
- the gateway can encrypt the network configuration parameters by using the key related to the secure connection between the gateway and the WSN terminal, and then encrypt the encrypted configuration parameters.
- the network configuration parameters are sent to the WSN terminal.
- the wireless sensor network management platform can send the information of the WSN terminal to the service platform, and the service platform configures the relevant service parameters of the WSN terminal and enables the service performed by the WSN terminal.
- the gateway when the WSN terminal leaves the wireless sensor network, the gateway notifies the wireless sensor network management platform, and the wireless sensor network management platform records the status of the WSN terminal and notifies the service platform, and the service platform stops the service performed by the WSN terminal.
- the wireless sensor network management platform or the service platform can set a wireless sensor network that the WSN terminal can join, thereby realizing restrictions on the use area of the WSN terminal.
- the wireless sensor network management platform or the service platform can determine whether the wireless sensor network that the WSN terminal is currently applying to join is a wireless sensor network that is allowed to join according to the setting information of the wireless sensor network that the WSN terminal can join. If the currently applied wireless sensor network is not a wireless sensor network that is allowed to join, the WSN terminal is denied to join the wireless sensor network.
- the wireless sensor network management platform or the service platform may set the WSN terminal to allow the wireless sensor network to be joined by the WSN terminal, and the setting information may be the network identifier of the wireless sensor network that the WSN terminal can join, and determine the WSN terminal by using the network identifier of the wireless sensor network. Join the wireless sensor network. In this way, the wireless sensor network management platform can set the area used by the WSN terminal to optimize the management of the WSN terminal.
- the gateway may also determine whether the wireless sensor network to which the wireless sensor network applies to join is a wireless sensor network that is allowed to join.
- the gateway obtains the setting information of the wireless sensor network that the WSN terminal can join from the wireless sensor network management platform or the service platform, and determines whether the wireless sensor network that the WSN terminal is currently applying to join is a wireless sensor network that is allowed to join. . If the wireless sensor network that is currently applying to join does not If the wireless sensor network is allowed to join, the WSN terminal is denied to join the wireless sensor network.
- ZigBee is an emerging short-range, low-rate, low-cost, low-power wireless network technology. It uses Direct Sequence Spread Spectrum (DSSS) technology and operates at 868MHz, 915MHz or 2.4GHz, all without the need to apply for a license.
- DSSS Direct Sequence Spread Spectrum
- the configuration of wireless personal area networks based on ZigBee technology is a new development of short-range wireless communication technology in recent years, and has been widely used in the field of industrial automation and smart home.
- ZigBee coordination points There are three types of nodes in the ZigBee network: ZigBee coordination points, ZigBee routing nodes, and
- the ZigBee coordination point is also called the Personal Area Network (PAN) coordination point (ZC, ZigBee Coordinator) in IEEE 802.15.4, and can be used as a sink node in wireless sensor networks.
- the ZigBee coordination point must be a Full Function Device (FFD).
- a ZigBee network has only one ZigBee coordination point, which is often more powerful than other nodes in the network. It is the master node of the entire network. It is responsible for initiating the establishment of new networks, setting network parameters, managing nodes in the network, and storing node information in the network. The network can also perform the functions of the router.
- the ZigBee coordination point is the most complex of the three types of ZigBee nodes, and is generally powered by AC power.
- the ZigBee Routing Node (ZR, ZigBee Router) must also be a fully functional device.
- the ZigBee routing node can participate in route discovery, message forwarding, and extend the coverage of the network by connecting other nodes.
- the ZigBee routing node can also act as a common coordination point (IEEE 802.15.4 is called coordination point) in its Personal Operating Space (POS).
- the normal coordination point is different from the ZigBee coordination point, which is still controlled by the ZigBee coordination point.
- the ZigBee EndNode (ZE, ZigBee EndDevice) can be a full-featured device or a Reduced-Function Device (RFD), which connects to the network through ZigBee co-nodes or ZigBee routing nodes, but does not allow any other node to join through it.
- RFD Reduced-Function Device
- ZigBee endpoints can operate at very low power.
- the gateway acts as a Zigbee coordination point in the Zigbee network and is responsible for the establishment of the wireless sensor network.
- the WSN terminal can join the wireless sensor network as a Zigbee routing node or a Zigbee terminal node. Gateways and WSN terminals need to support Zigbee communication technology.
- the encryption operation in the Zigbee network uses the Advanced Encryption Standard (AES) algorithm, and the symmetric key length is 128 bits. .
- the keys used in the Zigbee network mainly include:
- This key is a shared key used in the process of establishing a symmetric key establishment protocol.
- the master key is the basis for long-term security between the two devices and can be used to generate link keys.
- Link key In a PAN network, a key shared between two devices for secure communication between two devices.
- This key is a shared key in a PAN network and is used for the security of broadcast communication.
- a trust center is a trusted device that distributes security keys across the network. It allows devices to join the network and assign keys, thus ensuring end-to-end security between devices.
- the network coordinator can become a trust center.
- the Trust Center provides three functions: (1) Trust Management. The task is responsible for verifying the device joining the network. (2) Network management. The task is to get and assign network keys to the device.
- the device In order to implement trust management, the device needs to receive the trust center to receive the initial master key.
- the device should receive the initial network key and can only obtain updates to the network key from the Trust Center.
- the device needs to receive a master key or link key from the trust center to establish an end-to-end secure link between the two devices.
- the additional link key, master key, and network key can only be obtained from the trust center in a secure manner.
- the trust center should periodically update the network key according to a policy and pass the new network key to each device.
- the gateway is used as a trust center for security management of the network.
- the network configuration parameters for implementing secure communication are obtained from the gateway.
- the network configuration parameters may include a network address, an initial master key, and a network key, and the WSN terminal uses the network configuration parameter to join the wireless sensor. Network and secure communication.
- the wireless sensor network management platform and other network element entities in the gateway and the telecommunication network can implement identity authentication and secure communication to the gateway through the identity of the gateway.
- a certain wireless sensor network is identified by a network identifier of the wireless sensor network.
- the network identifier of the wireless sensor network may be determined by the gateway or by the wireless sensor network management platform, and the wireless sensor network management platform records related information including the network identifier of the wireless sensor network.
- the wireless sensor network management platform and other network element entities in the telecommunications network can obtain the network identity of the wireless sensor network when communicating with the gateway.
- the identity identification module of the terminal needs to be built in the WSN terminal.
- the identity module can include a terminal Network configuration parameters such as the identification number, the key used for authentication, the length of the key, and the algorithm used.
- the identity module of the terminal can be written to the WSN terminal by the WSN terminal manufacturer in a secure manner when the WSN terminal is produced.
- the WSN terminal manufacturer delivers the WSN terminal, the information in the identity module of the WSN terminal is also passed through the security.
- the method is provided to the wireless sensor network management platform, and the information in the identity module of the WSN terminal is saved by the wireless sensor network management platform, and the information in the identity module can also be saved by other network element entities in the telecommunication network, for example, in a telecommunication network.
- HLR/HSS server The gateway responsible for WSN terminal authentication can obtain the information in the identity module of the WSN terminal in a secure manner from the network element entity responsible for saving the identity module of the WSN terminal.
- the WSN terminal can be identified in a format similar to the International Mobile Equipment Identity (IMEI).
- IMEI International Mobile Equipment Identity
- the key in the WSN terminal identity module can use the 128-bit AES symmetric key to appropriately reduce the computing power requirement of the WSN terminal.
- the terminal is authenticated by a key in the identity module and a secure communication between the WSN terminal and the gateway is established based on the key.
- the following describes the process of joining a WSN terminal to a wireless sensor network in a wireless sensor network formed by Zigbee technology.
- the identity module of the WSN terminal is stored by the wireless sensor network management platform.
- FIG. 2 is a flowchart of a method for a WSN terminal to join a network according to the present invention. As shown in FIG. 2, the method for joining a WSN terminal to a network includes the following steps:
- Step 201 The WSN terminal determines the wireless sensor network to join, and sends a request to join the wireless sensor network to the wireless sensor network.
- the WSN terminal can perform network scanning on the set channel to determine the wireless sensor network to join.
- the network scan can send a Beacon Request frame on the channel.
- After the device in the wireless sensor network on this channel receives the Beacon Request, if A new WSN terminal joins the wireless sensor network and will respond to the Beacon frame.
- the Beacon frame contains the address information of the device that sent the frame and whether other devices are allowed to join as their child nodes.
- the WSN terminal saves the information of the received Beacon frame in its own neighbor table.
- the WSN terminal selects the appropriate parent node in the association table and sends an Association Request frame request to the parent node to join the wireless sensor network.
- the parent node device in the wireless sensor network After receiving the request to join the wireless sensor network, the parent node device in the wireless sensor network notifies the gateway of the wireless sensor network that a new wireless sensor network device requests to join the wireless sensor network, and the gateway obtains the device information of the WSN terminal requesting to join the wireless sensor network. , including the identity of the wireless sensor network device.
- Step 202 The gateway notifies the wireless sensor network management platform that a new WSN terminal requests to join the wireless sensor network, and sends the information of the WSN terminal to the wireless sensor network management platform, and the gateway obtains the identity identifier module of the WSN terminal from the wireless sensor network management platform.
- Step 203 Perform identity verification between the gateway and the WSN terminal.
- the gateway sends an authentication request to the WSN terminal, where the authentication request includes a random number.
- the WSN terminal may use the random number and the key in the terminal identity module to perform the operation, and the result is authenticated.
- the response is sent to the gateway; after receiving the authentication response, the gateway uses the key of the WSN terminal obtained from the wireless sensor network management platform and the same random number to perform the operation, and then compares the operation result with the operation result of the WSN terminal; If the result is the same, the WSN terminal passes the authentication, and the operation of step 204 is performed. If the operation result is different, the WSN terminal authentication fails, and the operation of step 205 is performed.
- the WSN terminal in addition to the gateway can authenticate the WSN terminal, the WSN terminal can also authenticate the gateway to confirm the authenticity of the identity of the gateway; the method of authenticating the gateway is similar to the method of authenticating the WSN terminal, and the WSN terminal can The gateway sends an authentication request, and the authentication request includes a random number; after receiving the authentication request, the gateway uses the WSN terminal that is mastered by itself. The key and the random number in the authentication request are operated, and then the operation result is sent to the WSN terminal through the authentication response message; the WSN terminal performs the operation using the key of the WSN terminal and the same random number, and performs the operation result with the gateway operation result. Comparison; if the two are the same, the authenticity of the gateway can be determined. Conversely, the gateway is not the correct gateway device.
- Step 204 After the WSN terminal passes the authentication, the session key required for secure communication can be negotiated between the WSN terminal and the gateway. Then proceed to the operation in step 206.
- Key negotiation can use existing symmetric key-based key establishment protocols.
- the key establishment protocol involves the following three steps: Exchanging temporary data, using the temporary data to generate a session key, and confirming that the key is correctly calculated.
- Step 205 The WSN terminal fails to pass the authentication, and the gateway rejects the WSN terminal from joining the wireless sensor network.
- Step 206 The gateway sends the network network configuration parameters required to join the wireless sensor network to the WSN terminal.
- the network configuration parameters include the network address, network key, and master key of the WSN terminal in the wireless sensor network.
- the gateway can encrypt the network configuration parameters with the session key and then send it to the WSN terminal.
