NB-IoT-oriented internet of things sensor data encryption transmission method
By constructing TBS level mapping and implicit random number generation, combined with adaptive encryption compression, the data transmission of NB-IoT IoT sensors is optimized, solving the problems of poor adaptability and high transmission overhead of traditional encryption schemes, improving transmission reliability and security, and adapting to the low power consumption requirements of narrowband IoT.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- HEFEI XINLI TECH CO LTD
- Filing Date
- 2026-04-23
- Publication Date
- 2026-06-26
AI Technical Summary
Existing NB-IoT sensor data transmission is easily intercepted, tampered with, and forged in wireless links. Traditional encryption schemes are difficult to adapt to the transmission characteristics of narrow bandwidth, small data packets, and low data rates, resulting in high encryption overhead, high computational complexity, increased terminal power consumption and latency, and affecting transmission reliability and security.
By constructing a TBS level mapping relationship, the transport block size and the number of repeated transmissions are determined. By combining implicit random number generation and adaptive encryption compression, the encryption overhead budget is optimized to achieve matching between data length and transport block capacity. A lightweight authentication encryption algorithm is used for adaptive encryption and verification.
It improves the reliability and anti-interference capability of NB-IoT sensor data transmission in weak coverage scenarios, reduces power consumption and latency, ensures the security and integrity of data transmission, and adapts to the low power consumption requirements of narrowband IoT.
Smart Images

Figure CN122294101A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of IoT communication and information security technology, specifically to an IoT sensor data encryption transmission method for NB-IoT. Background Technology
[0002] NB-IoT, as a mainstream narrowband IoT technology, boasts advantages such as wide coverage, low power consumption, massive connectivity, and low cost, and is widely used in IoT sensor data transmission scenarios such as smart cities, environmental monitoring, and industrial sensing. However, current NB-IoT networks use shared air interface transmission, making sensor data vulnerable to interception, tampering, and forgery in wireless links, leading to a continuously increasing demand for secure data transmission. Traditional IoT encryption schemes are mostly designed for broadband communication, resulting in issues such as high encryption overhead, high computational complexity, and numerous additional payloads, making them unsuitable for the narrow bandwidth, small data packets, and low data rate transmission characteristics of NB-IoT.
[0003] Meanwhile, NB-IoT terminals need to rely on repeated transmissions to ensure reliability in areas with weak coverage. Encrypting additional fields will further occupy the limited uplink payload space, increase the transmission block level and the number of repetitions, and increase terminal power consumption and latency. Sensor data is difficult to transmit securely, efficiently and with low power consumption in NB-IoT networks, which restricts the large-scale deployment of narrowband IoT security applications.
[0004] To address the aforementioned shortcomings, a technical solution is provided. Summary of the Invention
[0005] The purpose of this invention is to solve the problems of poor adaptability and high transmission overhead of traditional encryption schemes, and to propose an encrypted transmission method for IoT sensor data for NB-IoT.
[0006] The objective of this invention can be achieved through the following technical solutions: Methods for encrypted transmission of IoT sensor data for NB-IoT include: S1, TBS level mapping construction: Obtain the coverage enhancement level and physical layer uplink transmission block size level table of NB-IoT terminals, and establish a mapping relationship table between each transmission block size level and the corresponding number of repeated transmissions; S2. Determine the encryption overhead budget: Statistically determine the bit length of the original sensor data, traverse and match the minimum level transmission block capacity, calculate the remaining available bit capacity, obtain the level transition repetition number growth rate, and complete the verification of the encryption carrying space and resource budget. S3. Implicit random number construction: Extract multi-dimensional state parameters from the NB-IoT protocol stack and generate implicit random numbers through cryptographic derivation operations; S4. Adaptive encryption and compression: Using the remaining carrying space and implicit random numbers as constraints, the original sensing data is encrypted and compressed to adapt to the narrowband characteristics of NB-IoT, so that the data length matches the transmission block capacity. S5. Encrypted Transmission and Verification: The encrypted and encapsulated data is transmitted to the receiving end through the NB-IoT uplink channel. The receiving end reconstructs implicit random numbers based on the synchronously maintained multi-dimensional state parameters and performs decryption and integrity verification.
[0007] Furthermore, the specific operation steps of S1 are as follows: After the NB-IoT terminal powers on, connects to the network, and completes the RRC connection establishment, the underlying driver interface reads the cell's wireless channel quality from the physical layer protocol stack and determines the coverage enhancement level of the terminal by combining the network-side coverage enhancement strategy. Based on the 3GPP TS36.213 protocol specification, the Transport Block Size (TBS) level table corresponding to the uplink NPUSCH channel of the physical layer is parsed. All TBS indices under the current coverage enhancement level are traversed, and the corresponding transport block bit length is extracted to form an ordered transport block size set. The maximum number of repeated transmissions bound to each index is obtained synchronously, and a set of repeated transmissions is constructed. Using the transport block size index as the association primary key, the ordered transport block size set and the set of repeated transmissions are bound item by item to generate a mapping relationship table relating the coverage enhancement level, transport block size index, transport block bit length, and number of repeated transmissions.
