CN106130958A - The communication system of home appliance and terminal and method, home appliance, terminal - Google Patents
The communication system of home appliance and terminal and method, home appliance, terminal Download PDFInfo
- Publication number
- CN106130958A CN106130958A CN201610405105.4A CN201610405105A CN106130958A CN 106130958 A CN106130958 A CN 106130958A CN 201610405105 A CN201610405105 A CN 201610405105A CN 106130958 A CN106130958 A CN 106130958A
- Authority
- CN
- China
- Prior art keywords
- cloud server
- session key
- home appliance
- terminal
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses the communication system of a kind of home appliance and terminal, this system includes home appliance and terminal: home appliance, for after setting up with Cloud Server and being connected, from Cloud Server acquisition authority keys;Receive the rights token that terminal sends, generate the second session key based on authority keys and rights token, and the second session key is sent to terminal;Terminal, for, after being connected with Cloud Server foundation, obtaining the first session key and rights token from Cloud Server, and rights token be sent to home appliance;Receive the second session key that home appliance sends, use the second session key and the first session key to be sent to home appliance after data to be transmitted being encrypted.The present invention also provides for home appliance and the communication means of terminal, home appliance and terminal.The present invention improves the safety of data interaction between home appliance and terminal.
Description
Technical field
The present invention relates to Smart Home technical field, particularly relate to a kind of home appliance and the communication system of terminal and side
Method, home appliance, terminal.
Background technology
Quantity and the growth of category along with intelligent appliance equipment so that connection and collaborative the becoming of equipment room compel to be essential
, the framework of wisdom life to connecting and the advance of collaborative direction, occurs in that Smart Home therewith.Smart Home refer to
House is platform, utilizes comprehensive wiring technology, network communications technology, security precautions technology, automatic control technology, audio frequency and video technology
By integrated for facility relevant for life staying idle at home, build the management system of efficient housing facilities and family's schedule affairs, promote household
Safety, convenience, comfortableness, artistry, and realize the living environment of environmental protection and energy saving.
In intelligent domestic system, in the system of home appliance-terminal-Cloud Server, home appliance and terminal it
Between information mutual, be essentially all after establishing a connection, directly carry out the communication of information, do not consider that household electrical appliances set
The problem of information communication safety between standby and terminal.But, during carrying out information communication between home appliance and terminal,
Whether home appliance can not go the application program identifying in this terminal to have permission and access this home appliance, is easily caused illegal
Application program goes to access home appliance, steals the data in home appliance, causes data interaction between home appliance and terminal
Safety can not get ensureing.
Summary of the invention
Present invention is primarily targeted at provide the communication system of a kind of home appliance and terminal and method, home appliance,
Terminal, it is intended to solve the technical problem that the safety of data interaction between existing home appliance and terminal can not get ensureing.
For achieving the above object, a kind of home appliance of present invention offer and the communication system of terminal, described home appliance
Home appliance and terminal is included with the communication system of terminal:
Described home appliance, for, after being connected with Cloud Server foundation, obtaining authority keys from described Cloud Server;
Described terminal, for, after being connected with the foundation of described Cloud Server, obtaining the first session from described Cloud Server close
Key and rights token, and described rights token is sent to described home appliance;
Described rights token by described Cloud Server based on predetermined encryption algorithm, use the first session key generated and
Authority keys generates;
Described home appliance, is additionally operable to receive the rights token that described terminal sends, based on described authority keys and authority
Token generates the second session key, and described second session key is sent to described terminal;
Described terminal, is additionally operable to receive the second session key that described home appliance sends, uses described second session close
Key and described first session key are sent to described home appliance after data to be transmitted being encrypted.
Preferably, described home appliance, it is additionally operable to receive the rights token that described terminal sends, uses described authority keys
Decipher described rights token, obtain described first session key;Verify the complete of described first session key;If described first meeting
Words key is complete, then generate the second session key, and described second session key is sent to described terminal.
Preferably, described terminal, it is additionally operable to receive the second session key that described home appliance sends, calculates described second
Session key and the XOR value of described first session key, using described XOR value as the 3rd session key;Use the described 3rd
Session key is sent to described home appliance after data to be transmitted being encrypted.
Preferably, described home appliance, it is additionally operable to after being connected with Cloud Server foundation, sends the first device identification request
Instruct to described Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment mark;
Receive the device identification that described Cloud Server returns, obtain key identification by the cryptographic Hash of described device identification, and pass through institute
State key identification to instruct to described Cloud Server sending permission key request, for described Cloud Server according to described authority keys
Request instruction returns authority keys;Receive the authority keys that described Cloud Server returns.
Preferably, described terminal, it is additionally operable to after being connected with the foundation of described Cloud Server, sends the second device identification request
Instruct to described Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark;
Receive the device identification that described Cloud Server returns, obtain key identification by the cryptographic Hash of described device identification, and pass through institute
State key identification to described Cloud Server sending permission token request instruction, for described Cloud Server according to described rights token
Request instruction returns the first session key and rights token;Receive the first session key and authority order that described Cloud Server returns
Board, and described rights token is sent to described home appliance.
Additionally, for achieving the above object, the present invention also provides for a kind of home appliance, and described home appliance includes:
First acquisition module, for, after being connected with Cloud Server foundation, obtaining authority keys from described Cloud Server;
Key production module, for receiving the rights token that terminal sends, raw based on described authority keys and rights token
Become the second session key;
Key sending module, is sent to described terminal by described second session key, receives described family for described terminal
The second session key that electricity equipment sends, uses described second session key and the first session obtained from described Cloud Server close
Key is sent to described home appliance after data to be transmitted being encrypted;
Described rights token by described Cloud Server based on predetermined encryption algorithm, use the first session key generated and
Authority keys generates.
Preferably, described key production module includes:
Decryption unit, for receiving the rights token that described terminal sends, uses described authority keys to decipher described authority
Token, obtains described first session key;
Authentication unit, for verifying the integrity of described first session key;
Key generating unit, if complete for described first session key, then generates the second session key.
Preferably, described first acquisition module includes:
First transmitting element, for, after being connected with Cloud Server foundation, sending the first device identification request instruction to institute
State Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment mark;
First receives unit, for receiving the device identification that described Cloud Server returns, by the Kazakhstan of described device identification
Wish and be worth to key identification;
Described first transmitting element, is additionally operable to by described key identification to described Cloud Server sending permission key request
Instruction, returns authority keys for described Cloud Server according to described authority keys request instruction;
Described first receives unit, is additionally operable to receive the authority keys that described Cloud Server returns.
Additionally, for achieving the above object, the present invention also provides for a kind of terminal, and described terminal includes:
Second acquisition module, for, after being connected with Cloud Server foundation, obtaining the first session from described Cloud Server close
Key and rights token, and described rights token is sent to described home appliance, for described home appliance based on described authority
Key and rights token generate the second session key, and described second session key is sent to described terminal;
Described rights token by described Cloud Server based on predetermined encryption algorithm, use the first session key generated and
Authority keys generates;
Receiver module, for receiving the second session key that described home appliance sends, by described second session key
It is sent to described home appliance after data to be transmitted being encrypted with described first session key.
Preferably, second receives unit, for receiving the second session key that described home appliance sends, calculates described the
Two session keys and the XOR value of described first session key, using described XOR value as the 3rd session key;
Data transmission unit, is sent to described household electrical appliances after data to be transmitted being encrypted by described 3rd session key
Equipment.
Preferably, described second acquisition module includes:
Second transmitting element, for, after being connected with the foundation of described Cloud Server, sending the second device identification request instruction
To described Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark;
3rd receives unit, for receiving the device identification that described Cloud Server returns, by the Kazakhstan of described device identification
Wish and be worth to key identification;
Described second transmitting element, is additionally operable to be asked to described Cloud Server sending permission token by described key identification
Instruction, returns the first session key and rights token for described Cloud Server according to described rights token request instruction;
Described 3rd receives unit, is additionally operable to receive the first session key and the rights token that described Cloud Server returns,
And described rights token is sent to described home appliance, for described home appliance based on described authority keys and rights token
Generate the second session key, and described second session key is sent to described terminal.
Additionally, for achieving the above object, the present invention also provides for the means of communication of a kind of home appliance and terminal, described household electrical appliances
Equipment includes with the means of communication of terminal:
After described home appliance is connected with Cloud Server foundation, described home appliance obtains authority from described Cloud Server
Key;
After described terminal is connected with the foundation of described Cloud Server, described terminal obtains the first session from described Cloud Server
Key and rights token, and described rights token is sent to described home appliance;
Described rights token by described Cloud Server based on predetermined encryption algorithm, use the first session key generated and
Authority keys generates;
Described home appliance receives the rights token that described terminal sends, and generates based on described authority keys and rights token
Second session key, and described second session key is sent to described terminal;
Described terminal receives the second session key that described home appliance sends, and uses described second session key and described
First session key is sent to described home appliance after data to be transmitted being encrypted.
Preferably, described home appliance receives the rights token that described terminal sends, based on described authority keys and authority
Token generates the second session key, and the step that described second session key is sent to described terminal is included:
Described home appliance receives the rights token that described terminal sends, and uses described authority keys to decipher the order of described authority
Board, obtains described first session key;
Described home appliance verifies the integrity of described first session key;
If described first session key is complete, described home appliance then generates the second session key, and by described second meeting
Words key is sent to described terminal.
Preferably, described terminal receives the second session key that described home appliance sends, and uses described second session close
Key and described first session key are sent to the step of described home appliance and include after data to be transmitted being encrypted:
Described terminal receives the second session key that described home appliance sends, and calculates described second session key and described
The XOR value of the first session key, using described XOR value as the 3rd session key;
Described terminal uses described 3rd session key to be sent to described home appliance after data to be transmitted being encrypted.
