CN106130958A

CN106130958A - The communication system of home appliance and terminal and method, home appliance, terminal

Info

Publication number: CN106130958A
Application number: CN201610405105.4A
Authority: CN
Inventors: 刘复鑫
Original assignee: Midea Group Co Ltd
Current assignee: Midea Group Co Ltd
Priority date: 2016-06-08
Filing date: 2016-06-08
Publication date: 2016-11-16
Anticipated expiration: 2036-06-08
Also published as: CN106130958B

Abstract

The invention discloses the communication system of a kind of home appliance and terminal, this system includes home appliance and terminal: home appliance, for after setting up with Cloud Server and being connected, from Cloud Server acquisition authority keys；Receive the rights token that terminal sends, generate the second session key based on authority keys and rights token, and the second session key is sent to terminal；Terminal, for, after being connected with Cloud Server foundation, obtaining the first session key and rights token from Cloud Server, and rights token be sent to home appliance；Receive the second session key that home appliance sends, use the second session key and the first session key to be sent to home appliance after data to be transmitted being encrypted.The present invention also provides for home appliance and the communication means of terminal, home appliance and terminal.The present invention improves the safety of data interaction between home appliance and terminal.

Description

The communication system of home appliance and terminal and method, home appliance, terminal

Technical field

The present invention relates to Smart Home technical field, particularly relate to a kind of home appliance and the communication system of terminal and side Method, home appliance, terminal.

Background technology

Quantity and the growth of category along with intelligent appliance equipment so that connection and collaborative the becoming of equipment room compel to be essential , the framework of wisdom life to connecting and the advance of collaborative direction, occurs in that Smart Home therewith.Smart Home refer to House is platform, utilizes comprehensive wiring technology, network communications technology, security precautions technology, automatic control technology, audio frequency and video technology By integrated for facility relevant for life staying idle at home, build the management system of efficient housing facilities and family's schedule affairs, promote household Safety, convenience, comfortableness, artistry, and realize the living environment of environmental protection and energy saving.

In intelligent domestic system, in the system of home appliance-terminal-Cloud Server, home appliance and terminal it Between information mutual, be essentially all after establishing a connection, directly carry out the communication of information, do not consider that household electrical appliances set The problem of information communication safety between standby and terminal.But, during carrying out information communication between home appliance and terminal, Whether home appliance can not go the application program identifying in this terminal to have permission and access this home appliance, is easily caused illegal Application program goes to access home appliance, steals the data in home appliance, causes data interaction between home appliance and terminal Safety can not get ensureing.

Summary of the invention

Present invention is primarily targeted at provide the communication system of a kind of home appliance and terminal and method, home appliance, Terminal, it is intended to solve the technical problem that the safety of data interaction between existing home appliance and terminal can not get ensureing.

For achieving the above object, a kind of home appliance of present invention offer and the communication system of terminal, described home appliance Home appliance and terminal is included with the communication system of terminal:

Described home appliance, for, after being connected with Cloud Server foundation, obtaining authority keys from described Cloud Server；

Described terminal, for, after being connected with the foundation of described Cloud Server, obtaining the first session from described Cloud Server close Key and rights token, and described rights token is sent to described home appliance；

Described rights token by described Cloud Server based on predetermined encryption algorithm, use the first session key generated and Authority keys generates；

Described home appliance, is additionally operable to receive the rights token that described terminal sends, based on described authority keys and authority Token generates the second session key, and described second session key is sent to described terminal；

Described terminal, is additionally operable to receive the second session key that described home appliance sends, uses described second session close Key and described first session key are sent to described home appliance after data to be transmitted being encrypted.

Preferably, described home appliance, it is additionally operable to receive the rights token that described terminal sends, uses described authority keys Decipher described rights token, obtain described first session key；Verify the complete of described first session key；If described first meeting Words key is complete, then generate the second session key, and described second session key is sent to described terminal.

Preferably, described terminal, it is additionally operable to receive the second session key that described home appliance sends, calculates described second Session key and the XOR value of described first session key, using described XOR value as the 3rd session key；Use the described 3rd Session key is sent to described home appliance after data to be transmitted being encrypted.

Preferably, described home appliance, it is additionally operable to after being connected with Cloud Server foundation, sends the first device identification request Instruct to described Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment mark； Receive the device identification that described Cloud Server returns, obtain key identification by the cryptographic Hash of described device identification, and pass through institute State key identification to instruct to described Cloud Server sending permission key request, for described Cloud Server according to described authority keys Request instruction returns authority keys；Receive the authority keys that described Cloud Server returns.

Preferably, described terminal, it is additionally operable to after being connected with the foundation of described Cloud Server, sends the second device identification request Instruct to described Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark； Receive the device identification that described Cloud Server returns, obtain key identification by the cryptographic Hash of described device identification, and pass through institute State key identification to described Cloud Server sending permission token request instruction, for described Cloud Server according to described rights token Request instruction returns the first session key and rights token；Receive the first session key and authority order that described Cloud Server returns Board, and described rights token is sent to described home appliance.

Additionally, for achieving the above object, the present invention also provides for a kind of home appliance, and described home appliance includes:

First acquisition module, for, after being connected with Cloud Server foundation, obtaining authority keys from described Cloud Server；

Key production module, for receiving the rights token that terminal sends, raw based on described authority keys and rights token Become the second session key；

Key sending module, is sent to described terminal by described second session key, receives described family for described terminal The second session key that electricity equipment sends, uses described second session key and the first session obtained from described Cloud Server close Key is sent to described home appliance after data to be transmitted being encrypted；

Described rights token by described Cloud Server based on predetermined encryption algorithm, use the first session key generated and Authority keys generates.

Preferably, described key production module includes:

Decryption unit, for receiving the rights token that described terminal sends, uses described authority keys to decipher described authority Token, obtains described first session key；

Authentication unit, for verifying the integrity of described first session key；

Key generating unit, if complete for described first session key, then generates the second session key.

Preferably, described first acquisition module includes:

First transmitting element, for, after being connected with Cloud Server foundation, sending the first device identification request instruction to institute State Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment mark；

First receives unit, for receiving the device identification that described Cloud Server returns, by the Kazakhstan of described device identification Wish and be worth to key identification；

Described first transmitting element, is additionally operable to by described key identification to described Cloud Server sending permission key request Instruction, returns authority keys for described Cloud Server according to described authority keys request instruction；

Described first receives unit, is additionally operable to receive the authority keys that described Cloud Server returns.

Additionally, for achieving the above object, the present invention also provides for a kind of terminal, and described terminal includes:

Second acquisition module, for, after being connected with Cloud Server foundation, obtaining the first session from described Cloud Server close Key and rights token, and described rights token is sent to described home appliance, for described home appliance based on described authority Key and rights token generate the second session key, and described second session key is sent to described terminal；

Receiver module, for receiving the second session key that described home appliance sends, by described second session key It is sent to described home appliance after data to be transmitted being encrypted with described first session key.

Preferably, second receives unit, for receiving the second session key that described home appliance sends, calculates described the Two session keys and the XOR value of described first session key, using described XOR value as the 3rd session key；

Data transmission unit, is sent to described household electrical appliances after data to be transmitted being encrypted by described 3rd session key Equipment.

Preferably, described second acquisition module includes:

Second transmitting element, for, after being connected with the foundation of described Cloud Server, sending the second device identification request instruction To described Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark；

3rd receives unit, for receiving the device identification that described Cloud Server returns, by the Kazakhstan of described device identification Wish and be worth to key identification；

Described second transmitting element, is additionally operable to be asked to described Cloud Server sending permission token by described key identification Instruction, returns the first session key and rights token for described Cloud Server according to described rights token request instruction；

Described 3rd receives unit, is additionally operable to receive the first session key and the rights token that described Cloud Server returns, And described rights token is sent to described home appliance, for described home appliance based on described authority keys and rights token Generate the second session key, and described second session key is sent to described terminal.