[0008] Furthermore, the specific operation steps of S2 are as follows: The NB-IoT terminal acquires the original sensing data to be uploaded by the sensor and calculates the corresponding bit length. Using the mapping table generated by S1 as the matching benchmark, it traverses and matches level by level from low to high along the transmission block level, finds the minimum level index as the optimal matching level, and uses the uplink transmission block capacity and the number of repeated transmissions corresponding to the minimum level index as the initial matching capacity and the number of initial matching repetitions. The remaining available bit capacity is obtained based on the difference between the initial matching capacity and the bit length of the original sensed data; By comparing the number of repeated transmissions at the current level with the adjacent previous level, the multiplier of the number of repeated transmissions resulting from the level jump is obtained. The level jump permission is determined based on the repetition increase rate, and the upper limit of the allowed overhead of the encrypted additional field is determined based on the determination result. The encryption and encapsulation mode is determined based on security parameters and the upper limit of allowable overhead. When there is enough space, the full tag encapsulation mode is enabled. When space is limited, the compressed tag encapsulation mode is enabled. When space is insufficient, the frame-based encryption and encapsulation mode is enabled and the data frame-based processing is completed. The allowed overhead limit, encryption encapsulation mode, tag compression length, and frame parameters are integrated into an encryption configuration set.
[0009] Furthermore, the specific operation steps of S3 are as follows: The terminal extracts multi-dimensional state parameters from multiple layers of the NB-IoT protocol stack. At the same time, the terminal maintains a monotonically increasing uplink transmission counter. The initial value is configured by the NAS layer security mode command message. After each successful submission of uplink user data, the counter is automatically incremented and written to the non-volatile storage area. The terminal sequentially concatenates multidimensional state parameters with the uplink transmission counter based on a fixed bit concatenation rule to generate a unique input sequence. Using the session master key negotiated between the terminal and the network side as the root key, a random derived special subkey is generated through a key derivation function; The CMAC message authentication code operation is performed on the unique input sequence using the derived special subkey, and the first 96 bits of the operation result are used as the implicit random number for this encrypted transmission. The receiving end synchronously acquires multidimensional state parameters that are completely consistent with those of the terminal and maintains a counter mirror value on the network side; the receiving end independently reconstructs implicit random numbers consistent with those of the terminal using the same rules and algorithms.
[0010] Furthermore, the specific operation steps of S4 include: The terminal receives the encrypted configuration set and combines it with implicit random numbers to perform adaptive authentication encryption and tag compression processing on the original sensor perception data; The terminal uses a lightweight authentication encryption algorithm, which uses an implicit random number as the initialization vector and the session encryption key as the operation key to generate ciphertext data and a standard-length authentication tag. Adaptation processing is performed based on three modes: full tag encapsulation, compressed tag, and frame encryption. In full tag mode, the ciphertext and the complete tag are directly concatenated and the length is checked back. If the check fails, it is automatically downgraded to frame encryption mode. The compressed label mode performs equal-length segmentation, zero-padding, and XOR folding on the standard certification label to form a compressed certification label and then completes data splicing. The frame-based encryption mode divides the original sensing data into several subframes based on the frame parameters, and assigns an independent sequence number and implicit random number to each subframe. Encryption and tag compression are completed frame by frame. At the same time, the total number of subframes is written into the first frame header, so that the total length of the encrypted and encapsulated data is adapted to and meets the capacity constraints of the corresponding transport block level.
[0011] Furthermore, the specific operation steps of S4 also include: In both compressed tag mode and framed encryption mode, an accumulated authentication chain mechanism is introduced. The terminal maintains an authentication chain state value that is consistent with the target compressed length of the tag. The initial value is set to an all-zero bit sequence when the NAS layer security mode is established. When processing single packet data, the authentication chain state value of the previous packet is introduced into the encryption operation as additional authentication data. It participates in the cryptographic operation together with the session master key, implicit random number, and plaintext data. The additional authentication data is only used for integrity verification and authentication tag generation, and does not participate in the encryption transformation of plaintext data, so that the generated authentication tag has the chain association characteristic across data packets. After the operation is completed, adaptive compression is performed on the standard authentication tag. The current compressed tag is used to overwrite the updated authentication chain state value for the next data packet operation, forming a continuous chain authentication structure. After all encapsulation steps are completed, a back check is performed on the total length of the encrypted encapsulated data. If it exceeds the transport block capacity, it automatically switches to frame encryption mode and re-completes the frame, encryption and encapsulation process until the NB-IoT physical layer transmission constraints are met.