Preferably, described after described home appliance is connected with Cloud Server foundation, described home appliance takes from described cloud
Business device obtains the step of authority keys and includes:
After described home appliance is connected with Cloud Server foundation, described home appliance sends the first device identification request and refers to
Make to described Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment mark;
Described home appliance receives the device identification that described Cloud Server returns, and is obtained by the cryptographic Hash of described device identification
To key identification, and instructed to described Cloud Server sending permission key request by described key identification, take for described cloud
Business device returns authority keys according to described authority keys request instruction;
Described home appliance receives the authority keys that described Cloud Server returns.
Preferably, described after described terminal is connected with the foundation of described Cloud Server, described terminal is from described Cloud Server
Obtain the first session key and rights token, and the step that described rights token is sent to described home appliance include:
After described terminal and described Cloud Server are set up and are connected, described terminal send the second device identification request instruction to
Described Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark;
Described terminal receives the device identification that described Cloud Server returns, and obtains close by the cryptographic Hash of described device identification
Key identifies, and by described key identification to described Cloud Server sending permission token request instruction, for described Cloud Server
The first session key and rights token is returned according to described rights token request instruction;
Described terminal receives the first session key and the rights token that described Cloud Server returns, and by described rights token
It is sent to described home appliance.
The present invention obtains the first session key and rights token by terminal from Cloud Server, and rights token is sent
To home appliance, it is close that home appliance generates the second session based on the authority keys obtained from Cloud Server and this rights token
Key, and the second session key is sent to terminal, terminal uses the second session key and the first session key by number to be transmitted
It is sent to home appliance according to after encryption.Achieving during carrying out information communication between home appliance and terminal, home appliance leads to
Cross whether the application program in rights token identification terminal exists the authority accessing home appliance, only when the application journey in terminal
When sequence possesses the authority accessing home appliance, the application program in terminal just can obtain the data of home appliance, improve house
The safety of data interaction between electricity equipment and terminal.
Accompanying drawing explanation
Fig. 1 is the preferably enforcement scene schematic diagram of the home appliance of the present invention communication system with terminal;
Fig. 2 is the high-level schematic functional block diagram of home appliance preferred embodiment of the present invention;
Fig. 3 is a kind of high-level schematic functional block diagram of the first acquisition module in the embodiment of the present invention;
Fig. 4 is the high-level schematic functional block diagram of terminal preferred embodiment of the present invention;
Fig. 5 is a kind of high-level schematic functional block diagram of the second acquisition module in the embodiment of the present invention;
Fig. 6 is the schematic flow sheet of home appliance of the present invention and the means of communication preferred embodiment of terminal;
Fig. 7 is in the embodiment of the present invention after described home appliance and Cloud Server are set up and be connected, described home appliance from
Described Cloud Server obtains a kind of schematic flow sheet of authority keys;
Fig. 8 is that described terminal is from described in the embodiment of the present invention after described terminal is connected with the foundation of described Cloud Server
Cloud Server obtains the first session key and rights token, and described rights token is sent to a kind of stream of described home appliance
Journey schematic diagram.
Detailed description of the invention
Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
The present invention provides the communication system of a kind of home appliance and terminal.
With reference to the preferably enforcement scene schematic diagram that Fig. 1, Fig. 1 are the home appliance of the present invention communication system with terminal.
From described Fig. 1, the home appliance 10 of the communication advantageous applications Internet of Things of described home appliance 10 and terminal 30
Controlling in scene, wherein, with the communication system of terminal 30, described home appliance 10 includes that terminal 30, Cloud Server 20 and household electrical appliances set
Standby 10, described terminal 30 can be mobile phone, PAD (Portable Android Device, panel computer) or remote controller etc., this
Described in embodiment, terminal 30 is as a example by mobile phone, and described home appliance 10 includes various home appliance, such as air-conditioning, refrigerator or audio amplifier
Etc..Specifically, described home appliance 10 is first and described Cloud Server 20 sets up secure connection, and described terminal 30 is also elder generation and institute
Stating Cloud Server 20 and set up secure connection, the most described terminal 30 and described home appliance 10 interact, concrete mutual side
Formula is: described terminal 30 sends control instruction extremely described home appliance 10 by Cloud Server 20, to control described home appliance
10 perform corresponding operation, open heating mode as controlled air-conditioner, or regulation heats temperature etc..
Described home appliance 10, for, after being connected with Cloud Server 20 foundation, obtaining authority from described Cloud Server 20
Key;
When home appliance 10 to carry out data transmission with terminal 30, described home appliance 10 elder generation and described Cloud Server 20
Set up SST (Smart Security Transport, smart machine safe transmission bearing protocol) secure connection.When described household electrical appliances
Equipment 10 is set up after SST is connected with described Cloud Server 20, and described home appliance 10 obtains authority from described Cloud Server 20
Key.Further, when described home appliance 10 is after described Cloud Server 20 obtains described authority keys, described home appliance
10 cryptographic Hash calculating described authority keys, and by the most described to cryptographic Hash and the write of described authority keys of described authority keys
In SST, to carry out communication by described authority keys and described terminal 30 in LAN.
It should be noted that in the present embodiment, described terminal 30 is by default APP (Application, application program)
Carrying out communication with described home appliance 10 and described Cloud Server 20, described default APP refers in Internet of Things described household electrical appliances
The application that equipment 10 is controlled.Described authority keys is the 32 byte character strings that described Cloud Server 20 generates.However, it is possible to
With as the case may be, the byte number of described authority keys is set to 16 bytes, or 64 bytes etc..
Described terminal 30, for, after being connected with the foundation of described Cloud Server 20, obtaining first from described Cloud Server 20
Session key and rights token, and described rights token is sent to described home appliance 10;
Described rights token based on predetermined encryption algorithm, is used the first session key generated by described Cloud Server 20
Generate with authority keys;
When described terminal 30 to carry out data transmission with described Cloud Server 20, described terminal 30 and described Cloud Server
20 set up HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, procotol) even
Connect.When described terminal 30 is set up after HTTPS is connected with described server, and described terminal 30 detects in described APP whether have user
Log in.As APP described in the user's Successful login in described APP, described terminal 30 obtains first from described Cloud Server 20
Session key and rights token.After described terminal 30 gets described first session key and described rights token, described end
End 30 and described home appliance 10 set up secure connection, and the first acquired session key and rights token are sent to described family
Electricity equipment 10.
It should be noted that what described rights token was generated by described Cloud Server 20.Generate at described Cloud Server 20
During described rights token, described Cloud Server 20 can first get authority keys, and by the mapping table prestored
Detect and whether there is binding relationship between described APP and home appliance 10.Described mapping table is that described home appliance 10 is with described
The mapping table of APP in terminal 30, in described mapping table, stores MAC (the Media Access of described home appliance 10
Control, media interviews control) address, SN (serial number, serial number) is between code and the identification information of described APP
Mapping relations, the identification information of described APP is the information that can uniquely represent this APP, such as the bag name of this APP.When described cloud takes
Business device 20 detects based on described mapping table when there is binding relationship between described APP and described home appliance 10, and described cloud takes
Business device 20 generates the first session key, and with described authority keys as key, uses the AES preset to described first meeting
Words key is encrypted, and obtains the ciphertext of correspondence.After described Cloud Server 20 obtains described ciphertext, described Cloud Server 20 is adopted
The cryptographic Hash of described first session key is calculated with SHA-256 (Secure Hash Algorithm, Secure Hash Algorithm).Institute
State Cloud Server 20 cryptographic Hash and the described ciphertext of the first session key after described encryption to be spliced, obtain authority order
Board.After described Cloud Server 20 obtains described rights token, described Cloud Server 20 is by described rights token and described first
Session key is sent to described terminal 30, gets described rights token and described first session key for described terminal 30.
Binding relationship is there is not between described APP and described home appliance 10 when described Cloud Server 20 detects based on described mapping table
Time, described Cloud Server 20 then sends null message to described terminal 30.
It should be noted that the first session key that described Cloud Server 20 generates each time is all different.Described cloud takes
Business device 20 is when using the cryptographic Hash of described first session key and described ciphertext to obtain rights token, it is also possible to select described the
Partial words joint number in the partial words joint number of the cryptographic Hash of one session key and described ciphertext carries out splicing or phase XOR, obtains
Described rights token.
In the present embodiment, described default AES is AES (Advanced Encryption Standard, height
Level encryption standard), concrete employing AES-256 algorithm.But described default AES is not restricted to AES-256 algorithm,
Other existing AES can also be used, do not repeat them here.
Described home appliance 10, is additionally operable to receive the rights token that described terminal 30 sends, based on described authority keys and
Rights token generates the second session key, and described second session key is sent to described terminal 30;
When described home appliance 10 receives the rights token that described terminal 30 sends, described home appliance 10 is based on institute
The rights token stating authority keys and described terminal 30 transmission generates the second session key, and is sent by described second session key
To described terminal 30.
Further, described home appliance 10, it is additionally operable to receive the rights token that described terminal 30 sends, uses described power
Rights token described in limit secret key decryption, obtains described first session key;Verify the complete of described first session key;If it is described
First session key is complete, then generate the second session key, and described second session key is sent to described terminal 30.
