CN106130958B

CN106130958B - The communication system and method for household appliance and terminal, household appliance, terminal

Info

Publication number: CN106130958B
Application number: CN201610405105.4A
Authority: CN
Inventors: 刘复鑫
Original assignee: Midea Group Co Ltd
Current assignee: Midea Group Co Ltd
Priority date: 2016-06-08
Filing date: 2016-06-08
Publication date: 2019-02-01
Anticipated expiration: 2036-06-08
Also published as: CN106130958A

Abstract

The invention discloses the communication systems of a kind of household appliance and terminal, which includes household appliance and terminal: household appliance, for obtaining authority keys from Cloud Server after establishing connection with Cloud Server；The rights token that terminal is sent is received, generates the second session key based on authority keys and rights token, and the second session key is sent to terminal；Terminal, for obtaining the first session key and rights token from Cloud Server, and rights token is sent to household appliance after establishing connection with Cloud Server；The second session key that household appliance is sent is received, is sent to household appliance after encrypting data to be transmitted using the second session key and the first session key.The present invention also provides the communication means of household appliance and terminal, household appliance and terminals.The present invention improves the safety of data interaction between household appliance and terminal.

Description

The communication system and method for household appliance and terminal, household appliance, terminal

Technical field

The present invention relates to Smart Home technical field more particularly to the communication systems and side of a kind of household appliance and terminal Method, household appliance, terminal.

Background technique

With the growth of the quantity and category of intelligent appliance equipment, compel to be essential so that the connection and collaboration of equipment room become It wants, the framework of wisdom life advances to the direction of connection and collaboration, occurs smart home therewith.Smart home refer to House is platform, utilizes comprehensive wiring technology, network communications technology, security precautions technology, automatic control technology, audio and video technology The related facility of home life is integrated, the management system of efficient housing facilities and family's schedule affairs is constructed, promotes household Safety, convenience, comfort, artistry, and realize the living environment of environmental protection and energy saving.

In smart home system, in household appliance-terminal-Cloud Server system, household appliance and terminal it Between information exchange, be essentially all after establishing a connection, directly carry out information communication, there is no consider household electrical appliances set It is standby between terminal the problem of information communication safety.However, during carrying out information communication between household appliance and terminal, Household appliance can not go to identify whether the application program in the terminal has permission and access the household appliance, be easy to cause illegal Application program goes access household appliance, steals the data in household appliance, leads to data interaction between household appliance and terminal Safety cannot ensure.

Summary of the invention

The main purpose of the present invention is to provide the communication system and method for a kind of household appliance and terminal, household appliance, Terminal, it is intended to the technical issues of solving the safety of data interaction between existing household appliance and terminal cannot ensure.

To achieve the above object, the communication system of a kind of household appliance and terminal provided by the invention, the household appliance Communication system with terminal includes household appliance and terminal:

The household appliance, for obtaining authority keys from the Cloud Server after establishing connection with Cloud Server；

The terminal, for it is close to obtain the first session from the Cloud Server after establishing connection with the Cloud Server Key and rights token, and the rights token is sent to the household appliance；

The rights token is based on predetermined encryption algorithm by the Cloud Server, using the first session key generated and Authority keys generate；

The household appliance is also used to receive the rights token that the terminal is sent, and is based on the authority keys and permission Token generates the second session key, and second session key is sent to the terminal；

The terminal is also used to receive the second session key that the household appliance is sent, close using second session Key and first session key are sent to the household appliance after encrypting data to be transmitted.

Preferably, the household appliance is also used to receive the rights token that the terminal is sent, using the authority keys The rights token is decrypted, first session key is obtained；Verify the complete of first session key；If first meeting It is complete to talk about key, then generates the second session key, and second session key is sent to the terminal.

Preferably, the terminal is also used to receive the second session key that the household appliance is sent, and calculates described second The exclusive or value of session key and first session key, using the exclusive or value as third session key；Using the third Session key is sent to the household appliance after encrypting data to be transmitted.

Preferably, the household appliance is also used to after establishing connection with Cloud Server, sends the first device identification request It instructs to the Cloud Server, so that the Cloud Server is identified according to the first device identification request instruction returning equipment； The device identification that the Cloud Server returns is received, key identification is obtained by the cryptographic Hash of the device identification, and pass through institute It states key identification to instruct to the Cloud Server sending permission key request, so that the Cloud Server is according to the authority keys Request instruction returns to authority keys；Receive the authority keys that the Cloud Server returns.

Preferably, the terminal is also used to after establishing connection with the Cloud Server, sends the second device identification request It instructs to the Cloud Server, so that the Cloud Server is identified according to the second device identification request instruction returning equipment； The device identification that the Cloud Server returns is received, key identification is obtained by the cryptographic Hash of the device identification, and pass through institute Key identification is stated to the Cloud Server sending permission token request instruction, so that the Cloud Server is according to the rights token Request instruction returns to the first session key and rights token；Receive the first session key and permission order that the Cloud Server returns Board, and the rights token is sent to the household appliance.

In addition, to achieve the above object, the present invention also provides a kind of household appliance, the household appliance includes:

First obtains module, for obtaining authority keys from the Cloud Server after establishing connection with Cloud Server；

Key production module, it is raw based on the authority keys and rights token for receiving the rights token of terminal transmission At the second session key；

Second session key is sent to the terminal by key sending module, so that the terminal receives the family The second session key that electric equipment is sent, it is close using second session key and the first session obtained from the Cloud Server Key is sent to the household appliance after encrypting data to be transmitted；

The rights token is based on predetermined encryption algorithm by the Cloud Server, using the first session key generated and Authority keys generate.

Preferably, the key production module includes:

Decryption unit, the rights token sent for receiving the terminal decrypt the permission using the authority keys Token obtains first session key；

Authentication unit, for verifying the integrality of first session key；

Key generating unit generates the second session key if complete for first session key.

Preferably, the first acquisition module includes:

First transmission unit, for after establishing connection with Cloud Server, sending the first device identification request instruction to institute Cloud Server is stated, so that the Cloud Server is identified according to the first device identification request instruction returning equipment；

First receiving unit, the device identification returned for receiving the Cloud Server, passes through the Kazakhstan of the device identification Uncommon value obtains key identification；

First transmission unit is also used to through the key identification to the Cloud Server sending permission key request Instruction, so that the Cloud Server returns to authority keys according to the authority keys request instruction；

First receiving unit is also used to receive the authority keys that the Cloud Server returns.

In addition, to achieve the above object, the present invention also provides a kind of terminal, the terminal includes:

Second obtains module, for it is close to obtain the first session from the Cloud Server after establishing connection with Cloud Server Key and rights token, and the rights token is sent to the household appliance, so that the household appliance is based on the permission Key and rights token generate the second session key, and second session key is sent to the terminal；

Receiving module, the second session key sent for receiving the household appliance, passes through second session key After data to be transmitted being encrypted with first session key be sent to the household appliance.

Preferably, the second receiving unit, the second session key sent for receiving the household appliance calculate described the The exclusive or value of two session keys and first session key, using the exclusive or value as third session key；

Data transmission unit, for being sent to the household electrical appliances after encrypting data to be transmitted by the third session key Equipment.

