Search

US-12621279-B2 - Data transmission method, Internet of Things system, electronic device, and storage medium

US12621279B2US 12621279 B2US12621279 B2US 12621279B2US-12621279-B2

Abstract

A data transmission method, applied to a security platform in an IoT system, including: receiving a first request data packet including feature data and collection channel information corresponding to the feature data; matching the feature data in the first feature database; in response to feature information matched with the feature data existing in the first feature database, generating a first feedback data packet, and sending it to the service terminal, so that the service terminal performs operations according to the first feedback data packet; and generating a match success result data packet, performing an encryption operation on the match success result data packet, and sending an encrypted match success result data packet to the server, so that the server obtains the match success result data packet through a decryption operation, and performs a service recording according to the match success result data packet.

Inventors

  • Congrui Wu
  • Xitong Ma
  • Youxiang Xia

Assignees

  • BOE TECHNOLOGY GROUP CO., LTD.

Dates

Publication Date
20260505
Application Date
20230104
Priority Date
20220129

Claims (18)

  1. 1 . A data transmission method, applied to a security platform in an Internet of Things (IoT) system, wherein the IoT system further comprises a server and a service terminal, the server is in a communication connection with the service terminal through the security platform, a first feature database is stored in the security platform, a second feature database is stored in the server, the second feature database comprises the first feature database, and an amount of feature information in the first feature database is less than the amount of feature information in the second feature database, wherein the method comprises: receiving a first request data packet sent from the service terminal, wherein the first request data packet comprises feature data and collection channel information corresponding to the feature data, the feature data is obtained by the service terminal by performing feature extraction on initial data collected through a collection channel; matching the feature data in the first feature database; in response to feature information matched with the feature data existing in the first feature database, generating a first feedback data packet based on the feature information and the collection channel information and sending the first feedback data packet to the service terminal, so that the service terminal performs operations according to the first feedback data packet; and generating a match success result data packet, performing an encryption operation on the match success result data packet, and sending an encrypted match success result data packet to the server, so that the server obtains the match success result data packet through a decryption operation and performs a service recording according to the match success result data packet; and in response to no feature information matched with the feature data existing in the first feature database, generating a second request data packet based on the feature data, the collection channel information, and a match failure result; performing an encryption operation on the second request data packet; and sending an encrypted second request data packet to the server, so that the server obtains the second request data packet through a decryption operation and matches the feature data of the second request data packet in the second feature database.
  2. 2 . The method according to claim 1 , wherein after the sending of the encrypted second request data packet to the server, the method further comprises: receiving an encrypted second feedback data packet sent from the server, wherein the encrypted second feedback data packet is obtained by the server through matching the feature data in the second feature database, generating a second feedback data packet based on a match result and the collection channel information, and encrypting the second feedback data packet; obtaining the second feedback data packet by performing a decryption operation on the encrypted second feedback data packet; and sending the second feedback data packet to the service terminal, so that the service terminal performs operations according to the second feedback data packet.
  3. 3 . The method according to claim 1 , wherein before the receiving of the first request data packet sent from the service terminal, the method further comprises: sending a device authentication request to the server in response to a startup of the IoT system; receiving an asymmetric algorithm public key sent by the server, wherein the asymmetric algorithm public key is generated by the server and sent in response to the device authentication request; obtaining a device authentication information ciphertext by encrypting device authentication information with the asymmetric algorithm public key, wherein the device authentication information comprises a terminal identification of each of service terminals connected to the security platform and a count of the terminals, as well as a platform identification of the security platform; sending the device authentication information ciphertext to the server, so that the server obtains the device authentication information through a decryption operation, and performs authentication on the security platform and each of the service terminals connected to the security platform based on the device authentication information; and receiving device authentication passing information sent from the server, and completing device authentication initialization, wherein the device authentication passing information is sent when the authentication performed by the server on the security platform and the service terminals connected to the security platform passes.
  4. 4 . The method according to claim 3 , wherein after the completing device authentication initialization, the method further comprises: sending a key acquisition request to the server, wherein the key acquisition request is used for obtaining a symmetric algorithm key required for encryption and decryption operations after the IoT system is started this time; receiving a symmetric algorithm key ciphertext sent from the server, wherein the symmetric algorithm key ciphertext is obtained by the server by generating a symmetric algorithm key in response to the key acquisition request, and encrypting the symmetric algorithm key with an asymmetric algorithm private key generated together with the asymmetric algorithm public key; and obtaining the symmetric algorithm key by decrypting the symmetric algorithm key ciphertext with the asymmetric algorithm public key, and completing key initialization.
  5. 5 . The method according to claim 4 , wherein after the obtaining the symmetric algorithm key by decrypting the symmetric algorithm key ciphertext with the asymmetric algorithm public key, the method further comprises: replacing a stored old symmetric algorithm key with the symmetric algorithm key, and completing key initialization, wherein the old symmetric algorithm key is the symmetric algorithm key required for encryption and decryption operations after the IoT system was last started.