Additionally, for achieving the above object, the present invention also provides for the means of communication of a kind of home appliance and terminal, described household electrical appliances Equipment includes with the means of communication of terminal:

After described home appliance is connected with Cloud Server foundation, described home appliance obtains authority from described Cloud Server Key；

After described terminal is connected with the foundation of described Cloud Server, described terminal obtains the first session from described Cloud Server Key and rights token, and described rights token is sent to described home appliance；

Described home appliance receives the rights token that described terminal sends, and generates based on described authority keys and rights token Second session key, and described second session key is sent to described terminal；

Described terminal receives the second session key that described home appliance sends, and uses described second session key and described First session key is sent to described home appliance after data to be transmitted being encrypted.

Preferably, described home appliance receives the rights token that described terminal sends, based on described authority keys and authority Token generates the second session key, and the step that described second session key is sent to described terminal is included:

Described home appliance receives the rights token that described terminal sends, and uses described authority keys to decipher the order of described authority Board, obtains described first session key；

Described home appliance verifies the integrity of described first session key；

If described first session key is complete, described home appliance then generates the second session key, and by described second meeting Words key is sent to described terminal.

Preferably, described terminal receives the second session key that described home appliance sends, and uses described second session close Key and described first session key are sent to the step of described home appliance and include after data to be transmitted being encrypted:

Described terminal receives the second session key that described home appliance sends, and calculates described second session key and described The XOR value of the first session key, using described XOR value as the 3rd session key；

Described terminal uses described 3rd session key to be sent to described home appliance after data to be transmitted being encrypted.

Preferably, described after described home appliance is connected with Cloud Server foundation, described home appliance takes from described cloud Business device obtains the step of authority keys and includes:

After described home appliance is connected with Cloud Server foundation, described home appliance sends the first device identification request and refers to Make to described Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment mark；

Described home appliance receives the device identification that described Cloud Server returns, and is obtained by the cryptographic Hash of described device identification To key identification, and instructed to described Cloud Server sending permission key request by described key identification, take for described cloud Business device returns authority keys according to described authority keys request instruction；

Described home appliance receives the authority keys that described Cloud Server returns.

Preferably, described after described terminal is connected with the foundation of described Cloud Server, described terminal is from described Cloud Server Obtain the first session key and rights token, and the step that described rights token is sent to described home appliance include:

After described terminal and described Cloud Server are set up and are connected, described terminal send the second device identification request instruction to Described Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark；

Described terminal receives the device identification that described Cloud Server returns, and obtains close by the cryptographic Hash of described device identification Key identifies, and by described key identification to described Cloud Server sending permission token request instruction, for described Cloud Server The first session key and rights token is returned according to described rights token request instruction；

Described terminal receives the first session key and the rights token that described Cloud Server returns, and by described rights token It is sent to described home appliance.

The present invention obtains the first session key and rights token by terminal from Cloud Server, and rights token is sent To home appliance, it is close that home appliance generates the second session based on the authority keys obtained from Cloud Server and this rights token Key, and the second session key is sent to terminal, terminal uses the second session key and the first session key by number to be transmitted It is sent to home appliance according to after encryption.Achieving during carrying out information communication between home appliance and terminal, home appliance leads to Cross whether the application program in rights token identification terminal exists the authority accessing home appliance, only when the application journey in terminal When sequence possesses the authority accessing home appliance, the application program in terminal just can obtain the data of home appliance, improve house The safety of data interaction between electricity equipment and terminal.

Accompanying drawing explanation

Fig. 1 is the preferably enforcement scene schematic diagram of the home appliance of the present invention communication system with terminal；

Fig. 2 is the high-level schematic functional block diagram of home appliance preferred embodiment of the present invention；

Fig. 3 is a kind of high-level schematic functional block diagram of the first acquisition module in the embodiment of the present invention；

Fig. 4 is the high-level schematic functional block diagram of terminal preferred embodiment of the present invention；

Fig. 5 is a kind of high-level schematic functional block diagram of the second acquisition module in the embodiment of the present invention；

Fig. 6 is the schematic flow sheet of home appliance of the present invention and the means of communication preferred embodiment of terminal；

Fig. 7 is in the embodiment of the present invention after described home appliance and Cloud Server are set up and be connected, described home appliance from Described Cloud Server obtains a kind of schematic flow sheet of authority keys；

Fig. 8 is that described terminal is from described in the embodiment of the present invention after described terminal is connected with the foundation of described Cloud Server Cloud Server obtains the first session key and rights token, and described rights token is sent to a kind of stream of described home appliance Journey schematic diagram.

Detailed description of the invention

Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.

The present invention provides the communication system of a kind of home appliance and terminal.

With reference to the preferably enforcement scene schematic diagram that Fig. 1, Fig. 1 are the home appliance of the present invention communication system with terminal.

From described Fig. 1, the home appliance 10 of the communication advantageous applications Internet of Things of described home appliance 10 and terminal 30 Controlling in scene, wherein, with the communication system of terminal 30, described home appliance 10 includes that terminal 30, Cloud Server 20 and household electrical appliances set Standby 10, described terminal 30 can be mobile phone, PAD (Portable Android Device, panel computer) or remote controller etc., this Described in embodiment, terminal 30 is as a example by mobile phone, and described home appliance 10 includes various home appliance, such as air-conditioning, refrigerator or audio amplifier Etc..Specifically, described home appliance 10 is first and described Cloud Server 20 sets up secure connection, and described terminal 30 is also elder generation and institute Stating Cloud Server 20 and set up secure connection, the most described terminal 30 and described home appliance 10 interact, concrete mutual side Formula is: described terminal 30 sends control instruction extremely described home appliance 10 by Cloud Server 20, to control described home appliance 10 perform corresponding operation, open heating mode as controlled air-conditioner, or regulation heats temperature etc..

Described home appliance 10, for, after being connected with Cloud Server 20 foundation, obtaining authority from described Cloud Server 20 Key；

When home appliance 10 to carry out data transmission with terminal 30, described home appliance 10 elder generation and described Cloud Server 20 Set up SST (Smart Security Transport, smart machine safe transmission bearing protocol) secure connection.When described household electrical appliances Equipment 10 is set up after SST is connected with described Cloud Server 20, and described home appliance 10 obtains authority from described Cloud Server 20 Key.Further, when described home appliance 10 is after described Cloud Server 20 obtains described authority keys, described home appliance 10 cryptographic Hash calculating described authority keys, and by the most described to cryptographic Hash and the write of described authority keys of described authority keys In SST, to carry out communication by described authority keys and described terminal 30 in LAN.

It should be noted that in the present embodiment, described terminal 30 is by default APP (Application, application program) Carrying out communication with described home appliance 10 and described Cloud Server 20, described default APP refers in Internet of Things described household electrical appliances The application that equipment 10 is controlled.Described authority keys is the 32 byte character strings that described Cloud Server 20 generates.However, it is possible to With as the case may be, the byte number of described authority keys is set to 16 bytes, or 64 bytes etc..

Described terminal 30, for, after being connected with the foundation of described Cloud Server 20, obtaining first from described Cloud Server 20 Session key and rights token, and described rights token is sent to described home appliance 10；

Described rights token based on predetermined encryption algorithm, is used the first session key generated by described Cloud Server 20 Generate with authority keys；

When described terminal 30 to carry out data transmission with described Cloud Server 20, described terminal 30 and described Cloud Server 20 set up HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, procotol) even Connect.When described terminal 30 is set up after HTTPS is connected with described server, and described terminal 30 detects in described APP whether have user Log in.As APP described in the user's Successful login in described APP, described terminal 30 obtains first from described Cloud Server 20 Session key and rights token.After described terminal 30 gets described first session key and described rights token, described end End 30 and described home appliance 10 set up secure connection, and the first acquired session key and rights token are sent to described family Electricity equipment 10.