Preferably, the second acquisition module includes:

Second transmission unit, for sending the second device identification request instruction after establishing connection with the Cloud Server To the Cloud Server, so that the Cloud Server is identified according to the second device identification request instruction returning equipment；

Third receiving unit, the device identification returned for receiving the Cloud Server, passes through the Kazakhstan of the device identification Uncommon value obtains key identification；

Second transmission unit is also used to request by the key identification to the Cloud Server sending permission token Instruction, so that the Cloud Server returns to the first session key and rights token according to the rights token request instruction；

The third receiving unit is also used to receive the first session key and rights token that the Cloud Server returns, And the rights token is sent to the household appliance, so that the household appliance is based on the authority keys and rights token The second session key is generated, and second session key is sent to the terminal.

In addition, to achieve the above object, the present invention also provides the means of communication of a kind of household appliance and terminal, the household electrical appliances The means of communication of equipment and terminal include:

After the household appliance and Cloud Server establish connection, the household appliance obtains permission from the Cloud Server Key；

After the terminal and the Cloud Server establish connection, the terminal obtains the first session from the Cloud Server Key and rights token, and the rights token is sent to the household appliance；

The household appliance receives the rights token that the terminal is sent, and is generated based on the authority keys and rights token Second session key, and second session key is sent to the terminal；

The terminal receives the second session key that the household appliance is sent, using second session key and described First session key is sent to the household appliance after encrypting data to be transmitted.

Preferably, the household appliance receives the rights token that the terminal is sent, and is based on the authority keys and permission Token generates the second session key, and the step of second session key is sent to the terminal includes:

The household appliance receives the rights token that the terminal is sent, and decrypts the permission using the authority keys and enables Board obtains first session key；

The household appliance verifies the integrality of first session key；

If first session key is complete, the household appliance generates the second session key, and by second meeting Words key is sent to the terminal.

Preferably, the terminal receives the second session key that the household appliance is sent, close using second session The step of key and first session key are sent to the household appliance after encrypting data to be transmitted include:

The terminal receives the second session key that the household appliance is sent, and calculates second session key and described The exclusive or value of first session key, using the exclusive or value as third session key；

The terminal is sent to the household appliance after encrypting data to be transmitted using the third session key.

Preferably, described after the household appliance establishes connection with Cloud Server, the household appliance takes from the cloud Business device obtain authority keys the step of include:

After the household appliance and Cloud Server establish connection, the household appliance sends the first device identification request and refers to It enables to the Cloud Server, so that the Cloud Server is identified according to the first device identification request instruction returning equipment；

The household appliance receives the device identification that the Cloud Server returns, and is obtained by the cryptographic Hash of the device identification It is instructed to key identification, and by the key identification to the Cloud Server sending permission key request, for cloud clothes Device be engaged according to authority keys request instruction return authority keys；

The household appliance receives the authority keys that the Cloud Server returns.

Preferably, described after the terminal and the Cloud Server establish connection, the terminal is from the Cloud Server The first session key and rights token are obtained, and the step of rights token is sent to the household appliance includes:

After the terminal and the Cloud Server establish connection, the terminal send the second device identification request instruction to The Cloud Server, so that the Cloud Server is identified according to the second device identification request instruction returning equipment；

The terminal receives the device identification that the Cloud Server returns, and is obtained by the cryptographic Hash of the device identification close Key mark, and by the key identification to the Cloud Server sending permission token request instruction, for the Cloud Server The first session key and rights token are returned according to the rights token request instruction；

The terminal receives the first session key and rights token that the Cloud Server returns, and by the rights token It is sent to the household appliance.

The present invention obtains the first session key and rights token by terminal from Cloud Server, and rights token is sent To household appliance, household appliance is close based on the authority keys obtained from Cloud Server and the rights token the second session of generation Key, and the second session key is sent to terminal, terminal uses the second session key and the first session key of institute by number to be transmitted According to being sent to household appliance after encryption.It realizes during carrying out information communication between household appliance and terminal, household appliance is logical The application program in rights token identification terminal is crossed with the presence or absence of the permission of access household appliance, only when the application journey in terminal When sequence has the permission of access household appliance, the data of the available household appliance of application program ability in terminal improve house The safety of data interaction between electric equipment and terminal.

Detailed description of the invention

Fig. 1 is the preferable implement scene schematic diagram of the communication system of present inventor's electric equipment and terminal；

Fig. 2 is the functional block diagram of present inventor's electric equipment preferred embodiment；

Fig. 3 is the first a kind of the functional block diagram for obtaining module in the embodiment of the present invention；

Fig. 4 is the functional block diagram of terminal preferred embodiment of the present invention；

Fig. 5 is the second a kind of the functional block diagram for obtaining module in the embodiment of the present invention；

Fig. 6 is the flow diagram of the means of communication preferred embodiment of present inventor's electric equipment and terminal；

Fig. 7 be in the embodiment of the present invention after household appliance and Cloud Server establish connection, the household appliance from The Cloud Server obtains a kind of flow diagram of authority keys；

Fig. 8 is in the embodiment of the present invention after terminal and the Cloud Server establish connection, and the terminal is from described Cloud Server obtains the first session key and rights token, and the rights token is sent to a kind of stream of the household appliance Journey schematic diagram.

Specific embodiment

It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.

The present invention provides the communication system of a kind of household appliance and terminal.

Referring to Fig.1, Fig. 1 is the preferable implement scene schematic diagram of the communication system of present inventor's electric equipment and terminal.

By described Fig. 1 it is found that the household appliance 10 of Internet of Things is preferably applied in the communication of the household appliance 10 and terminal 30 It controls in scene, wherein the communication system of the household appliance 10 and terminal 30 includes that terminal 30, Cloud Server 20 and household electrical appliances are set Standby 10, the terminal 30 can be mobile phone, PAD (Portable Android Device, tablet computer) or remote controler etc., sheet Terminal 30 described in embodiment takes the mobile phone as an example, and the household appliance 10 includes various household appliances, such as air-conditioning, refrigerator or speaker Etc..Specifically, the household appliance 10 is first and the Cloud Server 20 establishes secure connection, and the terminal 30 is also elder generation and institute It states Cloud Server 20 and establishes secure connection, then the terminal 30 and the household appliance 10 interact, specific interaction side Formula are as follows: the terminal 30 sends control instruction to the household appliance 10, to control the household appliance by Cloud Server 20 10 execute corresponding operation, such as control air conditioner and open heating mode, or adjusting heating temperature etc..

The household appliance 10, for obtaining permission from the Cloud Server 20 after establishing connection with Cloud Server 20 Key；

When household appliance 10 will carry out data transmission with terminal 30,10 elder generation of household appliance and the Cloud Server 20 Establish SST (Smart Security Transport, smart machine safe transmission bearing protocol) secure connection.When the household electrical appliances Equipment 10 and the Cloud Server 20 are established after SST connect, and the household appliance 10 obtains permission from the Cloud Server 20 Key.Further, after the household appliance 10 obtains the authority keys from the Cloud Server 20, the household appliance 10 calculate the cryptographic Hash of the authority keys, and the cryptographic Hash of the authority keys and the authority keys are written to described In SST, to be communicated in local area network by the authority keys and the terminal 30.

It should be noted that in the present embodiment, the terminal 30 is by presetting APP (Application, application program) It is communicated with the household appliance 10 and the Cloud Server 20, the default APP refers in Internet of Things to the household electrical appliances The application that equipment 10 is controlled.The authority keys are the 32 byte character strings that the Cloud Server 20 generates.However, it is possible to As the case may be, to set 16 bytes or 64 bytes etc. for the byte number of the authority keys.