- Step 207 The WSN terminal joins the wireless sensor network by using network configuration parameters.
- the WSN terminal After receiving the network configuration parameter, the WSN terminal negotiates with the gateway to determine the link key, and the gateway adds the information of the WSN terminal in the node management table, and the parent node device of the WSN terminal saves the WSN terminal in its neighbor table. Information, the WSN terminal saves the information of the parent node and the gateway in its own neighbor table. At this point, the WSN terminal successfully joins the wireless sensor network and becomes a node device in the wireless sensor network. It can enable the sensing function of the WSN terminal and report the sensing data to the wireless sensor network service platform through the gateway.
- Step 208 The gateway notifies the wireless sensor network management platform that the WSN terminal has joined the wireless sensor network.
- the wireless sensor network management platform can record information about the WSN terminal, and send the information of the WSN terminal to the service platform, the service platform configuration and related data of the WSN terminal, and enable the service supported by the WSN terminal.
- the wireless sensor network management platform may pre-set one or some wireless sensor networks that the WSN terminal device can join, and the WSN terminal can only join these presets.
- Wireless sensor networks cannot join other wireless sensor networks.
- Each wireless sensor network has a unique network identifier after it is created.
- the wireless sensor network management platform can set a wireless sensor network that a WSN terminal is allowed to join through the network identifier.
- the wireless sensor network that the WSN terminal can join it may be determined by the wireless sensor network management platform or by the gateway whether the wireless sensor network to which the WSN terminal applies to join is an allowed wireless sensor network.
- FIG. 3 is a flowchart of a method for a second WSN terminal to join a network according to the present invention. As shown in FIG. 3, when a wireless sensor network management platform determines whether a WSN terminal is allowed to join a wireless sensor network, the WSN terminal joins the wireless sensor network. For:
- Step 301 The WSN terminal determines a wireless sensor network to join, and sends a request to join the wireless sensor network to the wireless sensor network.
- the WSN terminal can perform network scanning on the set channel to determine the wireless sensor network to join.
- the network scan can send a Beacon Request frame on the channel.
- the Beacon Request After the device in the wireless sensor network on this channel receives the Beacon Request, if a new WSN terminal is allowed to join the wireless sensor network, the Beacon frame will be responded to. Contains the address information of the device that sent the frame, and whether other devices are allowed to join as their child nodes.
- the WSN terminal saves the information of the received Beacon frame in its own neighbor table.
- the WSN terminal selects the appropriate parent node in the association table and sends an Association Request frame request to the parent node to join the wireless sensor network.
- the parent node device After receiving the request to join the wireless sensor network, the parent node device notifies the gateway of the wireless sensor network that a new wireless sensor network device requests to join the wireless sensor network, and the gateway obtains device information of the WSN terminal requesting to join the wireless sensor network, including wireless. The identity of the sensor network device.
- Step 302 The gateway notifies the wireless sensor network management platform that a new WSN terminal requests to join the wireless sensor network, and sends the information of the WSN terminal to the wireless sensor network management platform.
- Step 303 The wireless sensor network management platform obtains the network identifier of the wireless sensor network that the WSN terminal is ready to join through the gateway, and compares with the wireless sensor network that the WSN terminal can join in the wireless sensor network management platform, and determines that the WSN terminal is ready to join. Whether the wireless sensor network is a wireless sensor network that is allowed to join. If it is a wireless sensor network that is allowed to join, the wireless sensor network management platform sends the information in the identity module of the WSN terminal required for WSN terminal identity authentication to the gateway, and continues to perform the operation of step 304; if it is not allowed to join the wireless sensor network Then, the operation in step 305 is performed.
- Step 304 Perform identity verification between the gateway and the WSN terminal.
- the gateway sends an authentication request to the WSN terminal, where the authentication request includes a random number.
- the WSN terminal may use the random number and the key in the terminal identity module to perform the operation, and the result is authenticated.
- the response is sent to the gateway; after receiving the authentication response, the gateway uses the key of the WSN terminal obtained from the wireless sensor network management platform and the same random number to perform the operation, and then compares the operation result with the operation result of the WSN terminal; If the result is the same, the WSN terminal passes the authentication, and the operation of step 306 is performed. If the operation result is different, the WSN terminal authentication fails, and the operation of step 307 is performed.
- the WSN terminal in addition to the gateway can authenticate the WSN terminal, the WSN terminal can also authenticate the gateway to confirm the authenticity of the identity of the gateway; the method of authenticating the gateway is similar to the method of authenticating the WSN terminal, and the WSN terminal can The gateway sends an authentication request, and the authentication request includes a random number; after receiving the authentication request, the gateway uses the WSN terminal that is mastered by itself. The key and the random number in the authentication request are operated, and then the operation result is sent to the WSN terminal through the authentication response message; the WSN terminal performs the operation using the key of the WSN terminal and the same random number, and performs the operation result with the gateway operation result. Comparison; if the two are the same, the authenticity of the gateway can be determined. Conversely, the gateway is not the correct gateway device.
- Step 305 The wireless sensor network that the WSN terminal applies for joining is a network that is not allowed to join.
- the wireless sensor network management platform notifies the gateway that the WSN terminal is not allowed to join the wireless sensor network, and the gateway rejects the WSN terminal to join the wireless sensor network.
- Step 306 After the WSN terminal passes the authentication, the session key required for secure communication can be negotiated between the WSN terminal and the gateway. Then the operation in step 308 is performed.
- Key negotiation can use existing symmetric key-based key establishment protocols.
- the key establishment protocol involves the following three steps: Exchanging temporary data, using the temporary data to generate a session key, and confirming that the key is correctly calculated.
- Step 307 The WSN terminal fails to pass the authentication, and the gateway rejects the WSN terminal from joining the wireless sensor network.
- Step 308 The gateway sends the network network configuration parameters required to join the wireless sensor network to the WSN terminal.
- the network configuration parameters include the network address, network key, and master key of the WSN terminal in the wireless sensor network.
- the gateway can encrypt the network configuration parameters with the session key and then send it to the WSN terminal.
- Step 309 The WSN terminal joins the wireless sensor network by using network configuration parameters.
- the WSN terminal After receiving the network configuration parameter, the WSN terminal negotiates with the gateway to determine the link key, and the gateway adds the information of the WSN terminal in the node management table, and the parent node device of the WSN terminal saves the WSN terminal in its neighbor table. Information, the WSN terminal saves the information of the parent node and the gateway in its own neighbor table. At this point, the WSN terminal successfully joins the wireless sensor network and becomes a node device in the wireless sensor network, which can enable the sensing function of the WSN terminal, and The sensor data is reported to the wireless sensor network service platform through the gateway.
- Step 3010 The gateway notifies the wireless sensor network management platform that the WSN terminal has joined the wireless sensor network.
- the wireless sensor network management platform can record the information about the WSN terminal, and send the information of the WSN terminal to the service platform, the service platform configuration and the related data of the WSN terminal, and enable the services supported by the WSN terminal.
- FIG. 4 is a flowchart of a method for a WSN terminal to join a network according to the present invention. As shown in FIG. 4, when the gateway determines whether the WSN terminal is allowed to join the wireless sensor network, the process of joining the WSN terminal to the wireless sensor network is:
- Step 401 The WSN terminal determines the wireless sensor network to join, and sends a request to join the wireless sensor network to the wireless sensor network.
- the WSN terminal can perform network scanning on the set channel to determine the wireless sensor network to join.
- the network scan can send a Beacon Request frame on the channel.
- the device in the wireless sensor network on this channel receives the Beacon Request, if a new WSN terminal is allowed to join the wireless sensor network, the response will be sent.
- a Beacon frame containing the address information of the device that sent the frame and whether other devices are allowed to join in the manner of its child nodes.
- the WSN terminal saves the information of the received Beacon frame in its own neighbor table.
- the WSN terminal selects an appropriate parent node in the association table, and sends an Association Request frame request to the parent node to join the wireless sensor network.
- the parent node device in the wireless sensor network After receiving the request to join the wireless sensor network, the parent node device in the wireless sensor network notifies the gateway of the wireless sensor network that a new wireless sensor network device requests to join the wireless sensor network, and the gateway obtains the device information of the WSN terminal requesting to join the wireless sensor network. , including the identity of the wireless sensor network device.
- Step 402 The gateway notifies the wireless sensor network management platform that a new WSN terminal requests to join the wireless sensor network, and sends the information of the WSN terminal to the wireless sensor network management platform.
- the gateway obtains setting information of the wireless sensor network of the WSN terminal that is allowed to join from the wireless sensor network management platform.
- Step 403 The gateway determines whether the wireless sensor network that the WSN terminal is ready to join is a wireless sensor network that is allowed to join. If it is a wireless sensor network that is allowed to join, the operation of step 404 is performed; if it is not allowed to join the wireless sensor network, the operation in step 405 is performed.
- the gateway may query the setting information of the wireless sensor network that the WSN terminal is allowed to join, determine whether the wireless sensor network that is allowed to join includes the wireless sensor network to which the WSN terminal applies to join; if included, the wireless sensor network that is allowed to join, On the contrary, it is not a network that is allowed to join.
- Step 404 The gateway obtains information in the identity module of the WSN terminal from the wireless sensor network management platform, and performs identity verification between the gateway and the WSN terminal.
- the gateway sends an authentication request to the WSN terminal, where the authentication request includes a random number.
- the WSN terminal may use the random number and the key in the terminal identity module to perform the operation, and the result is authenticated.
- the response is sent to the gateway; after receiving the authentication response, the gateway uses the key of the WSN terminal obtained from the wireless sensor network management platform and the same random number to perform the operation, and then compares the operation result with the operation result of the WSN terminal; If the result is the same, the WSN terminal passes the authentication, and the operation of step 405 is performed. If the operation result is different, the WSN terminal authentication fails, and the operation of step 407 is performed.
- the WSN terminal can also authenticate the gateway to confirm the authenticity of the identity of the gateway; the method of authenticating the gateway is similar to the method of authenticating the WSN terminal, and the WSN terminal can The gateway sends an authentication request, and the authentication request includes a random number. After receiving the authentication request, the gateway uses the key of the WSN terminal and the random number in the authentication request, and then sends the operation result to the authentication response message. WSN terminal; the WSN terminal uses the key of the WSN terminal and the same random number to perform the operation and compares the operation result with the result of the gateway operation; if the two are the same, it can be determined The authenticity of the gateway, otherwise, the gateway is not the correct gateway device.
- Step 405 The wireless sensor network that the WSN terminal applies for joining is a network that is not allowed to join.
- the wireless sensor network management platform notifies the gateway that the WSN terminal is not allowed to join the wireless sensor network, and the gateway rejects the WSN terminal from joining the wireless sensor network.
- Step 406 After the WSN terminal passes the authentication, the session key required for secure communication can be negotiated between the WSN terminal and the gateway. Then the operation in step 408 is performed.
- Key negotiation can use existing symmetric key-based key establishment protocols.
- the key establishment protocol involves the following three steps: Exchanging temporary data, using the temporary data to generate a session key, and confirming that the key is correctly calculated.
- Step 407 The WSN terminal fails to pass the authentication, and the gateway rejects the WSN terminal from joining the wireless sensor network.
- Step 408 The gateway sends the network network configuration parameters required to join the wireless sensor network to the WSN terminal.