When described home appliance 10 receives the rights token that described terminal 30 sends, described home appliance 10 uses institute
State authority keys and decipher described rights token, obtain described first session key and the cryptographic Hash of described first session key, will
The cryptographic Hash of the first session key of deciphering gained is designated as the first cryptographic Hash of the first session key, and recalculates described deciphering
The cryptographic Hash of the first session key of gained, is designated as the second cryptographic Hash of the first session key.Described home appliance 10 uses institute
Second cryptographic Hash of the first cryptographic Hash and described first session key of stating the first session key verifies described first session key
Integrity.If the first cryptographic Hash of described first session key is identical with the second cryptographic Hash of described first session key, institute
Stating home appliance 10 and then assert that described first session key is complete, described home appliance 10 then generates the second session key, and will
Described second session key is sent to described terminal 30;If the first cryptographic Hash of described first session key and described first session
Second cryptographic Hash of key is different, and described home appliance 10 then assert that described first session key is imperfect, described home appliance
10 do not generate the second session key.
Described terminal 30, is additionally operable to receive the second session key that described home appliance 10 sends, uses described second meeting
Words key and described first session key are sent to described home appliance 10 after data to be transmitted being encrypted.
When described terminal 30 receives the second session key that described home appliance 10 sends, described terminal 30 uses institute
State after data to be transmitted is encrypted by the second session key and described first session key and be sent to described home appliance 10.Described treat
Transmission data can be the described home appliance 10 of control open, the control instruction of closedown etc., or other data.
Further, described terminal 30, it is additionally operable to receive the second session key that described home appliance 10 sends, calculates institute
State the second session key and the XOR value of described first session key, using described XOR value as the 3rd session key;Use institute
State after data to be transmitted is encrypted by the 3rd session key and be sent to described home appliance 10.
When described terminal 30 receives the second session key that described home appliance 10 sends, described terminal 30 calculates institute
State the second session key and the XOR value of described first session key, by described second session key and described first session key
XOR value as the 3rd session key.Described 3rd session key is that data to be transmitted described in double secret key is entered by described terminal 30
Row encryption, the data to be transmitted after being encrypted.Data to be transmitted after described encryption is sent to described family by described terminal 30
Electricity equipment 10, and described home appliance 10 carries out communication.
It should be noted that in the present embodiment, it is not restricted to by described first session key and described second meeting
The XOR value of words key is calculated described 3rd session key.Can also be by described first session key and described second session
Key carries out splicing and obtains described 3rd session key, it would however also be possible to employ described first session key and described second session key
In partial words joint number carry out XOR, or splicing obtains described 3rd session key.
The present embodiment obtains the first session key and rights token by terminal 30 from Cloud Server 20, and authority is made
Board is sent to home appliance 10, and home appliance 10 generates based on the authority keys obtained from Cloud Server 20 and this rights token
Second session key, and the second session key is sent to terminal 30, terminal 30 uses the second session key and the first session
Key is sent to home appliance 10 after data to be transmitted being encrypted.Achieve carry out between home appliance 10 and terminal 30 information lead to
During news, whether home appliance 10 is existed by the application program in rights token identification terminal 30 accesses home appliance 10
Authority, only when the application program in terminal 30 possesses the authority accessing home appliance 10, the application program in terminal 30 is
The data of home appliance 10 can be obtained, improve the safety of data interaction between home appliance 10 and terminal 30.
Further, described home appliance 10, it is additionally operable to, after being connected with Cloud Server 20 foundation, send the first equipment mark
Knowledge request instruction gives described Cloud Server 20, returns according to described first device identification request instruction for described Cloud Server 20
Device identification;Receive the device identification that described Cloud Server 20 returns, obtain key mark by the cryptographic Hash of described device identification
Know, and instructed to described Cloud Server 20 sending permission key request by described key identification, for described Cloud Server 20
Authority keys is returned according to described authority keys request instruction;Receive the authority keys that described Cloud Server 20 returns.
When described home appliance 10 is set up after SST is connected with described Cloud Server 20, and described home appliance 10 sends
One device identification request instruction gives described Cloud Server 20.When described Cloud Server 20 receives described first device identification request
After instruction, described Cloud Server 20 identifies to described home appliance according to described first device identification request instruction returning equipment
10.Described device identification be described home appliance 10 when first connection network, described Cloud Server 20 is for distributing to described family
Electricity equipment 10, each home appliance 10 has unique device identification.
Generate it should be noted that described device identification can also be described home appliance 10 oneself.
When described home appliance 10 receives the device identification that described Cloud Server 20 returns, calculate described device identification
Cryptographic Hash, using before and after the cryptographic Hash of described device identification, the result of 16 byte phase XORs is as key identification, by described close
Key mark is designated as UDP_KEY_ID.When described home appliance 10 obtains described key identification UDP_KEY_ID, described household electrical appliances set
Standby 10 are instructed to described Cloud Server 20 sending permission key request by described UDP_KEY_ID.When described Cloud Server 20 connects
When receiving the authority keys request instruction that described home appliance 10 sends, described Cloud Server 20 is asked according to described authority keys
Instruction returns its authority keys generated to described home appliance 10.Further, when described Cloud Server 20 is simultaneously by described
The cryptographic Hash of authority keys is sent to described home appliance 10.
It should be noted that can also using the result of 8 byte phase XORs before and after the cryptographic Hash of described device identification as
Described key identification, it is also possible to using the result of other byte number phase XOR before and after the cryptographic Hash of described device identification as described
Key identification.
Described home appliance 10 receives the authority keys that described Cloud Server 20 returns, and receives described Cloud Server 20
The cryptographic Hash of authority keys sent, the cryptographic Hash of the authority keys sent by described Cloud Server 20 is designated as the of authority keys
One cryptographic Hash.When described home appliance 10 receives the authority keys that described Cloud Server 20 returns, described home appliance 10
Calculate the cryptographic Hash of described authority keys, the cryptographic Hash of its calculated described authority keys is designated as the second of authority keys
Cryptographic Hash.Described home appliance 10 is tested by the first cryptographic Hash of described authority keys and the second cryptographic Hash of described authority keys
Demonstrate,prove the integrity of described authority keys.If the first cryptographic Hash of described authority keys and the second cryptographic Hash phase of described authority keys
With, then show that described authority keys is complete, described home appliance 10 then by described authority keys in LAN with described end
End 30 carries out communication;If the first cryptographic Hash of described authority keys is different with the second cryptographic Hash of described authority keys, then show
Described authority keys is imperfect, and described home appliance 10 obtains described authority keys or knot to described Cloud Server 20 the most again
The operation of Shu Dangqian.
Described home appliance 10 passes through to obtain authority keys from described Cloud Server 20, and by the Hash of authority keys
Value verifies the integrity of described authority keys.Improve the safety of communication between home appliance 10 and terminal 30.
Further, described terminal 30, it is additionally operable to, after being connected with the foundation of described Cloud Server 20, send the second equipment mark
Knowledge request instruction gives described Cloud Server 20, returns according to described second device identification request instruction for described Cloud Server 20
Device identification;Receive the device identification that described Cloud Server 20 returns, obtain key mark by the cryptographic Hash of described device identification
Know, and by described key identification to described Cloud Server 20 sending permission token request instruction, for described Cloud Server 20
The first session key and rights token is returned according to described rights token request instruction;Receive that described Cloud Server 20 returns the
One session key and rights token, and described rights token is sent to described home appliance 10.
When described terminal 30 is set up after HTTPS is connected with described Cloud Server 20, and described terminal 30 sends the second equipment
Identification request instructs to described Cloud Server 20.When described Cloud Server 20 receives described second device identification request instruction
After, described Cloud Server 20 identifies to described terminal 30 according to described second device identification request instruction returning equipment.Described cloud
It is same device identification that server 20 returns to the device identification of described terminal 30 and described home appliance 10.Due to described cloud
Home appliance 10 described in server 20 and the mapping table of APP in described terminal 30, so described Cloud Server 20 can be according to institute
State the second device identification request instruction and return the device identification identical with returning to described home appliance 10 to described terminal 30.
When described terminal 30 receives the device identification that described Cloud Server 20 returns, calculate the Kazakhstan of described device identification
Uncommon value, using the result of 16 byte phase XORs before and after the cryptographic Hash of described device identification as key identification.By described key mark
Memorize is UDP_KEY_ID.When described terminal 30 obtains described key identification UDP_KEY_ID, described terminal 30 is by described
UDP_KEY_ID is to described Cloud Server 20 sending permission token request instruction.When described Cloud Server 20 receives described terminal
During the rights token request instruction that 30 send, described Cloud Server 20 returns what it generated according to described authority keys request instruction
Rights token and the first session key.When described Cloud Server 20 is during generating rights token, described key can be passed through
Identifier lookup is to described authority keys.Each device identification correspond to a unique key identification, and each key identification is corresponding
A unique authority keys.Described terminal 30 receives the first session key and the authority order that described Cloud Server 20 returns
Board, accesses described home appliance 10 according to described rights token.
Whether described home appliance 10 is had by terminal 30 described in described rights token identification possesses access rights, it is achieved with
Secure interactive between described terminal 30.
The present invention further provides a kind of home appliance 10.
With reference to the high-level schematic functional block diagram that Fig. 2, Fig. 2 are home appliance 10 of the present invention preferred embodiment.
In the present embodiment, described home appliance 10 includes:
First acquisition module 11, for, after being connected with Cloud Server 20 foundation, obtaining authority from described Cloud Server 20
Key;
When home appliance 10 to carry out data transmission with terminal 30, described home appliance 10 elder generation and described Cloud Server 20
Set up SST (Smart Security Transport, smart machine safe transmission bearing protocol) secure connection.When described household electrical appliances
Equipment 10 is set up after SST is connected with described Cloud Server 20, and the first acquisition module 11 in described home appliance 10 is from described cloud
Server 20 obtains authority keys.Described home appliance 10 includes but not limited to refrigerator, electric cooker, microwave oven and TV.Enter
One step ground, when described first acquisition module 11 is after described Cloud Server 20 obtains described authority keys, described first obtains mould
Block 11 calculates the cryptographic Hash of described authority keys, and by the most described to cryptographic Hash and the write of described authority keys of described authority keys
In SST, to carry out communication by described authority keys and described terminal 30 in LAN.