  6. 6 . The method according to claim 4 , wherein after the completing key initialization, the method further comprises: sending a database verification request to the server, wherein the database verification request carries database information about the first feature database currently stored in the security platform, and the database verification request is used to request the server to verify whether the first feature database currently stored in the security platform is the latest first feature database based on the database information; receiving verification passing information sent from the server, and completing database initialization, wherein the verification passing information is sent when the server performs verification based on the database information and confirms that the first feature database currently stored in the security platform is the latest first feature database.
  7. 7 . The method according to claim 6 , wherein after the sending of the database verification request to the server, the method further comprises: receiving a latest first feature database sent from the server, wherein the latest first feature database is sent when the server performs the verification based on the database information, and confirms that the first feature database currently stored in the security platform is not the latest first feature database; updating the first feature database currently stored in the security platform to the latest first feature database; and sending the database verification request to the server again until receiving the verification passing information from the server, and completing database initialization.
  8. 8 . The method according to claim 6 , wherein before the sending of the database verification request to the server, the method further comprises: obtaining a first hash value by performing a hash encoding on the first feature database currently stored in the security platform, using the first hash value as the database information about the first feature database; the sending of the database verification request to the server comprises: sending the database acquisition request the server, to cause the server to verify whether the first feature database currently stored in the security platform is the latest first feature database by comparing whether a first hash value is consistent with a second hash value, wherein the second hash value is obtained by performing a hash encoding on the first feature database currently stored in the server.
  9. 9 . The method according to claim 2 , wherein a first communication protocol is used between the security platform and the server, a second communication protocol is used between the security platform and the service terminal, and the first communication protocol is different from the second communication protocol; the method further comprises: encapsulating uplink service data to be sent to the server into an uplink service data packet through the first communication protocol, to enable the uplink service data packet to be processed by the server, and sending the uplink service data packet to the server, wherein the uplink service data packet comprises the match success result data packet and the second request data packet; and de-encapsulating, through the first communication protocol, downlink service data packet received from the server into downlink service data, to enable the downlink service data to be processed by the security platform, wherein the downlink service data packet comprises the encrypted second feedback data packet.
  10. 10 . A data transmission method, applied to a server in an Internet of Things (IoT) system, wherein the IoT system further comprises a security platform and a service terminal, the server is a communication connection with the service terminal through the security platform, and a first feature database is stored in the security platform, a second feature database is stored in the server, the second feature database comprises the first feature database, and an amount of feature information in the first feature database is less than the amount of feature information in the second feature database, wherein the method comprises: receiving an encrypted match success result data packet sent from the security platform, wherein the encrypted match success result data packet is obtained by the security platform through operations of: receiving a first request data packet sent from the service terminal, wherein the first request data packet comprises feature data and collection channel information corresponding to the feature data, the feature data is obtained by the service terminal by performing a feature extraction on initial data collected through a collection channel; matching the feature data in the first feature database; in response to feature information matched with the feature data existing in the first feature database, generating a first feedback data packet based on the feature information and the collection channel information, and sending the first feedback data packet to the service terminal, so that the service terminal operates based on the first feedback data packet, and generating a match success result data packet, and performing an encryption operation on the match success result data packet; obtaining the match success result data packet by performing a decryption operation on the encrypted match success result data packet; and performing a service recording based on the match success result data packet; receiving an encrypted second request data packet sent from the security platform, wherein the encrypted second request data packet is obtained by the security platform through operations of: in response to no feature information matched with the feature data existing in the first feature database, generating a second request data packet by the security platform based on the feature data, the collection channel information, and a match failure result, and performing an encryption operation on the second request data packet; obtaining the second request data packet by decrypting the encrypted second request data packet; matching the feature data of the second request data packet in the second feature database; generating a second feedback data packet based on a match result and the collection channel information, and obtaining an encrypted second feedback data packet by encrypting the second feedback data packet; sending the encrypted second feedback data packet to the security platform, so that the security platform obtains the second feedback data packet by decrypting the encrypted second feedback data packet, and sends the second feedback data packet to the service terminal to enable the service terminal to operate according to the second feedback data packet; and performing the service recording based on the match result.