- the network configuration parameters include the network address, network key, and master key of the WSN terminal in the wireless sensor network.
- the gateway can encrypt the network configuration parameters with the session key and then send it to the WSN terminal.
- Step 409 The WSN terminal joins the wireless sensor network by using network configuration parameters.
- the WSN terminal After receiving the network configuration parameter, the WSN terminal negotiates with the gateway to determine the link key, and the gateway adds the information of the WSN terminal in the node management table, and the parent node device of the WSN terminal saves the WSN terminal in its neighbor table. Information, the WSN terminal saves the information of the parent node and the gateway in its own neighbor table. At this point, the WSN terminal successfully joins the wireless sensor network and becomes a node device in the wireless sensor network. It can enable the sensing function of the WSN terminal and report the sensing data to the wireless sensor network service platform through the gateway.
- Step 4010 The gateway notifies the wireless sensor network management platform that the WSN terminal has joined the wireless sensor network.
- the wireless sensor network management platform can record information about the WSN terminal, and send the information of the WSN terminal to the service platform, the service platform configuration and related data of the WSN terminal, and enable the service supported by the WSN terminal.
- the gateway when the terminal joining the wireless sensor network leaves the wireless sensor network, the gateway needs to send a message to notify the wireless sensor network management platform, the wireless sensor network management platform records the state of the WSN terminal, and notifies the wireless sensor network service platform, and the service platform stops. Use the services associated with the WSN terminal.
- the WSN terminal can notify the gateway by leaving a Leave command frame, and the gateway performs the operation of the WSN terminal to leave the network, and notifies the wireless sensor network management platform.
- the WSN terminal can be authenticated by the gateway when the WSN terminal joins the wireless sensor network, and the WSN terminal that fails the authentication is prevented from joining the wireless sensor network.
- the network configuration parameters of the wireless sensor network can be sent to the WSN terminal in a secure manner, thereby avoiding leakage of the network configuration parameters of the wireless sensor network, thereby establishing a secure wireless sensor network.
- a wireless sensor network that the WSN terminal can join can be set, so that the limitation of the area allowed for the WSN terminal can be realized.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明公开了一种WSN终端加入网络的方法,包括无线传感器网络和电信网络,所述无线传感器网络中设有WSN终端和网关;所述电信网络中设有无线传感器网络管理平台;所述方法包括:所述网关对所述WSN终端进行身份认证,认证通过后,允许所述WSN终端加入到所述无线传感器网络;所述WSN终端加入所述无线传感器网络。本发明同时公开了一种结合网络。本发明保证了结合网络中无线传感器网络的安全。
Description
结合网络及无线传感器网络终端加入网络的方法 技术领域
本发明涉及结合网络技术, 尤其涉及一种结合网络及无线传感器网络
( WSN , Wireless Sensor Network )终端加入网络的方法。 背景技术
无线传感器网络作为计算、 通信和传感器三项技术相结合的产物, 是 一种全新的信息获取和处理技术。 由于近来微型制造技术、 通讯技术及电 池技术的改进, 促使微小的传感器终端可具有感应、 无线通讯及处理信息 的能力。 此类传感器终端不但能够感应及侦测环境的目标物及其改变, 并 且可处理收集到的数据, 并将处理过后的资料以无线传输的方式送到数据 收集中心。 这些传感器终端通常由电源、 感知部件、 嵌入式处理器、 存储 器、 通信部件和执行软件这几部分构成。 其中, 电源为传感器节点提供正 常工作所必需的能源。 感知部件用于感知、 获取外界的信息, 并将其转换 为数字信号。 嵌入式处理器负责协调节点各部分的工作, 如对感知部件获 取的信息进行必要的处理、 保存, 控制感知部件和电源的工作模式等。 通 信部件负责与其他传感器或观察者进行通信。 执行软件则为传感器终端提 供必要的软件支持, 如嵌入式操作系统、 嵌入式数据库系统等。 借助于传 感器终端中内置的形式多样的感知部件来测量该传感器终端所在周边环境 中的热、 红外、 声纳、 雷达和地震波信号, 从而探测包括温度、 湿度、 噪 声、 光强度、 压力、 土壤成分、 移动物体的大小、 速度和方向等众多信息。 传感器终端一般通过自组织或预配置的方式构成网络。 在通信方式上, 虽 然可以釆用有线、 无线、 红外和光等多种形式, 但一般认为短距离的无线 低功率通信技术最适合传感器网络的使用, 一般称作无线传感器网络。 目
前使用比较广泛的无线低功率通信技术, 包括: IEEE ( Institute of Electrical and Electronics Engineers ) 802.15.4和 Zigbee技术。
IEEE 802.15.4 是由 IEEE 开发的低速无线个域网 (WPAN, Wireless Personal Area Network )标准。 IEEE 802.15.4规定了物理层和介质访问控制 层( MAC , Media Access Control )标准。 符合 IEEE 802.15.4标准的通信模 块具备低成本、 低耗电、 小尺寸的特点。
Zigbee联盟是一个致力于在开放的全球标准的基础上, 开发可靠的、 低成本、 低耗电、 无线网络连接的监测和控制产品的组织。 Zigbee 标准的 物理层和 MAC层釆用 IEEE 802.15.4技术, 网络层、 安全管理、 应用层规 范以及互通性由 Zigbee联盟开发。 Zigbee标准中的 Zigbee智能能源公共应 用规范 ( Zigbee smart energy public applications profile )和 Zigbee家庭自动 化应用规范 ( Zigbee home automation public applications profile )分另 ll针对商 业环境应用和家庭应用。
WSN终端的微处理能力和无线通信能力使无线传感器网络有广阔的应 用前景, 其应用包括军事应用、 生物和环境监测、 健康应用、 家庭应用、 工业控制和监测等。
无线传感器网络和电信网结合, 如第二代(2G, 2nd Generation )移动 通信、 第三代(3G, 3rd Generation )移动通信、 xDSL ( x Digital Subscriber line )、 FTTx ( Fiber To The x, x 为 home、 building、 node、 premises )、 覔 带无线接入、 卫星 /微波等, 可以使无线传感器网络作为现有网络的延伸, 扩展通信网络的能力, 使通信对象从人扩展到物理世界, 具有良好的发展 前景。 无线传感器网络与现有的电信网络结合后, 可以使无线传感器网络 感知的数据有效地传递到数据中心, 通过对数据的整理和分析, 可以极大 程度地改变人类获取自然世界的数据的方式, 同时也能够对无线传感器网 络进行集中的管理, 解决目前分散在各处的无线传感器网络难以管理的问
题。
无线传感器网络与电信网络结合, 是指将无线传感器网络与电信网络 相连接, 利用电信网络对无线传感器网络及其提供的业务进行监控、 管理 及完成业务的承载与合作实施, 并通过电信网络扩展无线传感器网络所提 供的业务。 无线传感器网络和电信网的结合一般是无线传感器网络通过网 关设备连接至电信网平台。
WSN终端为构成无线传感器网络的传感器节点, 通过一跳或多跳与网 关连接。 WSN终端负责釆集并上传数据, 以及接收并执行命令。 组成无线 传感器网络的设备少则几个多则几百个, 设备间可根据需要以星形、 树形 或网状(MESH )等方式组网, 其中某些设备或具有较强的组网和数据转发 能力。
无线传感器网络和电信网络结合后,需要考虑 WSN终端的管理和安全 问题。 无线传感器网络和电信网结合后面临的安全威胁包括:
1、 攻击者釆用某些设备冒充 WSN终端加入到无线传感器网络, 进行 不正确的数据上报, 干扰传感系统的正常运行。
2、 攻击者釆用某些设备侦听无线传感器网络中传递的数据, 并对数据 进行修改, 从而干扰无线传感器网络内部的通信。