It should be noted that in the present embodiment, described terminal 30 is by default APP (Application, application program)
Carrying out communication with described home appliance 10 and described Cloud Server 20, described default APP refers in Internet of Things described household electrical appliances
The application that equipment 10 is controlled.Described authority keys is the 32 byte character strings that described Cloud Server 20 generates.However, it is possible to
With as the case may be, the byte number of described authority keys is set to 16 bytes, or 64 bytes etc..
Key production module 12, for receiving the rights token that terminal 30 sends, makes based on described authority keys and authority
Board generates the second session key;
Key sending module 13, is sent to described terminal 30 by described second session key, receives for described terminal 30
The second session key that described home appliance 10 sends, uses described second session key and from the acquisition of described Cloud Server 20
First session key is sent to described home appliance 10 after data to be transmitted being encrypted;
When the key production module 12 in described home appliance 10 receives the rights token that described terminal 30 sends, institute
State key production module 12 rights token based on described authority keys and described terminal 30 transmission and generate the second session key.Institute
State key sending module 13 and described second session key is sent to described terminal 30.
Further, described key production module 12 includes:
Decryption unit, for receiving the rights token that described terminal 30 sends, uses described authority keys to decipher described power
Order board within a certain time, obtain described first session key;
Authentication unit, for verifying the integrity of described first session key;
Key generating unit, if complete for described first session key, then generates the second session key.
When described key production module 12 receives the rights token that described terminal 30 sends, described key production module
Decryption unit in 12 uses described authority keys to decipher described rights token, obtains described first session key and described first
The cryptographic Hash of session key, is designated as the first Hash of the first session key by the cryptographic Hash of the first session key of deciphering gained
Value, and recalculate the cryptographic Hash of the first session key of described deciphering gained, it is designated as the second cryptographic Hash of the first session key.
Described authentication unit uses the first cryptographic Hash of described first session key and the second cryptographic Hash of described first session key to test
Demonstrate,prove the integrity of described first session key.If the first cryptographic Hash of described first session key and described first session key
Second cryptographic Hash is identical, and described authentication unit then assert that described first session key is complete, and described Key generating unit generates the
Two session keys;If the first cryptographic Hash of described first session key is different with the second cryptographic Hash of described first session key,
Described authentication unit then assert that described first session key is imperfect, and it is close that described Key generating unit does not the most generate the second session
Key.
Described rights token based on predetermined encryption algorithm, is used the first session key generated by described Cloud Server 20
Generate with authority keys.
Described rights token is generated by described Cloud Server 20.Described rights token is generated at described Cloud Server 20
During, described Cloud Server 20 can first get authority keys, and detects described APP and family by the mapping table prestored
Whether binding relationship is there is between electricity equipment 10.Described mapping table is described home appliance 10 and the reflecting of APP in described terminal 30
Firing table, in described mapping table, stores MAC (Media Access Control, the media interviews control of described home appliance 10
System) address, the SN (serial number, serial number) mapping relations between code and the identification information of described APP, described APP's
Identification information is the information that can uniquely represent this APP, such as the bag name of this APP.When described Cloud Server 20 is based on described mapping
Table detects when there is binding relationship between described APP and described home appliance 10, and described Cloud Server 20 generates the first session
Key, and with described authority keys as key, use the AES preset that described first session key is encrypted, obtain
Corresponding ciphertext.After described Cloud Server 20 obtains described ciphertext, described Cloud Server 20 uses SHA-256 (Secure
Hash Algorithm, Secure Hash Algorithm) calculate the cryptographic Hash of described first session key.Described Cloud Server 20 is by described
Cryptographic Hash and the described ciphertext of the first session key after encryption are spliced, and obtain rights token.When described Cloud Server 20
After obtaining described rights token, described rights token and described first session key are sent to described end by described Cloud Server 20
End 30, gets described rights token and described first session key for described terminal 30.When described Cloud Server 20 based on
Described mapping table detects when there is not binding relationship between described APP and described home appliance 10, and described Cloud Server 20 is then
Send null message to described terminal 30.
It should be noted that the first session key that described Cloud Server 20 generates each time is all different.Described cloud takes
Business device 20 is when using the cryptographic Hash of described first session key and described ciphertext to obtain rights token, it is also possible to select described the
Partial words joint number in the partial words joint number of the cryptographic Hash of one session key and described ciphertext carries out splicing or phase XOR, obtains
Described rights token.
In the present embodiment, described default AES is AES (Advanced Encryption Standard, height
Level encryption standard), concrete employing AES-256 algorithm.But described default AES is not restricted to AES-256 algorithm,
Other existing AES can also be used, do not repeat them here.
Further, with reference to a kind of functional module signal that Fig. 3, Fig. 3 are the first acquisition module 11 in the embodiment of the present invention
Figure
Described first acquisition module 11 includes:
First transmitting element 111, for, after being connected with Cloud Server 20 foundation, sending the first device identification request instruction
To described Cloud Server 20, for described Cloud Server 20 according to described first device identification request instruction returning equipment mark;
When described home appliance 10 is set up after SST is connected with described Cloud Server 20, described first transmitting element 111
Send the first device identification request instruction to described Cloud Server 20.For described Cloud Server 20 according to described first device identification
Request instruction returning equipment mark receives in unit 112 to first.Described device identification is that described home appliance 10 connects first
When connecing network, described Cloud Server 20 is for distribute to described home appliance 10, and each home appliance 10 has unique equipment
Mark.
Generate it should be noted that described device identification can also be described home appliance 10 oneself.
First receives unit 112, for receiving the device identification that described Cloud Server 20 returns, by described device identification
Cryptographic Hash obtain key identification;
Described first transmitting element 111, is additionally operable to by described key identification close to described Cloud Server 20 sending permission
Key request instruction, returns authority keys for described Cloud Server 20 according to described authority keys request instruction;
When described first receives the device identification that unit 112 receives the return of described Cloud Server 20, set described in calculating
The cryptographic Hash of standby mark, using the result of 16 byte phase XORs before and after the cryptographic Hash of described device identification as key identification, will
Described key identification is designated as UDP_KEY_ID.When described first reception unit 112 obtains described key identification UDP_KEY_ID,
Described first transmitting element 111 is instructed to described Cloud Server 20 sending permission key request by described UDP_KEY_ID, with
Authority keys is returned according to described authority keys request instruction for described Cloud Server 20.Further, when described Cloud Server
The cryptographic Hash of described authority keys is sent to described home appliance 10 by 20 simultaneously.
It should be noted that can also using the result of 8 byte phase XORs before and after the cryptographic Hash of described device identification as
Described key identification, it is also possible to using the result of other byte number phase XOR before and after the cryptographic Hash of described device identification as described
Key identification.
Described first receives unit 112, is additionally operable to receive the authority keys that described Cloud Server 20 returns.
Described first receives unit 112 receives the authority keys that described Cloud Server 20 returns, and receives described cloud clothes
The cryptographic Hash of the authority keys that business device 20 sends, it is close that the cryptographic Hash of the authority keys sent by described Cloud Server 20 is designated as authority
First cryptographic Hash of key.When described first receives the authority keys that unit 112 receives the return of described Cloud Server 20, described
First receives unit 112 calculates the cryptographic Hash of described authority keys, the cryptographic Hash of its calculated described authority keys is remembered
The second cryptographic Hash for authority keys.Described first receives the unit 112 first cryptographic Hash by described authority keys and described
Second cryptographic Hash of authority keys verifies the integrity of described authority keys.If the first cryptographic Hash of described authority keys and described
Second cryptographic Hash of authority keys is identical, then show that described authority keys is complete, and described home appliance 10 is then by described authority
Key carries out communication with described terminal 30 in LAN;If the first cryptographic Hash of described authority keys and described authority keys
Second cryptographic Hash is different, then show that described authority keys is imperfect, and described first acquisition module 11 is the most again to described cloud service
Device 20 obtains described authority keys or terminates current operation.
Described home appliance 10 passes through to obtain authority keys from described Cloud Server 20, and by the Hash of authority keys
Value verifies the integrity of described authority keys.Improve the safety of communication between home appliance 10 and terminal 30.
The present invention provides a kind of terminal 30 further.
With reference to the high-level schematic functional block diagram that Fig. 4, Fig. 4 are terminal 30 of the present invention preferred embodiment.
In the present embodiment, described terminal 30 includes:
Second acquisition module 31, for, after being connected with Cloud Server 20 foundation, obtaining first from described Cloud Server 20
Session key and rights token, and described rights token is sent to described home appliance 10, for described home appliance 10 base
Generate the second session key in described authority keys and rights token, and described second session key is sent to described terminal
30;
When described terminal 30 to carry out data transmission with described Cloud Server 20, described terminal 30 and described Cloud Server
20 set up HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, procotol) even
Connect.When described terminal 30 is set up after HTTPS is connected with described server, and described terminal 30 detects in described APP whether have user
Log in.As APP described in the user's Successful login in described APP, described second acquisition module 31 is from described Cloud Server 20
Obtain the first session key and rights token.When described second acquisition module 31 gets described first session key and described power
Order bridge queen within a certain time, the first acquired session key and rights token are sent to described home appliance 10, set for described household electrical appliances
Standby 10 generate the second session key based on described authority keys and rights token, and are sent to by described second session key described
Terminal 30.