It should be noted that what described rights token was generated by described Cloud Server 20.Generate at described Cloud Server 20 During described rights token, described Cloud Server 20 can first get authority keys, and by the mapping table prestored Detect and whether there is binding relationship between described APP and home appliance 10.Described mapping table is that described home appliance 10 is with described The mapping table of APP in terminal 30, in described mapping table, stores MAC (the Media Access of described home appliance 10 Control, media interviews control) address, SN (serial number, serial number) is between code and the identification information of described APP Mapping relations, the identification information of described APP is the information that can uniquely represent this APP, such as the bag name of this APP.When described cloud takes Business device 20 detects based on described mapping table when there is binding relationship between described APP and described home appliance 10, and described cloud takes Business device 20 generates the first session key, and with described authority keys as key, uses the AES preset to described first meeting Words key is encrypted, and obtains the ciphertext of correspondence.After described Cloud Server 20 obtains described ciphertext, described Cloud Server 20 is adopted The cryptographic Hash of described first session key is calculated with SHA-256 (Secure Hash Algorithm, Secure Hash Algorithm).Institute State Cloud Server 20 cryptographic Hash and the described ciphertext of the first session key after described encryption to be spliced, obtain authority order Board.After described Cloud Server 20 obtains described rights token, described Cloud Server 20 is by described rights token and described first Session key is sent to described terminal 30, gets described rights token and described first session key for described terminal 30. Binding relationship is there is not between described APP and described home appliance 10 when described Cloud Server 20 detects based on described mapping table Time, described Cloud Server 20 then sends null message to described terminal 30.

It should be noted that the first session key that described Cloud Server 20 generates each time is all different.Described cloud takes Business device 20 is when using the cryptographic Hash of described first session key and described ciphertext to obtain rights token, it is also possible to select described the Partial words joint number in the partial words joint number of the cryptographic Hash of one session key and described ciphertext carries out splicing or phase XOR, obtains Described rights token.

In the present embodiment, described default AES is AES (Advanced Encryption Standard, height Level encryption standard), concrete employing AES-256 algorithm.But described default AES is not restricted to AES-256 algorithm, Other existing AES can also be used, do not repeat them here.

Described home appliance 10, is additionally operable to receive the rights token that described terminal 30 sends, based on described authority keys and Rights token generates the second session key, and described second session key is sent to described terminal 30；

When described home appliance 10 receives the rights token that described terminal 30 sends, described home appliance 10 is based on institute The rights token stating authority keys and described terminal 30 transmission generates the second session key, and is sent by described second session key To described terminal 30.

Further, described home appliance 10, it is additionally operable to receive the rights token that described terminal 30 sends, uses described power Rights token described in limit secret key decryption, obtains described first session key；Verify the complete of described first session key；If it is described First session key is complete, then generate the second session key, and described second session key is sent to described terminal 30.

When described home appliance 10 receives the rights token that described terminal 30 sends, described home appliance 10 uses institute State authority keys and decipher described rights token, obtain described first session key and the cryptographic Hash of described first session key, will The cryptographic Hash of the first session key of deciphering gained is designated as the first cryptographic Hash of the first session key, and recalculates described deciphering The cryptographic Hash of the first session key of gained, is designated as the second cryptographic Hash of the first session key.Described home appliance 10 uses institute Second cryptographic Hash of the first cryptographic Hash and described first session key of stating the first session key verifies described first session key Integrity.If the first cryptographic Hash of described first session key is identical with the second cryptographic Hash of described first session key, institute Stating home appliance 10 and then assert that described first session key is complete, described home appliance 10 then generates the second session key, and will Described second session key is sent to described terminal 30；If the first cryptographic Hash of described first session key and described first session Second cryptographic Hash of key is different, and described home appliance 10 then assert that described first session key is imperfect, described home appliance 10 do not generate the second session key.

Described terminal 30, is additionally operable to receive the second session key that described home appliance 10 sends, uses described second meeting Words key and described first session key are sent to described home appliance 10 after data to be transmitted being encrypted.

When described terminal 30 receives the second session key that described home appliance 10 sends, described terminal 30 uses institute State after data to be transmitted is encrypted by the second session key and described first session key and be sent to described home appliance 10.Described treat Transmission data can be the described home appliance 10 of control open, the control instruction of closedown etc., or other data.

Further, described terminal 30, it is additionally operable to receive the second session key that described home appliance 10 sends, calculates institute State the second session key and the XOR value of described first session key, using described XOR value as the 3rd session key；Use institute State after data to be transmitted is encrypted by the 3rd session key and be sent to described home appliance 10.

When described terminal 30 receives the second session key that described home appliance 10 sends, described terminal 30 calculates institute State the second session key and the XOR value of described first session key, by described second session key and described first session key XOR value as the 3rd session key.Described 3rd session key is that data to be transmitted described in double secret key is entered by described terminal 30 Row encryption, the data to be transmitted after being encrypted.Data to be transmitted after described encryption is sent to described family by described terminal 30 Electricity equipment 10, and described home appliance 10 carries out communication.

It should be noted that in the present embodiment, it is not restricted to by described first session key and described second meeting The XOR value of words key is calculated described 3rd session key.Can also be by described first session key and described second session Key carries out splicing and obtains described 3rd session key, it would however also be possible to employ described first session key and described second session key In partial words joint number carry out XOR, or splicing obtains described 3rd session key.

The present embodiment obtains the first session key and rights token by terminal 30 from Cloud Server 20, and authority is made Board is sent to home appliance 10, and home appliance 10 generates based on the authority keys obtained from Cloud Server 20 and this rights token Second session key, and the second session key is sent to terminal 30, terminal 30 uses the second session key and the first session Key is sent to home appliance 10 after data to be transmitted being encrypted.Achieve carry out between home appliance 10 and terminal 30 information lead to During news, whether home appliance 10 is existed by the application program in rights token identification terminal 30 accesses home appliance 10 Authority, only when the application program in terminal 30 possesses the authority accessing home appliance 10, the application program in terminal 30 is The data of home appliance 10 can be obtained, improve the safety of data interaction between home appliance 10 and terminal 30.

Further, described home appliance 10, it is additionally operable to, after being connected with Cloud Server 20 foundation, send the first equipment mark Knowledge request instruction gives described Cloud Server 20, returns according to described first device identification request instruction for described Cloud Server 20 Device identification；Receive the device identification that described Cloud Server 20 returns, obtain key mark by the cryptographic Hash of described device identification Know, and instructed to described Cloud Server 20 sending permission key request by described key identification, for described Cloud Server 20 Authority keys is returned according to described authority keys request instruction；Receive the authority keys that described Cloud Server 20 returns.

When described home appliance 10 is set up after SST is connected with described Cloud Server 20, and described home appliance 10 sends One device identification request instruction gives described Cloud Server 20.When described Cloud Server 20 receives described first device identification request After instruction, described Cloud Server 20 identifies to described home appliance according to described first device identification request instruction returning equipment 10.Described device identification be described home appliance 10 when first connection network, described Cloud Server 20 is for distributing to described family Electricity equipment 10, each home appliance 10 has unique device identification.

Generate it should be noted that described device identification can also be described home appliance 10 oneself.