[0012] Furthermore, the specific operation steps of S5 are as follows: The receiving end parses the uplink encrypted encapsulated data and extracts the terminal identifier. Based on the terminal identifier, it retrieves the locally stored session master key, key-derived subkeys, and uplink transmission counter mirror value, and synchronously obtains multi-dimensional state parameters consistent with those of the terminal from the network-side protocol stack. Implicit random numbers are reconstructed according to the same parameter concatenation rules, key derivation rules, and cryptographic operation rules as the terminal. Using the reconstructed implicit random number as the initialization vector, a lightweight authentication encryption algorithm consistent with that of the terminal is adopted and combined with the session master key to decrypt the ciphertext segment and restore the plaintext data. Perform differentiated integrity checks for different encryption encapsulation modes; The receiving end synchronously maintains the authentication chain status value and uses the authentication chain status value as additional authentication data in the verification operation. If the verification passes, the local authentication chain status value and the counter mirror value are updated. If the verification fails, the candidate counter values are traversed within the preset tolerance window and re-verified. If a match is successful, the mirror value is updated to restore synchronization. If all verifications fail, the data packet is discarded and a counter resynchronization instruction is sent. The terminal resets the counter based on the instruction and then re-executes encryption and uplink transmission.
[0013] Compared with the prior art, the beneficial effects of the present invention are: This invention constructs a TBS level mapping relationship, determines the matching relationship between the transmission block size and the number of repeated transmissions by combining the NB-IoT coverage enhancement level, and then determines the optimal transmission level and encryption overhead budget based on the original data length. Simultaneously, it constructs implicit random numbers, performs adaptive encryption compression, and completes encrypted transmission and verification, adapting to the narrowband low-power transmission characteristics of NB-IoT, avoiding redundant encryption overhead and wasted repeated transmissions. It significantly improves the transmission reliability and anti-interference capability of IoT sensor data in NB-IoT weak coverage scenarios, increases encrypted transmission efficiency and resource utilization, reduces data transmission power consumption and latency, ensures the security and integrity of sensor data transmission, adapts to the application requirements of NB-IoT's wide connectivity, low data rate, and low power consumption, and improves the overall stability of the IoT transmission system. Attached Figure Description
[0014] Figure 1 This is a flowchart of the method of the present invention. Detailed Implementation
[0015] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0016] Example: like Figure 1 As shown, the method for encrypted transmission of IoT sensor data for NB-IoT includes TBS level mapping construction, encryption overhead budget determination, implicit random number construction, adaptive encryption compression, and encrypted transmission and verification.
[0017] S1 and TBS level mapping construction: After the NB-IoT terminal powers on, connects to the network, and completes the RRC connection establishment, it obtains the current cell's wireless channel quality from the physical layer protocol stack through the underlying driver interface. Combined with the coverage enhancement strategy configured on the network side, it determines the current coverage enhancement level (CE) of the terminal. The coverage enhancement level includes three levels: CE0, CE1, and CE2. Different coverage enhancement levels correspond to different link budgets and repetitive transmission mechanisms. The NB-IoT terminal reads and parses the Transport Block Size (TBS) level table corresponding to the physical layer uplink NPUSCH channel according to the 3GPP TS36.213 protocol specification. The TBS level table is pre-stored in the terminal's non-volatile memory and contains the set of uplink transport block bit lengths corresponding to each modulation and coding scheme under different coverage enhancement levels. For the currently determined coverage enhancement level, the terminal traverses all valid transport block size indices under the current level, extracts the transport block bit length corresponding to each transport block size index, and forms an ordered transport block size set. Simultaneously, the maximum number of repeated transmissions, bound one-to-one with each transport block size index, is obtained from the physical layer configuration information. The number of repeated transmissions is used to combat channel fading and interference in weak NB-IoT coverage scenarios, and the number of repeated transmissions increases progressively with the transport block size. A set of repeated transmission counts is constructed by arranging the repeated transmission counts corresponding to each index in the same index order. Using the transport block size index as the primary key, the ordered transport block size set is bound to the corresponding repetition count set item by item, generating a mapping table between the coverage enhancement level, transport block size index, transport block bit length, and repetition count, and the mapping table is cached in the terminal's RAM.