Described rights token based on predetermined encryption algorithm, is used the first session key generated by described Cloud Server 20
Generate with authority keys;
Described rights token is generated by described Cloud Server 20.Described rights token is generated at described Cloud Server 20
During, described Cloud Server 20 can first get authority keys, and detects described APP and family by the mapping table prestored
Whether binding relationship is there is between electricity equipment 10.Described mapping table is described home appliance 10 and the reflecting of APP in described terminal 30
Firing table, in described mapping table, stores MAC (Media Access Control, the media interviews control of described home appliance 10
System) address, the SN (serial number, serial number) mapping relations between code and the identification information of described APP, described APP's
Identification information is the information that can uniquely represent this APP, such as the bag name of this APP.When described Cloud Server 20 is based on described mapping
Table detects when there is binding relationship between described APP and described home appliance 10, and described Cloud Server 20 generates the first session
Key, and with described authority keys as key, use the AES preset that described first session key is encrypted, obtain
Corresponding ciphertext.After described Cloud Server 20 obtains described ciphertext, described Cloud Server 20 uses SHA-256 (Secure
Hash Algorithm, Secure Hash Algorithm) calculate the cryptographic Hash of described first session key.Described Cloud Server 20 is by described
Cryptographic Hash and the described ciphertext of the first session key after encryption are spliced, and obtain rights token.When described Cloud Server 20
After obtaining described rights token, described rights token and described first session key are sent to described end by described Cloud Server 20
End 30, gets described rights token and described first session key for described terminal 30.When described Cloud Server 20 based on
Described mapping table detects when there is not binding relationship between described APP and described home appliance 10, and described Cloud Server 20 is then
Send null message to described terminal 30.
It should be noted that the first session key that described Cloud Server 20 generates each time is all different.Described cloud takes
Business device 20 is when using the cryptographic Hash of described first session key and described ciphertext to obtain rights token, it is also possible to select described the
Partial words joint number in the partial words joint number of the cryptographic Hash of one session key and described ciphertext carries out splicing or phase XOR, obtains
Described rights token.
In the present embodiment, described default AES is AES (Advanced Encryption Standard, height
Level encryption standard), concrete employing AES-256 algorithm.But described default AES is not restricted to AES-256 algorithm,
Other existing AES can also be used, do not repeat them here.
Receiver module 32, for receiving the second session key that described home appliance 10 sends, by described second session
Key and described first session key are sent to described home appliance 10 after data to be transmitted being encrypted.
When described receiver module 32 receives the second session key that described home appliance 10 sends, described receiver module
32 use described second session key and described first session key to be sent to described home appliance after data to be transmitted being encrypted
10.Described data to be transmitted can be control described home appliance 10 open, the control instruction of closedown etc., or other data.
Further, described receiver module 32 includes:
Second receives unit, for receiving the second session key that described home appliance 10 sends, calculates described second meeting
Words key and the XOR value of described first session key, using described XOR value as the 3rd session key;
Data transmission unit, is sent to described household electrical appliances after data to be transmitted being encrypted by described 3rd session key
Equipment 10.
When described second receives the second session key that unit receives the transmission of described home appliance 10, described second connects
Receive unit and calculate described second session key and the XOR value of described first session key, by described second session key and described
The XOR value of the first session key is as the 3rd session key.Described 3rd session key is key by described data transmission unit
Described data to be transmitted is encrypted, the data to be transmitted after being encrypted.Described data transmission unit is by after described encryption
Data to be transmitted be sent to described home appliance 10.
It should be noted that in the present embodiment, it is not restricted to by described first session key and described second meeting
The XOR value of words key is calculated described 3rd session key.Can also be by described first session key and described second session
Key carries out splicing and obtains described 3rd session key, it would however also be possible to employ described first session key and described second session key
In partial words joint number carry out XOR, or splicing obtains described 3rd session key.
Further, with reference to a kind of functional module signal that Fig. 5, Fig. 5 are the second acquisition module 31 in the embodiment of the present invention
Figure.
In the present embodiment, described second acquisition module 31 includes:
Second transmitting element 311, for after being connected with the foundation of described Cloud Server 20, sends the second device identification request
Instruction is to described Cloud Server 20, for described Cloud Server 20 according to described second device identification request instruction returning equipment mark
Know;
When described terminal 30 is set up after HTTPS is connected with described Cloud Server 20, and described second transmitting element 311 sends
Second device identification request instruction gives described Cloud Server 20, please according to described second device identification for described Cloud Server 20
Instruction returning equipment mark is asked to receive unit 312 to the 3rd.
3rd receives unit 312, for receiving the device identification that described Cloud Server 20 returns, by described device identification
Cryptographic Hash obtain key identification;
Described second transmitting element 311, is additionally operable to be ordered within a certain time to the transmission route of described Cloud Server 20 by described key identification
Board request instruction, returns the first session key and authority order for described Cloud Server 20 according to described rights token request instruction
Board;
Described 3rd receives unit 312, is additionally operable to receive the first session key and the authority that described Cloud Server 20 returns
Token, and described rights token is sent to described home appliance 10, for described home appliance 10 based on described authority keys
Generate the second session key with rights token, and described second session key is sent to described terminal 30.
When the described 3rd receives the device identification that unit 312 receives the return of described Cloud Server 20, set described in calculating
The cryptographic Hash of standby mark, using the result of 16 byte phase XORs before and after the cryptographic Hash of described device identification as key identification, will
Described key identification is designated as UDP_KEY_ID.When described 3rd reception unit 312 obtains described key identification UDP_KEY_ID,
Described second transmitting element 311 by described UDP_KEY_ID to described Cloud Server 20 sending permission token request instruction, with
The first session key and rights token is returned to the described 3rd according to described rights token request instruction for described Cloud Server 20
Receive unit 312.When described Cloud Server 20 is during generating rights token, institute can be found by described key identification
State authority keys.Each device identification correspond to a unique key identification, and each key identification correspond to unique one
Authority keys.Described 3rd receives unit 312 receives the first session key and rights token, the root that described Cloud Server 20 returns
Described home appliance 10 is accessed according to described rights token.
Whether described home appliance 10 is had by terminal 30 described in described rights token identification possesses access rights, it is achieved with
Secure interactive between described terminal 30.
The present invention further provides the communication means of a kind of home appliance and terminal.
With reference to the schematic flow sheet that Fig. 6, Fig. 6 are home appliance of the present invention and the communication means preferred embodiment of terminal.
In the present embodiment, described home appliance includes with the communication means of terminal:
Step S10, after described home appliance is connected with Cloud Server foundation, described home appliance is from described Cloud Server
Obtain authority keys;
When home appliance to carry out data transmission with terminal, described home appliance is first and described Cloud Server sets up SST
(Smart Security Transport, smart machine safe transmission bearing protocol) secure connection.When described home appliance with
After described Cloud Server sets up SST connection, described home appliance obtains authority keys from described Cloud Server.Described household electrical appliances set
For including but not limited to refrigerator, electric cooker, microwave oven and TV.Further, when described home appliance is from described Cloud Server
After obtaining described authority keys, described home appliance calculates the cryptographic Hash of described authority keys, and by the Kazakhstan of described authority keys
In uncommon value and described authority keys write extremely described SST, to be carried out by described authority keys and described terminal in LAN
Communication.
It should be noted that in the present embodiment, described terminal by default APP (Application, application program) with
Described home appliance and described Cloud Server carry out communication, and described default APP refers to enter described home appliance in Internet of Things
The application that row controls.Described authority keys is the 32 byte character strings that described Cloud Server generates.But it is also possible to according to specifically
Situation, is set to 16 bytes by the byte number of described authority keys, or 64 bytes etc..
Step S20, after described terminal is connected with the foundation of described Cloud Server, described terminal obtains from described Cloud Server
First session key and rights token, and described rights token is sent to described home appliance;
Described rights token by described Cloud Server based on predetermined encryption algorithm, use the first session key generated and
Authority keys generates;
When described terminal to carry out data transmission with described Cloud Server, described terminal is set up with described Cloud Server
HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, procotol) connects.When
Described terminal is set up after HTTPS is connected with described server, and whether described terminal is detected in described APP has user to log in.Work as institute
When stating APP described in the user's Successful login in APP, described terminal obtains the first session key and authority from described Cloud Server
Token.After described terminal gets described first session key and described rights token, described terminal and described home appliance
Set up secure connection, the first acquired session key and rights token are sent to described home appliance.
It should be noted that what described rights token was generated by described Cloud Server.Generate described at described Cloud Server
During rights token, described Cloud Server can first get authority keys, and detects institute by the mapping table prestored
State and whether there is binding relationship between APP and home appliance.Described mapping table is described home appliance and APP in described terminal
Mapping table, in described mapping table, stores MAC (Media Access Control, the media interviews control of described home appliance
System) address, the SN (serial number, serial number) mapping relations between code and the identification information of described APP, described APP's
Identification information is the information that can uniquely represent this APP, such as the bag name of this APP.When described Cloud Server is based on described mapping table
Detect that when there is binding relationship between described APP and described home appliance, described Cloud Server generates the first session key, and
With described authority keys as key, use the AES preset that described first session key is encrypted, obtain correspondence
Ciphertext.After described Cloud Server obtains described ciphertext, described Cloud Server uses SHA-256 (Secure Hash
Algorithm, Secure Hash Algorithm) calculate the cryptographic Hash of described first session key.Described Cloud Server is by after described encryption
The cryptographic Hash of the first session key and described ciphertext splice, obtain rights token.When described Cloud Server obtains described
After rights token, described rights token and described first session key are sent to described terminal, for institute by described Cloud Server
State terminal and get described rights token and described first session key.When described Cloud Server detects based on described mapping table
When there is not binding relationship between described APP and described home appliance, described Cloud Server then sends null message to described terminal.