The terminal 30, for obtaining first from the Cloud Server 20 after establishing connection with the Cloud Server 20 Session key and rights token, and the rights token is sent to the household appliance 10；

The rights token is based on predetermined encryption algorithm by the Cloud Server 20, using the first session key generated It is generated with authority keys；

When the terminal 30 will carry out data transmission with the Cloud Server 20, the terminal 30 and the Cloud Server 20 establish HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, network protocol) even It connects.After the terminal 30, which establishes HTTPS with the server, to be connect, the terminal 30 detects in the APP whether have user It logs in.When the user in the APP successfully logs in the APP, the terminal 30 obtains first from the Cloud Server 20 Session key and rights token.After the terminal 30 gets first session key and the rights token, the end Secure connection is established with the household appliance 10 in end 30, and the first acquired session key and rights token are sent to the family Electric equipment 10.

It should be noted that the rights token was generated by the Cloud Server 20.It is generated in the Cloud Server 20 During the rights token, the Cloud Server 20 can first get authority keys, and pass through pre-stored mapping table It detects between the APP and household appliance 10 with the presence or absence of binding relationship.The mapping table be the household appliance 10 with it is described The mapping table of APP in terminal 30 stores MAC (the Media Access of the household appliance 10 in the mapping table Control, media access control) address, SN (serial number, sequence number) is between code and the identification information of the APP The identification information of mapping relations, the APP is the information that can uniquely indicate the APP, such as the packet name of the APP.When the cloud takes Business device 20 is based on the mapping table and detects that the cloud takes there are when binding relationship between the APP and the household appliance 10 Business device 20 generates the first session key, and using the authority keys as key, using preset Encryption Algorithm to first meeting Words key is encrypted, and corresponding ciphertext is obtained.After the Cloud Server 20 obtains the ciphertext, the Cloud Server 20 is adopted The cryptographic Hash of first session key is calculated with SHA-256 (Secure Hash Algorithm, Secure Hash Algorithm).Institute It states Cloud Server 20 to splice the cryptographic Hash of encrypted first session key and the ciphertext, obtains permission order Board.After the Cloud Server 20 obtains the rights token, the Cloud Server 20 is by the rights token and described first Session key is sent to the terminal 30, so that the terminal 30 gets the rights token and first session key. Detect that there is no binding relationships between the APP and the household appliance 10 when the Cloud Server 20 is based on the mapping table When, the Cloud Server 20 then sends null message to the terminal 30.

It should be noted that the first session key that the Cloud Server 20 generates each time is all different.The cloud clothes Business device 20 also can choose described the when obtaining rights token using the cryptographic Hash and the ciphertext of first session key Partial words joint number in the partial words joint number and the ciphertext of the cryptographic Hash of one session key carries out splicing or different or, obtaining The rights token.

In the present embodiment, the preset Encryption Algorithm is AES (Advanced Encryption Standard, height Grade encryption standard), specifically use AES-256 algorithm.But the preset Encryption Algorithm is not restricted to AES-256 algorithm, Other existing Encryption Algorithm can also be used, details are not described herein.

The household appliance 10 is also used to receive the rights token that the terminal 30 is sent, based on the authority keys and Rights token generates the second session key, and second session key is sent to the terminal 30；

When the household appliance 10 receives the rights token that the terminal 30 is sent, the household appliance 10 is based on institute It states the rights token that authority keys and the terminal 30 are sent and generates the second session key, and second session key is sent To the terminal 30.

Further, the household appliance 10 is also used to receive the rights token that the terminal 30 is sent, using the power It limits key and decrypts the rights token, obtain first session key；Verify the complete of first session key；If described First session key is complete, then generates the second session key, and second session key is sent to the terminal 30.

When the household appliance 10 receives the rights token that the terminal 30 is sent, the household appliance 10 uses institute It states authority keys and decrypts the rights token, obtain the cryptographic Hash of first session key and first session key, it will The cryptographic Hash for decrypting resulting first session key is denoted as the first cryptographic Hash of the first session key, and recalculates the decryption The cryptographic Hash of resulting first session key is denoted as the second cryptographic Hash of the first session key.The household appliance 10 uses institute Second cryptographic Hash of the first cryptographic Hash and first session key of stating the first session key verifies first session key Integrality.If the first cryptographic Hash of first session key is identical with the second cryptographic Hash of first session key, institute It states household appliance 10 and then assert that first session key is complete, the household appliance 10 then generates the second session key, and will Second session key is sent to the terminal 30；If the first cryptographic Hash of first session key and first session Second cryptographic Hash of key is different, and the household appliance 10 then assert that first session key is imperfect, the household appliance 10 do not generate the second session key then.

The terminal 30 is also used to receive the second session key that the household appliance 10 is sent, using second meeting Words key and first session key are sent to the household appliance 10 after encrypting data to be transmitted.

When the terminal 30 receives the second session key that the household appliance 10 is sent, the terminal 30 uses institute State the second session key and first session key data to be transmitted is encrypted after be sent to the household appliance 10.It is described to Transmitting data can be the control instruction or other data of the control unlatching of household appliance 10, closing etc..

Further, the terminal 30 is also used to receive the second session key that the household appliance 10 is sent, and calculates institute The exclusive or value for stating the second session key and first session key, using the exclusive or value as third session key；Using institute It states and is sent to the household appliance 10 after third session key encrypts data to be transmitted.

When the terminal 30 receives the second session key that the household appliance 10 is sent, the terminal 30 calculates institute The exclusive or value for stating the second session key and first session key, by second session key and first session key Exclusive or value as third session key.The terminal 30 by the third session key be key pair described in data to be transmitted into Row encryption, obtains encrypted data to be transmitted.The encrypted data to be transmitted is sent to the family by the terminal 30 Electric equipment 10 and the household appliance 10 are communicated.

It should be noted that in the present embodiment, being not restricted to through first session key and second meeting The third session key is calculated in the exclusive or value of words key.It can also be by first session key and second session Key is spliced to obtain the third session key, can also use first session key and second session key In partial words joint number carry out exclusive or, or splicing obtain the third session key.

The present embodiment obtains the first session key and rights token by terminal 30 from Cloud Server 20, and permission is enabled Board is sent to household appliance 10, and household appliance 10 is generated based on the authority keys and the rights token obtained from Cloud Server 20 Second session key, and the second session key is sent to terminal 30, terminal 30 is using the second session key and the first session Key is sent to household appliance 10 after encrypting data to be transmitted.It is logical to realize progress information between household appliance 10 and terminal 30 During news, household appliance 10 is by the application program in rights token identification terminal 30 with the presence or absence of access household appliance 10 Permission, only when the application program in terminal 30 has the permission of access household appliance 10, the application program in terminal 30 is The data of available household appliance 10, improve the safety of data interaction between household appliance 10 and terminal 30.

Further, the household appliance 10 is also used to after establishing connection with Cloud Server 20, sends the first equipment mark Request instruction is known to the Cloud Server 20, so that the Cloud Server 20 is returned according to the first device identification request instruction Device identification；The device identification that the Cloud Server 20 returns is received, key mark is obtained by the cryptographic Hash of the device identification Know, and instructed by the key identification to the 20 sending permission key request of Cloud Server, for the Cloud Server 20 Authority keys are returned according to the authority keys request instruction；Receive the authority keys that the Cloud Server 20 returns.