When described home appliance 10 receives the device identification that described Cloud Server 20 returns, calculate described device identification Cryptographic Hash, using before and after the cryptographic Hash of described device identification, the result of 16 byte phase XORs is as key identification, by described close Key mark is designated as UDP_KEY_ID.When described home appliance 10 obtains described key identification UDP_KEY_ID, described household electrical appliances set Standby 10 are instructed to described Cloud Server 20 sending permission key request by described UDP_KEY_ID.When described Cloud Server 20 connects When receiving the authority keys request instruction that described home appliance 10 sends, described Cloud Server 20 is asked according to described authority keys Instruction returns its authority keys generated to described home appliance 10.Further, when described Cloud Server 20 is simultaneously by described The cryptographic Hash of authority keys is sent to described home appliance 10.

It should be noted that can also using the result of 8 byte phase XORs before and after the cryptographic Hash of described device identification as Described key identification, it is also possible to using the result of other byte number phase XOR before and after the cryptographic Hash of described device identification as described Key identification.

Described home appliance 10 receives the authority keys that described Cloud Server 20 returns, and receives described Cloud Server 20 The cryptographic Hash of authority keys sent, the cryptographic Hash of the authority keys sent by described Cloud Server 20 is designated as the of authority keys One cryptographic Hash.When described home appliance 10 receives the authority keys that described Cloud Server 20 returns, described home appliance 10 Calculate the cryptographic Hash of described authority keys, the cryptographic Hash of its calculated described authority keys is designated as the second of authority keys Cryptographic Hash.Described home appliance 10 is tested by the first cryptographic Hash of described authority keys and the second cryptographic Hash of described authority keys Demonstrate,prove the integrity of described authority keys.If the first cryptographic Hash of described authority keys and the second cryptographic Hash phase of described authority keys With, then show that described authority keys is complete, described home appliance 10 then by described authority keys in LAN with described end End 30 carries out communication；If the first cryptographic Hash of described authority keys is different with the second cryptographic Hash of described authority keys, then show Described authority keys is imperfect, and described home appliance 10 obtains described authority keys or knot to described Cloud Server 20 the most again The operation of Shu Dangqian.

Described home appliance 10 passes through to obtain authority keys from described Cloud Server 20, and by the Hash of authority keys Value verifies the integrity of described authority keys.Improve the safety of communication between home appliance 10 and terminal 30.

Further, described terminal 30, it is additionally operable to, after being connected with the foundation of described Cloud Server 20, send the second equipment mark Knowledge request instruction gives described Cloud Server 20, returns according to described second device identification request instruction for described Cloud Server 20 Device identification；Receive the device identification that described Cloud Server 20 returns, obtain key mark by the cryptographic Hash of described device identification Know, and by described key identification to described Cloud Server 20 sending permission token request instruction, for described Cloud Server 20 The first session key and rights token is returned according to described rights token request instruction；Receive that described Cloud Server 20 returns the One session key and rights token, and described rights token is sent to described home appliance 10.

When described terminal 30 is set up after HTTPS is connected with described Cloud Server 20, and described terminal 30 sends the second equipment Identification request instructs to described Cloud Server 20.When described Cloud Server 20 receives described second device identification request instruction After, described Cloud Server 20 identifies to described terminal 30 according to described second device identification request instruction returning equipment.Described cloud It is same device identification that server 20 returns to the device identification of described terminal 30 and described home appliance 10.Due to described cloud Home appliance 10 described in server 20 and the mapping table of APP in described terminal 30, so described Cloud Server 20 can be according to institute State the second device identification request instruction and return the device identification identical with returning to described home appliance 10 to described terminal 30.

When described terminal 30 receives the device identification that described Cloud Server 20 returns, calculate the Kazakhstan of described device identification Uncommon value, using the result of 16 byte phase XORs before and after the cryptographic Hash of described device identification as key identification.By described key mark Memorize is UDP_KEY_ID.When described terminal 30 obtains described key identification UDP_KEY_ID, described terminal 30 is by described UDP_KEY_ID is to described Cloud Server 20 sending permission token request instruction.When described Cloud Server 20 receives described terminal During the rights token request instruction that 30 send, described Cloud Server 20 returns what it generated according to described authority keys request instruction Rights token and the first session key.When described Cloud Server 20 is during generating rights token, described key can be passed through Identifier lookup is to described authority keys.Each device identification correspond to a unique key identification, and each key identification is corresponding A unique authority keys.Described terminal 30 receives the first session key and the authority order that described Cloud Server 20 returns Board, accesses described home appliance 10 according to described rights token.

Whether described home appliance 10 is had by terminal 30 described in described rights token identification possesses access rights, it is achieved with Secure interactive between described terminal 30.

The present invention further provides a kind of home appliance 10.

With reference to the high-level schematic functional block diagram that Fig. 2, Fig. 2 are home appliance 10 of the present invention preferred embodiment.

In the present embodiment, described home appliance 10 includes:

First acquisition module 11, for, after being connected with Cloud Server 20 foundation, obtaining authority from described Cloud Server 20 Key；

When home appliance 10 to carry out data transmission with terminal 30, described home appliance 10 elder generation and described Cloud Server 20 Set up SST (Smart Security Transport, smart machine safe transmission bearing protocol) secure connection.When described household electrical appliances Equipment 10 is set up after SST is connected with described Cloud Server 20, and the first acquisition module 11 in described home appliance 10 is from described cloud Server 20 obtains authority keys.Described home appliance 10 includes but not limited to refrigerator, electric cooker, microwave oven and TV.Enter One step ground, when described first acquisition module 11 is after described Cloud Server 20 obtains described authority keys, described first obtains mould Block 11 calculates the cryptographic Hash of described authority keys, and by the most described to cryptographic Hash and the write of described authority keys of described authority keys In SST, to carry out communication by described authority keys and described terminal 30 in LAN.

Key production module 12, for receiving the rights token that terminal 30 sends, makes based on described authority keys and authority Board generates the second session key；

Key sending module 13, is sent to described terminal 30 by described second session key, receives for described terminal 30 The second session key that described home appliance 10 sends, uses described second session key and from the acquisition of described Cloud Server 20 First session key is sent to described home appliance 10 after data to be transmitted being encrypted；

When the key production module 12 in described home appliance 10 receives the rights token that described terminal 30 sends, institute State key production module 12 rights token based on described authority keys and described terminal 30 transmission and generate the second session key.Institute State key sending module 13 and described second session key is sent to described terminal 30.

Further, described key production module 12 includes:

Decryption unit, for receiving the rights token that described terminal 30 sends, uses described authority keys to decipher described power Order board within a certain time, obtain described first session key；

When described key production module 12 receives the rights token that described terminal 30 sends, described key production module Decryption unit in 12 uses described authority keys to decipher described rights token, obtains described first session key and described first The cryptographic Hash of session key, is designated as the first Hash of the first session key by the cryptographic Hash of the first session key of deciphering gained Value, and recalculate the cryptographic Hash of the first session key of described deciphering gained, it is designated as the second cryptographic Hash of the first session key. Described authentication unit uses the first cryptographic Hash of described first session key and the second cryptographic Hash of described first session key to test Demonstrate,prove the integrity of described first session key.If the first cryptographic Hash of described first session key and described first session key Second cryptographic Hash is identical, and described authentication unit then assert that described first session key is complete, and described Key generating unit generates the Two session keys；If the first cryptographic Hash of described first session key is different with the second cryptographic Hash of described first session key, Described authentication unit then assert that described first session key is imperfect, and it is close that described Key generating unit does not the most generate the second session Key.

Described rights token based on predetermined encryption algorithm, is used the first session key generated by described Cloud Server 20 Generate with authority keys.