[0018] S2. Encryption overhead budget determined: The NB-IoT terminal acquires the raw sensing data to be uploaded from the sensor, and calculates the bit length of the raw sensing data using a bit length statistics function, denoted as . ,Right now This indicates the total number of bits of raw sensing data to be transmitted by the sensor; Using the mapping table generated by S1 as the matching benchmark, the system traverses the ordered TBS data from low to high levels to find matching results. Minimum level index of conditions , This indicates that under the current coverage enhancement level, the [number]th [level] The maximum number of uplink bits that can be transmitted in the NB-IoT physical layer corresponding to the uplink transport block level, i.e., the uplink transport block capacity; The minimum level index is determined as the optimal matching level of the original sensing data, the uplink transmission block capacity corresponding to the minimum level index is the initial matching capacity, and the number of repeated transmissions corresponding to the minimum level index is the initial matching repetition count. Based on the difference between the uplink transport block capacity corresponding to the optimal matching level and the bit length of the original sensing data, the remaining available bit capacity after removing the original sensing data at the current level is obtained; the remaining available bit capacity provides the basic carrying space for the encrypted additional field. Extract the number of repeated transmissions corresponding to the adjacent previous level, compare it with the number of repeated transmissions corresponding to the current level, and obtain the multiple of the number of repeated transmissions brought about by the upward jump in level; When the repetition rate increases by more than a preset threshold, it is determined that jumping to the next higher transport block level will significantly increase transmission latency and terminal power consumption. Therefore, jumping to the next higher transport block level is prohibited. At this time, the remaining available bit capacity of the current matching level is directly determined as the upper limit of the allowed overhead of the encryption and additional fields, and the total data length after encryption, encapsulation and additional fields are constrained not to exceed the uplink transport block capacity of the current matching level. When the repetition rate increase is less than a preset threshold, the power cost of hopping to the next higher transport block level is deemed acceptable, and hopping to the next higher transport block level is allowed to expand the encrypted bearer space. In this case, the maximum allowable overhead is set. Updated to the remaining capacity of the previous level; that is... The total length of the encrypted data can occupy the capacity of the upstream transmission block. ; After reaching the allowed overhead limit, the encryption and encapsulation mode is determined based on preset security parameters: Set the standard tag length for the authentication encryption algorithm and the minimum tag length for the minimum security requirements; When the allowed overhead limit is greater than or equal to the standard tag length, it is determined that there is sufficient encrypted carrying space, and the full tag encapsulation mode is started; When the allowed overhead limit is between the minimum tag length and the standard tag length, it is determined that the encrypted bearer space is limited, the compressed tag encapsulation mode is enabled, and the allowed overhead limit is set to the target compressed length of the authentication tag; When the allowed overhead limit is less than the minimum tag length, it is determined that the encrypted bearer space is insufficient, and the frame-based encryption encapsulation mode is activated, using the formula... The maximum plaintext length of a single subframe is calculated. ,in, Indicates the minimum label length; The original sensor data is divided into frames based on byte alignment rules to obtain the total number of data subframes. The frame division formula is as follows: ,in, This represents the floor function; A unique incrementing signal is assigned to each subframe, and the total number of subframes is written into the first frame header; The allowed overhead limit, encryption encapsulation mode, tag compression length, and framing parameters are integrated into an encryption configuration set and distributed to S4; the framing parameters include the maximum plaintext length of a single subframe and the total number of data subframes.
[0019] S3, Implicit random number construction: The terminal extracts multi-dimensional state parameters with global uniqueness and transmission timing uniqueness from multiple protocol layers of the NB-IoT protocol stack, including the physical layer, MAC layer, and NAS layer. The multi-dimensional state parameters include the physical layer superframe number, system frame number, MAC layer cell wireless network temporary identifier, and terminal unique identifier field in the NAS layer global unique temporary identifier. Meanwhile, the terminal maintains a monotonically increasing uplink transmission counter. The initial value of the uplink transmission counter is configured by the initial sequence number carried by the NAS layer security mode command message. Each time the terminal successfully submits uplink user data to the PDCP layer, the current value of the uplink transmission counter is automatically incremented by 1, and it is immediately written to the non-volatile storage area after each update to ensure that the terminal can maintain a continuous and non-repeating count value after waking up from PSM deep sleep, providing a time-series uniqueness guarantee for random number generation. Based on a preset fixed-bit concatenation rule, the terminal sequentially concatenates multi-dimensional state parameters to generate a unique input sequence. The expression is: ,in, This represents the terminal's unique identifier field. This indicates a temporary identifier for the community's wireless network. Indicates the physical layer superframe number. This indicates the system frame number, i.e., the physical layer basic radio frame identifier. Indicates the uplink transmission counter. Represents the bit concatenation operator; The session master key agreed upon by the terminal and the network is used as the root key, and a randomized private subkey is generated through a key derivation function. Using a randomly derived subkey as the key, perform CMAC block cipher message authentication code operation on the unique input sequence. Extract the first 96 bits of the result as an implicit random number for this encrypted transmission. The calculation formula is as follows: ,in, Represents implicit random numbers. This represents a 96-bit truncation function. This refers to a message authentication code algorithm based on block ciphers. This indicates a private subkey for random generation; The receiving end synchronously obtains multi-dimensional state parameters that are completely consistent with those of the terminal through the network-side protocol stack, and maintains an uplink transmission counter mirror value on the network side that is time-synchronized with that of the terminal side. The receiving end adopts the same parameter concatenation rules, key derivation method and CMAC operation logic as the terminal side, independently performs cryptographic derivation processing, and reconstructs an implicit random number that is completely consistent with that of the terminal. There is no need to explicitly carry random number segments in the air interface encrypted data packets, thereby saving NB-IoT uplink transmission resources and reducing encryption overhead.