3、 攻击者釆取攻击手段, 不停地通过网关上报数据, 从而加大通信网 络的业务量, 使电信网络不能正常工作。
因此在无线传感器网络和电信网络的结合时,需要考虑 WSN终端的管 理, 从而实现无线传感器网络和电信网络的安全。 发明内容
有鉴于此,本发明的主要目的在于提供一种结合网络及 WSN终端加入 网络的方法, 能将无线传感器网络和电信网络^好地结合并能保证网络安 全。
为达到上述目的, 本发明的技术方案是这样实现的:
一种 WSN终端加入网络的方法,所述网络包括无线传感器网络和电信 网络, 所述无线传感器网络中设有 WSN终端和网关; 所述电信网络中设有 无线传感器网络管理平台; 所述方法包括:
所述网关对所述 WSN终端进行身份认证,认证通过后 ,允许所述 WSN 终端加入到所述无线传感器网络;
所述 WSN终端加入所述无线传感器网络。
优选地, 所述 WSN终端加入到无线传感器网络, 为:
所述网关将所请求的无线传感器网络的网络配置参数发送给所述 WSN 终端;
所述 WSN终端利用所述网络配置参数加入所请求的无线传感器网络。 优选地, 所述网关对所述 WSN终端进行身份认证之前, 还包括: 接收到所述 WSN终端的加入无线传感器网络的请求后,所述网关通知 所述无线传感器网络管理平台有新 WSN终端加入, 并携带所述 WSN终端 的标识信息;
所述无线传感器网络管理平台将所述 WSN 终端鉴权相关信息发送给 所述网关。
优选地, 所述 WSN终端中设有身份标识模块, 所述网关通过所述身份 标识模块中的信息识别 WSN终端, 对 WSN终端进行身份认证。
优选地,所述管理平台或业务平台中设置 WSN终端能加入的无线传感 器网络的设置信息。
优选地, 所述网关对所述 WSN终端进行身份认证之前, 还包括: 接收到所述 WSN终端的加入无线传感器网络的请求后,所述网关通知 所述无线传感器网络管理平台有新 WSN终端加入, 并携带所述 WSN终端 的标识信息及所请求的无线传感器网络的标识信息;
所述无线传感器网络管理平台获得 WSN 终端可以加入的无线传感器 网络的设置信息并根据该信息确定是否允许所述 WSN 终端加入所请求加 入的无线传感器网络,并在允许时将所述 WSN终端鉴权相关信息发送给所 述网关。
优选地, 所述网关对所述 WSN终端进行身份认证之前, 还包括: 接收到所述 WSN终端的加入无线传感器网络的请求后,所述网关通知 所述无线传感器网络管理平台有新 WSN终端加入, 并携带所述 WSN终端 的标识信息;
所述无线传感器网络管理平台获得 WSN 终端能加入的无线传感器网 络的设置信息并将该信息发送给所述网关;
所述网关确定是否允许所述 WSN 终端加入所请求加入的无线传感器 网络,并在允许时从所述无线传感器网络管理平台获取所述 WSN终端鉴权 相关信息。
优选地, 所述电信网络中设置有 WSN 终端信息存储单元, 用于存储 WSN终端的信息, 包括 WSN终端的标识信息、 WSN终端身份认证所使用 的鉴权信息、 WSN终端能加入的无线传感器网络的设置信息;
所述无线传感网管理平台从所述 WSN终端信息存储单元获得 WSN终 端可以加入的无线传感器网络的设置信息、 WSN终端鉴权相关信息。
优选地, 所述 WSN终端信息存储单元位于无线传感网管理平台中、 或 者业务平台中, 或者所述电信网络中的其它网络单元实体。
一种结合网络, 包括无线传感器网络 WSN和电信网络, 所述无线传感 器网络中设有 WSN终端和网关;所述电信网络中设有无线传感器网络管理 平台; 其中,
网关, 用于对所述 WSN 终端进行身份认证, 认证通过后, 允许所述 WSN终端加入到所述无线传感器网络;
所述 WSN终端加入所述无线传感器网络。
优选地, 所述网关对所述 WSN终端进行身份认证通过后, 将所请求的 无线传感器网络的网络配置参数发送给所述 WSN终端;
WSN终端根据所述网络配置参数加入相应的无线传感器网络。
优选地,所述网关接收到所述 WSN终端的加入无线传感器网络的请求 后, 所述网关通知所述无线传感器网络管理平台有新 WSN终端加入, 并携 带所述 WSN终端的标识信息;
所述无线传感器网络管理平台将所述 WSN 终端鉴权相关信息发送给 所述网关。
优选地, 所述 WSN终端中设有身份标识模块, 所述网关通过所述身份 标识模块中的信息识别 WSN终端, 对 WSN终端进行身份认证。
优选地,所述管理平台或业务平台中设置 WSN终端能加入的无线传感 器网络的设置信息。
优选地,所述网关接收到所述 WSN终端的加入无线传感器网络的请求 后, 通知所述无线传感器网络管理平台有新 WSN 终端加入, 并携带所述 WSN终端的标识信息及所请求的无线传感器网络的标识信息;
所述无线传感器网络管理平台获得所述 WSN 终端能加入的无线传感 器网络的设置信息并根据该信息确定是否允许所述 WSN 终端加入所请求 加入的无线传感器网络,并在允许时将所述 WSN终端鉴权相关信息发送给 所述网关。
优选地,所述网关接收到所述 WSN终端的加入无线传感器网络的请求 后, 通知所述无线传感器网络管理平台有新 WSN 终端加入, 并携带所述 WSN终端的标识信息;
所述无线传感器网络管理平台获得所述 WSN 终端能加入的无线传感 器网络的设置信息并将该信息发送给所述网关;
所述网关确定是否允许所述 WSN 终端加入所请求加入的无线传感器 网络,并在允许时从所述无线传感器网络管理平台获取所述 WSN终端鉴权 相关信息。
优选地, 所述电信网络中设置有 WSN 终端信息存储单元, 用于存储 WSN终端的信息, 包括 WSN终端的标识信息、 WSN终端身份认证所使用 的鉴权信息、 WSN终端能加入的无线传感器网络的设置信息;
所述无线传感网管理平台从所述 WSN终端信息存储单元获得 WSN终 端可以加入的无线传感器网络的设置信息、 WSN终端鉴权相关信息。
优选地, 所述 WSN终端信息存储单元位于无线传感网管理平台中、 或 者业务平台中, 或者所述电信网络中的其它网络单元实体。
本发明中, 通过将无线传感器网络和电信网络进行结合, 大大拓展了 无线传感器网络的应用功能, 并且, 通过在结合网络中设置对无线传感器 网络中的网络节点进行管理的无线传感器网络管理平台和无线传感器网络 业务客户端, 实现了对 WSN终端的认证加入, 不会导致非法 WSN终端加 入到无线传感器网络, 从而很好地保证了网络安全。 附图说明
图 1为本发明结合网络结构的示意图;
图 2为本发明第一种 WSN终端加入网络的方法的流程图;
图 3为本发明第二种 WSN终端加入网络的方法的流程图;
图 4为本发明第三种 WSN终端加入网络的方法的流程图。 具体实施方式
本发明的基本思想是: 通过将无线传感器网络和电信网络进行结合, 大大拓展了无线传感器网络的应用功能, 并且, 通过在结合网络中设置对 无线传感器网络中的网络节点进行管理的无线传感器网络管理平台和无线
传感器网络业务客户端, 实现了对 WSN 终端的认证加入, 不会导致非法 WSN终端加入到无线传感器网络, 从而很好地保证了网络安全。
为使本发明的目的、 技术方案和优点更加清楚明白, 以下举实施例并 参照附图, 对本发明进一步详细说明。
本发明中, 无线传感器网络是由一组传感器节点设备以自组织方式组 成的无线网络, 传感器节点设备间以近距离无线通信技术进行通信。 无线 传感器网络通常部署在几米至几百米的区域范围内, 其中传感器节点设备 通常是由电池供电, 具有较低的功耗和成本。 近距离通信技术一般釆用 Zigbee和 IEEE 802.15.4技术。
本发明中, 无线传感器网络与电信网络结合, 是指将无线传感器网络 与电信网络相连接, 利用电信网络对无线传感器网络及其提供的业务进行 监控、 管理及完成业务的承载与合作实施, 并通过电信网络扩展无线传感 器网络所提供的业务。 电信网络包括移动通信网络、 xDSL、 FTTx、 卫星通 信等多种通信网络。
本发明中, 无线传感器网络由 WSN终端和网关设备组成, WSN终端 和网关可以按照无线传感器网络的有关技术标准组建, 可用于组建无线传 感器网络的近距离通信技术包括 Zigbee技术、 IEEE 802.15.4标准等。 无线 传感器网络通过网关连接到电信网络, 和电信网络中的无线传感器网络管 理平台等建立通信。
图 1为本发明结合网络结构的示意图, 如图 1所示, 本发明的结合网 络包括无线传感器网络和电信网络,所述无线传感器网络中设有 WSN终端 和网关; 所述电信网络中设有无线传感器网络管理平台; 其中:
网关, 用于对所述 WSN 终端进行身份认证, 认证通过后, 允许所述 WSN终端加入到所述无线传感器网络;
所述 WSN终端加入所述无线传感器网络。
进一步地, 所述网关对所述 WSN终端进行身份认证通过后, 将所请求 的无线传感器网络的网络配置参数发送给所述 WSN终端;
WSN终端根据所述网络配置参数加入相应的无线传感器网络。
所述网关接收到所述 WSN终端的加入无线传感器网络的请求后,所述 网关通知所述无线传感器网络管理平台有新 WSN 终端加入, 并携带所述 WSN终端的标识信息;
所述无线传感器网络管理平台将所述 WSN 终端鉴权相关信息发送给 所述网关。
所述 WSN终端中设有身份标识模块,所述网关通过所述身份标识模块 中的信息识别 WSN终端, 对 WSN终端进行身份认证。
所述管理平台或业务平台中设置 WSN 终端能加入的无线传感器网络 的设置信息。
所述网关接收到所述 WSN终端的加入无线传感器网络的请求后,通知 所述无线传感器网络管理平台有新 WSN终端加入, 并携带所述 WSN终端 的标识信息及所请求的无线传感器网络的标识信息;
所述无线传感器网络管理平台获得所述 WSN 终端能加入的无线传感 器网络的设置信息并根据该信息确定是否允许所述 WSN 终端加入所请求 加入的无线传感器网络,并在允许时将所述 WSN终端鉴权相关信息发送给 所述网关。
所述网关接收到所述 WSN终端的加入无线传感器网络的请求后,通知 所述无线传感器网络管理平台有新 WSN终端加入, 并携带所述 WSN终端 的标识信息;
所述无线传感器网络管理平台获得所述 WSN 终端能加入的无线传感 器网络的设置信息并将该信息发送给所述网关;
所述网关确定是否允许所述 WSN 终端加入所请求加入的无线传感器
网络,并在允许时从所述无线传感器网络管理平台获取所述 WSN终端鉴权 相关信息。
所述电信网络中设置有 WSN终端信息存储单元, 用于存储 WSN终端 的信息, 包括 WSN终端的标识信息、 WSN终端身份认证所使用的鉴权信 息、 WSN终端能加入的无线传感器网络的设置信息;
所述无线传感网管理平台从所述 WSN终端信息存储单元获得 WSN终 端可以加入的无线传感器网络的设置信息、 WSN终端鉴权相关信息。
上述 WSN终端信息存储单元位于无线传感网管理平台中、或者业务平 台中, 或者所述电信网络中的其它网络单元实体。
其中, 所述网关为所述 WSN终端确定身份认证随机数, 并将所述身份 认证随机数发送给所述 WSN终端;
所述 WSN 终端根据所述身份认证随机数及预定的加密算法计算身份 认证密钥, 并发送给所述网关;
所述网关确定所述身份认证密钥匹配时所述 WSN终端身份认证通过, 不匹配时身份认证未通过。
其中, 所述网络配置参数包括: 认证密钥和所述 WSN终端待加入无线 传感器网络的网关地址;
所述 WSN终端利用所述网络配置参数加入所请求的无线传感器网络, 为:
所述 WSN终端向所述网关发送加入请求,所述加入请求中包含所述认 证密钥;
所述网关根据所述认证密钥对所述 WSN终端进行认证,认证通过后允 许加入所述网关。
其中, 所述认证密钥包含主认证密钥、 链接密钥和网络密钥; 所述无 线传感器网络中还包括设置于所述 WSN终端与所述网关之间的路由节点,
所述 WSN终端通过路由节点向所述网关发送加入请求; 其中, 所述主认证 密钥用于所述网关对所述 WSN 终端的加入认证; 所述链接密钥用于所述 WSN终端与路由节点之间的加入认证, 以及路由节点之间的加入认证。
其中, 所述无线传感器网络管理平台还用于定期更新所述主认证密钥、 链接密钥和网络密钥,并对应通知给所述网关、所述 WSN终端及路由节点。
上述无线传感器网络可以釆用 Zigbee技术进行组网, 也可以釆用其它 的通信技术进行组网。
本发明中, 无线传感器网络是由一组传感器节点设备以自组织方式组 成的无线网络, 传感器节点设备间以近距离无线通信技术进行通信。 无线 传感器网络通常部署在几米至几百米的区域范围内, 其中传感器节点设备 通常是由电池供电, 具有较低的功耗和成本。 近距离通信技术一般釆用 Zigbee和 IEEE 802.15.4技术。