Described rights token is generated by described Cloud Server 20.Described rights token is generated at described Cloud Server 20 During, described Cloud Server 20 can first get authority keys, and detects described APP and family by the mapping table prestored Whether binding relationship is there is between electricity equipment 10.Described mapping table is described home appliance 10 and the reflecting of APP in described terminal 30 Firing table, in described mapping table, stores MAC (Media Access Control, the media interviews control of described home appliance 10 System) address, the SN (serial number, serial number) mapping relations between code and the identification information of described APP, described APP's Identification information is the information that can uniquely represent this APP, such as the bag name of this APP.When described Cloud Server 20 is based on described mapping Table detects when there is binding relationship between described APP and described home appliance 10, and described Cloud Server 20 generates the first session Key, and with described authority keys as key, use the AES preset that described first session key is encrypted, obtain Corresponding ciphertext.After described Cloud Server 20 obtains described ciphertext, described Cloud Server 20 uses SHA-256 (Secure Hash Algorithm, Secure Hash Algorithm) calculate the cryptographic Hash of described first session key.Described Cloud Server 20 is by described Cryptographic Hash and the described ciphertext of the first session key after encryption are spliced, and obtain rights token.When described Cloud Server 20 After obtaining described rights token, described rights token and described first session key are sent to described end by described Cloud Server 20 End 30, gets described rights token and described first session key for described terminal 30.When described Cloud Server 20 based on Described mapping table detects when there is not binding relationship between described APP and described home appliance 10, and described Cloud Server 20 is then Send null message to described terminal 30.

Further, with reference to a kind of functional module signal that Fig. 3, Fig. 3 are the first acquisition module 11 in the embodiment of the present invention Figure

Described first acquisition module 11 includes:

First transmitting element 111, for, after being connected with Cloud Server 20 foundation, sending the first device identification request instruction To described Cloud Server 20, for described Cloud Server 20 according to described first device identification request instruction returning equipment mark；

When described home appliance 10 is set up after SST is connected with described Cloud Server 20, described first transmitting element 111 Send the first device identification request instruction to described Cloud Server 20.For described Cloud Server 20 according to described first device identification Request instruction returning equipment mark receives in unit 112 to first.Described device identification is that described home appliance 10 connects first When connecing network, described Cloud Server 20 is for distribute to described home appliance 10, and each home appliance 10 has unique equipment Mark.

First receives unit 112, for receiving the device identification that described Cloud Server 20 returns, by described device identification Cryptographic Hash obtain key identification；

Described first transmitting element 111, is additionally operable to by described key identification close to described Cloud Server 20 sending permission Key request instruction, returns authority keys for described Cloud Server 20 according to described authority keys request instruction；

When described first receives the device identification that unit 112 receives the return of described Cloud Server 20, set described in calculating The cryptographic Hash of standby mark, using the result of 16 byte phase XORs before and after the cryptographic Hash of described device identification as key identification, will Described key identification is designated as UDP_KEY_ID.When described first reception unit 112 obtains described key identification UDP_KEY_ID, Described first transmitting element 111 is instructed to described Cloud Server 20 sending permission key request by described UDP_KEY_ID, with Authority keys is returned according to described authority keys request instruction for described Cloud Server 20.Further, when described Cloud Server The cryptographic Hash of described authority keys is sent to described home appliance 10 by 20 simultaneously.

Described first receives unit 112, is additionally operable to receive the authority keys that described Cloud Server 20 returns.

Described first receives unit 112 receives the authority keys that described Cloud Server 20 returns, and receives described cloud clothes The cryptographic Hash of the authority keys that business device 20 sends, it is close that the cryptographic Hash of the authority keys sent by described Cloud Server 20 is designated as authority First cryptographic Hash of key.When described first receives the authority keys that unit 112 receives the return of described Cloud Server 20, described First receives unit 112 calculates the cryptographic Hash of described authority keys, the cryptographic Hash of its calculated described authority keys is remembered The second cryptographic Hash for authority keys.Described first receives the unit 112 first cryptographic Hash by described authority keys and described Second cryptographic Hash of authority keys verifies the integrity of described authority keys.If the first cryptographic Hash of described authority keys and described Second cryptographic Hash of authority keys is identical, then show that described authority keys is complete, and described home appliance 10 is then by described authority Key carries out communication with described terminal 30 in LAN；If the first cryptographic Hash of described authority keys and described authority keys Second cryptographic Hash is different, then show that described authority keys is imperfect, and described first acquisition module 11 is the most again to described cloud service Device 20 obtains described authority keys or terminates current operation.

The present invention provides a kind of terminal 30 further.

With reference to the high-level schematic functional block diagram that Fig. 4, Fig. 4 are terminal 30 of the present invention preferred embodiment.

In the present embodiment, described terminal 30 includes:

Second acquisition module 31, for, after being connected with Cloud Server 20 foundation, obtaining first from described Cloud Server 20 Session key and rights token, and described rights token is sent to described home appliance 10, for described home appliance 10 base Generate the second session key in described authority keys and rights token, and described second session key is sent to described terminal 30；

When described terminal 30 to carry out data transmission with described Cloud Server 20, described terminal 30 and described Cloud Server 20 set up HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, procotol) even Connect.When described terminal 30 is set up after HTTPS is connected with described server, and described terminal 30 detects in described APP whether have user Log in.As APP described in the user's Successful login in described APP, described second acquisition module 31 is from described Cloud Server 20 Obtain the first session key and rights token.When described second acquisition module 31 gets described first session key and described power Order bridge queen within a certain time, the first acquired session key and rights token are sent to described home appliance 10, set for described household electrical appliances Standby 10 generate the second session key based on described authority keys and rights token, and are sent to by described second session key described Terminal 30.

Receiver module 32, for receiving the second session key that described home appliance 10 sends, by described second session Key and described first session key are sent to described home appliance 10 after data to be transmitted being encrypted.

When described receiver module 32 receives the second session key that described home appliance 10 sends, described receiver module 32 use described second session key and described first session key to be sent to described home appliance after data to be transmitted being encrypted 10.Described data to be transmitted can be control described home appliance 10 open, the control instruction of closedown etc., or other data.

Further, described receiver module 32 includes:

Second receives unit, for receiving the second session key that described home appliance 10 sends, calculates described second meeting Words key and the XOR value of described first session key, using described XOR value as the 3rd session key；

Data transmission unit, is sent to described household electrical appliances after data to be transmitted being encrypted by described 3rd session key Equipment 10.

When described second receives the second session key that unit receives the transmission of described home appliance 10, described second connects Receive unit and calculate described second session key and the XOR value of described first session key, by described second session key and described The XOR value of the first session key is as the 3rd session key.Described 3rd session key is key by described data transmission unit Described data to be transmitted is encrypted, the data to be transmitted after being encrypted.Described data transmission unit is by after described encryption Data to be transmitted be sent to described home appliance 10.

Further, with reference to a kind of functional module signal that Fig. 5, Fig. 5 are the second acquisition module 31 in the embodiment of the present invention Figure.

In the present embodiment, described second acquisition module 31 includes:

Second transmitting element 311, for after being connected with the foundation of described Cloud Server 20, sends the second device identification request Instruction is to described Cloud Server 20, for described Cloud Server 20 according to described second device identification request instruction returning equipment mark Know；

When described terminal 30 is set up after HTTPS is connected with described Cloud Server 20, and described second transmitting element 311 sends Second device identification request instruction gives described Cloud Server 20, please according to described second device identification for described Cloud Server 20 Instruction returning equipment mark is asked to receive unit 312 to the 3rd.