After the household appliance 10, which establishes SST with the Cloud Server 20, to be connect, the household appliance 10 sends the One device identification request instruction gives the Cloud Server 20.When the Cloud Server 20 receives the first device identification request After instruction, the Cloud Server 20 is identified according to the first device identification request instruction returning equipment to the household appliance 10.The device identification is the household appliance 10 when connecting network for the first time, and the Cloud Server 20 is to distribute to the family Electric equipment 10, each household appliance 10 has unique device identification.

It should be noted that the device identification is also possible to the household appliance 10 oneself generation.

When the household appliance 10 receives the device identification that the Cloud Server 20 returns, the device identification is calculated Cryptographic Hash will be described close using the result of the 16 byte phase exclusive or of front and back of the cryptographic Hash of the device identification as key identification Key mark is denoted as UDP_KEY_ID.When the household appliance 10 obtains the key identification UDP_KEY_ID, the household electrical appliances are set Standby 10 are instructed by the UDP_KEY_ID to the 20 sending permission key request of Cloud Server.When the Cloud Server 20 connects When receiving the authority keys request instruction that the household appliance 10 is sent, the Cloud Server 20 is requested according to the authority keys Instruction returns to the authority keys of its generation to the household appliance 10.Further, when the Cloud Server 20 simultaneously will be described The cryptographic Hash of authority keys is sent to the household appliance 10.

It should be noted that can also using the result of the 8 byte phase exclusive or of front and back of the cryptographic Hash of the device identification as The key identification, can also be using the result of the other byte number phase exclusive or in the front and back of the cryptographic Hash of the device identification as described in Key identification.

The household appliance 10 receives the authority keys that the Cloud Server 20 returns, and receives the Cloud Server 20 The cryptographic Hash for the authority keys that the Cloud Server 20 is sent is denoted as the of authority keys by the cryptographic Hash of the authority keys of transmission One cryptographic Hash.When the household appliance 10 receives the authority keys that the Cloud Server 20 returns, the household appliance 10 The cryptographic Hash for calculating the authority keys, the cryptographic Hash for the authority keys being calculated are denoted as the second of authority keys Cryptographic Hash.The household appliance 10 is tested by the first cryptographic Hash of the authority keys and the second cryptographic Hash of the authority keys Demonstrate,prove the integrality of the authority keys.If the first cryptographic Hash of the authority keys and the second cryptographic Hash phase of the authority keys Together, then show that the authority keys are complete, the household appliance 10 then by the authority keys in local area network with the end End 30 is communicated；If the first cryptographic Hash of the authority keys is different with the second cryptographic Hash of the authority keys, show The authority keys are imperfect, and the household appliance 10 then obtains the authority keys or knot to the Cloud Server 20 again The operation of Shu Dangqian.

The household appliance 10 from the Cloud Server 20 by obtaining authority keys, and the Hash for passing through authority keys Value verifies the integrality of the authority keys.Improve the safety communicated between household appliance 10 and terminal 30.

Further, the terminal 30 is also used to after establishing connection with the Cloud Server 20, sends the second equipment mark Request instruction is known to the Cloud Server 20, so that the Cloud Server 20 is returned according to the second device identification request instruction Device identification；The device identification that the Cloud Server 20 returns is received, key mark is obtained by the cryptographic Hash of the device identification Know, and by the key identification to the 20 sending permission token request instruction of Cloud Server, for the Cloud Server 20 The first session key and rights token are returned according to the rights token request instruction；Receive that the Cloud Server 20 returns the One session key and rights token, and the rights token is sent to the household appliance 10.

After the terminal 30, which establishes HTTPS with the Cloud Server 20, to be connect, the terminal 30 sends the second equipment Identification request is instructed to the Cloud Server 20.When the Cloud Server 20 receives the second device identification request instruction Afterwards, the Cloud Server 20 is identified according to the second device identification request instruction returning equipment to the terminal 30.The cloud It is the same device identification that server 20, which returns to the terminal 30 and the device identification of the household appliance 10,.Due to the cloud The mapping table of APP in household appliance 10 described in server 20 and the terminal 30, so the Cloud Server 20 can be according to institute It states the second device identification request instruction and returns to device identification identical with the household appliance 10 is returned to the terminal 30.

When the terminal 30 receives the device identification that the Cloud Server 20 returns, the Kazakhstan of the device identification is calculated Uncommon value, using the result of the 16 byte phase exclusive or of front and back of the cryptographic Hash of the device identification as key identification.By the key mark Memorize is UDP_KEY_ID.When the terminal 30 obtains the key identification UDP_KEY_ID, the terminal 30 passes through described UDP_KEY_ID is to the 20 sending permission token request instruction of Cloud Server.When the Cloud Server 20 receives the terminal When the rights token request instruction of 30 transmissions, the Cloud Server 20 returns to its generation according to the authority keys request instruction Rights token and the first session key.When the Cloud Server 20 is during generating rights token, the key can be passed through Identifier lookup is to the authority keys.Each device identification corresponds to a unique key identification, and each key identification is corresponding Unique authority keys.The terminal 30 receives the first session key that the Cloud Server 20 returns and permission enables Board accesses the household appliance 10 according to the rights token.

The household appliance 10 identifies whether the terminal 30 has and have access authority by the rights token, realize with Secure interactive between the terminal 30.

The present invention further provides a kind of household appliances 10.

It is the functional block diagram of 10 preferred embodiment of present inventor's electric equipment referring to Fig. 2, Fig. 2.

In the present embodiment, the household appliance 10 includes:

First obtains module 11, for obtaining permission from the Cloud Server 20 after establishing connection with Cloud Server 20 Key；

When household appliance 10 will carry out data transmission with terminal 30,10 elder generation of household appliance and the Cloud Server 20 Establish SST (Smart Security Transport, smart machine safe transmission bearing protocol) secure connection.When the household electrical appliances Equipment 10 and the Cloud Server 20 are established after SST connect, and first in the household appliance 10 obtains module 11 from the cloud Authority keys are obtained in server 20.The household appliance 10 includes but is not limited to refrigerator, electric cooker, micro-wave oven and TV.Into One step, after the first acquisition module 11 obtains the authority keys from the Cloud Server 20, described first obtains mould Block 11 calculates the cryptographic Hash of the authority keys, and the cryptographic Hash of the authority keys and the authority keys are written to described In SST, to be communicated in local area network by the authority keys and the terminal 30.

Key production module 12 is enabled for receiving the rights token of the transmission of terminal 30 based on the authority keys and permission Board generates the second session key；

Second session key is sent to the terminal 30 by key sending module 13, for the terminal 30 reception The second session key that the household appliance 10 is sent is obtained using second session key and from the Cloud Server 20 First session key is sent to the household appliance 10 after encrypting data to be transmitted；

When the key production module 12 in the household appliance 10 receives the rights token that the terminal 30 is sent, institute It states the rights token that key production module 12 is sent based on the authority keys and the terminal 30 and generates the second session key.Institute It states key sending module 13 and second session key is sent to the terminal 30.

Further, the key production module 12 includes:

Decryption unit, the rights token sent for receiving the terminal 30 decrypt the power using the authority keys It orders board within a certain time, obtains first session key；

Authentication unit, for verifying the integrality of first session key；

When the key production module 12 receives the rights token that the terminal 30 is sent, the key production module Decryption unit in 12 decrypts the rights token using the authority keys, obtains first session key and described first The cryptographic Hash for decrypting resulting first session key is denoted as the first Hash of the first session key by the cryptographic Hash of session key Value, and the cryptographic Hash of resulting first session key of decryption is recalculated, it is denoted as the second cryptographic Hash of the first session key. The authentication unit is tested using the first cryptographic Hash of first session key and the second cryptographic Hash of first session key Demonstrate,prove the integrality of first session key.If the first cryptographic Hash of first session key and first session key Second cryptographic Hash is identical, and the authentication unit then assert that first session key is complete, and the Key generating unit generates the Two session keys；If the first cryptographic Hash of first session key is different with the second cryptographic Hash of first session key, The authentication unit then assert that first session key is imperfect, and it is close that the Key generating unit does not generate the second session then Key.