本发明中, 无线传感器网络与电信网络结合, 是指将无线传感器网络 与电信网络相连接, 利用电信网络对无线传感器网络及其提供的业务进行 监控、 管理及完成业务的承载与合作实施, 并通过电信网络扩展无线传感 器网络所提供的业务。 电信网络包括移动通信网络、 xDSL、 FTTx、 卫星通 信等多种通信网络。
本发明中, 为了实现无线传感器网络和电信网络的连接, 无线传感器 网络通过网关接入电信网络并经由电信网络与业务平台、 无线传感器网络 管理平台和电信网络中的其他网络单元实体相连。 WSN终端通过网关设备 连接至电信网平台。 WSN终端设备为构成无线传感器网络的传感器节点, 通过一跳或多跳与网关连接。 WSN终端设备负责釆集并上传数据, 以及接 收并执行命令。 组成 WSN的设备少则几个多则几百个,设备间可根据需要 以星形、 树形或 MESH方式组网, 其中某些设备或具有较强的组网和数据 转发能力。 WSN终端为延伸网的最末端。
本发明中, 网关负责连接无线传感器网络和电信网络, 主要完成协议 转换、 地址映射和数据转发等功能, 也可以集成安全和计费等功能。 网关 可以支持的功能可以包括: 支持传感器网络内部数据协同和汇聚; 支持以
2G移动通信、 3G移动通信、 xDSL、 FTTx、 宽带无线接入、 卫星 /微波等远 距离通信接入方式的一种或多种, 将汇聚的数据传输到通信对端; 支持业 务平台和远程管理服务器对 WSN网关的设备认证和用户认证;支持业务平 台和远程管理服务器对 WSN网关的参数和软件配置;支持用户认证和业务 安全、 设备管理安全机制。
业务平台是电信网络中运行和管理与无线传感器网络相结合的业务的 功能实体, 负责整合各个服务提供商提供的业务, 并将其提供给终端用户, 同时对用户使用业务的情况进行管理。 业务平台会根据不同业务的需要, 协同电信网络中其他功能实体完成整个业务流程, 例如认证授权计费 ( AAA , Authentication Authorization and Accounting )月良务器。 业务平台还 可能与远程服务器连接, 直接对业务进行更新。
无线传感器网络管理平台是对无线传感器网络实施管理功能的实体, 由远程管理服务器组成。 远程管理服务器通过电信网络对无线传感器网络 实施基本的管理功能。
本发明中, WSN终端中具有可以被 WSN终端认证网络单元实体所识 别的身份标识模块,通过该身份标识模块可以识别 WSN终端并对无线传感 器网络设备进行认证。 无线传感器网络的网关负责对 WSN终端进行认证。
身份标识模块可以包括设备的标识、 终端认证所使用的密钥和其他信 息等。 该身份标识模块可以由无线传感器网络设备提供商写入 WSN终端, 该身份标识模块中的信息也由负责保存 WSN 终端身份标识模块的网络实 体单元进行保存, 该网络实体单元可以是无线传感器网络管理平台或者业 务平台, 也可以电信网络中的其他网络单元实体, 例如移动通信网络中的
归属位置寄存器( HLR, Home Location Register ) /归属用户服务器( HSS, Home Subscriber Server )服务器。 身份标识模块在 WSN终端上安全保存, 釆取加密存储的方式, 其中的机密信息如密钥等不能被外界读取或者只有 经过安全认证后才可以读取 WSN终端中的身份标识模块。
本发明中,只有经过认证的 WSN终端才可以加入到无线传感器网络并 成为无线传感器网络的一个节点。 网关执行对 WSN终端的认证, 终端认证 时所需要的 WSN终端的身份标识模块可以由网关从网络侧负责保存 WSN 终端身份标识模块的网络单元实体获得。
WSN终端设备在加入无线传感器网络时, 首先由网关对 WSN终端进 行认证, 认证通过后, WSN终端可以加入到无线传感器网络; 如果认证失 败, 该 WSN终端则不能加入到无线传感器网络。
进行 WSN终端的认证时, WSN终端和网关建立连接; WSN终端认证 中使用 WSN终端的身份标识模块。
WSN终端在和网关进行认证时, 可以使用无线传感器网络的身份标识 模块建立 WSN终端和网关之间的安全连接, WSN终端认证通过后可以把 加入到无线传感器网络所需要的网络配置参数安全发送给该 WSN 终端, WSN终端通过该网络配置参数加入到无线传感器网络。 而对于没有通过认 证的 WSN终端由于不能获得无线传感器网络配置参数,则不能加入到无线 传感器网络。 本发明中, 无线传感器网络的网络配置参数为 WSN终端加入 无线传感器网络时需要的和无线传感器网络相关的网络配置参数, 可以包 括但不局限于网关地址, 对 WSN终端进行验证所需要的密钥等信息。 不具 备无线传感器网络配置参数的 WSN终端不能加入无线传感器网络。
本发明中, 当 WSN终端认证通过后, 可以由网关提供加入到无线传感 器网络的网络配置参数并发送给 WSN终端。 网关可以釆用网关和 WSN终 端之间的安全连接的有关密钥对网络配置参数进行加密, 然后将加密后的
网络配置参数发送给 WSN终端。
本发明中, WSN 终端认证通过后, 无线传感器网络管理平台可以将 WSN终端的信息发送给业务平台, 由业务平台配置该 WSN终端的有关业 务参数并启用 WSN终端执行的业务。
本发明中, WSN终端离开无线传感器网络时, 网关通知无线传感器网 络管理平台,无线传感器网络管理平台记录该 WSN终端的状态并通知业务 平台, 业务平台停止该 WSN终端所执行的业务。
本发明中,无线传感器网络管理平台或者业务平台可以设置 WSN终端 可以加入的无线传感器网络, 从而实现对 WSN 终端的使用区域的限制。 WSN终端申请加入无线传感器网络时, 无线传感器网络管理平台或者业务 平台可以根据 WSN终端可以加入的无线传感器网络的设置信息,判断 WSN 终端当前申请加入的无线传感器网络是否为允许加入的无线传感器网络。 如果当前申请加入的无线传感器网络不是允许加入的无线传感器网络, 则 拒绝该 WSN终端加入该无线传感器网络。无线传感器网络管理平台或者业 务平台可以为 WSN终端设置 WSN终端允许加入的无线传感器网络, 设置 信息可以是 WSN终端可以加入的无线传感器网络的网络标识,通过无线传 感器网络的网络标识来确定 WSN终端可以加入的无线传感器网络。通过这 种方法, 无线传感器网络管理平台可以设置 WSN终端使用的区域, 优化了 WSN终端的管理。
另外, 本发明中实现对 WSN 终端可以加入的无线传感器网络的限制 时, 也可以由网关判断无线传感器网络申请加入的无线传感器网络是否为 允许加入的无线传感器网络。 WSN终端申请加入无线传感器网络时, 网关 从无线传感器网络管理平台或者业务平台获得 WSN 终端可以加入的无线 传感器网络的设置信息,判断 WSN终端当前申请加入的无线传感器网络是 否为允许加入的无线传感器网络。 如果当前申请加入的无线传感器网络不
是允许加入的无线传感器网络, 则拒绝该 WSN 终端加入该无线传感器网 络。
本发明中, 描述通过 Zigbee技术组建无线传感器网络和对 WSN终端 的管理方法。
ZigBee是一种新兴的短距离、 低速率、 低成本、 低功耗的无线网络技 术。 它釆用直接序列扩频( DSSS , Direct Sequence Spread Spectrum )技术, 工作频率为 868MHz、 915MHz或 2.4GHz, 都是无须申请执照的频率。 基 于 ZigBee技术配置无线个域网络是近年来近距离无线通信技术的一种新发 展, 在工业自动化领域以及智能家居领域获得了越来越广泛的应用。
ZigBee网络中有 3种类型的节点: ZigBee协调点、 ZigBee路由节点和
ZigBee终端节点。
1. ZigBee协调点
ZigBee协调点在 IEEE 802.15.4中也称为个域网 (PAN, Personal Area Network )协调点 (ZC , ZigBee Coordinator ), 在无线传感器网络中可以作 为汇聚节点。 ZigBee协调点必须是全功能设备( FFD , Full Function Device ), 一个 ZigBee网络只有一个 ZigBee协调点,往往比网络中其他节点的功能更 强大, 是整个网络的主控节点。 它负责发起建立新的网络、 设定网络参数、 管理网络中的节点以及存储网络中节点信息等, 网络形成后也可以执行路 由器的功能。 ZigBee协调点是 3种类型 ZigBee节点最为复杂的一种, 一般 由交流电源持续供电。
2. ZigBee路由节点
ZigBee路由节点 ( ZR, ZigBee Router )也必须是全功能设备。 ZigBee 路由节点可以参与路由发现、 消息转发, 通过连接别的节点来扩展网络的 覆盖范围等。 此外, ZigBee路由节点还可以在它的个人操作空间 (POS, Personal Operating Space ) 中充当普通协调点( IEEE 802.15.4称为协调点)。
普通协调点与 ZigBee协调点不同, 它仍然受 ZigBee协调点的控制。
3. ZigBee终端节点
ZigBee终端节点 (ZE, ZigBee EndDevice ) 可以是全功能设备或者精 简功能设备 ( RFD , Reduced-Function Device ) , 它通过 ZigBee协凋点或者 ZigBee 路由节点连接到网络, 但不允许其他任何节点通过它加入网络, ZigBee终端节点能够以非常低的功率运行。
本发明中, 网关作为 Zigbee网络中的 Zigbee协调点, 负责无线传感 器网络的组建。 WSN终端可以作为 Zigbee路由节点或者 Zigbee终端节点 加入无线传感器网络。 网关和 WSN终端需要支持 Zigbee通信技术。
另外, 为了实现 Zigbee网络的安全, 需要对无线传感器网络中的通信 进行加密, Zigbee网络中的加密运算釆用先进加密标准算法( AES , Advanced Encryption Standard ), 釆用的对称密钥长度为 128位。 Zigbee网络中使用的 密钥主要包括:
主密钥(Master key ): 该密钥是执行对称钥密钥建立协议过程中使用 的一个共享密钥。 主密钥是两个设备之间长期安全的基础, 并可用于生成 链接密钥。
链接密钥 ( Link key ) : 在一个 PAN网中, 是两个设备之间共享的密 钥, 用于两个设备之间的安全通信。
网络密钥( Network key ): 该密钥为一个 PAN网络中共享的密钥, 用 于广播通信的安全。
为实现 Zigbee网络的安全和密钥的管理等, Zigbee网络中存在信任中 心。 信任中心是在网络中分配安全钥匙的一种令人信任的设备, 它允许设 备加入网络, 并分配密钥, 因而确保设备之间端到端的安全性。 在釆用安 全机制的网络中, 网络协调者可成为信任中心。 信任中心提供三种功能: ( 1 ) 信任管理。 任务是负责对加入网络的设备验证。
( 2 ) 网络管理。 任务是负责获取和分配网络钥匙给设备。
( 3 ) 配置管理。 任务是对其管理的设备绑定应用程序, 在两设备之 间实现端到端的安全传输。
为了实现信任管理, 设备需要接收信任中心接收初始主密钥。
为了实现网络管理的目的, 设备应接收初始的网络密钥, 并且只能从 信任中心获得网络密钥的更新。
为实现网络配置, 设备需要从信任中心接收主密钥或链路密钥, 以建 立两个设备间的端对端安全链路。
除了初始的主密钥, 附加的链路密钥、 主密钥、 网络密钥只能够釆用 安全的方式从信任中心获得。 信任中心应当根据某一策略周期性地更新网 络密钥, 并将新的网络密钥传送给每个设备。
本发明中, 由网关作为信任中心进行网络的安全管理。 在 Zigbee网络 中,一个 WSN终端通过认证后,从网关获得实现安全通信的网络配置参数, 网络配置参数可以包括网络地址、 初始主密钥和网络密钥等, WSN终端使 用网络配置参数加入无线传感器网络并实现安全通信。
本发明中, 网关和电信网中的无线传感器网络管理平台和其他网络单 元实体之间可以通过网关的身份标识实现对网关的身份认证和安全通信。
本发明中, 通过无线传感器网络的网络标识识别某个无线传感器网络。 网关创建无线传感器网络后, 可以由网关或者由无线传感器网络管理平台 确定该无线传感器网络的网络标识, 无线传感器网络管理平台中记录无线 传感器网络的包括网络标识在内的有关信息。 无线传感器网络管理平台和 电信网络中的其他网络单元实体在与网关进行通信时可以获得该无线传感 器网络的网络标识。