[0020] S4, Adaptive Encryption Compression: The terminal receives the encryption configuration set sent by S2, extracts the allowed overhead limit, encryption encapsulation mode, tag target compression length and framing parameters, and combines them with the implicit random number generated by S3 to perform adaptive authentication encryption and tag compression processing on the original sensor perception data. The terminal employs a preset lightweight authentication encryption algorithm, using implicit random numbers as the initialization vector and the session encryption key negotiated between the terminal and the network as the operation key. It performs authentication encryption operations on the bit length of the original sensor data, simultaneously generating ciphertext data of the same length as the original sensor data and a standard-length ciphertext data. The authentication label is used by the receiving end to verify the integrity and authenticity of the data, and to prevent the data from being tampered with or forged. For different encryption encapsulation modes, an authentication tag processing mechanism and data encapsulation operation adapted to the allowed overhead limit are executed. The specific process is as follows: Full Tag Encapsulation Mode: In the current mode, there is sufficient space for encryption overhead, eliminating the need for compression of the authentication tag. The terminal directly performs bit-level concatenation of the ciphertext data and the complete standard-length authentication tag in the order of ciphertext and tag to form encrypted encapsulated data. After concatenation, the total bit length of the encrypted encapsulated data is calculated using a bit length statistics function. The total bit length is then compared with the final TBS level capacity determined in S2 to perform a length check, ensuring that the total data length after encryption meets the following requirements: or The specific upper limit of verification is uniquely determined by the level transition judgment result of the repeated transmission number growth rate in S2: If S2 determines that an upward jump to a higher level is not allowed, then the upper limit of the check is the capacity of the current matching level. If S2 determines that an upward jump is allowed, then the upper limit of the check is updated to the capacity of the adjacent previous level. ; When the back check passes, it indicates that the encrypted encapsulated data can be completely loaded into the currently selected NB-IoT uplink transmission block without adjusting the transmission level or encryption structure. The terminal directly submits the valid encrypted encapsulated data to the PDCP layer and waits for the physical layer to perform NB-IoT uplink channel scheduling and transmission according to the number of repeated transmissions corresponding to the mapping table. If the back check fails, that is, the total bit length exceeds the corresponding TBS level capacity, the encryption mode adaptive degradation mechanism is triggered, and the terminal automatically switches to the frame encryption mode. The original sensing data is then re-framed, encrypted, tagged, and encapsulated until the total bit length meets the TBS level constraints. Compressed Tag Mode: In the current mode, the encryption overhead space is limited. Standard-length authentication tags are folded and compressed using the formula... The number of label fold segments is calculated. ,in, , indicating the target compressed length of the tag; The standard length authentication label is segmented bit-by-bit according to the target compressed length of the label, resulting in... A continuous tag segment If the total length of the standard length authentication tag cannot be divided by the target compressed length of the tag, then zero bits are added to the end of the last tag segment to make all tag segments have the same length. Perform an XOR folding operation on all tag segments sequentially to generate the compressed authentication tag. The calculation formula is as follows: ,in, This indicates a bitwise XOR operation; The encrypted data and the compressed authentication tag are concatenated bit-by-bit in the order of ciphertext and tag to form encrypted encapsulated data; Based on the allowed overhead limit and the bit length of the original perceived data, the total bit length of the encrypted encapsulated data satisfies the following constraints: ; Combined with the definition formula of the allowable cost limit Substituting into the formula yields the total length constraint. ; When S2 determines that a jump to the next higher TBS level is allowed, the total length constraint is updated as follows: ; Framing Encryption Mode: In the current mode, there is insufficient space for encryption overhead. Therefore, the raw sensor data is divided into frames, and encryption and tag compression are performed separately for each frame. Based on the framing parameters sent by S2, the terminal divides the raw sensor data along the byte boundaries. Each subframe has a plaintext length not exceeding the maximum plaintext length for a single subframe, and each subframe is marked with an incrementing subframe number starting from 1. ,in, Total number of subframes Write the pin field to the first subframe; For each data subframe, an independent implicit random number is generated. The generation method is to add the current value of the uplink transmission counter in S3 to the sequence number of the current data subframe, and then re-execute the CMAC operation. The calculation formula is as follows: ,in, Indicates the first Implicit random numbers corresponding to each data subframe This represents the current value of the uplink transmission counter plus the sequence number of the current data subframe; With the first The implicit random number corresponding to each data subframe is used as the initialization vector. The authentication encryption operation is performed on the current data subframe to generate the subframe ciphertext and the standard length authentication tag. The standard tag is compressed to the minimum tag length according to the folding compression method of the compressed tag mode, and concatenated with the subframe ciphertext to form the independent encrypted encapsulated data of the current data subframe. In both compressed tag mode and frame-based encryption mode, authentication tag compression reduces the single-packet forgery detection capability, necessitating the introduction of a cumulative authentication chain mechanism. The terminal maintains an authentication chain state value that is consistent with the target compression length of the tag. The initial value is set to an all-zero bit sequence when the NAS layer security mode is established. For the first When performing authentication and encryption operations on packet data, the authentication chain status value of the previous data packet stored locally on the terminal is read. The authentication chain state value of the previous data packet is used as additional authentication data (AAD) and input into the corresponding interface of the authentication encryption algorithm. It participates in cryptographic operations