The rights token is based on predetermined encryption algorithm by the Cloud Server 20, using the first session key generated It is generated with authority keys.

The rights token is generated by the Cloud Server 20.The rights token is generated in the Cloud Server 20 In the process, the Cloud Server 20 can first get authority keys, and detect the APP and family by pre-stored mapping table It whether there is binding relationship between electric equipment 10.The mapping table is that the household appliance 10 is reflected with APP in the terminal 30 Firing table stores MAC (Media Access Control, the media interviews control of the household appliance 10 in the mapping table System) mapping relations of address, SN (serial number, sequence number) between code and the identification information of the APP, the APP's Identification information is the information that can uniquely indicate the APP, such as the packet name of the APP.When the Cloud Server 20 is based on the mapping Table detects that the Cloud Server 20 generates the first session there are when binding relationship between the APP and the household appliance 10 Key, and using the authority keys as key, first session key is encrypted using preset Encryption Algorithm, is obtained Corresponding ciphertext.After the Cloud Server 20 obtains the ciphertext, the Cloud Server 20 uses SHA-256 (Secure Hash Algorithm, Secure Hash Algorithm) calculate the cryptographic Hash of first session key.The Cloud Server 20 will be described The cryptographic Hash and the ciphertext of encrypted first session key are spliced, and rights token is obtained.When the Cloud Server 20 After obtaining the rights token, the rights token and first session key are sent to the end by the Cloud Server 20 End 30, so that the terminal 30 gets the rights token and first session key.When the Cloud Server 20 is based on The mapping table detects that the Cloud Server 20 is then there is no when binding relationship between the APP and the household appliance 10 Null message is sent to the terminal 30.

It further, is the first a kind of functional module signal for obtaining module 11 in the embodiment of the present invention referring to Fig. 3, Fig. 3 Figure

Described first, which obtains module 11, includes:

First transmission unit 111, for sending the first device identification request instruction after establishing connection with Cloud Server 20 To the Cloud Server 20, so that the Cloud Server 20 is identified according to the first device identification request instruction returning equipment；

After the household appliance 10, which establishes SST with the Cloud Server 20, to be connect, first transmission unit 111 is sent out Send the first device identification request instruction to the Cloud Server 20.So that the Cloud Server 20 is according to first device identification Request instruction returning equipment is identified into the first receiving unit 112.The device identification is that the household appliance 10 connects for the first time When connecing network, the Cloud Server 20 is to distribute to the household appliance 10, and each household appliance 10 has unique equipment Mark.

First receiving unit 112, the device identification returned for receiving the Cloud Server 20, passes through the device identification Cryptographic Hash obtain key identification；

First transmission unit 111 is also used to close to 20 sending permission of Cloud Server by the key identification Key request instruction, so that the Cloud Server 20 returns to authority keys according to the authority keys request instruction；

When first receiving unit 112 receives the device identification that the Cloud Server 20 returns, set described in calculating The cryptographic Hash of standby mark will using the result of the 16 byte phase exclusive or of front and back of the cryptographic Hash of the device identification as key identification The key identification is denoted as UDP_KEY_ID.When first receiving unit 112 obtains the key identification UDP_KEY_ID, First transmission unit 111 is instructed by the UDP_KEY_ID to the 20 sending permission key request of Cloud Server, with Authority keys are returned to according to the authority keys request instruction for the Cloud Server 20.Further, when the Cloud Server The cryptographic Hash of the authority keys is sent to the household appliance 10 simultaneously by 20.

First receiving unit 112 is also used to receive the authority keys that the Cloud Server 20 returns.

First receiving unit 112 receives the authority keys that the Cloud Server 20 returns, and receives the cloud clothes The cryptographic Hash for the authority keys that business device 20 is sent, it is close to be denoted as permission for the cryptographic Hash for the authority keys that the Cloud Server 20 is sent First cryptographic Hash of key.It is described when first receiving unit 112 receives the authority keys that the Cloud Server 20 returns First receiving unit 112 calculates the cryptographic Hash of the authority keys, the cryptographic Hash note for the authority keys being calculated For the second cryptographic Hash of authority keys.First receiving unit 112 passes through the first cryptographic Hash of the authority keys and described Second cryptographic Hash of authority keys verifies the integrality of the authority keys.If the first cryptographic Hash of the authority keys and described Second cryptographic Hash of authority keys is identical, then shows that the authority keys are complete, and the household appliance 10 then passes through the permission Key is communicated in local area network with the terminal 30；If the first cryptographic Hash of the authority keys and the authority keys Second cryptographic Hash is different, then shows that the authority keys are imperfect, and described first obtains module 11 then again to the cloud service Device 20 obtains the authority keys or terminates current operation.

The present invention further provides a kind of terminal 30.

It is the functional block diagram of 30 preferred embodiment of terminal of the present invention referring to Fig. 4, Fig. 4.

In the present embodiment, the terminal 30 includes:

Second obtains module 31, for obtaining first from the Cloud Server 20 after establishing connection with Cloud Server 20 Session key and rights token, and the rights token is sent to the household appliance 10, for 10 base of household appliance The second session key is generated in the authority keys and rights token, and second session key is sent to the terminal 30；

When the terminal 30 will carry out data transmission with the Cloud Server 20, the terminal 30 and the Cloud Server 20 establish HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, network protocol) even It connects.After the terminal 30, which establishes HTTPS with the server, to be connect, the terminal 30 detects in the APP whether have user It logs in.When the user in the APP successfully logs in the APP, described second obtains module 31 from the Cloud Server 20 Obtain the first session key and rights token.When the second acquisition module 31 gets first session key and the power It orders bridge queen within a certain time, the first acquired session key and rights token is sent to the household appliance 10, so that the household electrical appliances are set Standby 10 generate the second session key based on the authority keys and rights token, and second session key are sent to described Terminal 30.

Receiving module 32, the second session key sent for receiving the household appliance 10, passes through second session Key and first session key are sent to the household appliance 10 after encrypting data to be transmitted.

When the receiving module 32 receives the second session key that the household appliance 10 is sent, the receiving module 32 use second session keys and first session key are sent to the household appliance after encrypting data to be transmitted 10.The data to be transmitted can be the control instruction or other data of the control unlatching of household appliance 10, closing etc..

Further, the receiving module 32 includes:

Second receiving unit, the second session key sent for receiving the household appliance 10, calculates second meeting The exclusive or value for talking about key and first session key, using the exclusive or value as third session key；

Data transmission unit, for being sent to the household electrical appliances after encrypting data to be transmitted by the third session key Equipment 10.

When second receiving unit receives the second session key that the household appliance 10 is sent, described second is connect It receives unit and calculates the exclusive or value of second session key and first session key, by second session key and described The exclusive or value of first session key is as third session key.The third session key is key by the data transmission unit The data to be transmitted is encrypted, encrypted data to be transmitted is obtained.The data transmission unit will be after the encryption Data to be transmitted be sent to the household appliance 10.