  11. 11 . The method according to claim 10 , wherein before the receiving of the encrypted match success result data packet sent from the security platform, the method further comprises: receiving a device authentication request sent from the security platform when the IoT system is started; in response to the device authentication request, sending a generated asymmetric algorithm public key to the security platform, and storing a generated asymmetric algorithm private key, so that the security platform obtains a device authentication information ciphertext by encrypting device authentication information with the asymmetric algorithm public key, and sends the device authentication information ciphertext to the server, wherein the device authentication information comprises a terminal identification of each of service terminals connected to the security platform and a count of the terminals, as well as a platform identification of the security platform; obtaining the device authentication information by decrypting the device authentication information ciphertext; performing authentication on the security platform and each of the service terminals connected to the security platform according to the device authentication information; and sending device authentication passing information to the security platform when the authentication on the security platform and each of the service terminals connected to the security platform is passed, so that the security platform receives the device authentication passing information and completes device authentication initialization.
  12. 12 . The method according to claim 11 , wherein after the device authentication initialization is completed, the method further comprises: receiving a key acquisition request sent from the security platform, wherein the key acquisition request is used to obtain a symmetric algorithm key required for encryption and decryption operations after the IoT system is started this time; generating the symmetric algorithm key in response to the key acquisition request; obtaining a symmetric algorithm key ciphertext by encrypting the symmetric algorithm key with the asymmetric algorithm private key; and sending the symmetric algorithm key ciphertext to the security platform, so that the security platform obtains the symmetric algorithm key by decrypting the symmetric algorithm key ciphertext with a stored asymmetric algorithm public key, and completes key initialization.
  13. 13 . The method according to claim 12 , wherein after the key initialization is completed, the method further comprises: receiving a database verification request sent from the security platform, wherein the database verification request carries database information about the first feature database currently stored in the security platform, and the database verification request is used to request the server to verify whether the first feature database currently stored in the security platform is the latest first feature database based on the database information; performing verification based on the database information; in response to confirming that the first feature database currently stored in the security platform is the latest first feature database, sending verification passing information to the security platform, so that the security platform receives the verification passing information and completes database initialization.
  14. 14 . The method according to claim 13 , wherein after the performing verification based on the database information, the method further comprises: in response to confirming that the first feature database currently stored in the security platform is not the latest first feature database, sending the latest first feature database to the security platform, so that the security platform, when receiving the latest first feature database, replaces the first feature database currently stored with the latest first feature database; and receiving the database verification request sent from the security platform again until the verification is successful, so that the security platform receives the verification passing information from the server and completes the database initialization.
  15. 15 . The method according to claim 13 , wherein the database information is a first hash value obtained by performing a hash encoding, by the security platform, on the first feature database currently stored in the security platform; before the performing verification based on the database information, the method further comprises: obtaining a second hash value by performing a hash encoding on the first feature database currently stored in the server; the performing verification based on the database information comprises: verifying whether the first feature database currently stored in the security platform is the latest first feature database by comparing whether the first hash value is consistent with the second hash value.
  16. 16 . A data transmission method, applied to a service terminal in an Internet of Things (IoT) system, wherein the IoT system further comprises a server and a security platform, the server is a communication connection with the service terminal through the security platform, and a first feature database is stored in the security platform, a second feature database is stored in the server, the second feature database comprises the first feature database, and an amount of feature information in the first feature database is less than the amount of feature information in the second feature database, wherein the method comprises: collecting initial data through a collection channel; obtaining feature data by performing feature extraction on the initial data; sending a first request data packet to the security platform, wherein the first request data packet comprises the feature data and collection channel information corresponding to the feature data, so that the feature data is matched by the security platform in the first feature database, in response to feature information matched with the feature data existing in the first feature database, the security platform generates a first feedback data packet according to the feature information and the collection channel information and sends the first feedback data packet to the service terminal; receiving the first feedback data packet sent from the security platform; and performing operations based on the first feedback data packet; wherein the method further comprises: receiving a second feedback data packet; and performing operations based on the second feedback data packet, wherein in response to no feature information matched with the feature data existing in the first feature database, a second request data packet is generated based on the feature data, the collection channel information, and a match failure result; an encryption operation is performed on the second request data packet; and an encrypted second request data packet is sent to the server, so that the server obtains the second request data packet through a decryption operation, matches the feature data of the second request data packet in the second feature database, and sends the second feedback data packet.
  17. 17 . The method according to claim 16 , wherein the service terminal is connected to at least one photographing device, photographing devices and collection channels are in a one-to-one correspondence, and the initial data is captured by the photographing device corresponding to the collection channel; the performing operations based on the first feedback data packet comprises: generating an image with feature annotations based on the feature information in the first feedback data packet; and displaying the image.
  18. 18 . An electronic device, comprising a memory and an executable program stored on the memory, wherein the program, when run, implements the steps of the data transmission method according to claim 1 .