本发明中, 为实现 WSN终端加入无线传感器网络时的安全认证, 需要 在 WSN终端中内置终端的身份标识模块。身份标识模块中可以包括终端的
识别号、 用于认证的密钥、 密钥的长度和釆用的算法等网络配置参数。 终 端的身份标识模块可以由 WSN终端生产商在生产 WSN终端时通过安全的 方式写入到 WSN终端, WSN终端生产商在交付 WSN终端时,也要把 WSN 终端的身份标识模块中的信息通过安全的方式提供给无线传感器网络管理 平台, 由无线传感器网络管理平台保存 WSN 终端的身份标识模块中的信 息, 身份标识模块中的信息也可以由电信网络中的其它网络单元实体保存, 例如电信网络中的 HLR/HSS服务器。 负责 WSN终端认证的网关可以从负 责保存 WSN 终端的身份标识模块的网络单元实体通过安全的方式获得 WSN终端的身份标识模块中的信息。
本发明中, 对于 WSN终端的身份标识模块中的识别号, 可以釆用与国 际移动设备身份码 ( IMEI, International Mobile Equipment Identity )类似的 格式对 WSN终端进行标识。 考虑到 WSN终端在计算能力上的限制, WSN 终端身份标识模块中的密钥可以釆用长度为 128位 AES对称密钥, 适当降 低对 WSN终端计算能力的要求。通过身份标识模块中的密钥对终端进行身 份认证并基于该密钥建立 WSN终端和网关之间的安全通信。
下面描述釆用 Zigbee技术组建的无线传感器网络中 WSN终端加入无 线传感器网络的过程, 在本实例中, WSN终端的身份标识模块由无线传感 器网络管理平台保存。
图 2为本发明第一种 WSN终端加入网络的方法的流程图,如图 2所示, 本示例 WSN终端加入网络的方法包括以下步骤:
步骤 201 , WSN终端确定要加入的无线传感器网络, 并向无线传感器 网络发送加入无线传感器网络请求。
WSN终端可以先在设定的信道上进行网络扫描, 确定要加入的无线传 感器网络。 网络扫描可以通过在信道上发送信标请求 ( Beacon Request )帧, 在这个信道上的无线传感器网络中的设备收到 Beacon Request后, 如果允
许有新的 WSN终端加入该无线传感器网络,将会回应 Beacon帧 , 该 Beacon 帧包含了发送该帧的设备的地址信息, 以及是否允许其他设备以其子节点 的方式加入。 WSN终端将收到的信标(Beacon )帧的信息保存在自身的关 联表 ( neighbor table ) 中。
WSN 终端在关联表中选择合适的父节点, 并向父节点发送关联请求 ( Association Request ) 帧请求加入无线传感器网络。 处于无线传感器网络 的父节点设备收到加入无线传感器网络的请求后, 通知无线传感器网络的 网关有新的无线传感器网络设备请求加入无线传感器网络, 网关获得请求 加入无线传感器网络的 WSN终端的设备信息,其中包括无线传感器网络设 备的标识。
步骤 202, 网关通知无线传感器网络管理平台有新的 WSN终端请求加 入无线传感器网络, 将 WSN终端的信息发送给无线传感器网络管理平台, 网关从无线传感器网络管理平台获得该 WSN终端的身份标识模块。
步骤 203 , 网关与 WSN终端之间进行身份验证。
网关向 WSN终端发送鉴权请求, 鉴权请求中包含一个随机数; WSN 终端收到鉴权请求后, 可以使用该随机数和终端身份标识模块中的密钥进 行运算, 将该结果通过鉴权响应发送给网关; 网关收到鉴权响应后, 使用 从无线传感器网络管理平台获得的 WSN 终端的密钥和同样的随机数进行 运算, 然后将运算结果和 WSN终端的运算结果进行比较; 如果运算结果相 同, 则该 WSN终端认证通过, 进行步骤 204的操作; 如果运算结果不同, 则该 WSN终端认证不通过, 进行步骤 205的操作。
在本步骤中, 除了可以进行网关对 WSN 终端的认证外, 也可以进行 WSN终端对网关的认证, 确认网关的身份的真实性; 认证网关的方法与认 证 WSN终端的方法类似, WSN终端可以向网关发送认证请求, 认证请求 中包含一个随机数; 网关收到该认证请求后, 使用自身掌握的 WSN终端的
密钥和认证请求中的随机数进行运算, 然后将运算结果通过认证响应消息 发送给 WSN终端; WSN终端使用 WSN终端的密钥和同样的随机数进行 运算并将运算结果同网关运算的结果进行比较; 如果两者相同, 可以确定 网关的真实性, 反之, 该网关不是正确的网关设备。
步骤 204, WSN终端认证通过后, 可以在 WSN终端和网关之间协商 进行安全通信所需要的对话密钥。 然后进行步骤 206中的操作。
密钥的协商可以使用现有的基于对称密钥的密钥建立协议。 密钥建立 协议涉及下面三个步骤: 交换临时数据, 使用该临时数据生成对话密钥, 确认该密钥正确的计算。
步骤 205 , WSN终端认证不通过, 网关拒绝该 WSN终端加入无线传 感器网络。
步骤 206,网关将加入该无线传感器网络所需要的网路网络配置参数发 送给 WSN终端。
网络配置参数包括该 WSN终端在无线传感器网络中的网络地址、网 络密钥和主密钥等。 为了实现安全传输, 网关可以釆用对话密钥对网络配 置参数进行加密, 然后发送给 WSN终端。
步骤 207, WSN终端使用网络配置参数加入到无线传感器网络。
WSN终端接收到网络配置参数后,和网关进行通信协商确定链接密钥, 网关在节点管理表中添加该 WSN终端的信息, WSN终端的父节点设备在 自身的相邻表中保存该 WSN终端的信息, WSN终端在自身的相邻表中保 存父节点和网关的信息。 至此, WSN终端成功加入无线传感器网络, 成为 无线传感器网络中的一个节点设备, 可以启用 WSN终端的传感功能, 并将 传感数据通过网关上报到无线传感器网络业务平台。
步骤 208, 网关通知无线传感器网络管理平台 WSN终端已经加入无线 传感器网络。
无线传感器网络管理平台可以记录 WSN终端的有关信息, 并将 WSN 终端的信息发送给业务平台, 业务平台配置和 WSN终端的有关数据, 启用 WSN终端所支持的业务。
本发明中为了实现对 WSN终端可以加入的无线传感器网络的管理,在 无线传感器网络管理平台可以预先设置 WSN 终端设备可以加入的某个或 某些无线传感器网络, WSN终端只能加入这些预设置的无线传感器网络, 不能加入其他无线传感器网络。 每个无线传感器网络在创建后都具备唯一 的网络标识 ,无线传感器网络管理平台可以通过网路标识设置某个 WSN终 端允许加入的无线传感器网络。限制 WSN终端可以加入的无线传感器网络 时,可以由无线传感器网络管理平台或者由网关判断 WSN终端申请加入的 无线传感器网络是否为允许的无线传感器网络。
图 3为本发明第二种 WSN终端加入网络的方法的流程图,如图 3所示, 在由无线传感器网络管理平台判断是否允许 WSN 终端加入无线传感器网 络时, WSN终端加入无线传感器网络的过程为:
步骤 301 , WSN终端确定要加入的无线传感器网络, 并向无线传感器 网络发送加入无线传感器网络请求。
WSN终端可以先在设定的信道上进行网络扫描, 确定要加入的无线传 感器网络。 网络扫描可以通过在信道上发送 Beacon Request帧, 在这个信 道上的无线传感器网络中的设备收到 Beacon Request后, 如果允许有新的 WSN终端加入无线传感器网络, 将会回应 Beacon帧, 该 Beacon帧包含了 发送该帧的设备的地址信息, 以及是否允许其他设备以其子节点的方式加 入。 WSN 终端将收到的 Beacon 帧的信息保存在自身的关联表(neighbor table ) 中。
WSN 终端在关联表中选择合适的父节点, 并向父节点发送关联请求 ( Association Request ) 帧请求加入无线传感器网络。 处于无线传感器网络
的父节点设备收到加入无线传感器网络的请求后, 通知无线传感器网络的 网关有新的无线传感器网络设备请求加入无线传感器网络, 网关获得请求 加入无线传感器网络的 WSN终端的设备信息,其中包括无线传感器网络设 备的标识。
步骤 302, 网关通知无线传感器网络管理平台有新的 WSN终端请求加 入无线传感器网络, 将 WSN终端的信息发送给无线传感器网络管理平台。
步骤 303 , 无线传感器网络管理平台通过网关获得 WSN终端准备加入 的无线传感器网络的网络标识, 并和无线传感器网络管理平台中设置的该 WSN终端可以加入的无线传感器网络进行比较, 判断 WSN终端准备加入 的无线传感器网络是否为允许加入的无线传感器网络。 如果是允许加入的 无线传感器网络,无线传感器网络管理平台将 WSN终端身份认证所需要的 WSN终端的身份标识模块中的信息发送给网关,继续执行步骤 304的操作; 如果不是允许加入的无线传感器网络, 则进行步骤 305中的操作。
步骤 304, 网关与 WSN终端之间进行身份验证。
网关向 WSN终端发送鉴权请求, 鉴权请求中包含一个随机数; WSN 终端收到鉴权请求后, 可以使用该随机数和终端身份标识模块中的密钥进 行运算, 将该结果通过鉴权响应发送给网关; 网关收到鉴权响应后, 使用 从无线传感器网络管理平台获得的 WSN 终端的密钥和同样的随机数进行 运算, 然后将运算结果和 WSN终端的运算结果进行比较; 如果运算结果相 同, 则该 WSN终端认证通过, 进行步骤 306的操作; 如果运算结果不同, 则该 WSN终端认证不通过, 进行步骤 307的操作。
在本步骤中, 除了可以进行网关对 WSN 终端的认证外, 也可以进行 WSN终端对网关的认证, 确认网关的身份的真实性; 认证网关的方法与认 证 WSN终端的方法类似, WSN终端可以向网关发送认证请求, 认证请求 中包含一个随机数; 网关收到该认证请求后, 使用自身掌握的 WSN终端的
密钥和认证请求中的随机数进行运算, 然后将运算结果通过认证响应消息 发送给 WSN终端; WSN终端使用 WSN终端的密钥和同样的随机数进行 运算并将运算结果同网关运算的结果进行比较; 如果两者相同, 可以确定 网关的真实性, 反之, 该网关不是正确的网关设备。
步骤 305, WSN终端申请加入的无线传感器网络是不允许加入的网络, 无线传感器网络管理平台通知网关不允许该 WSN 终端加入无线传感器网 络, 网关拒绝该 WSN终端加入该无线传感器网络。
步骤 306, WSN终端认证通过后, 可以在 WSN终端和网关之间协商 进行安全通信所需要的对话密钥。 然后进行步骤 308中的操作。
密钥的协商可以使用现有的基于对称密钥的密钥建立协议。 密钥建立 协议涉及下面三个步骤: 交换临时数据, 使用该临时数据生成对话密钥, 确认该密钥正确的计算。
步骤 307, WSN终端认证不通过, 网关拒绝该 WSN终端加入无线传 感器网络。
步骤 308,网关将加入该无线传感器网络所需要的网路网络配置参数发 送给 WSN终端。
网络配置参数包括该 WSN终端在无线传感器网络中的网络地址、网络 密钥和主密钥等。 为了实现安全传输, 网关可以釆用对话密钥对网络配置 参数进行加密, 然后发送给 WSN终端。
步骤 309, WSN终端使用网络配置参数加入到无线传感器网络。
WSN终端接收到网络配置参数后,和网关进行通信协商确定链接密钥, 网关在节点管理表中添加该 WSN终端的信息, WSN终端的父节点设备在 自身的相邻表中保存该 WSN终端的信息, WSN终端在自身的相邻表中保 存父节点和网关的信息。 至此, WSN终端成功加入无线传感器网络, 成为 无线传感器网络中的一个节点设备, 可以启用 WSN终端的传感功能, 并将
传感数据通过网关上报到无线传感器网络业务平台。
步骤 3010, 网关通知无线传感器网络管理平台 WSN终端已经加入无 线传感器网络。
无线传感器网络管理平台可以记录 WSN终端的有关信息, 并将 WSN 终端的信息发送给业务平台, 业务平台配置和 WSN终端的有关数据, 启用 WSN终端所支持的业务。
图 4为本发明第三种 WSN终端加入网络的方法的流程图,如图 4所示, 在由网关判断是否允许 WSN终端加入无线传感器网络时, WSN终端加入 无线传感器网络的过程为:
步骤 401 , WSN终端确定要加入的无线传感器网络, 并向无线传感器 网络发送加入无线传感器网络请求。
WSN终端可以先在设定的信道上进行网络扫描, 确定要加入的无线传 感器网络。 网络扫描可以通过在信道上发送信标请求 ( Beacon Request )帧, 在这个信道上的无线传感器网络中的设备收到 Beacon Request后, 如果允 许有新的 WSN终端加入无线传感器网络, 将会回应信标(Beacon )帧, 该 Beacon帧包含了发送该帧的设备的地址信息, 以及是否允许其他设备以其 子节点的方式加入。 WSN终端将收到的 Beacon帧的信息保存在自身的关 联表 ( neighbor table ) 中。