It further, is the second a kind of functional module signal for obtaining module 31 in the embodiment of the present invention referring to Fig. 5, Fig. 5 Figure.

In the present embodiment, the second acquisition module 31 includes:

Second transmission unit 311, for after establishing connection with the Cloud Server 20, sending the second device identification request It instructs to the Cloud Server 20, so that the Cloud Server 20 is according to the second device identification request instruction returning equipment mark Know；

After the terminal 30, which establishes HTTPS with the Cloud Server 20, to be connect, second transmission unit 311 is sent Second device identification request instruction gives the Cloud Server 20, so that the Cloud Server 20 is asked according to second device identification Instruction returning equipment is asked to identify to third receiving unit 312.

Third receiving unit 312, the device identification returned for receiving the Cloud Server 20, passes through the device identification Cryptographic Hash obtain key identification；

Second transmission unit 311 is also used to order within a certain time by the key identification to 20 transmission route of Cloud Server Board request instruction, so that the Cloud Server 20 returns to the first session key and permission order according to the rights token request instruction Board；

The third receiving unit 312 is also used to receive the first session key and permission that the Cloud Server 20 returns Token, and the rights token is sent to the household appliance 10, so that the household appliance 10 is based on the authority keys The second session key is generated with rights token, and second session key is sent to the terminal 30.

When the third receiving unit 312 receives the device identification that the Cloud Server 20 returns, set described in calculating The cryptographic Hash of standby mark will using the result of the 16 byte phase exclusive or of front and back of the cryptographic Hash of the device identification as key identification The key identification is denoted as UDP_KEY_ID.When the third receiving unit 312 obtains the key identification UDP_KEY_ID, Second transmission unit 311 by the UDP_KEY_ID to the 20 sending permission token request instruction of Cloud Server, with First session key and rights token are returned to the third according to the rights token request instruction for the Cloud Server 20 Receiving unit 312.When the Cloud Server 20 is during generating rights token, institute can be found by the key identification State authority keys.Each device identification corresponds to a unique key identification, and each key identification corresponds to unique one Authority keys.The third receiving unit 312 receives the first session key and rights token that the Cloud Server 20 returns, root The household appliance 10 is accessed according to the rights token.

The present invention further provides the communication means of a kind of household appliance and terminal.

It is the flow diagram of the communication means preferred embodiment of present inventor's electric equipment and terminal referring to Fig. 6, Fig. 6.

In the present embodiment, the communication means of the household appliance and terminal includes:

Step S10, after the household appliance and Cloud Server establish connection, the household appliance is from the Cloud Server Obtain authority keys；

When household appliance will carry out data transmission with terminal, the household appliance is first and the Cloud Server establishes SST (Smart Security Transport, smart machine safe transmission bearing protocol) secure connection.When the household appliance with After the Cloud Server establishes SST connection, the household appliance obtains authority keys from the Cloud Server.The household electrical appliances are set Standby including but not limited to refrigerator, electric cooker, micro-wave oven and TV.Further, when the household appliance is from the Cloud Server After obtaining the authority keys, the household appliance calculates the cryptographic Hash of the authority keys, and by the Kazakhstan of the authority keys Uncommon value and the authority keys are written into the SST, to be carried out in local area network by the authority keys and the terminal Communication.

It should be noted that in the present embodiment, the terminal by default APP (Application, application program) with The household appliance and the Cloud Server are communicated, the default APP refer in Internet of Things to the household appliance into The application of row control.The authority keys are the 32 byte character strings that the Cloud Server generates.But it is also possible to according to specific The byte number of the authority keys is set 16 bytes or 64 bytes etc. by situation.

Step S20, after the terminal establishes connection with the Cloud Server, the terminal is obtained from the Cloud Server First session key and rights token, and the rights token is sent to the household appliance；

When the terminal will carry out data transmission with the Cloud Server, the terminal and the Cloud Server are established HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, network protocol) connection.When The terminal and the server are established after HTTPS connect, and the terminal detects in the APP whether have user's login.Work as institute When stating the user in APP and successfully logging in the APP, the terminal obtains the first session key and permission from the Cloud Server Token.After the terminal gets first session key and the rights token, the terminal and the household appliance Secure connection is established, the first acquired session key and rights token are sent to the household appliance.

It should be noted that the rights token was generated by the Cloud Server.Described in being generated in the Cloud Server During rights token, the Cloud Server can first get authority keys, and detect institute by pre-stored mapping table It states between APP and household appliance with the presence or absence of binding relationship.The mapping table is APP in the household appliance and the terminal Mapping table stores MAC (Media Access Control, the media interviews control of the household appliance in the mapping table System) mapping relations of address, SN (serial number, sequence number) between code and the identification information of the APP, the APP's Identification information is the information that can uniquely indicate the APP, such as the packet name of the APP.When the Cloud Server is based on the mapping table Detect that the Cloud Server generates the first session key there are when binding relationship between the APP and the household appliance, and Using the authority keys as key, first session key is encrypted using preset Encryption Algorithm, is obtained corresponding Ciphertext.After the Cloud Server obtains the ciphertext, the Cloud Server uses SHA-256 (Secure Hash Algorithm, Secure Hash Algorithm) calculate the cryptographic Hash of first session key.The Cloud Server will be after the encryption The first session key cryptographic Hash and the ciphertext spliced, obtain rights token.Described in being obtained when the Cloud Server After rights token, the rights token and first session key are sent to the terminal by the Cloud Server, for institute It states terminal and gets the rights token and first session key.It is detected when the Cloud Server is based on the mapping table When binding relationship being not present between the APP and the household appliance, the Cloud Server then sends null message to the terminal.

It should be noted that the first session key that the Cloud Server generates each time is all different.The cloud service Device also can choose first meeting when obtaining rights token using the cryptographic Hash and the ciphertext of first session key It talks about the partial words joint number in the partial words joint number and the ciphertext of the cryptographic Hash of key and carries out splicing or different or, obtaining described Rights token.

Step S30, the household appliance receive the rights token that the terminal is sent, and are based on the authority keys and permission Token generates the second session key, and second session key is sent to the terminal；

When the household appliance receives the rights token that the terminal is sent, the household appliance is based on the permission The rights token that key and the terminal are sent generates the second session key, and second session key is sent to the end End.

Further, the step S30 includes:

Step a, the household appliance receive the rights token that the terminal is sent, using described in authority keys decryption Rights token obtains first session key；

Step b, the household appliance verify the integrality of first session key；

Step c, if first session key is complete, the household appliance generates the second session key, and will be described Second session key is sent to the terminal.

When the household appliance receives the rights token that the terminal is sent, the household appliance uses the permission Key decrypts the rights token, the cryptographic Hash of first session key and first session key is obtained, by decrypting The cryptographic Hash of the first session key obtained is denoted as the first cryptographic Hash of the first session key, and it is resulting to recalculate the decryption The cryptographic Hash of first session key is denoted as the second cryptographic Hash of the first session key.The household appliance uses first meeting Second cryptographic Hash of the first cryptographic Hash and first session key of talking about key verifies the integrality of first session key. If the first cryptographic Hash of first session key is identical with the second cryptographic Hash of first session key, the household appliance Then assert that first session key is complete, the household appliance then generates the second session key, and second session is close Key is sent to the terminal；If the second cryptographic Hash of the first cryptographic Hash of first session key and first session key Difference, the household appliance then assert that first session key is imperfect, and it is close that the household appliance does not generate the second session then Key.