3rd receives unit 312, for receiving the device identification that described Cloud Server 20 returns, by described device identification Cryptographic Hash obtain key identification；

Described second transmitting element 311, is additionally operable to be ordered within a certain time to the transmission route of described Cloud Server 20 by described key identification Board request instruction, returns the first session key and authority order for described Cloud Server 20 according to described rights token request instruction Board；

Described 3rd receives unit 312, is additionally operable to receive the first session key and the authority that described Cloud Server 20 returns Token, and described rights token is sent to described home appliance 10, for described home appliance 10 based on described authority keys Generate the second session key with rights token, and described second session key is sent to described terminal 30.

When the described 3rd receives the device identification that unit 312 receives the return of described Cloud Server 20, set described in calculating The cryptographic Hash of standby mark, using the result of 16 byte phase XORs before and after the cryptographic Hash of described device identification as key identification, will Described key identification is designated as UDP_KEY_ID.When described 3rd reception unit 312 obtains described key identification UDP_KEY_ID, Described second transmitting element 311 by described UDP_KEY_ID to described Cloud Server 20 sending permission token request instruction, with The first session key and rights token is returned to the described 3rd according to described rights token request instruction for described Cloud Server 20 Receive unit 312.When described Cloud Server 20 is during generating rights token, institute can be found by described key identification State authority keys.Each device identification correspond to a unique key identification, and each key identification correspond to unique one Authority keys.Described 3rd receives unit 312 receives the first session key and rights token, the root that described Cloud Server 20 returns Described home appliance 10 is accessed according to described rights token.

The present invention further provides the communication means of a kind of home appliance and terminal.

With reference to the schematic flow sheet that Fig. 6, Fig. 6 are home appliance of the present invention and the communication means preferred embodiment of terminal.

In the present embodiment, described home appliance includes with the communication means of terminal:

Step S10, after described home appliance is connected with Cloud Server foundation, described home appliance is from described Cloud Server Obtain authority keys；

When home appliance to carry out data transmission with terminal, described home appliance is first and described Cloud Server sets up SST (Smart Security Transport, smart machine safe transmission bearing protocol) secure connection.When described home appliance with After described Cloud Server sets up SST connection, described home appliance obtains authority keys from described Cloud Server.Described household electrical appliances set For including but not limited to refrigerator, electric cooker, microwave oven and TV.Further, when described home appliance is from described Cloud Server After obtaining described authority keys, described home appliance calculates the cryptographic Hash of described authority keys, and by the Kazakhstan of described authority keys In uncommon value and described authority keys write extremely described SST, to be carried out by described authority keys and described terminal in LAN Communication.

It should be noted that in the present embodiment, described terminal by default APP (Application, application program) with Described home appliance and described Cloud Server carry out communication, and described default APP refers to enter described home appliance in Internet of Things The application that row controls.Described authority keys is the 32 byte character strings that described Cloud Server generates.But it is also possible to according to specifically Situation, is set to 16 bytes by the byte number of described authority keys, or 64 bytes etc..

Step S20, after described terminal is connected with the foundation of described Cloud Server, described terminal obtains from described Cloud Server First session key and rights token, and described rights token is sent to described home appliance；

When described terminal to carry out data transmission with described Cloud Server, described terminal is set up with described Cloud Server HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, procotol) connects.When Described terminal is set up after HTTPS is connected with described server, and whether described terminal is detected in described APP has user to log in.Work as institute When stating APP described in the user's Successful login in APP, described terminal obtains the first session key and authority from described Cloud Server Token.After described terminal gets described first session key and described rights token, described terminal and described home appliance Set up secure connection, the first acquired session key and rights token are sent to described home appliance.

It should be noted that what described rights token was generated by described Cloud Server.Generate described at described Cloud Server During rights token, described Cloud Server can first get authority keys, and detects institute by the mapping table prestored State and whether there is binding relationship between APP and home appliance.Described mapping table is described home appliance and APP in described terminal Mapping table, in described mapping table, stores MAC (Media Access Control, the media interviews control of described home appliance System) address, the SN (serial number, serial number) mapping relations between code and the identification information of described APP, described APP's Identification information is the information that can uniquely represent this APP, such as the bag name of this APP.When described Cloud Server is based on described mapping table Detect that when there is binding relationship between described APP and described home appliance, described Cloud Server generates the first session key, and With described authority keys as key, use the AES preset that described first session key is encrypted, obtain correspondence Ciphertext.After described Cloud Server obtains described ciphertext, described Cloud Server uses SHA-256 (Secure Hash Algorithm, Secure Hash Algorithm) calculate the cryptographic Hash of described first session key.Described Cloud Server is by after described encryption The cryptographic Hash of the first session key and described ciphertext splice, obtain rights token.When described Cloud Server obtains described After rights token, described rights token and described first session key are sent to described terminal, for institute by described Cloud Server State terminal and get described rights token and described first session key.When described Cloud Server detects based on described mapping table When there is not binding relationship between described APP and described home appliance, described Cloud Server then sends null message to described terminal.

It should be noted that the first session key that described Cloud Server generates each time is all different.Described cloud service Device is when the cryptographic Hash and described ciphertext using described first session key obtains rights token, it is also possible to select described first meeting Partial words joint number in the partial words joint number of the cryptographic Hash of words key and described ciphertext carries out splicing or phase XOR, obtains described Rights token.

Step S30, described home appliance receives the rights token that described terminal sends, based on described authority keys and authority Token generates the second session key, and described second session key is sent to described terminal；

When described home appliance receives the rights token that described terminal sends, described home appliance is based on described authority The rights token that key and described terminal send generates the second session key, and described second session key is sent to described end End.

Further, described step S30 includes:

Step a, described home appliance receives the rights token that described terminal sends, and uses the deciphering of described authority keys described Rights token, obtains described first session key；

Step b, described home appliance verifies the integrity of described first session key；

Step c, if described first session key is complete, described home appliance then generates the second session key, and by described Second session key is sent to described terminal.

When described home appliance receives the rights token that described terminal sends, described home appliance uses described authority Rights token described in secret key decryption, obtains described first session key and the cryptographic Hash of described first session key, will decipher institute The cryptographic Hash of the first session key obtained is designated as the first cryptographic Hash of the first session key, and recalculates described deciphering gained The cryptographic Hash of the first session key, is designated as the second cryptographic Hash of the first session key.Described home appliance uses described first meeting First cryptographic Hash of words key and the second cryptographic Hash of described first session key verify the integrity of described first session key. If the first cryptographic Hash of described first session key is identical with the second cryptographic Hash of described first session key, described home appliance Then assert that described first session key is complete, described home appliance then generates the second session key, and by close for described second session Key is sent to described terminal；If the first cryptographic Hash of described first session key and the second cryptographic Hash of described first session key Difference, described home appliance then assert that described first session key is imperfect, and it is close that described home appliance does not the most generate the second session Key.

Step S40, described terminal receives the second session key that described home appliance sends, uses described second session close Key and described first session key are sent to described home appliance after data to be transmitted being encrypted.

When described terminal receives the second session key that described home appliance sends, described terminal uses described second Session key and described first session key are sent to described home appliance after data to be transmitted being encrypted.Described data to be transmitted Can be the control instruction controlling described home appliance unlatching, closedown etc., or other data.

Further, described step S40 includes:

Step d, described terminal receives the second session key that described home appliance sends, calculates described second session key With the XOR value of described first session key, using described XOR value as the 3rd session key；

Step e, described terminal uses described 3rd session key to be sent to described household electrical appliances after data to be transmitted being encrypted and sets Standby.

When described terminal receives the second session key that described home appliance sends, described terminal calculates described second Session key and the XOR value of described first session key, by described second session key and the XOR of described first session key Value is as the 3rd session key.Described 3rd session key is that data to be transmitted described in double secret key is encrypted by described terminal, Data to be transmitted after being encrypted.Data to be transmitted after described encryption is sent to described home appliance by described terminal, and Described home appliance carries out communication.