together with the session master key, implicit random number, and sensor plaintext data. The additional authentication data is only used for integrity verification and authentication tag generation and does not participate in the encryption transformation process of plaintext data. The historical transmission state carried by the additional authentication data will be strongly bound to the plaintext of the current data packet, so that the generated standard authentication tag has chain association characteristics and cannot be independently forged, tampered with, or replayed. After completing the authentication encryption operation, the corresponding number is generated. The encrypted data of the packet is combined with a standard-length authentication tag; based on the encryption encapsulation mode matched by the current data packet, the ciphertext data is then processed. The standard-length authentication tag of the packet data undergoes adaptive folding compression to obtain the first... The data compression authentication label corresponding to the package data; In the Once the entire data encryption and encapsulation process is completed, the generated compressed authentication tag is immediately written into the authentication chain state storage unit to overwrite and update the original historical state value, forming the latest authentication chain state. The updated authentication chain state value will be used as additional authentication data to participate in the authentication encryption operation of the next data packet, and so on, packet by packet, to form a continuous chain authentication structure across multiple data packets; After all encryption and encapsulation operations are completed, the terminal performs a back check to verify the total length of the encrypted and encapsulated data. If the total bit length of the encrypted encapsulated data is less than or equal to the capacity of the currently matched TBS level, the encapsulation is confirmed to be successful and submitted to the PDCP layer to wait for NB-IoT uplink channel scheduling and transmission. If the total bit length of the encrypted encapsulated data exceeds the corresponding TBS capacity, the encryption encapsulation mode will be automatically downgraded to the frame encryption mode, and the frame splitting, encryption and tag compression processing will be re-executed according to the frame splitting parameters determined by S2 until the TBS level capacity requirements are met.
[0021] S5. Encrypted transmission and verification: After successfully parsing and obtaining the encrypted encapsulated data transmitted uplink, the receiving end extracts the corresponding terminal identifier from the header field of the bearer protocol, queries the locally stored session master key, key-derived subkeys, and synchronously maintained uplink transmission counter mirror value based on the terminal identifier; at the same time, it obtains multi-dimensional state parameters consistent with those of the terminal from the network-side protocol stack. The receiving end reconstructs implicit random numbers according to the exact same concatenation rules, key derivation rules, and CMAC operation rules as the terminal, as shown in the following formula: ,in, This indicates the mirror value of the uplink transmission counter; Using the reconstructed implicit random number as the initialization vector, a lightweight authentication encryption algorithm consistent with the session terminal is adopted, and the ciphertext segment in the encrypted encapsulated data is decrypted in combination with the session master key to restore the plaintext data; For different encryption and encapsulation modes, the receiving end performs differentiated integrity verification processes: In full-label mode, standard-length authentication tags are directly extracted from the encrypted encapsulated data, and integrity and authenticity checks are performed on the decrypted data. In compressed tag mode, the receiving end synchronously generates a standard-length authentication tag through decryption operations, generates a verification compressed tag according to the same folding compression rules as the terminal, and compares the verification compressed tag with the received compressed authentication tag bit by bit to complete the verification. In frame-based encryption mode, the receiving end parses the total number of subframes in the header of the first data subframe and waits to receive all subframe data; it reconstructs an independent implicit random number based on the sequence number of each subframe, performs decryption and verification operations frame by frame, and after all subframes pass verification, it reassembles the complete original sensor data according to the subframe sequence number order. Meanwhile, the receiving end synchronously maintains the same authentication chain status value as the terminal. During the decryption and verification process, the local authentication chain status value is used as additional authentication data in the calculation. If the verification passes, the local authentication chain status value is updated using the compressed authentication tag of the current packet to ensure the synchronous operation of the chain authentication mechanism. When the integrity verification passes, the receiving end increments the uplink transmission counter mirror value to maintain timing synchronization with the terminal counter, thus completing the data decryption verification process. When the integrity check fails, it is determined that there is a timing offset between the terminal and the receiver counters. The receiver traverses the candidate values in a backward-then-forward order within a preset tolerance window radius, centered on the current uplink transmission counter mirror value. The traversal formula is as follows: ,in, Indicates the preset tolerance window radius. Indicates the candidate value of the counter. Represents a continuous sequence decreasing backwards from the mirror image value. One candidate value; Represents a continuous sequence decreasing forward from the mirror value. One candidate value; For each candidate value of the counter, the implicit random number reconstruction, decryption, and integrity verification are re-executed; If a valid candidate value is matched within the tolerance window Then update the receiving end mirror value to And complete the increment to restore synchronization between the two counters; the valid candidate value refers to the counter candidate value that, within the counter tolerance window, enables the implicit random number reconstruction to be correct, the decryption operation to be successful, and the integrity verification result to be true; If all candidate values within the tolerance window fail to be verified, the data is deemed untrustworthy, the current data packet is discarded, and a counter resynchronization indication carrying the current mirror value is sent to the terminal via the downlink control channel. After receiving the indication, the terminal resets the local uplink transmission counter with the indicated value and re-executes encryption and uplink transmission based on the updated counter.