Step S40, the terminal receives the second session key that the household appliance is sent, close using second session Key and first session key are sent to the household appliance after encrypting data to be transmitted.

When the terminal receives the second session key that the household appliance is sent, the terminal uses described second Session key and first session key are sent to the household appliance after encrypting data to be transmitted.The data to be transmitted It can be the control instruction or other data of the control household appliance unlatching, closing etc..

Further, the step S40 includes:

Step d, the terminal receive the second session key that the household appliance is sent, and calculate second session key With the exclusive or value of first session key, using the exclusive or value as third session key；

Step e, the terminal are sent to the household electrical appliances after being encrypted data to be transmitted using the third session key and set It is standby.

When the terminal receives the second session key that the household appliance is sent, the terminal calculates described second The exclusive or value of session key and first session key, by the exclusive or of second session key and first session key Value is used as third session key.The third session key is that data to be transmitted described in key pair encrypts by the terminal, Obtain encrypted data to be transmitted.The encrypted data to be transmitted is sent to the household appliance by the terminal, and The household appliance is communicated.

The present embodiment obtains the first session key and rights token by terminal from Cloud Server, and rights token is sent out Household appliance is given, household appliance is close based on the authority keys obtained from Cloud Server and the rights token the second session of generation Key, and the second session key is sent to terminal, terminal uses the second session key and the first session key of institute by number to be transmitted According to being sent to household appliance after encryption.It realizes during carrying out information communication between household appliance and terminal, household appliance is logical The application program in rights token identification terminal is crossed with the presence or absence of the permission of access household appliance, only when the application journey in terminal When sequence has the permission of access household appliance, the data of the available household appliance of application program ability in terminal improve house The safety of data interaction between electric equipment and terminal.

It further, is in the embodiment of the present invention when the household appliance and Cloud Server establish connection referring to Fig. 7, Fig. 7 Afterwards, the household appliance obtains a kind of flow diagram of authority keys from the Cloud Server.

In the present embodiment, the step S10 includes:

Step S11, after the household appliance establishes connection with Cloud Server, the household appliance sends the first equipment mark Request instruction is known to the Cloud Server, so that the Cloud Server is according to the first device identification request instruction returning equipment Mark；

After the household appliance, which establishes SST with the Cloud Server, to be connect, the household appliance sends the first equipment Identification request is instructed to the Cloud Server.After the Cloud Server receives the first device identification request instruction, institute Cloud Server is stated to be identified according to the first device identification request instruction returning equipment to the household appliance.The device identification It is the household appliance when connecting network for the first time, the Cloud Server is to distribute to the household appliance, and each household electrical appliances are set There is unique device identification.

It should be noted that the device identification is also possible to the household appliance oneself generation.

Step S12, the household appliance receive the device identification that the Cloud Server returns, pass through the device identification Cryptographic Hash obtains key identification, and is instructed by the key identification to the Cloud Server sending permission key request, for The Cloud Server returns to authority keys according to the authority keys request instruction；

When the household appliance receives the device identification that the Cloud Server returns, the Kazakhstan of the device identification is calculated Uncommon value, using the result of the 16 byte phase exclusive or of front and back of the cryptographic Hash of the device identification as key identification, by the key mark Memorize is UDP_KEY_ID.When the household appliance obtains the key identification UDP_KEY_ID, the household appliance passes through The UDP_KEY_ID is instructed to the Cloud Server sending permission key request.When the Cloud Server receives the household electrical appliances When the authority keys request instruction that equipment is sent, the Cloud Server returns to its generation according to the authority keys request instruction Authority keys give the household appliance.Further, when the Cloud Server simultaneously sends the cryptographic Hash of the authority keys To the household appliance.

Step S13, the household appliance receive the authority keys that the Cloud Server returns.

The household appliance receives the authority keys that the Cloud Server returns, and receives what the Cloud Server was sent The cryptographic Hash for the authority keys that the Cloud Server is sent is denoted as the first Hash of authority keys by the cryptographic Hash of authority keys Value.When the household appliance receives the authority keys that the Cloud Server returns, the household appliance calculates the permission The cryptographic Hash of key, the cryptographic Hash for the authority keys being calculated are denoted as the second cryptographic Hash of authority keys.It is described Household appliance is close by the first cryptographic Hash of the authority keys and the second cryptographic Hash verifying permission of the authority keys The integrality of key.If the first cryptographic Hash of the authority keys is identical with the second cryptographic Hash of the authority keys, show institute It is complete to state authority keys, the household appliance is then communicated in local area network with the terminal by the authority keys；If First cryptographic Hash of the authority keys is different with the second cryptographic Hash of the authority keys, then shows that the authority keys are endless Whole, the household appliance then obtains the authority keys to the Cloud Server again or terminates current operation.

The household appliance is tested by obtaining authority keys from the Cloud Server, and by the cryptographic Hash of authority keys Demonstrate,prove the integrality of the authority keys.Improve the safety communicated between household appliance and terminal.

It further, is in the embodiment of the present invention when the terminal and the Cloud Server establish connection referring to Fig. 8, Fig. 8 Afterwards, the terminal obtains the first session key and rights token from the Cloud Server, and the rights token is sent to institute State a kind of flow diagram of household appliance.

In the present embodiment, the step S20 includes:

Step S21, after the terminal establishes connection with the Cloud Server, the terminal sends the second device identification and asks Ask instruction to the Cloud Server, so that the Cloud Server is according to the second device identification request instruction returning equipment mark Know；

After the terminal, which establishes HTTPS with the Cloud Server, to be connect, the terminal sends the second device identification and asks Ask instruction to the Cloud Server.After the Cloud Server receives the second device identification request instruction, the cloud clothes Business device is identified according to the second device identification request instruction returning equipment to the terminal.The Cloud Server returns to described The device identification of terminal and the household appliance is the same device identification.By household appliance described in the Cloud Server and institute The mapping table of APP in terminal is stated, so the Cloud Server can be returned and be returned according to the second device identification request instruction The terminal is given back to the identical device identification of the household appliance.

Step S22, the terminal receive the device identification that the Cloud Server returns, pass through the Hash of the device identification Value obtains key identification, and by the key identification to the Cloud Server sending permission token request instruction, for described Cloud Server returns to the first session key and rights token according to the rights token request instruction；

Step S23, the terminal receive the first session key and rights token that the Cloud Server returns, and will be described Rights token is sent to the household appliance.

When the terminal receives the device identification that the Cloud Server returns, the Hash of the device identification is calculated Value, using the result of the 16 byte phase exclusive or of front and back of the cryptographic Hash of the device identification as key identification.By the key identification It is denoted as UDP_KEY_ID.When the terminal obtains the key identification UDP_KEY_ID, the terminal passes through the UDP_ KEY_ID is to the Cloud Server sending permission token request instruction.When the Cloud Server receives the power that the terminal is sent When ordering board request instruction within a certain time, the Cloud Server returns to the rights token and the of its generation according to the authority keys request instruction One session key.When the Cloud Server is during generating rights token, can be found by the key identification described Authority keys.Each device identification corresponds to a unique key identification, and each key identification corresponds to unique power Limit key.The terminal receives the first session key and rights token that the Cloud Server returns, according to the rights token Access the household appliance.

The household appliance identifies whether the terminal has and have access authority by the rights token, realize with it is described Secure interactive between terminal.

It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or device.

The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.

Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in a storage medium In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, computer, clothes Business device, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.