WSN终端在关联表中选择合适的父节点, 并向父节点发送 Association Request帧请求加入无线传感器网络。 处于无线传感器网络的父节点设备收 到加入无线传感器网络的请求后, 通知无线传感器网络的网关有新的无线 传感器网络设备请求加入无线传感器网络, 网关获得请求加入无线传感器 网络的 WSN终端的设备信息, 其中包括无线传感器网络设备的标识。
步骤 402, 网关通知无线传感器网络管理平台有新的 WSN终端请求加 入无线传感器网络, 将 WSN终端的信息发送给无线传感器网络管理平台,
网关从无线传感器网络管理平台获得该 WSN 终端的允许加入的无线传感 器网络的设置信息。
步骤 403 , 网关判断 WSN终端准备加入的无线传感器网络是否为允许 加入的无线传感器网络。 如果是允许加入的无线传感器网络, 则进行步骤 404的操作; 如果不是允许加入的无线传感器网络, 则进行步骤 405中的操 作。 网关可以在查询该 WSN 终端的允许加入的无线传感器网络的设置信 息,判断允许加入的无线传感器网络中是否包括该 WSN终端申请加入的无 线传感器网络; 如果包括, 则是允许加入的无线传感器网络, 反之, 则不 是允许加入的网络。
步骤 404, 网关从无线传感器网络管理平台获得 WSN终端的身份标识 模块中的信息, 网关与 WSN终端之间进行身份验证。
网关向 WSN终端发送鉴权请求, 鉴权请求中包含一个随机数; WSN 终端收到鉴权请求后, 可以使用该随机数和终端身份标识模块中的密钥进 行运算, 将该结果通过鉴权响应发送给网关; 网关收到鉴权响应后, 使用 从无线传感器网络管理平台获得的 WSN 终端的密钥和同样的随机数进行 运算, 然后将运算结果和 WSN终端的运算结果进行比较; 如果运算结果相 同, 则该 WSN终端认证通过, 进行步骤 405的操作; 如果运算结果不同, 则该 WSN终端认证不通过, 进行步骤 407的操作。
在本步骤中, 除了可以进行网关对 WSN 终端的认证外, 也可以进行 WSN终端对网关的认证, 确认网关的身份的真实性; 认证网关的方法与认 证 WSN终端的方法类似, WSN终端可以向网关发送认证请求, 认证请求 中包含一个随机数; 网关收到该认证请求后, 使用自身掌握的 WSN终端的 密钥和认证请求中的随机数进行运算, 然后将运算结果通过认证响应消息 发送给 WSN终端; WSN终端使用 WSN终端的密钥和同样的随机数进行 运算并将运算结果同网关运算的结果进行比较; 如果两者相同, 可以确定
网关的真实性, 反之, 该网关不是正确的网关设备。
步骤 405, WSN终端申请加入的无线传感器网络是不允许加入的网络, 无线传感器网络管理平台通知网关不允许该 WSN 终端加入无线传感器网 络, 网关拒绝该 WSN终端加入该无线传感器网络。
步骤 406, WSN终端认证通过后, 可以在 WSN终端和网关之间协商 进行安全通信所需要的对话密钥。 然后进行步骤 408中的操作。
密钥的协商可以使用现有的基于对称密钥的密钥建立协议。 密钥建立 协议涉及下面三个步骤: 交换临时数据, 使用该临时数据生成对话密钥, 确认该密钥正确的计算。
步骤 407, WSN终端认证不通过, 网关拒绝该 WSN终端加入无线传 感器网络。
步骤 408,网关将加入该无线传感器网络所需要的网路网络配置参数发 送给 WSN终端。
网络配置参数包括该 WSN终端在无线传感器网络中的网络地址、网络 密钥和主密钥等。 为了实现安全传输, 网关可以釆用对话密钥对网络配置 参数进行加密, 然后发送给 WSN终端。
步骤 409, WSN终端使用网络配置参数加入到无线传感器网络。
WSN终端接收到网络配置参数后,和网关进行通信协商确定链接密钥, 网关在节点管理表中添加该 WSN终端的信息, WSN终端的父节点设备在 自身的相邻表中保存该 WSN终端的信息, WSN终端在自身的相邻表中保 存父节点和网关的信息。 至此, WSN终端成功加入无线传感器网络, 成为 无线传感器网络中的一个节点设备, 可以启用 WSN终端的传感功能, 并将 传感数据通过网关上报到无线传感器网络业务平台。
步骤 4010, 网关通知无线传感器网络管理平台 WSN终端已经加入无 线传感器网络。
无线传感器网络管理平台可以记录 WSN终端的有关信息, 并将 WSN 终端的信息发送给业务平台, 业务平台配置和 WSN终端的有关数据, 启用 WSN终端所支持的业务。
本发明中, 加入无线传感器网络的终端在离开无线传感器网络时, 网 关需要发送消息通知无线传感器网络管理平台, 无线传感器网络管理平台 记录 WSN终端的状态, 并通知无线传感器网络业务平台, 业务平台停用和 该 WSN终端有关的业务。 WSN终端可以通过离开命令 ( Leave command ) 帧通知网关, 网关执行 WSN终端离开网络的有关操作, 并通知无线传感器 网络管理平台。
通过本发明提供的方法,可以在 WSN终端加入无线传感器网络时由网 关对 WSN终端进行认证, 避免未通过认证的 WSN终端加入到无线传感器 网络。 另外在 WSN终端通过认证后, 可以将加入无线传感器网络的网络配 置参数通过安全的方式发送给 WSN终端 ,从而避免无线传感器网络的网络 配置参数的泄漏, 从而可以建立安全的无线传感器网络。 另外, 通过本发 明提供的方法, 可以设置 WSN终端可以加入的无线传感器网络, 从而可以 实现对 WSN终端允许使用的区域的限制。
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。
Claims
1、 一种 WSN终端加入网络的方法, 所述网络包括无线传感器网络和 电信网络, 所述无线传感器网络中设有 WSN终端和网关; 所述电信网络中 设有无线传感器网络管理平台; 其特征在于, 所述方法包括:
所述网关对所述 WSN终端进行身份认证,认证通过后 ,允许所述 WSN 终端加入到所述无线传感器网络;
所述 WSN终端加入所述无线传感器网络。
2、 根据权利要求 1所述的方法, 其特征在于, 所述 WSN终端加入到 无线传感器网络, 具体为:
所述网关将所请求的无线传感器网络的网络配置参数发送给所述 WSN 终端;
所述 WSN终端利用所述网络配置参数加入所请求的无线传感器网络。
3、 根据权利要求 1 所述的方法, 其特征在于, 所述网关对所述 WSN 终端进行身份认证之前, 还包括:
接收到所述 WSN终端的加入无线传感器网络的请求后,所述网关通知 所述无线传感器网络管理平台有新 WSN终端加入, 并携带所述 WSN终端 的标识信息;
所述无线传感器网络管理平台将所述 WSN 终端鉴权相关信息发送给 所述网关。
4、 根据权利要求 1所述的方法, 其特征在于, 所述 WSN终端中设有 身份标识模块, 所述网关通过所述身份标识模块中的信息识别 WSN终端, 对 WSN终端进行身份认证。
5、 根据权利要求 1所述的方法, 其特征在于, 所述管理平台或业务平 台中设置 WSN终端能加入的无线传感器网络的设置信息。
6、 根据权利要求 5所述的方法, 其特征在于, 所述网关对所述 WSN 终端进行身份认证之前, 还包括:
接收到所述 WSN终端的加入无线传感器网络的请求后,所述网关通知 所述无线传感器网络管理平台有新 WSN终端加入, 并携带所述 WSN终端 的标识信息及所请求的无线传感器网络的标识信息;
所述无线传感器网络管理平台获得 WSN 终端可以加入的无线传感器 网络的设置信息并根据该信息确定是否允许所述 WSN 终端加入所请求加 入的无线传感器网络,并在允许时将所述 WSN终端鉴权相关信息发送给所 述网关。
7、 根据权利要求 5所述的方法, 其特征在于, 所述网关对所述 WSN 终端进行身份认证之前, 还包括:
接收到所述 WSN终端的加入无线传感器网络的请求后,所述网关通知 所述无线传感器网络管理平台有新 WSN终端加入, 并携带所述 WSN终端 的标识信息;
所述无线传感器网络管理平台获得 WSN 终端能加入的无线传感器网 络的设置信息并将该信息发送给所述网关;
所述网关确定是否允许所述 WSN 终端加入所请求加入的无线传感器 网络,并在允许时从所述无线传感器网络管理平台获取所述 WSN终端鉴权 相关信息。
8、 根据权利要求 5所述的方法, 其特征在于, 所述电信网络中设置有 WSN终端信息存储单元, 用于存储 WSN终端的信息, 包括 WSN终端的 标识信息、 WSN终端身份认证所使用的鉴权信息、 WSN终端能加入的无 线传感器网络的设置信息;
所述无线传感网管理平台从所述 WSN终端信息存储单元获得 WSN终 端可以加入的无线传感器网络的设置信息、 WSN终端鉴权相关信息。
9、 根据权利要求 8所述的方法, 其特征在于, 所述 WSN终端信息存 储单元位于无线传感网管理平台中、 或者业务平台中, 或者所述电信网络 中的其它网络单元实体。
10、 一种结合网络, 包括无线传感器网络 WSN和电信网络, 所述无线 传感器网络中设有 WSN终端和网关;所述电信网络中设有无线传感器网络 管理平台; 其特征在于,
网关, 用于对所述 WSN 终端进行身份认证, 认证通过后, 允许所述 WSN终端加入到所述无线传感器网络;
所述 WSN终端加入所述无线传感器网络。
11、 根据权利要求 10所述的结合网络, 其特征在于, 所述网关对所述 WSN终端进行身份认证通过后, 将所请求的无线传感器网络的网络配置参 数发送给所述 WSN终端;
WSN终端根据所述网络配置参数加入相应的无线传感器网络。
12、 根据权利要求 10所述的结合网络, 其特征在于, 所述网关接收到 所述 WSN终端的加入无线传感器网络的请求后,所述网关通知所述无线传 感器网络管理平台有新 WSN终端加入,并携带所述 WSN终端的标识信息; 所述无线传感器网络管理平台将所述 WSN 终端鉴权相关信息发送给 所述网关。
13、 根据权利要求 10所述的结合网络, 其特征在于, 所述 WSN终端 中设有身份标识模块, 所述网关通过所述身份标识模块中的信息识别 WSN 终端, 对 WSN终端进行身份认证。
14、 根据权利要求 10所述的结合网络, 其特征在于, 所述管理平台或 业务平台中设置 WSN终端能加入的无线传感器网络的设置信息。
15、 根据权利要求 14所述的结合网络, 其特征在于, 所述网关接收到 所述 WSN终端的加入无线传感器网络的请求后,通知所述无线传感器网络 管理平台有新 WSN终端加入, 并携带所述 WSN终端的标识信息及所请求 的无线传感器网络的标识信息;
所述无线传感器网络管理平台获得所述 WSN 终端能加入的无线传感 器网络的设置信息并根据该信息确定是否允许所述 WSN 终端加入所请求 加入的无线传感器网络,并在允许时将所述 WSN终端鉴权相关信息发送给 所述网关。
16、 根据权利要求 14所述的结合网络, 其特征在于, 所述网关接收到 所述 WSN终端的加入无线传感器网络的请求后,通知所述无线传感器网络 管理平台有新 WSN终端加入, 并携带所述 WSN终端的标识信息;
所述无线传感器网络管理平台获得所述 WSN 终端能加入的无线传感 器网络的设置信息并将该信息发送给所述网关;
所述网关确定是否允许所述 WSN 终端加入所请求加入的无线传感器 网络,并在允许时从所述无线传感器网络管理平台获取所述 WSN终端鉴权 相关信息。
17、 根据权利要求 14所述的结合网络, 其特征在于, 所述电信网络中 设置有 WSN终端信息存储单元, 用于存储 WSN终端的信息, 包括 WSN 终端的标识信息、 WSN终端身份认证所使用的鉴权信息、 WSN终端能加 入的无线传感器网络的设置信息;
所述无线传感网管理平台从所述 WSN终端信息存储单元获得 WSN终 端可以加入的无线传感器网络的设置信息、 WSN终端鉴权相关信息。
18、 根据权利要求 17所述的结合网络, 其特征在于, 所述 WSN终端 信息存储单元位于无线传感网管理平台中、 或者业务平台中, 或者所述电 信网络中的其它网络单元实体。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010131905.4A CN102202302B (zh) | 2010-03-23 | 2010-03-23 | 结合网络及无线传感器网络终端加入网络的方法 |