It should be noted that the first session key that described Cloud Server generates each time is all different.Described cloud service
Device is when the cryptographic Hash and described ciphertext using described first session key obtains rights token, it is also possible to select described first meeting
Partial words joint number in the partial words joint number of the cryptographic Hash of words key and described ciphertext carries out splicing or phase XOR, obtains described
Rights token.
In the present embodiment, described default AES is AES (Advanced Encryption Standard, height
Level encryption standard), concrete employing AES-256 algorithm.But described default AES is not restricted to AES-256 algorithm,
Other existing AES can also be used, do not repeat them here.
Step S30, described home appliance receives the rights token that described terminal sends, based on described authority keys and authority
Token generates the second session key, and described second session key is sent to described terminal;
When described home appliance receives the rights token that described terminal sends, described home appliance is based on described authority
The rights token that key and described terminal send generates the second session key, and described second session key is sent to described end
End.
Further, described step S30 includes:
Step a, described home appliance receives the rights token that described terminal sends, and uses the deciphering of described authority keys described
Rights token, obtains described first session key;
Step b, described home appliance verifies the integrity of described first session key;
Step c, if described first session key is complete, described home appliance then generates the second session key, and by described
Second session key is sent to described terminal.
When described home appliance receives the rights token that described terminal sends, described home appliance uses described authority
Rights token described in secret key decryption, obtains described first session key and the cryptographic Hash of described first session key, will decipher institute
The cryptographic Hash of the first session key obtained is designated as the first cryptographic Hash of the first session key, and recalculates described deciphering gained
The cryptographic Hash of the first session key, is designated as the second cryptographic Hash of the first session key.Described home appliance uses described first meeting
First cryptographic Hash of words key and the second cryptographic Hash of described first session key verify the integrity of described first session key.
If the first cryptographic Hash of described first session key is identical with the second cryptographic Hash of described first session key, described home appliance
Then assert that described first session key is complete, described home appliance then generates the second session key, and by close for described second session
Key is sent to described terminal;If the first cryptographic Hash of described first session key and the second cryptographic Hash of described first session key
Difference, described home appliance then assert that described first session key is imperfect, and it is close that described home appliance does not the most generate the second session
Key.
Step S40, described terminal receives the second session key that described home appliance sends, uses described second session close
Key and described first session key are sent to described home appliance after data to be transmitted being encrypted.
When described terminal receives the second session key that described home appliance sends, described terminal uses described second
Session key and described first session key are sent to described home appliance after data to be transmitted being encrypted.Described data to be transmitted
Can be the control instruction controlling described home appliance unlatching, closedown etc., or other data.
Further, described step S40 includes:
Step d, described terminal receives the second session key that described home appliance sends, calculates described second session key
With the XOR value of described first session key, using described XOR value as the 3rd session key;
Step e, described terminal uses described 3rd session key to be sent to described household electrical appliances after data to be transmitted being encrypted and sets
Standby.
When described terminal receives the second session key that described home appliance sends, described terminal calculates described second
Session key and the XOR value of described first session key, by described second session key and the XOR of described first session key
Value is as the 3rd session key.Described 3rd session key is that data to be transmitted described in double secret key is encrypted by described terminal,
Data to be transmitted after being encrypted.Data to be transmitted after described encryption is sent to described home appliance by described terminal, and
Described home appliance carries out communication.
It should be noted that in the present embodiment, it is not restricted to by described first session key and described second meeting
The XOR value of words key is calculated described 3rd session key.Can also be by described first session key and described second session
Key carries out splicing and obtains described 3rd session key, it would however also be possible to employ described first session key and described second session key
In partial words joint number carry out XOR, or splicing obtains described 3rd session key.
The present embodiment obtains the first session key and rights token by terminal from Cloud Server, and rights token is sent out
Giving home appliance, it is close that home appliance generates the second session based on the authority keys obtained from Cloud Server and this rights token
Key, and the second session key is sent to terminal, terminal uses the second session key and the first session key by number to be transmitted
It is sent to home appliance according to after encryption.Achieving during carrying out information communication between home appliance and terminal, home appliance leads to
Cross whether the application program in rights token identification terminal exists the authority accessing home appliance, only when the application journey in terminal
When sequence possesses the authority accessing home appliance, the application program in terminal just can obtain the data of home appliance, improve house
The safety of data interaction between electricity equipment and terminal.
Further, reference Fig. 7, Fig. 7 is when described home appliance is connected with Cloud Server foundation in the embodiment of the present invention
After, described home appliance obtains a kind of schematic flow sheet of authority keys from described Cloud Server.
In the present embodiment, described step S10 includes:
Step S11, after described home appliance is connected with Cloud Server foundation, described home appliance sends the first equipment mark
Knowledge request instruction gives described Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment
Mark;
When described home appliance is set up after SST is connected with described Cloud Server, and described home appliance sends the first equipment
Identification request instructs to described Cloud Server.When after described cloud server to described first device identification request instruction, institute
State Cloud Server to identify to described home appliance according to described first device identification request instruction returning equipment.Described device identification
Be described home appliance when first connection network, described Cloud Server is to distribute to described home appliance, and each household electrical appliances set
There is unique device identification.
Generate it should be noted that described device identification can also be described home appliance oneself.
Step S12, described home appliance receives the device identification that described Cloud Server returns, by described device identification
Cryptographic Hash obtains key identification, and is instructed to described Cloud Server sending permission key request by described key identification, for
Described Cloud Server returns authority keys according to described authority keys request instruction;
When described home appliance receives the device identification that described Cloud Server returns, calculate the Kazakhstan of described device identification
Uncommon value, using before and after the cryptographic Hash of described device identification, the result of 16 byte phase XORs is as key identification, by described key mark
Memorize is UDP_KEY_ID.When described home appliance obtains described key identification UDP_KEY_ID, described home appliance passes through
Described UDP_KEY_ID instructs to described Cloud Server sending permission key request.When described cloud server is to described household electrical appliances
During the authority keys request instruction that equipment sends, described Cloud Server returns what it generated according to described authority keys request instruction
Authority keys gives described home appliance.Further, the cryptographic Hash of described authority keys is sent when described Cloud Server simultaneously
To described home appliance.
It should be noted that can also using the result of 8 byte phase XORs before and after the cryptographic Hash of described device identification as
Described key identification, it is also possible to using the result of other byte number phase XOR before and after the cryptographic Hash of described device identification as described
Key identification.
Step S13, described home appliance receives the authority keys that described Cloud Server returns.
Described home appliance receives the authority keys that described Cloud Server returns, and receives what described Cloud Server sent
The cryptographic Hash of authority keys, the cryptographic Hash of the authority keys sent by described Cloud Server is designated as the first Hash of authority keys
Value.When described home appliance receives the authority keys that described Cloud Server returns, described home appliance calculates described authority
The cryptographic Hash of key, is designated as the second cryptographic Hash of authority keys by the cryptographic Hash of its calculated described authority keys.Described
By the first cryptographic Hash of described authority keys and the second cryptographic Hash of described authority keys, home appliance verifies that described authority is close
The integrity of key.If the first cryptographic Hash of described authority keys is identical with the second cryptographic Hash of described authority keys, then show institute
Stating authority keys complete, described home appliance then carries out communication with described terminal by described authority keys in LAN;If
First cryptographic Hash of described authority keys is different with the second cryptographic Hash of described authority keys, then show that described authority keys is the completeest
Whole, described home appliance the most again obtains described authority keys to described Cloud Server or terminates current operation.
Described home appliance is by obtaining authority keys from described Cloud Server, and is tested by the cryptographic Hash of authority keys
Demonstrate,prove the integrity of described authority keys.Improve the safety of communication between home appliance and terminal.
Further, reference Fig. 8, Fig. 8 is when described terminal is connected with the foundation of described Cloud Server in the embodiment of the present invention
After, described terminal obtains the first session key and rights token from described Cloud Server, and described rights token is sent to institute
State a kind of schematic flow sheet of home appliance.
In the present embodiment, described step S20 includes:
Step S21, after described terminal is connected with the foundation of described Cloud Server, described terminal sends the second device identification please
Ask and instruct to described Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark
Know;
When described terminal is set up after HTTPS is connected with described Cloud Server, and described terminal sends the second device identification please
Ask instruction to described Cloud Server.When, after described cloud server to described second device identification request instruction, described cloud takes
Business device identifies to described terminal according to described second device identification request instruction returning equipment.Described Cloud Server returns to described
The device identification of terminal and described home appliance is same device identification.Due to home appliance described in described Cloud Server and institute
State the mapping table of APP in terminal, so described Cloud Server can return according to described second device identification request instruction and return
Described terminal is given in the device identification identical back to described home appliance.
Step S22, described terminal receives the device identification that described Cloud Server returns, by the Hash of described device identification
It is worth to key identification, and by described key identification to described Cloud Server sending permission token request instruction, for described
Cloud Server returns the first session key and rights token according to described rights token request instruction;
Step S23, described terminal receives the first session key and the rights token that described Cloud Server returns, and by described
Rights token is sent to described home appliance.
When described terminal receives the device identification that described Cloud Server returns, calculate the Hash of described device identification
Value, using the result of 16 byte phase XORs before and after the cryptographic Hash of described device identification as key identification.By described key identification
It is designated as UDP_KEY_ID.When described terminal obtains described key identification UDP_KEY_ID, described terminal passes through described UDP_
KEY_ID is to described Cloud Server sending permission token request instruction.When the power that described cloud server sends to described terminal
When ordering board request instruction within a certain time, described Cloud Server returns its rights token generated and the according to described authority keys request instruction
One session key.When described Cloud Server is during generating rights token, can be found described by described key identification
Authority keys.Each device identification correspond to a unique key identification, and each key identification correspond to unique power
Limit key.Described terminal receives the first session key and the rights token that described Cloud Server returns, according to described rights token
Access described home appliance.