The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims

1. the communication system of a kind of household appliance and terminal, which is characterized in that the communication system packet of the household appliance and terminal Include household appliance and terminal:

The terminal, for after establishing connection with the Cloud Server, from the Cloud Server obtain the first session key and Rights token, and the rights token is sent to the household appliance；

The rights token is based on predetermined encryption algorithm by the Cloud Server, using the first session key generated and permission Key generates；

The household appliance, is also used to receive the rights token that the terminal is sent, and decrypts the power using the authority keys It orders board within a certain time, obtains first session key；Verify the integrality of first session key；If first session key is complete It is whole, then the second session key is generated, and second session key is sent to the terminal；

The terminal is also used to receive the second session key that the household appliance is sent, using second session key and First session key is sent to the household appliance after encrypting data to be transmitted.

2. the communication system of household appliance as described in claim 1 and terminal, which is characterized in that the terminal is also used to connect The second session key that the household appliance is sent is received, the exclusive or of second session key and first session key is calculated Value, using the exclusive or value as third session key；It is sent to after being encrypted data to be transmitted using the third session key The household appliance.

3. such as the communication system of claims 1 or 2 described in any item household appliances and terminal, which is characterized in that the household electrical appliances Equipment is also used to after establishing connection with Cloud Server, sends the first device identification request instruction to the Cloud Server, for The Cloud Server is identified according to the first device identification request instruction returning equipment；Receive setting for the Cloud Server return Standby mark obtains key identification by the cryptographic Hash of the device identification, and passes through the key identification to the Cloud Server Sending permission key request instruction, so that the Cloud Server returns to authority keys according to the authority keys request instruction；It connects Receive the authority keys that the Cloud Server returns.

4. such as the communication system of claims 1 or 2 described in any item household appliances and terminal, which is characterized in that the terminal, It is also used to after establishing connection with the Cloud Server, sends the second device identification request instruction to the Cloud Server, for The Cloud Server is identified according to the second device identification request instruction returning equipment；Receive setting for the Cloud Server return Standby mark obtains key identification by the cryptographic Hash of the device identification, and passes through the key identification to the Cloud Server Sending permission token request instruction, so that the Cloud Server returns to the first session key according to the rights token request instruction And rights token；The first session key and rights token that the Cloud Server returns are received, and the rights token is sent To the household appliance.

5. a kind of household appliance, which is characterized in that the household appliance includes:

Key production module generates the based on the authority keys and rights token for receiving the rights token of terminal transmission Two session keys；

Second session key is sent to the terminal by key sending module, is set so that the terminal receives the household electrical appliances The second session key that preparation is sent, will using second session key and the first session key obtained from the Cloud Server The household appliance is sent to after data to be transmitted encryption；

The key production module includes:

Decryption unit, the rights token sent for receiving the terminal decrypt the rights token using the authority keys, Obtain first session key；

Authentication unit, for verifying the integrality of first session key；

6. household appliance as claimed in claim 5, which is characterized in that described first, which obtains module, includes:

First transmission unit, for after establishing connection with Cloud Server, sending the first device identification request instruction to the cloud Server, so that the Cloud Server is identified according to the first device identification request instruction returning equipment；

First receiving unit, the device identification returned for receiving the Cloud Server, passes through the cryptographic Hash of the device identification Obtain key identification；

First transmission unit is also used to refer to by the key identification to the Cloud Server sending permission key request It enables, so that the Cloud Server returns to authority keys according to the authority keys request instruction；

7. a kind of terminal, which is characterized in that the terminal includes:

Second obtains module, for when establish connection with Cloud Server after, from the Cloud Server obtain the first session key with Rights token, and the rights token is sent to household appliance, it is obtained so that the household appliance is used from the Cloud Server The authority keys taken decrypt the rights token, obtain first session key；Verify the complete of first session key Property；If first session key is complete, the second session key is generated, and second session key is sent to the end End；

Receiving module, the second session key sent for receiving the household appliance, passes through second session key and institute It states after the first session key encrypts data to be transmitted and is sent to the household appliance.

8. terminal as claimed in claim 7, which is characterized in that the receiving module includes:

Second receiving unit, the second session key sent for receiving the household appliance, calculates second session key With the exclusive or value of first session key, using the exclusive or value as third session key；

Data transmission unit is set for being sent to the household electrical appliances after encrypting data to be transmitted by the third session key It is standby.

9. terminal as claimed in claim 7 or 8, which is characterized in that described second, which obtains module, includes:

Second transmission unit, for after establishing connection with the Cloud Server, sending the second device identification request instruction to institute Cloud Server is stated, so that the Cloud Server is identified according to the second device identification request instruction returning equipment；

Third receiving unit, the device identification returned for receiving the Cloud Server, passes through the cryptographic Hash of the device identification Obtain key identification；

Second transmission unit is also used to refer to by the key identification to Cloud Server sending permission token request It enables, so that the Cloud Server returns to the first session key and rights token according to the rights token request instruction；

The third receiving unit is also used to receive the first session key and rights token that the Cloud Server returns, and will The rights token is sent to the household appliance, so that the household appliance is based on the authority keys and rights token generation Second session key, and second session key is sent to the terminal.

10. the means of communication of a kind of household appliance and terminal, which is characterized in that the means of communication packet of the household appliance and terminal It includes:

After the household appliance and Cloud Server establish connection, the household appliance is close from Cloud Server acquisition permission Key；

After the terminal and the Cloud Server establish connection, the terminal obtains the first session key from the Cloud Server And rights token, and the rights token is sent to the household appliance；

The household appliance receives the rights token that the terminal is sent, and decrypts the rights token using the authority keys, Obtain first session key；

The household appliance verifies the integrality of first session key；

If first session key is complete, the household appliance generates the second session key, and second session is close Key is sent to the terminal；

11. the means of communication of household appliance as claimed in claim 10 and terminal, which is characterized in that described in the terminal receives The second session key that household appliance is sent, using second session key and first session key by data to be transmitted The step of household appliance is sent to after encryption include:

The terminal receives the second session key that the household appliance is sent, and calculates second session key and described first The exclusive or value of session key, using the exclusive or value as third session key；

12. such as the means of communication of claim 10 or 11 described in any item household appliances and terminal, which is characterized in that described to work as After the household appliance and Cloud Server establish connection, the step of household appliance obtains authority keys from the Cloud Server Include:

After the household appliance and Cloud Server establish connection, the household appliance send the first device identification request instruction to The Cloud Server, so that the Cloud Server is identified according to the first device identification request instruction returning equipment；

The household appliance receives the device identification that the Cloud Server returns, and is obtained by the cryptographic Hash of the device identification close Key mark, and instructed by the key identification to the Cloud Server sending permission key request, for the Cloud Server Authority keys are returned according to the authority keys request instruction；

13. such as the means of communication of claim 10 or 11 described in any item household appliances and terminal, which is characterized in that described to work as After the terminal and the Cloud Server establish connection, the terminal obtains the first session key and permission from the Cloud Server Token, and the step of rights token is sent to the household appliance includes:

After the terminal and the Cloud Server establish connection, the terminal sends the second device identification request instruction to described Cloud Server, so that the Cloud Server is identified according to the second device identification request instruction returning equipment；

The terminal receives the device identification that the Cloud Server returns, and obtains key mark by the cryptographic Hash of the device identification Know, and by the key identification to the Cloud Server sending permission token request instruction, for the Cloud Server according to The rights token request instruction returns to the first session key and rights token；

The terminal receives the first session key and rights token that the Cloud Server returns, and the rights token is sent To the household appliance.