[0022] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. A method for encrypted transmission of IoT sensor data for NB-IoT, characterized in that, include: S1, TBS level mapping construction: Obtain the coverage enhancement level and physical layer uplink transmission block size level table of NB-IoT terminals, and establish a mapping relationship table between each transmission block size level and the corresponding number of repeated transmissions; S2. Determine the encryption overhead budget: Statistically determine the bit length of the original sensor data, traverse and match the minimum level transmission block capacity, calculate the remaining available bit capacity, obtain the level transition repetition number growth rate, and complete the verification of the encryption carrying space and resource budget. S3. Implicit random number construction: Extract multi-dimensional state parameters from the NB-IoT protocol stack and generate implicit random numbers through cryptographic derivation operations; S4. Adaptive encryption and compression: Using the remaining carrying space and implicit random numbers as constraints, the original sensing data is encrypted and compressed to adapt to the narrowband characteristics of NB-IoT, so that the data length matches the transmission block capacity. S5. Encrypted Transmission and Verification: The encrypted and encapsulated data is transmitted to the receiving end through the NB-IoT uplink channel. The receiving end reconstructs implicit random numbers based on the synchronously maintained multi-dimensional state parameters and performs decryption and integrity verification.
2. The method for encrypted transmission of IoT sensor data for NB-IoT according to claim 1, characterized in that, The specific operation steps of S1 are as follows: After the NB-IoT terminal powers on, connects to the network, and completes the RRC connection establishment, the underlying driver interface reads the cell's wireless channel quality from the physical layer protocol stack and determines the coverage enhancement level of the terminal by combining the network-side coverage enhancement strategy. Based on the 3GPP TS36.213 protocol specification, the Transport Block Size (TBS) level table corresponding to the uplink NPUSCH channel of the physical layer is parsed. All TBS indices under the current coverage enhancement level are traversed, and the corresponding transport block bit length is extracted to form an ordered transport block size set. The maximum number of repeated transmissions bound to each index is obtained synchronously, and a set of repeated transmissions is constructed. Using the transport block size index as the association primary key, the ordered transport block size set and the set of repeated transmissions are bound item by item to generate a mapping relationship table relating the coverage enhancement level, transport block size index, transport block bit length, and number of repeated transmissions.
3. The method for encrypted transmission of IoT sensor data for NB-IoT according to claim 1, characterized in that, The specific operation steps of S2 are as follows: The NB-IoT terminal acquires the original sensing data to be uploaded by the sensor and calculates the corresponding bit length. Using the mapping table generated by S1 as the matching benchmark, it traverses and matches level by level from low to high along the transmission block level, finds the minimum level index as the optimal matching level, and uses the uplink transmission block capacity and the number of repeated transmissions corresponding to the minimum level index as the initial matching capacity and the number of initial matching repetitions. The remaining available bit capacity is obtained based on the difference between the initial matching capacity and the bit length of the original sensed data; By comparing the number of repeated transmissions at the current level with the adjacent previous level, the multiplier of the number of repeated transmissions resulting from the level jump is obtained. The level jump permission is determined based on the repetition increase rate, and the upper limit of the allowed overhead of the encrypted additional field is determined based on the determination result. The encryption and encapsulation mode is determined based on security parameters and the upper limit of allowable overhead. When there is enough space, the full tag encapsulation mode is enabled. When space is limited, the compressed tag encapsulation mode is enabled. When space is insufficient, the frame-based encryption and encapsulation mode is enabled and the data frame-based processing is completed. The allowed overhead limit, encryption encapsulation mode, tag compression length, and frame parameters are integrated into an encryption configuration set.