Description

CROSS-REFERENCE TO RELATED APPLICATION The present application claims priority to Chinese patent application No. 202210111749.8 titled “DATA TRANSMISSION METHOD, INTERNET OF THINGS SYSTEM, ELECTRONIC DEVICE, AND STORAGE MEDIUM”, filed with the China National Intellectual Property Administration on Jan. 29, 2022, the entire contents of which are incorporated herein by reference. TECHNICAL FIELD The present disclosure relates to the field of communication technology, and in particular to a data transmission method, an Internet of Things system, an electronic device and a storage medium. BACKGROUND With the development of communication technology, the Internet of Things has been widely used. The Internet of Things provides an interactive basis for smart logistics, smart transportation, smart security, smart life and other fields. Currently, when multiple service terminals in the Internet of Things communicate with servers to exchange data, each service terminal is provided with a security module hardware so as to ensure data security. When the service terminal sends data, the data is encrypted in the security module, and service processing is completed based on certain key data in the security module to prevent key data from being leaked. When the service terminal receives data, the data is also decrypted in the security module, and service processing related to confidential data is completed in the security module. SUMMARY A first aspect of the present disclosure provides a data transmission method, applied to a security platform in an Internet of Things (IoT) system, the IoT system further includes a server and a service terminal, the server is in a communication connection with the service terminal through the security platform, a first feature database is stored in the security platform, the method includes: receiving a first request data packet sent from the service terminal, the first request data packet includes feature data and collection channel information corresponding to the feature data, the feature data is obtained by the service terminal by performing feature extraction on initial data collected through a collection channel;matching the feature data in the first feature database;in response to feature information matched with the feature data existing in the first feature database, generating a first feedback data packet based on the feature information and the collection channel information, and sending the first feedback data packet to the service terminal, so that the service terminal operates according to the first feedback data packet; andgenerating a match success result data packet, performing an encryption operation on the match success result data packet, and sending an encrypted match success result data packet to the server, so that the server obtains the match success result data packet through a decryption operation, and performs a service recording according to the match success result data packet. In some embodiments, a second feature database is stored in the server, the second feature database includes the first feature database, and an amount of feature information in the first feature database is less than the amount of feature information in the second feature database; after matching the feature data in the first feature database, the method further includes: in response to no feature information matched with the feature data existing in the first feature database, generating a second request data packet based on the feature data, the collection channel information and a match failure result;performing an encryption operation on the second request data packet;sending an encrypted second request data packet to the server, so that the server obtains the second request data packet through a decryption operation, and matches the feature data of the second request data packet in the second feature database. In some embodiments, after the sending an encrypted second request data packet to the server, the method further includes: receiving an encrypted second feedback data packet sent from the server, the encrypted second feedback data packet is obtained by the server through matching the feature data in the second feature database, generating a second feedback data packet based on a match result and the collection channel information, and encrypting the second feedback data packet;obtaining the second feedback data packet by performing a decryption operation on the encrypted second feedback data packet; andsending the second feedback data packet to the service terminal, so that the service terminal operates according to the second feedback data packet. In some embodiments, the encryption operation includes encrypting using a symmetric algorithm key; the decryption operation includes decrypting using the symmetric algorithm key. In some embodiments, before the receiving a first request data packet sent from the service terminal, the method further includes: sending a device authent