The present embodiment obtains the first session key and rights token by terminal from Cloud Server, and rights token is sent out Giving home appliance, it is close that home appliance generates the second session based on the authority keys obtained from Cloud Server and this rights token Key, and the second session key is sent to terminal, terminal uses the second session key and the first session key by number to be transmitted It is sent to home appliance according to after encryption.Achieving during carrying out information communication between home appliance and terminal, home appliance leads to Cross whether the application program in rights token identification terminal exists the authority accessing home appliance, only when the application journey in terminal When sequence possesses the authority accessing home appliance, the application program in terminal just can obtain the data of home appliance, improve house The safety of data interaction between electricity equipment and terminal.

Further, reference Fig. 7, Fig. 7 is when described home appliance is connected with Cloud Server foundation in the embodiment of the present invention After, described home appliance obtains a kind of schematic flow sheet of authority keys from described Cloud Server.

In the present embodiment, described step S10 includes:

Step S11, after described home appliance is connected with Cloud Server foundation, described home appliance sends the first equipment mark Knowledge request instruction gives described Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment Mark；

When described home appliance is set up after SST is connected with described Cloud Server, and described home appliance sends the first equipment Identification request instructs to described Cloud Server.When after described cloud server to described first device identification request instruction, institute State Cloud Server to identify to described home appliance according to described first device identification request instruction returning equipment.Described device identification Be described home appliance when first connection network, described Cloud Server is to distribute to described home appliance, and each household electrical appliances set There is unique device identification.

Generate it should be noted that described device identification can also be described home appliance oneself.

Step S12, described home appliance receives the device identification that described Cloud Server returns, by described device identification Cryptographic Hash obtains key identification, and is instructed to described Cloud Server sending permission key request by described key identification, for Described Cloud Server returns authority keys according to described authority keys request instruction；

When described home appliance receives the device identification that described Cloud Server returns, calculate the Kazakhstan of described device identification Uncommon value, using before and after the cryptographic Hash of described device identification, the result of 16 byte phase XORs is as key identification, by described key mark Memorize is UDP_KEY_ID.When described home appliance obtains described key identification UDP_KEY_ID, described home appliance passes through Described UDP_KEY_ID instructs to described Cloud Server sending permission key request.When described cloud server is to described household electrical appliances During the authority keys request instruction that equipment sends, described Cloud Server returns what it generated according to described authority keys request instruction Authority keys gives described home appliance.Further, the cryptographic Hash of described authority keys is sent when described Cloud Server simultaneously To described home appliance.

Step S13, described home appliance receives the authority keys that described Cloud Server returns.

Described home appliance receives the authority keys that described Cloud Server returns, and receives what described Cloud Server sent The cryptographic Hash of authority keys, the cryptographic Hash of the authority keys sent by described Cloud Server is designated as the first Hash of authority keys Value.When described home appliance receives the authority keys that described Cloud Server returns, described home appliance calculates described authority The cryptographic Hash of key, is designated as the second cryptographic Hash of authority keys by the cryptographic Hash of its calculated described authority keys.Described By the first cryptographic Hash of described authority keys and the second cryptographic Hash of described authority keys, home appliance verifies that described authority is close The integrity of key.If the first cryptographic Hash of described authority keys is identical with the second cryptographic Hash of described authority keys, then show institute Stating authority keys complete, described home appliance then carries out communication with described terminal by described authority keys in LAN；If First cryptographic Hash of described authority keys is different with the second cryptographic Hash of described authority keys, then show that described authority keys is the completeest Whole, described home appliance the most again obtains described authority keys to described Cloud Server or terminates current operation.

Described home appliance is by obtaining authority keys from described Cloud Server, and is tested by the cryptographic Hash of authority keys Demonstrate,prove the integrity of described authority keys.Improve the safety of communication between home appliance and terminal.

Further, reference Fig. 8, Fig. 8 is when described terminal is connected with the foundation of described Cloud Server in the embodiment of the present invention After, described terminal obtains the first session key and rights token from described Cloud Server, and described rights token is sent to institute State a kind of schematic flow sheet of home appliance.

In the present embodiment, described step S20 includes:

Step S21, after described terminal is connected with the foundation of described Cloud Server, described terminal sends the second device identification please Ask and instruct to described Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark Know；

When described terminal is set up after HTTPS is connected with described Cloud Server, and described terminal sends the second device identification please Ask instruction to described Cloud Server.When, after described cloud server to described second device identification request instruction, described cloud takes Business device identifies to described terminal according to described second device identification request instruction returning equipment.Described Cloud Server returns to described The device identification of terminal and described home appliance is same device identification.Due to home appliance described in described Cloud Server and institute State the mapping table of APP in terminal, so described Cloud Server can return according to described second device identification request instruction and return Described terminal is given in the device identification identical back to described home appliance.

Step S22, described terminal receives the device identification that described Cloud Server returns, by the Hash of described device identification It is worth to key identification, and by described key identification to described Cloud Server sending permission token request instruction, for described Cloud Server returns the first session key and rights token according to described rights token request instruction；

Step S23, described terminal receives the first session key and the rights token that described Cloud Server returns, and by described Rights token is sent to described home appliance.

When described terminal receives the device identification that described Cloud Server returns, calculate the Hash of described device identification Value, using the result of 16 byte phase XORs before and after the cryptographic Hash of described device identification as key identification.By described key identification It is designated as UDP_KEY_ID.When described terminal obtains described key identification UDP_KEY_ID, described terminal passes through described UDP_ KEY_ID is to described Cloud Server sending permission token request instruction.When the power that described cloud server sends to described terminal When ordering board request instruction within a certain time, described Cloud Server returns its rights token generated and the according to described authority keys request instruction One session key.When described Cloud Server is during generating rights token, can be found described by described key identification Authority keys.Each device identification correspond to a unique key identification, and each key identification correspond to unique power Limit key.Described terminal receives the first session key and the rights token that described Cloud Server returns, according to described rights token Access described home appliance.

Whether described home appliance is had by terminal described in described rights token identification possesses access rights, it is achieved with described Secure interactive between terminal.

It should be noted that in this article, term " includes ", " comprising " or its any other variant are intended to non-row Comprising of his property, so that include that the process of a series of key element, method, article or device not only include those key elements, and And also include other key elements being not expressly set out, or also include intrinsic for this process, method, article or device Key element.In the case of there is no more restriction, statement " including ... " key element limited, it is not excluded that including this The process of key element, method, article or device there is also other identical element.

The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.

Through the above description of the embodiments, those skilled in the art is it can be understood that arrive above-described embodiment side Method can add the mode of required general hardware platform by software and realize, naturally it is also possible to by hardware, but a lot of in the case of The former is more preferably embodiment.Based on such understanding, prior art is done by technical scheme the most in other words The part going out contribution can embody with the form of software product, and this computer software product is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions with so that a station terminal equipment (can be mobile phone, computer, take Business device, air-conditioner, or the network equipment etc.) perform the method described in each embodiment of the present invention.

These are only the preferred embodiments of the present invention, not thereby limit the scope of the claims of the present invention, every utilize this Equivalent structure or equivalence flow process that bright description and accompanying drawing content are made convert, or are directly or indirectly used in other relevant skills Art field, is the most in like manner included in the scope of patent protection of the present invention.

Claims

1. a home appliance and the communication system of terminal, it is characterised in that described home appliance and the communication system bag of terminal Include home appliance and terminal:

Described terminal, for when with described Cloud Server set up be connected after, from described Cloud Server obtain the first session key with Rights token, and described rights token is sent to described home appliance；

Described rights token based on predetermined encryption algorithm, is used the first session key and authority generated by described Cloud Server Key generates；

Described home appliance, is additionally operable to receive the rights token that described terminal sends, based on described authority keys and rights token Generate the second session key, and described second session key is sent to described terminal；

Described terminal, is additionally operable to receive the second session key that described home appliance sends, use described second session key and Described first session key is sent to described home appliance after data to be transmitted being encrypted.