4. The method for encrypted transmission of IoT sensor data for NB-IoT according to claim 1, characterized in that, The specific operation steps of S3 are as follows: The terminal extracts multi-dimensional state parameters from multiple layers of the NB-IoT protocol stack. At the same time, the terminal maintains a monotonically increasing uplink transmission counter. The initial value is configured by the NAS layer security mode command message. After each successful submission of uplink user data, the counter is automatically incremented and written to the non-volatile storage area. The terminal sequentially concatenates multidimensional state parameters with the uplink transmission counter based on a fixed bit concatenation rule to generate a unique input sequence. Using the session master key negotiated between the terminal and the network side as the root key, a random derived special subkey is generated through a key derivation function; The CMAC message authentication code operation is performed on the unique input sequence using the derived special subkey, and the first 96 bits of the operation result are used as the implicit random number for this encrypted transmission. The receiving end synchronously acquires multidimensional state parameters that are completely consistent with those of the terminal and maintains a counter mirror value on the network side; the receiving end independently reconstructs implicit random numbers consistent with those of the terminal using the same rules and algorithms.
5. The method for encrypted transmission of IoT sensor data for NB-IoT according to claim 1, characterized in that, The specific operation steps of S4 include: The terminal receives the encrypted configuration set and combines it with implicit random numbers to perform adaptive authentication encryption and tag compression processing on the original sensor perception data; The terminal uses a lightweight authentication encryption algorithm, which uses an implicit random number as the initialization vector and the session encryption key as the operation key to generate ciphertext data and a standard-length authentication tag. Adaptation processing is performed based on three modes: full tag encapsulation, compressed tag, and frame encryption. In full tag mode, the ciphertext and the complete tag are directly concatenated and the length is checked back. If the check fails, it is automatically downgraded to frame encryption mode. The compressed label mode performs equal-length segmentation, zero-padding, and XOR folding on the standard certification label to form a compressed certification label and then completes data splicing. The frame-based encryption mode divides the original sensing data into several subframes based on the frame parameters, and assigns an independent sequence number and implicit random number to each subframe. Encryption and tag compression are completed frame by frame. At the same time, the total number of subframes is written into the first frame header, so that the total length of the encrypted and encapsulated data is adapted to and meets the capacity constraints of the corresponding transport block level.
6. The method for encrypted transmission of IoT sensor data for NB-IoT according to claim 5, characterized in that, The specific operation steps of S4 also include: In both compressed tag mode and framed encryption mode, an accumulated authentication chain mechanism is introduced. The terminal maintains an authentication chain state value that is consistent with the target compressed length of the tag. The initial value is set to an all-zero bit sequence when the NAS layer security mode is established. When processing single packet data, the authentication chain state value of the previous packet is introduced into the encryption operation as additional authentication data. It participates in the cryptographic operation together with the session master key, implicit random number, and plaintext data. The additional authentication data is only used for integrity verification and authentication tag generation, and does not participate in the encryption transformation of plaintext data, so that the generated authentication tag has the chain association characteristic across data packets. After the operation is completed, adaptive compression is performed on the standard authentication tag. The current compressed tag is used to overwrite the updated authentication chain state value for the next data packet operation, forming a continuous chain authentication structure. After all encapsulation steps are completed, a back check is performed on the total length of the encrypted encapsulated data. If it exceeds the transport block capacity, it automatically switches to frame encryption mode and re-completes the frame, encryption and encapsulation process until the NB-IoT physical layer transmission constraints are met.
7. The method for encrypted transmission of IoT sensor data for NB-IoT according to claim 1, characterized in that, The specific operation steps of S5 are as follows: The receiving end parses the uplink encrypted encapsulated data and extracts the terminal identifier. Based on the terminal identifier, it retrieves the locally stored session master key, key-derived subkeys, and uplink transmission counter mirror value, and synchronously obtains multi-dimensional state parameters consistent with those of the terminal from the network-side protocol stack. Implicit random numbers are reconstructed according to the same parameter concatenation rules, key derivation rules, and cryptographic operation rules as the terminal. Using the reconstructed implicit random number as the initialization vector, a lightweight authentication encryption algorithm consistent with that of the terminal is adopted and combined with the session master key to decrypt the ciphertext segment and restore the plaintext data. Perform differentiated integrity checks for different encryption encapsulation modes; The receiving end synchronously maintains the authentication chain status value and uses the authentication chain status value as additional authentication data in the verification operation. If the verification passes, the local authentication chain status value and the counter mirror value are updated. If the verification fails, the candidate counter values are traversed within the preset tolerance window and re-verified. If a match is successful, the mirror value is updated to restore synchronization. If all verifications fail, the data packet is discarded and a counter resynchronization instruction is sent. The terminal resets the counter based on the instruction and then re-executes encryption and uplink transmission.