Whether described home appliance is had by terminal described in described rights token identification possesses access rights, it is achieved with described
Secure interactive between terminal.
It should be noted that in this article, term " includes ", " comprising " or its any other variant are intended to non-row
Comprising of his property, so that include that the process of a series of key element, method, article or device not only include those key elements, and
And also include other key elements being not expressly set out, or also include intrinsic for this process, method, article or device
Key element.In the case of there is no more restriction, statement " including ... " key element limited, it is not excluded that including this
The process of key element, method, article or device there is also other identical element.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art is it can be understood that arrive above-described embodiment side
Method can add the mode of required general hardware platform by software and realize, naturally it is also possible to by hardware, but a lot of in the case of
The former is more preferably embodiment.Based on such understanding, prior art is done by technical scheme the most in other words
The part going out contribution can embody with the form of software product, and this computer software product is stored in a storage medium
In (such as ROM/RAM, magnetic disc, CD), including some instructions with so that a station terminal equipment (can be mobile phone, computer, take
Business device, air-conditioner, or the network equipment etc.) perform the method described in each embodiment of the present invention.
These are only the preferred embodiments of the present invention, not thereby limit the scope of the claims of the present invention, every utilize this
Equivalent structure or equivalence flow process that bright description and accompanying drawing content are made convert, or are directly or indirectly used in other relevant skills
Art field, is the most in like manner included in the scope of patent protection of the present invention.
Claims (16)
1. a home appliance and the communication system of terminal, it is characterised in that described home appliance and the communication system bag of terminal
Include home appliance and terminal:
Described home appliance, for, after being connected with Cloud Server foundation, obtaining authority keys from described Cloud Server;
Described terminal, for when with described Cloud Server set up be connected after, from described Cloud Server obtain the first session key with
Rights token, and described rights token is sent to described home appliance;
Described rights token based on predetermined encryption algorithm, is used the first session key and authority generated by described Cloud Server
Key generates;
Described home appliance, is additionally operable to receive the rights token that described terminal sends, based on described authority keys and rights token
Generate the second session key, and described second session key is sent to described terminal;
Described terminal, is additionally operable to receive the second session key that described home appliance sends, use described second session key and
Described first session key is sent to described home appliance after data to be transmitted being encrypted.
2. home appliance as claimed in claim 1 and the communication system of terminal, it is characterised in that described home appliance, also uses
In receiving the rights token that described terminal sends, use described authority keys to decipher described rights token, obtain described first meeting
Words key;Verify the complete of described first session key;If described first session key is complete, then generate the second session key,
And described second session key is sent to described terminal.
3. home appliance as claimed in claim 1 and the communication system of terminal, it is characterised in that described terminal, is additionally operable to connect
Receive the second session key that described home appliance sends, calculate described second session key and the XOR of described first session key
Value, using described XOR value as the 3rd session key;Described 3rd session key is used to be sent to after data to be transmitted being encrypted
Described home appliance.
4. the home appliance as described in any one of claims 1 to 3 and the communication system of terminal, it is characterised in that described household electrical appliances
Equipment, is additionally operable to after setting up with Cloud Server and being connected, and sends the first device identification request instruction to described Cloud Server, for
Described Cloud Server is according to described first device identification request instruction returning equipment mark;Receive setting of described Cloud Server return
Standby mark, obtains key identification by the cryptographic Hash of described device identification, and by described key identification to described Cloud Server
Sending permission key request instructs, and returns authority keys for described Cloud Server according to described authority keys request instruction;Connect
Receive the authority keys that described Cloud Server returns.
5. the home appliance as described in any one of claims 1 to 3 and the communication system of terminal, it is characterised in that described terminal,
It is additionally operable to after setting up with described Cloud Server and being connected, sends the second device identification request instruction to described Cloud Server, for
Described Cloud Server is according to described second device identification request instruction returning equipment mark;Receive setting of described Cloud Server return
Standby mark, obtains key identification by the cryptographic Hash of described device identification, and by described key identification to described Cloud Server
Sending permission token request instruction, returns the first session key for described Cloud Server according to described rights token request instruction
And rights token;Receive the first session key and rights token that described Cloud Server returns, and described rights token is sent
To described home appliance.
6. a home appliance, it is characterised in that described home appliance includes:
First acquisition module, for, after being connected with Cloud Server foundation, obtaining authority keys from described Cloud Server;
Key production module, for receiving the rights token that terminal sends, generates the based on described authority keys and rights token
Two session keys;
Key sending module, is sent to described terminal by described second session key, receives described household electrical appliances for described terminal and sets
The second session key that preparation is sent, uses described second session key and the first session key obtained from described Cloud Server to incite somebody to action
It is sent to described home appliance after data to be transmitted encryption;
Described rights token based on predetermined encryption algorithm, is used the first session key and authority generated by described Cloud Server
Key generates.
7. home appliance as claimed in claim 6, it is characterised in that described key production module includes:
Decryption unit, for receiving the rights token that described terminal sends, uses described authority keys to decipher described rights token,
Obtain described first session key;
Authentication unit, for verifying the integrity of described first session key;
Key generating unit, if complete for described first session key, then generates the second session key.
Home appliance the most as claimed in claims 6 or 7, it is characterised in that described first acquisition module includes:
First transmitting element, for, after being connected with Cloud Server foundation, sending the first device identification request instruction to described cloud
Server, for described Cloud Server according to described first device identification request instruction returning equipment mark;
First receives unit, for receiving the device identification that described Cloud Server returns, by the cryptographic Hash of described device identification
Obtain key identification;
Described first transmitting element, is additionally operable to be referred to described Cloud Server sending permission key request by described key identification
Order, returns authority keys for described Cloud Server according to described authority keys request instruction;
Described first receives unit, is additionally operable to receive the authority keys that described Cloud Server returns.
9. a terminal, it is characterised in that described terminal includes:
Second acquisition module, for when with Cloud Server set up be connected after, from described Cloud Server obtain the first session key with
Rights token, and described rights token is sent to described home appliance, for described home appliance based on described authority keys
Generate the second session key with rights token, and described second session key is sent to described terminal;
Described rights token based on predetermined encryption algorithm, is used the first session key and authority generated by described Cloud Server
Key generates;
Receiver module, for receiving the second session key that described home appliance sends, by described second session key and institute
State after data to be transmitted is encrypted by the first session key and be sent to described home appliance.
10. terminal as claimed in claim 9, it is characterised in that described receiver module includes:
Second receives unit, for receiving the second session key that described home appliance sends, calculates described second session key
With the XOR value of described first session key, using described XOR value as the 3rd session key;
Data transmission unit, is sent to described household electrical appliances after data to be transmitted being encrypted by described 3rd session key and sets
Standby.
11. terminals as described in claim 9 or 10, it is characterised in that described second acquisition module includes:
Second transmitting element, for, after being connected with the foundation of described Cloud Server, sending the second device identification request instruction to institute
State Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark;
3rd receives unit, for receiving the device identification that described Cloud Server returns, by the cryptographic Hash of described device identification
Obtain key identification;
Described second transmitting element, is additionally operable to be referred to the request of described Cloud Server sending permission token by described key identification
Order, returns the first session key and rights token for described Cloud Server according to described rights token request instruction;
Described 3rd receives unit, is additionally operable to receive the first session key and the rights token that described Cloud Server returns, and will
Described rights token is sent to described home appliance, generates based on described authority keys and rights token for described home appliance
Second session key, and described second session key is sent to described terminal.
12. 1 kinds of home appliances and the means of communication of terminal, it is characterised in that described home appliance and the means of communication bag of terminal
Include:
After described home appliance is connected with Cloud Server foundation, it is close that described home appliance obtains authority from described Cloud Server
Key;
After described terminal is connected with the foundation of described Cloud Server, described terminal obtains the first session key from described Cloud Server
And rights token, and described rights token is sent to described home appliance;
Described rights token based on predetermined encryption algorithm, is used the first session key and authority generated by described Cloud Server
Key generates;
Described home appliance receives the rights token that described terminal sends, and generates second based on described authority keys and rights token
Session key, and described second session key is sent to described terminal;
Described terminal receives the second session key that described home appliance sends, and uses described second session key and described first
Session key is sent to described home appliance after data to be transmitted being encrypted.
13. home appliances as claimed in claim 12 and the means of communication of terminal, it is characterised in that described home appliance receives
The rights token that described terminal sends, generates the second session key based on described authority keys and rights token, and by described the
Two session keys are sent to the step of described terminal and include:
Described home appliance receives the rights token that described terminal sends, and uses described authority keys to decipher described rights token,
Obtain described first session key;
Described home appliance verifies the integrity of described first session key;
If described first session key is complete, described home appliance then generates the second session key, and by close for described second session
Key is sent to described terminal.
14. home appliances as claimed in claim 12 and the means of communication of terminal, it is characterised in that described terminal receives described
The second session key that home appliance sends, uses described second session key and described first session key by data to be transmitted
The step being sent to described home appliance after encryption includes:
Described terminal receives the second session key that described home appliance sends, and calculates described second session key and described first
The XOR value of session key, using described XOR value as the 3rd session key;
Described terminal uses described 3rd session key to be sent to described home appliance after data to be transmitted being encrypted.