2. home appliance as claimed in claim 1 and the communication system of terminal, it is characterised in that described home appliance, also uses In receiving the rights token that described terminal sends, use described authority keys to decipher described rights token, obtain described first meeting Words key；Verify the complete of described first session key；If described first session key is complete, then generate the second session key, And described second session key is sent to described terminal.

3. home appliance as claimed in claim 1 and the communication system of terminal, it is characterised in that described terminal, is additionally operable to connect Receive the second session key that described home appliance sends, calculate described second session key and the XOR of described first session key Value, using described XOR value as the 3rd session key；Described 3rd session key is used to be sent to after data to be transmitted being encrypted Described home appliance.

4. the home appliance as described in any one of claims 1 to 3 and the communication system of terminal, it is characterised in that described household electrical appliances Equipment, is additionally operable to after setting up with Cloud Server and being connected, and sends the first device identification request instruction to described Cloud Server, for Described Cloud Server is according to described first device identification request instruction returning equipment mark；Receive setting of described Cloud Server return Standby mark, obtains key identification by the cryptographic Hash of described device identification, and by described key identification to described Cloud Server Sending permission key request instructs, and returns authority keys for described Cloud Server according to described authority keys request instruction；Connect Receive the authority keys that described Cloud Server returns.

5. the home appliance as described in any one of claims 1 to 3 and the communication system of terminal, it is characterised in that described terminal, It is additionally operable to after setting up with described Cloud Server and being connected, sends the second device identification request instruction to described Cloud Server, for Described Cloud Server is according to described second device identification request instruction returning equipment mark；Receive setting of described Cloud Server return Standby mark, obtains key identification by the cryptographic Hash of described device identification, and by described key identification to described Cloud Server Sending permission token request instruction, returns the first session key for described Cloud Server according to described rights token request instruction And rights token；Receive the first session key and rights token that described Cloud Server returns, and described rights token is sent To described home appliance.

6. a home appliance, it is characterised in that described home appliance includes:

Key production module, for receiving the rights token that terminal sends, generates the based on described authority keys and rights token Two session keys；

Key sending module, is sent to described terminal by described second session key, receives described household electrical appliances for described terminal and sets The second session key that preparation is sent, uses described second session key and the first session key obtained from described Cloud Server to incite somebody to action It is sent to described home appliance after data to be transmitted encryption；

Described rights token based on predetermined encryption algorithm, is used the first session key and authority generated by described Cloud Server Key generates.

7. home appliance as claimed in claim 6, it is characterised in that described key production module includes:

Decryption unit, for receiving the rights token that described terminal sends, uses described authority keys to decipher described rights token, Obtain described first session key；

Home appliance the most as claimed in claims 6 or 7, it is characterised in that described first acquisition module includes:

First transmitting element, for, after being connected with Cloud Server foundation, sending the first device identification request instruction to described cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment mark；

First receives unit, for receiving the device identification that described Cloud Server returns, by the cryptographic Hash of described device identification Obtain key identification；

Described first transmitting element, is additionally operable to be referred to described Cloud Server sending permission key request by described key identification Order, returns authority keys for described Cloud Server according to described authority keys request instruction；

9. a terminal, it is characterised in that described terminal includes:

Second acquisition module, for when with Cloud Server set up be connected after, from described Cloud Server obtain the first session key with Rights token, and described rights token is sent to described home appliance, for described home appliance based on described authority keys Generate the second session key with rights token, and described second session key is sent to described terminal；

Receiver module, for receiving the second session key that described home appliance sends, by described second session key and institute State after data to be transmitted is encrypted by the first session key and be sent to described home appliance.

10. terminal as claimed in claim 9, it is characterised in that described receiver module includes:

Second receives unit, for receiving the second session key that described home appliance sends, calculates described second session key With the XOR value of described first session key, using described XOR value as the 3rd session key；

Data transmission unit, is sent to described household electrical appliances after data to be transmitted being encrypted by described 3rd session key and sets Standby.

11. terminals as described in claim 9 or 10, it is characterised in that described second acquisition module includes:

Second transmitting element, for, after being connected with the foundation of described Cloud Server, sending the second device identification request instruction to institute State Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark；

3rd receives unit, for receiving the device identification that described Cloud Server returns, by the cryptographic Hash of described device identification Obtain key identification；

Described second transmitting element, is additionally operable to be referred to the request of described Cloud Server sending permission token by described key identification Order, returns the first session key and rights token for described Cloud Server according to described rights token request instruction；

Described 3rd receives unit, is additionally operable to receive the first session key and the rights token that described Cloud Server returns, and will Described rights token is sent to described home appliance, generates based on described authority keys and rights token for described home appliance Second session key, and described second session key is sent to described terminal.

12. 1 kinds of home appliances and the means of communication of terminal, it is characterised in that described home appliance and the means of communication bag of terminal Include:

After described home appliance is connected with Cloud Server foundation, it is close that described home appliance obtains authority from described Cloud Server Key；

After described terminal is connected with the foundation of described Cloud Server, described terminal obtains the first session key from described Cloud Server And rights token, and described rights token is sent to described home appliance；

Described home appliance receives the rights token that described terminal sends, and generates second based on described authority keys and rights token Session key, and described second session key is sent to described terminal；

13. home appliances as claimed in claim 12 and the means of communication of terminal, it is characterised in that described home appliance receives The rights token that described terminal sends, generates the second session key based on described authority keys and rights token, and by described the Two session keys are sent to the step of described terminal and include:

Described home appliance receives the rights token that described terminal sends, and uses described authority keys to decipher described rights token, Obtain described first session key；

If described first session key is complete, described home appliance then generates the second session key, and by close for described second session Key is sent to described terminal.

14. home appliances as claimed in claim 12 and the means of communication of terminal, it is characterised in that described terminal receives described The second session key that home appliance sends, uses described second session key and described first session key by data to be transmitted The step being sent to described home appliance after encryption includes:

Described terminal receives the second session key that described home appliance sends, and calculates described second session key and described first The XOR value of session key, using described XOR value as the 3rd session key；

The means of communication of 15. home appliances as described in any one of claim 12 to 14 and terminal, it is characterised in that described work as Described home appliance is set up with Cloud Server after being connected, and described home appliance obtains the step of authority keys from described Cloud Server Including:

After described home appliance and Cloud Server are set up and are connected, described home appliance send the first device identification request instruction to Described Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment mark；

Described home appliance receives the device identification that described Cloud Server returns, and obtains close by the cryptographic Hash of described device identification Key identifies, and is instructed to described Cloud Server sending permission key request by described key identification, for described Cloud Server Authority keys is returned according to described authority keys request instruction；

The means of communication of 16. home appliances as described in any one of claim 12 to 14 and terminal, it is characterised in that described work as Described terminal is set up with described Cloud Server after being connected, and described terminal obtains the first session key and authority from described Cloud Server Token, and the step that described rights token is sent to described home appliance includes:

After described terminal is connected with the foundation of described Cloud Server, described terminal sends the second device identification request instruction to described Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark；

Described terminal receives the device identification that described Cloud Server returns, and obtains key mark by the cryptographic Hash of described device identification Know, and by described key identification to described Cloud Server sending permission token request instruction, for described Cloud Server according to Described rights token request instruction returns the first session key and rights token；

Described terminal receives the first session key and the rights token that described Cloud Server returns, and described rights token is sent To described home appliance.