CN201010131905.4 | 2010-03-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011116617A1 true WO2011116617A1 (zh) | 2011-09-29 |
Family
ID=44662620
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2010/080265 WO2011116617A1 (zh) | 2010-03-23 | 2010-12-24 | 结合网络及无线传感器网络终端加入网络的方法 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN102202302B (zh) |
WO (1) | WO2011116617A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110049128A (zh) * | 2019-04-19 | 2019-07-23 | 欧普照明股份有限公司 | 基于物联网的户外照明的控制系统 |
US20220167144A1 (en) * | 2016-03-09 | 2022-05-26 | Senseware, Inc. | System, Method and Apparatus for Node Selection of a Sensor Network |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104333861B (zh) * | 2013-07-22 | 2018-07-27 | 中国电信股份有限公司 | 动态节点接入受保护目标子网的方法、系统和物联网网关 |
CN103686717B (zh) * | 2013-12-23 | 2016-09-07 | 江苏物联网研究发展中心 | 一种物联网传感系统的密钥管理方法 |
CN104780588B (zh) * | 2014-01-10 | 2018-09-21 | 中国电信股份有限公司 | 用于控制传感节点加入的方法和汇聚节点 |
DE102014208978A1 (de) * | 2014-05-13 | 2015-11-19 | Robert Bosch Gmbh | Verfahren zur Authentifizierung eines Geräts durch einen Teilnehmer eines Netzwerks sowie hierzu eingerichteter Teilnehmer |
CN107155407B (zh) | 2014-06-18 | 2020-07-07 | 维里逊专利及许可公司 | 用于交互式光传感器网络的照明节点和系统 |
CN106304260B (zh) * | 2015-05-18 | 2019-10-01 | 美的集团股份有限公司 | 加入ZigBee网络的方法和装置 |
CN106304417B (zh) * | 2015-05-29 | 2019-08-30 | 美的集团股份有限公司 | 基于ZigBee网络的家用电器组网系统和方法 |
CN106658505A (zh) * | 2015-10-28 | 2017-05-10 | 中兴通讯股份有限公司 | 一种实现终端加入网络的方法及装置 |
CN105611651A (zh) * | 2015-12-30 | 2016-05-25 | 芜湖乐锐思信息咨询有限公司 | 基于无线传感网络的工业管理系统 |
CN106060822B (zh) * | 2016-08-18 | 2019-09-17 | 中国联合网络通信集团有限公司 | 接入传感器节点的方法、增强设备和传感器网络 |
CN106230645B (zh) * | 2016-08-31 | 2020-04-10 | 陕西哥莱信息科技有限公司 | 一种用于监测节点与汇聚网关之间的低功耗无线通信方法 |
CN107333265A (zh) * | 2017-08-24 | 2017-11-07 | 四川长虹电器股份有限公司 | 一种zigbee设备入网方法 |
US10512034B2 (en) * | 2018-02-07 | 2019-12-17 | Blackberry Limited | Sensor provisioning in wireless sensor networks |
CN110351727B (zh) * | 2019-07-05 | 2020-06-02 | 北京邮电大学 | 一种适于无线传感网络的认证与密钥协商方法 |
CN113381903A (zh) * | 2021-04-28 | 2021-09-10 | 国网宁夏电力有限公司吴忠供电公司 | 监控网络系统、组建方法、电子设备及存储介质 |
CN113938896B (zh) * | 2021-10-12 | 2024-04-05 | 北京华信傲天网络技术有限公司 | 一种无线局域网络的组网系统及无线接入设备 |
CN114745193A (zh) * | 2022-04-25 | 2022-07-12 | 深圳市联洲国际技术有限公司 | 一种摄像头身份认证方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101018174A (zh) * | 2007-03-15 | 2007-08-15 | 北京安拓思科技有限责任公司 | 用于wapi的获取公钥证书的网络系统和方法 |
CN101018175A (zh) * | 2007-03-15 | 2007-08-15 | 北京安拓思科技有限责任公司 | 基于wapi的实现互联网接入认证的网络系统和方法 |
CN101600198A (zh) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | 基于身份的无线传感器网络安全信任方法 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080094205A1 (en) * | 2006-10-23 | 2008-04-24 | Octave Technology Inc. | Wireless sensor framework |
CN101222772B (zh) * | 2008-01-23 | 2010-06-09 | 西安西电捷通无线网络通信有限公司 | 一种基于id的无线多跳网络认证接入方法 |
CN101364951B (zh) * | 2008-09-26 | 2010-12-08 | 北京邮电大学 | 无线传感器网络的服务质量保障系统 |
CN101399736B (zh) * | 2008-11-11 | 2011-09-28 | 江苏技术师范学院 | 基于ZigBee技术的遥控系统 |
-
2010
- 2010-03-23 CN CN201010131905.4A patent/CN102202302B/zh not_active Expired - Fee Related
- 2010-12-24 WO PCT/CN2010/080265 patent/WO2011116617A1/zh active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101018174A (zh) * | 2007-03-15 | 2007-08-15 | 北京安拓思科技有限责任公司 | 用于wapi的获取公钥证书的网络系统和方法 |
CN101018175A (zh) * | 2007-03-15 | 2007-08-15 | 北京安拓思科技有限责任公司 | 基于wapi的实现互联网接入认证的网络系统和方法 |
CN101600198A (zh) * | 2009-07-08 | 2009-12-09 | 西安电子科技大学 | 基于身份的无线传感器网络安全信任方法 |
Non-Patent Citations (1)
Title |
---|
ZHAO: "Kai application in telecommunication of Ad Hoc network and wireless sensor network", INFORMATION TECHNOLOGY, no. 7, 31 July 2009 (2009-07-31), pages 2 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220167144A1 (en) * | 2016-03-09 | 2022-05-26 | Senseware, Inc. | System, Method and Apparatus for Node Selection of a Sensor Network |
CN110049128A (zh) * | 2019-04-19 | 2019-07-23 | 欧普照明股份有限公司 | 基于物联网的户外照明的控制系统 |
Also Published As
Publication number | Publication date |
---|---|
CN102202302A (zh) | 2011-09-28 |
CN102202302B (zh) | 2016-01-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102202302B (zh) | 结合网络及无线传感器网络终端加入网络的方法 | |
CN102202298B (zh) | 结合网络及无线传感器网络终端加入网络的方法 | |
JP7202498B2 (ja) | メッシュネットワークコミッショニング | |
EP1872250B1 (en) | Wireless device discovery and configuration | |
CN102137395B (zh) | 配置接入设备的方法、装置及系统 | |
WO2012065418A1 (zh) | 一种无线传感器网络的接入方法及系统 | |
WO2011113262A1 (zh) | 无线传感器网络的接入方法及系统 | |
CN102202389B (zh) | 一种对网关实现管理的方法及系统 | |
WO2012075814A1 (zh) | 一种mtc组设备的应用密钥管理方法及系统 | |
WO2012126211A1 (zh) | 无线传感器网络接入电信网络的方法及系统 | |
WO2012051777A1 (zh) | 无线传感器网络通过多网关接入到电信网的接入控制方法及装置 | |
WO2011160413A1 (zh) | 无线传感器网络终端的寻址方法及结合网络 | |
US20240357351A1 (en) | Device provisioning | |
CN102892115B (zh) | Wsn中网关之间通信的方法和发起方网关、目标方网关 | |
WO2011116588A1 (zh) | 结合网络及无线传感器网络终端加入网络的方法 | |
WO2012051775A1 (zh) | 无线传感器网络终端的寻址方法及结合网络 | |
KR100686736B1 (ko) | 인증을 통한 이동 애드혹 네트워크에의 참여 방법 | |
Mandal et al. | A design approach for wireless communication security in bluetooth network | |
Andersen | Security of Internet of Things Protocol Stacks | |
Yalagandula | A survey on security issues in wireless networks | |
WO2012126208A1 (zh) | 无线传感器网络接入电信网络的方法及系统 | |
WO2011116591A1 (zh) | 一种对无线传感器节点实现管理的方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10848279 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10848279 Country of ref document: EP Kind code of ref document: A1 |