The means of communication of 15. home appliances as described in any one of claim 12 to 14 and terminal, it is characterised in that described work as
Described home appliance is set up with Cloud Server after being connected, and described home appliance obtains the step of authority keys from described Cloud Server
Including:
After described home appliance and Cloud Server are set up and are connected, described home appliance send the first device identification request instruction to
Described Cloud Server, for described Cloud Server according to described first device identification request instruction returning equipment mark;
Described home appliance receives the device identification that described Cloud Server returns, and obtains close by the cryptographic Hash of described device identification
Key identifies, and is instructed to described Cloud Server sending permission key request by described key identification, for described Cloud Server
Authority keys is returned according to described authority keys request instruction;
Described home appliance receives the authority keys that described Cloud Server returns.
The means of communication of 16. home appliances as described in any one of claim 12 to 14 and terminal, it is characterised in that described work as
Described terminal is set up with described Cloud Server after being connected, and described terminal obtains the first session key and authority from described Cloud Server
Token, and the step that described rights token is sent to described home appliance includes:
After described terminal is connected with the foundation of described Cloud Server, described terminal sends the second device identification request instruction to described
Cloud Server, for described Cloud Server according to described second device identification request instruction returning equipment mark;
Described terminal receives the device identification that described Cloud Server returns, and obtains key mark by the cryptographic Hash of described device identification
Know, and by described key identification to described Cloud Server sending permission token request instruction, for described Cloud Server according to
Described rights token request instruction returns the first session key and rights token;
Described terminal receives the first session key and the rights token that described Cloud Server returns, and described rights token is sent
To described home appliance.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610405105.4A CN106130958B (en) | 2016-06-08 | 2016-06-08 | The communication system and method for household appliance and terminal, household appliance, terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610405105.4A CN106130958B (en) | 2016-06-08 | 2016-06-08 | The communication system and method for household appliance and terminal, household appliance, terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106130958A true CN106130958A (en) | 2016-11-16 |
CN106130958B CN106130958B (en) | 2019-02-01 |
Family
ID=57270341
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610405105.4A Active CN106130958B (en) | 2016-06-08 | 2016-06-08 | The communication system and method for household appliance and terminal, household appliance, terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106130958B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106534176A (en) * | 2016-12-08 | 2017-03-22 | 西安交大捷普网络科技有限公司 | Data safety storage method in cloud environment |
CN106685775A (en) * | 2017-01-13 | 2017-05-17 | 北京同余科技有限公司 | Self-inspection type invasion prevention method and system for intelligent household electrical appliance |
CN106888206A (en) * | 2017-02-13 | 2017-06-23 | 海信集团有限公司 | Key exchange method, apparatus and system |
CN107592637A (en) * | 2017-09-22 | 2018-01-16 | 长沙准光里电子科技有限公司 | A kind of radio communication encryption system |
CN109688567A (en) * | 2018-12-10 | 2019-04-26 | 维沃移动通信有限公司 | A kind of data transmission method and mobile terminal |
CN109861817A (en) * | 2019-02-26 | 2019-06-07 | 数安时代科技股份有限公司 | Generate method, apparatus, system, equipment and the medium of key |
WO2019237502A1 (en) * | 2018-06-14 | 2019-12-19 | 王佳骏 | Dynamic encryption communication method and system using segmentation transmission for smart home |
CN110677248A (en) * | 2019-10-30 | 2020-01-10 | 宁波奥克斯电气股份有限公司 | Safe binding method and system based on narrowband Internet of things |
CN112039738A (en) * | 2020-08-31 | 2020-12-04 | 深圳创维-Rgb电子有限公司 | Intelligent device control method, terminal device and readable storage medium |
CN114944959A (en) * | 2017-04-04 | 2022-08-26 | 耐瑞唯信有限公司 | Protection of monitoring media |
WO2023015462A1 (en) * | 2021-08-10 | 2023-02-16 | Oppo广东移动通信有限公司 | Method and apparatus for connection establishment, device and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101820344A (en) * | 2010-03-23 | 2010-09-01 | 中国电信股份有限公司 | AAA server, home network access method and system |
CN102594823A (en) * | 2012-02-20 | 2012-07-18 | 南京邮电大学 | Trusted system for remote secure access of intelligent home |
CN105141584A (en) * | 2015-07-29 | 2015-12-09 | 宇龙计算机通信科技(深圳)有限公司 | Smart home system equipment authentication methods, and devices |
CN105227516A (en) * | 2014-05-28 | 2016-01-06 | 中兴通讯股份有限公司 | The access method of Smart Home, control centre's equipment and dress terminal |
CN105577680A (en) * | 2016-01-18 | 2016-05-11 | 青岛海尔智能家电科技有限公司 | Key generation method, encrypted data analyzing method, devices and key managing center |
-
2016
- 2016-06-08 CN CN201610405105.4A patent/CN106130958B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101820344A (en) * | 2010-03-23 | 2010-09-01 | 中国电信股份有限公司 | AAA server, home network access method and system |
CN102594823A (en) * | 2012-02-20 | 2012-07-18 | 南京邮电大学 | Trusted system for remote secure access of intelligent home |
CN105227516A (en) * | 2014-05-28 | 2016-01-06 | 中兴通讯股份有限公司 | The access method of Smart Home, control centre's equipment and dress terminal |
CN105141584A (en) * | 2015-07-29 | 2015-12-09 | 宇龙计算机通信科技(深圳)有限公司 | Smart home system equipment authentication methods, and devices |
CN105577680A (en) * | 2016-01-18 | 2016-05-11 | 青岛海尔智能家电科技有限公司 | Key generation method, encrypted data analyzing method, devices and key managing center |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106534176B (en) * | 2016-12-08 | 2019-06-14 | 西安交大捷普网络科技有限公司 | Secure storage method of data under a kind of cloud environment |
CN106534176A (en) * | 2016-12-08 | 2017-03-22 | 西安交大捷普网络科技有限公司 | Data safety storage method in cloud environment |
CN106685775A (en) * | 2017-01-13 | 2017-05-17 | 北京同余科技有限公司 | Self-inspection type invasion prevention method and system for intelligent household electrical appliance |
CN106888206B (en) * | 2017-02-13 | 2020-06-09 | 海信集团有限公司 | Key exchange method, device and system |
CN106888206A (en) * | 2017-02-13 | 2017-06-23 | 海信集团有限公司 | Key exchange method, apparatus and system |
CN114944959A (en) * | 2017-04-04 | 2022-08-26 | 耐瑞唯信有限公司 | Protection of monitoring media |
CN107592637A (en) * | 2017-09-22 | 2018-01-16 | 长沙准光里电子科技有限公司 | A kind of radio communication encryption system |
WO2019237502A1 (en) * | 2018-06-14 | 2019-12-19 | 王佳骏 | Dynamic encryption communication method and system using segmentation transmission for smart home |
CN109688567A (en) * | 2018-12-10 | 2019-04-26 | 维沃移动通信有限公司 | A kind of data transmission method and mobile terminal |
CN109861817A (en) * | 2019-02-26 | 2019-06-07 | 数安时代科技股份有限公司 | Generate method, apparatus, system, equipment and the medium of key |
CN110677248A (en) * | 2019-10-30 | 2020-01-10 | 宁波奥克斯电气股份有限公司 | Safe binding method and system based on narrowband Internet of things |
CN112039738A (en) * | 2020-08-31 | 2020-12-04 | 深圳创维-Rgb电子有限公司 | Intelligent device control method, terminal device and readable storage medium |
WO2023015462A1 (en) * | 2021-08-10 | 2023-02-16 | Oppo广东移动通信有限公司 | Method and apparatus for connection establishment, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106130958B (en) | 2019-02-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106130958A (en) | The communication system of home appliance and terminal and method, home appliance, terminal | |
CN105959189B (en) | Household appliance and its with the communication system and method for Cloud Server and terminal, terminal | |
CN105472192B (en) | The smart machine, terminal device and method realizing control security certificate and sharing | |
US11665524B2 (en) | Apparatus and method for registering and associating internet of things (IoT) devices with anonymous IoT device accounts | |
CN103067340B (en) | The method for authenticating of remote control network information household appliances and system, the Internet home gateway | |
KR101560416B1 (en) | Secure channel establishment method and apparatus in short range communication | |
CN1988489B (en) | Intelligent system and method for monitoring house | |
US9615254B2 (en) | Wireless power transmitting devices, methods for signaling access information for a wireless communication network and method for authorizing a wireless power receiving device | |
CN101796837B (en) | Secure signing method, secure authentication method and IPTV system | |
US7680878B2 (en) | Apparatus, method and computer software products for controlling a home terminal | |
CN106101097A (en) | Home appliance and with the communication system of Cloud Server and method, Cloud Server | |
US10873634B2 (en) | Apparatus and method for temporarily loaning internet of things (IOT) devices | |
US9003190B2 (en) | Method and apparatus for providing a key certificate in a tamperproof manner | |
CN105580310A (en) | Security management method and security management device in home network system | |
CN104427501B (en) | Method for network access, device and system | |
CN105245552B (en) | Realize smart machine, terminal device and the method for security control authorization | |
CN105471974A (en) | Intelligent equipment capable of realizing remote control, terminal equipment and method | |
CN105871918A (en) | Household appliance, communication system and method between household appliance and cloud server as well as cloud server | |
KR101765917B1 (en) | Method for authenticating personal network entity | |
CN107070756B (en) | The home gateway access method and system that decentralization is verified in smart home | |
CN104902470B (en) | A kind of connection control method and system of the hotspot based on dynamic key | |
CN106603508A (en) | Wireless encryption communication method, intelligent household electrical appliance, server, and terminal | |
CN105897784A (en) | Internet of things terminal equipment encryption communication method and device | |
WO2004095301A1 (en) | Terminal device authentication system | |
CN110716441A (en) | Method for controlling intelligent equipment, intelligent home system, equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |