CN107454561A - A kind of Bluetooth link data guard method and its protection system - Google Patents
A kind of Bluetooth link data guard method and its protection system Download PDFInfo
- Publication number
- CN107454561A CN107454561A CN201710689578.6A CN201710689578A CN107454561A CN 107454561 A CN107454561 A CN 107454561A CN 201710689578 A CN201710689578 A CN 201710689578A CN 107454561 A CN107454561 A CN 107454561A
- Authority
- CN
- China
- Prior art keywords
- bluetooth equipment
- bluetooth
- random number
- data
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application is related to communication technical field, more particularly to a kind of Bluetooth link data guard method and its protection system, this method comprise the following steps:Bluetooth equipment 1 establishes bluetooth connection with bluetooth equipment 2;Bluetooth equipment 1 produces link protection key a1, and protects key a1 to the transmission link of bluetooth equipment 2;Bluetooth equipment 2 produces link protection key a2, and the certificate of key a2 and bluetooth equipment 2 is protected to the transmission link of bluetooth equipment 1;Bluetooth equipment 1 verifies the certificate of bluetooth equipment 2, and in the case where being verified, bluetooth equipment 1 randomly generates shared master key M1, and shared master key M1 is encrypted to obtain E1;Bluetooth equipment 1 sends the certificate of E1 and bluetooth equipment 1 to bluetooth equipment 2;Bluetooth equipment 2 verifies the certificate of the bluetooth equipment 1, and in the case where being verified, decryption E1 obtains shared master key M1.The application can effectively prevent loss of transmitted data or be stolen, and ensure bluetooth connection, the security of data transfer.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of Bluetooth link data guard method and its protection system.
Background technology
Data transfer is according to appropriate code, by one or more link, is transmitted between data source and data sink
The process of data.Bluetooth transmission is as one kind in data transfer, because its low energy consumption, low cost, short-range feature are extensive
Ground is used by people.It is trapped, steals to prevent from transmitting data, privacy of user, sensitive data in bluetooth equipment etc., can
Effectively ensure that the safety of data transmission procedure is just particularly important.
At present, mainly it is attached between bluetooth equipment by the method matched, the method for pairing mainly includes:At once
The matching method that the matching method of (justwork), the matching method of PIN code input and numeral compare is run, following is a brief introduction of
The method once matched in the prior art between bluetooth equipment.
At once the matching method of (justwork) is run:
Step 1:Bluetooth equipment a sends broadcast message;
Step 2:Bluetooth equipment around bluetooth equipment b scannings;
Step 3:Bluetooth equipment a is selected from the list scanned;
Step 4:Bluetooth equipment a and bluetooth equipment b establish bluetooth connection;
Step 5:Carry out data transmission between bluetooth equipment a and bluetooth equipment b.
The matching method of PIN code input:
Step 1:Bluetooth equipment a sends broadcast message;
Step 2:Bluetooth equipment around bluetooth equipment b scannings;
Step 3:Bluetooth equipment a is selected from the list scanned;
Step 4:PIN code is inputted in bluetooth equipment a and bluetooth equipment b;
Step 5:Bluetooth equipment a and bluetooth equipment b establishes bluetooth connection;
Step 6:Carry out data transmission between bluetooth equipment a and bluetooth equipment b.
The matching method that numeral compares:
Step 1:Bluetooth equipment a sends broadcast message;
Step 2:Bluetooth equipment around bluetooth equipment b scannings;
Step 3:Bluetooth equipment a is selected from the list scanned;
Step 4:The comparison numeral that bluetooth equipment a display screens and bluetooth equipment b display screens are shown is compared, it is consistent to compare numeral
Click on acknowledgement key;
Step 5:Bluetooth equipment a and bluetooth equipment b establishes bluetooth connection:
Step 6:Carry out data transmission between bluetooth equipment a and bluetooth equipment b.
From the pairing connection between above-mentioned bluetooth equipment and the process of data transfer, run at once (justwork)
Matching method matches and data transfer does not need user to participate in, and security is low;The matching method pairing of PIN code input and data pass
If defeated third party disabled user disguise as connects bluetooth equipment, and PIN code corresponding to input, bluetooth connection will be established,
The leakage of significant data is will result in, the method security of this kind of bluetooth connection is relatively low, and it also requires completing input, choosing
The step such as select, confirm, operation is also more complicated;The matching method pairing and data transfer that numeral compares need requirement bluetooth equipment equal
Function with numerical monitor, use range is limited, and be also required to complete the steps such as input, selection, confirmation, operation is same
Also it is complex.
Therefore, bluetooth connection, the security of data transfer how are improved, is that those skilled in the art need to solve at present
Technical problem.
In addition, how to simplify the operating procedure of bluetooth connection, and those skilled in the art need the technology that solves at present
Problem.
The content of the invention
This application provides a kind of Bluetooth link data guard method and its protection system, to improve bluetooth connection, data
The security of transmission.
In order to solve the above technical problems, the application provides following technical scheme:
A kind of Bluetooth link data guard method, including:Bluetooth equipment 1 establishes bluetooth connection with bluetooth equipment 2, its feature
It is, also comprises the following steps:
The bluetooth equipment 1 produces link protection key a1, and sends the link protection key to the bluetooth equipment 2
a1;
The bluetooth equipment 2 produces link protection key a2, and sends the link protection key to the bluetooth equipment 1
A2 and the bluetooth equipment 2 certificate;
The bluetooth equipment 1 verifies the certificate of the bluetooth equipment 2, and in the case where being verified, bluetooth equipment 1 is random
Shared master key M1 is produced, and the shared master key M1 is encrypted to obtain E1;
The bluetooth equipment 1 sends the certificate of E1 and the bluetooth equipment 1 to the bluetooth equipment 2;The bluetooth equipment 2
The certificate of the bluetooth equipment 1 is verified, in the case where being verified, decryption E1 obtains the shared master key M1.
Bluetooth link data guard method as described above, these, it is preferred to, wherein, link protection key a1 be with
Machine number r1, link protection key a2 are random number r2;The bluetooth equipment 1 is signed to the random number r1 and random number r2
Obtain S1;
The bluetooth equipment 1 sends S1 to the bluetooth equipment 2;The bluetooth equipment 2 is in the card to the bluetooth equipment 1
In the case that book is verified, continue signature verification S1, in signature verification in the case of, decryption E1 obtains the shared master
Key M1.
Bluetooth link data guard method as described above, these, it is preferred to, it is close to obtain the shared master in decryption E1
After key M1, the bluetooth equipment 2 generates the handshake information F2 for including the random number r1 and random number r2, and to the indigo plant
Tooth equipment 1 sends the handshake information F2;The bluetooth equipment 1 verifies the handshake information F2, in the case where being verified,
The bluetooth equipment 1 generates the handshake information F1 for including the random number r1 and random number r2, and is set to the bluetooth
Standby 2 send the handshake information F1;The bluetooth equipment 2 verifies the handshake information F1.
Bluetooth link data guard method as described above, these, it is preferred to, verified in the bluetooth equipment 2 described
For handshake information F1 in the case of, generation includes the random number r1 and random number r2 data encryption key Skey;
The bluetooth equipment 1 or the bluetooth equipment 2 are encrypted to obtain encryption data by the encryption key Skey to data Data
EData, the bluetooth equipment 1 and the transmitting encrypted data EData of the bluetooth equipment 2.
Bluetooth link data guard method as described above, these, it is preferred to, in addition to:Tested in the bluetooth equipment 2
The handshake information F1 is demonstrate,proved in the case of, the bluetooth equipment 1 or the bluetooth equipment 2, which also generate, includes the random number
The sequence number Seqi and disappearing comprising the random number r1 or random number r2 of r1 and the random number r2 all or part bytes
Cease identifying code MAC keys MKey;Bluetooth equipment 1 or the bluetooth equipment 2 generation includes Message Authentication Code MAC keys
MKey, sequence number Seqi and encryption data EData transmission data DataMAC;The bluetooth equipment 1 or the bluetooth equipment 2
Transmission data DataMAC is sent to corresponding bluetooth equipment;Receive described in transmission data DataMAC bluetooth equipment checking
Message Authentication Code MAC, in the case where being verified, decryption obtains transmitting data Data.
Bluetooth link data guard method as described above, these, it is preferred to, the handshake information F1 and described shake hands
Message F2 generation includes following sub-step:
The bluetooth equipment 1 carries out summary computing to the certificate of the bluetooth equipment 1 and obtains H2;The bluetooth equipment 2 is right
The certificate of the bluetooth equipment 2 carries out summary computing and obtains H3;The bluetooth equipment 2 is by the random number r1, the random number
R2, the H2, the H3, the S1 obtain T1 after being connected with the E1;The bluetooth equipment 2 carries out summary computing to the T1
Obtain H4;ASCII character BTMASTER is connected to obtain D2 by the bluetooth equipment 2 with the H4;Described in the use of bluetooth equipment 2
Shared master key M1 obtains handshake information F2 to the D2 computings;
The bluetooth equipment 1 is by the random number r1, the random number r2, the H2, the H3, the S1 and the E1
T1 is obtained after connection;The bluetooth equipment 1 carries out summary computing to the T1 and obtains H4;The bluetooth equipment 1 is by ASCII character
BTBTSLAVE connects to obtain D1 with the H4;The bluetooth equipment 1 is obtained using the shared master key M1 to the D1 computings
Handshake information F1.
A kind of bluetooth equipment, including such as lower component:
Bluetooth communication means, for the bluetooth devices with being adapted to;
Control unit, for producing link protection key a1;Set by the bluetooth communication means to the bluetooth being adapted to
Preparation send the link protection key a1, and reception is adapted to the link protection key a2 of bluetooth equipment transmission and is adapted to bluetooth and sets
Standby certificate;
The control unit checking is adapted to the certificate of bluetooth equipment, in the case where being verified, randomly generates shared
Master key M1, and the shared master key M1 is encrypted to obtain E1;
The bluetooth communication means send the E1 and certificate to be adapted to bluetooth equipment.
Bluetooth equipment as described above, these, it is preferred to, link protection key a1 is random number r1, and link protection is close
Key a2 is random number r2;
The control unit signs to obtain S1 to the random number r1 and the random number r2;
S1 is sent to be adapted to bluetooth equipment by the bluetooth communication means, receives the bag for being adapted to bluetooth equipment transmission
Handshake information F2 containing the random number r1 and the random number r2;
The control unit verifies the handshake information F2, and in the case where being verified, generation includes the random number
R1 and the random number r2 handshake information F1;
By the bluetooth communication means handshake information F1 is sent to be adapted to bluetooth equipment.
Bluetooth equipment as described above, these, it is preferred to, the control unit generation includes the random number r1 and institute
State random number r2 data encryption key Skey and Message Authentication Code MAC comprising the random number r1 and the random number r2 is close
Key MKey;Data Data is encrypted by the encryption key Skey to obtain encryption data EData;Generation includes the random number
R1 and the random number r2 all or part bytes sequence number Seqi;Generation includes Message Authentication Code MAC keys MKey, sequence
Number Seqi and encryption data EData transmission data DataMAC;
By the bluetooth communication means transmission data DataMAC is sent to be adapted to bluetooth equipment;Or receive and fit
The transmission data DataMAC sent with bluetooth equipment, the control unit are verified the Message Authentication Code MAC, are being verified
In the case of, decryption obtains transmitting data Data.
A kind of protection system based on bluetooth equipment, including:
Bluetooth equipment as described above, the bluetooth equipment at least two, one of bluetooth equipment is with being adapted to
Remaining bluetooth equipment establish bluetooth connection, and mutual data transmission.
Relatively above-mentioned background technology, Bluetooth link data guard method provided by the present invention pass through bluetooth equipment 1 and indigo plant
Its certificate is mutually authenticated between tooth equipment 2, if verified not by the way that bluetooth connection can be terminated, only in situation about being verified
It is lower just to carry out next step operation, it also just can just continue bluetooth connection, data transfer, thus be effectively guaranteed bluetooth
Connection, the security of data transfer;And on the premise of data transmission security is effectively guaranteed, using running at once
(justwork) matching method carries out the operating procedure that bluetooth connection also simplifies bluetooth connection.
Further, bluetooth equipment 2 also needs to the S1 that signature verification bluetooth equipment 1 is generated, and passes through in signature authentication
In the case of, next step can be just carried out, otherwise bluetooth connection disconnects, and so more improves the security of data transfer;Also
Because S1 is to sign to obtain by random number r1 and random number r2, the uncertain of random number also further increases data transfer
Security.
Further, by the checking to handshake information F1 and handshake information F2, the security of data transfer is also increased.
Further, data Data is encrypted by generating data encryption key Skey, adds the safety of data transfer
Property;By the processing to encryption data EData obtain transmit data DataMAC, receive transmission data after, it is necessary to verify message
Identifying code MAC, being verified can just decrypt to obtain transmission data Data, and otherwise bluetooth connection disconnects, and then effectively ensures
The integrality of transmission data so that data transfer increase is safe and accurate.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments described in invention, for those of ordinary skill in the art, other can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is the workflow schematic diagram of the embodiment 1 of Bluetooth link data guard method provided in an embodiment of the present invention;
Fig. 2 is the workflow schematic diagram of the embodiment 2 of Bluetooth link data guard method provided in an embodiment of the present invention;
Fig. 3 is bluetooth equipment provided in an embodiment of the present invention and its work system.
Description of reference numerals:
1-bluetooth equipment, 1 2-bluetooth equipment, 2 11-bluetooth communication means, 12-control unit
Embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Embodiment 1
As shown in figure 1, this application provides a kind of Bluetooth link data guard method, including as shown in the figure the step of, its
Middle bluetooth equipment 1 initially sets up bluetooth connection with bluetooth equipment 2, connects as bluetooth is established between bluetooth equipment 1 and bluetooth equipment 2
The method connect can use matching method, the matching method of PIN code input of the prior art for running (justwork) at once
The matching method compared with numeral, of course for simple to operate, present invention preferably uses the pairing for running (justwork) at once
Method carries out bluetooth connection to bluetooth equipment 1 and bluetooth equipment 2.Further, in addition to:
Step S1, establish the bluetooth equipment 1 after bluetooth connection and produce link protection key a1, and to the bluetooth equipment
2 send the link protection key a1.
Step S2, described bluetooth equipment 2 produces link protection key a2, and sends the link to the bluetooth equipment 1
Protect the certificate of key a2 and the bluetooth equipment 2.
Step S3, described bluetooth equipment 1 verifies the certificate of the bluetooth equipment 2, if checking is not by bluetooth equipment 1
Error message is sent, bluetooth equipment 1, bluetooth equipment 2 disconnect bluetooth connection, do not allow subsequent operation, if the verification passes, bluetooth
Equipment 1 randomly generates shared master key M1, and the shared master key M1 is encrypted to obtain E1.
Wherein for share master key M1 form, those skilled in the art can according to circumstances depending on, be not limited to one
Kind, the preferably shared master key M1 of the application is 48 byte random numbers, for encrypted form can also according to circumstances depending on, the application
Preferably, the public key in the certificate of bluetooth equipment 2 is encrypted using asymmetric arithmetic;
Step S4, described bluetooth equipment 1 sends the certificate of E1 and the bluetooth equipment 1 to the bluetooth equipment 2;
Step S5, described bluetooth equipment 2 verifies the certificate of the bluetooth equipment 1, if checking is not by bluetooth equipment 2
Error message is sent, bluetooth equipment 1, bluetooth equipment 2 disconnect bluetooth connection, do not allow subsequent operation, if the verification passes, bluetooth
Equipment 2 decrypts E1 and obtains the shared master key M1.
From the foregoing, it will be observed that Bluetooth link data guard method provided herein by bluetooth equipment 1 and bluetooth equipment 2 it
Between its certificate is mutually authenticated, if checking not by i.e. can terminate bluetooth connection, can just enter only in the case where being verified
Row operates in next step, also just can just continue bluetooth connection, data transfer, thus be effectively guaranteed bluetooth connection, number
According to the security of transmission.
Embodiment 2
As shown in Fig. 2 show the application further embodiment, wherein it is identical with the method and step shown in Fig. 1 it
Place repeats no more.The link protection key a1 in embodiment 1 is wherein set to random number r1, link protection key a2 is set to random
Number r2, naturally it is also possible to it is other data, such as time factor etc., as long as the technology to be reached of the embodiment of the present invention can be met
Effect;The bluetooth equipment 1 signs to obtain S1 to the random number r1 and the random number r2, as obtaining S1 computing
It is to obtain random number r3 after random number r1 connects with random number r2 in process the embodiment of the present application, bluetooth equipment 1 is to random number r3
The computing that make a summary obtains H1, then reuses the computing that to H1 sign of the private key of bluetooth equipment 1 and obtains S1, naturally it is also possible to
It is other operation methods, as long as identical technique effect can be reached;The bluetooth equipment 1 is sent out to the bluetooth equipment 2
Send S1;The bluetooth equipment 2 in the case of, signature verification S1, is verified obstructed in the certification authentication to the bluetooth equipment 1
Cross, bluetooth equipment 2, which is then sent, sends error message, and bluetooth connection disconnects, and in signature verification in the case of, decryption E1 is obtained
The shared master key M1.Due to increasing the checking to S1, next step can just be carried out by being verified, so as to further
It ensure that bluetooth connection, the security of data transfer.
In addition, on this basis, for more efficient, safe bluetooth connection, carrying out data transmission, can also be further added by
Checking to handshake information, can be specifically:
After decryption E1 obtains the shared master key M1, the generation of bluetooth equipment 2 includes the random number r1 and institute
Random number r2 handshake information F2 is stated, and the handshake information F2 is sent to the bluetooth equipment 1;The bluetooth equipment 1 is verified
The handshake information F2, if checking is not by sending error message, disconnecting bluetooth connection, otherwise be verified, the bluetooth
Equipment 1 then generates the handshake information F1 for including the random number r1 and random number r2, and is sent to the bluetooth equipment 2
The handshake information F1;The bluetooth equipment 2 verifies the handshake information F1, if checking is not by sending error message, breaking
Bluetooth connection is opened, otherwise is verified, then carries out next step.
Generation for above-mentioned handshake information F1 and handshake information F2, as long as comprising random number r1 and random number r2,
Safer of course for transmission data, the embodiment of the present application preferably generates handshake information F1 and handshake information as follows
F2:
The bluetooth equipment 1 carries out summary computing to the certificate of the bluetooth equipment 1 and obtains H2;The bluetooth equipment 2 is right
The certificate of the bluetooth equipment 2 carries out summary computing and obtains H3;The bluetooth equipment 2 is by the random number r1, the random number
R2, the H2, the H3, the S1 obtain T1 after being connected with the E1;The bluetooth equipment 2 carries out summary computing to the T1
Obtain H4;ASCII character BTSLAVE is connected to obtain D2 by the bluetooth equipment 2 with the H4;Described in the use of bluetooth equipment 2
Shared master key M1 obtains handshake information F2 to the D2 computings.
The bluetooth equipment 1 is by the random number r1, the random number r2, the H2, the H3, the S1 and the E1
T1 is obtained after connection;The bluetooth equipment 1 carries out summary computing to the T1 and obtains H4;The bluetooth equipment 1 is by ASCII character
BTMASTER connects to obtain D1 with the H4;The bluetooth equipment 1 is obtained using the shared master key M1 to the D1 computings
Handshake information F1.
In addition, verifying the handshake information F1 in the case of in the bluetooth equipment 2, generation includes the random number
R1 and the random number r2 data encryption key Skey;The bluetooth equipment 1 or the bluetooth equipment 2 are close by the encryption
Key Skey encrypts to obtain encryption data EData, bluetooth equipment 1 and the bluetooth equipment 2 transmission the encryption number to data Data
According to EData, the data of transmission are further encrypted again, have also further ensured that the security of data transfer.
In order to ensure the integrality in data transmission procedure, it is unlikely to lack, can also be the bluetooth equipment 1 or described
Sequence number Seqi of the generation of bluetooth equipment 2 comprising the random number r1 and the random number r2 all or part bytes, wherein often
Send or receive a frame information, sequence number Seqi will add 1, and bluetooth equipment 1 and bluetooth equipment 2 will keep sending and receiving order row number
Synchronization;The message of bluetooth equipment 1 or the bluetooth equipment 2 generation comprising the random number r1 and random number r2 is tested
Demonstrate,prove code MAC keys MKey;Bluetooth equipment 1 or the bluetooth equipment 2 generation includes Message Authentication Code MAC keys MKey, sequence
Row number Seqi and encryption data EData transmission data DataMAC, i.e. DataMAC=MAC (MKey, Seqi | | EData);Institute
State bluetooth equipment 1 or the bluetooth equipment 2 and send transmission data DataMAC to corresponding bluetooth equipment;Receive transmission number
The Message Authentication Code MAC is verified according to DataMAC bluetooth equipment, the verification process is to receive transmission data DataMAC
Bluetooth equipment DataMAC=MAC (MKey, Seqi | | EData) will be used to calculate DataMAC, if result of calculation is different, institute
Message Authentication Code mac authentication is stated not by then sending error message, disconnection bluetooth connection is described to disappear if result of calculation is identical
Identifying code mac authentication is ceased by the way that decryption obtains transmitting data Data, completes data transfer.
Above-mentioned MAC is the Hash functions of (Message Authentication Codes) with privacy key:Message dissipates
Train value is controlled by there was only privacy key K that communicating pair is known.Now hash value is referred to as MAC.Message Authentication Code has two kinds of meters
Calculation mode:One kind is to utilize existing AES, and directly digest value is encrypted by such as DES;Another kind is to use
Special MAC algorithms.HMAC, it is based on MD5 or SHA-1, when calculating hashed value using key and data simultaneously as inputting,
And the mode of secondary hash iteration is employed, actual computational methods are as follows:
HMAC (K, M)=H (K ⊕ opad ∣ H (K ⊕ ipad ∣ M))
Wherein K is key, and length should be 64 bytes, if being less than the length, is mended automatically behind key with " 0 " filling
Foot.M is message;H is hash function;The character string that opad and Ipad is made up of several 0x5c and 0x36 respectively;⊕ is represented
XOR , ∣ represent attended operation.
For above-mentioned Seqi, its initial value is Seq0, can be Seq0=Random1 | | Random, wherein, Random1
Can be random number r2 preceding 8 bytes, Random2 can be random number r1 preceding 8 bytes.
Wherein, MKey and Skey calculation comprises the following steps:
Step P1, X is obtained after connecting M1, r1, r2;
X=M1 | | r1 | | r2 formula (1)
It is convenient in order to what is calculated and transmit, it can use M1 16 bytes therein and participate in computing.
Step P2, Hash operation is carried out to X, obtains Y;
Y=HMAC (X) formula (2)
Step P3, MAC keys MKey and data encryption key Skey is calculated using Hash operation result.
Hash operation result Y a part of byte is taken respectively as MKey and Skey, such as makes Y1Y2 ... that Y20 is respectively Y
The 1st to the 20th byte, it is data encryption key Skey to take wherein 16 bytes, and it is MAC keys MKey separately to take 16 bytes.Example
Such as:Encryption key SKey is:SKey=Y1Y2 ... Y16, MAC keys MKey is:MKey=Y5Y6 ... Y20;Due to random number r1
With random number r2 participation, disconnect bluetooth connection after, if if carrying out bluetooth connection again between bluetooth equipment, can also weigh
New random generation random number, this guarantees bluetooth connection each time to be different from, after disconnection all be attached again again, institute
With this also with regard to the security that ensure that bluetooth connection and data transfer of high degree.
As shown in figure 3, present invention also offers a kind of Bluetooth link to protect system, including multiple bluetooth equipments, the indigo plant
Tooth equipment at least two, one of bluetooth equipment establishes bluetooth connection with remaining bluetooth equipment being adapted to, and mutually passes
Transmission of data.Two bluetooth equipments are schematically drawn in Fig. 3, wherein each bluetooth equipment includes such as lower component:
Bluetooth communication means 11, for being communicated be adapted to bluetooth equipment 2;
Control unit 12, produce link protection key a1;
The link protection key a1 is sent to be adapted to bluetooth equipment 2 by the bluetooth communication means 11, receives institute
The link protection key a2 that adaptation bluetooth equipment 2 is sent and the certificate for being adapted to bluetooth equipment 2;
The control unit 12 verifies the certificate for being adapted to bluetooth equipment 2, if verify not by, send error message,
Bluetooth connection is disconnected, if being verified, randomly generates shared master key M1, and the shared master key M1 is encrypted to obtain
E1;
By the bluetooth communication means 11 E1 and certificate are sent to be adapted to bluetooth equipment 2.
From the foregoing, it will be observed that bluetooth equipment 1 provided by the present invention with other bluetooth equipments carry out bluetooth connection after, it is necessary to phase
Its certificate is mutually verified, if verified not by the way that bluetooth connection can be terminated, only in the case where can just be carried out in the case of being verified
Single stepping, also just can just continue bluetooth connection, data transfer, thus effectively prevent loss of transmitted data or
It is stolen, is also just effectively guaranteed bluetooth connection, the security of data transfer;And it is being effectively guaranteed data transmission security
Property on the premise of, using at once run (justwork) matching method carry out bluetooth connection also simplify bluetooth connection operation walk
Suddenly.
It is provided by the invention in order to which bluetooth connection and data transfer are more safe and reliable on the basis of above-described embodiment
For bluetooth equipment 1 it is also possible that link protection key a1 is random number r1, link protection key a2 is random number r2;The control
Part 12 signs to obtain S1 to the random number r1 and the random number r2;By the bluetooth communication means 11 to being adapted to indigo plant
Tooth equipment 2 sends S1, receives and is adapted to disappearing comprising the random number r1 and the shaking hands for random number r2 for the transmission of bluetooth equipment 2
Cease F2;The control unit 12 verifies the handshake information F2, if checking not by, send error message, if being verified,
Then generation includes the random number r1 and random number r2 handshake information F1;By the bluetooth communication means 11 to fitting
The handshake information F1 is sent with bluetooth equipment 2.Due to adding the checking to S1, it more ensure that bluetooth connection, data pass
Defeated security, in addition due also to random number r1 and random number r2 use, after this bluetooth connection disconnection, bluetooth next time
Need to regenerate random number during connection, this just further prevents loss of data or is stolen, and is also increased by effectively protecting
The security of bluetooth connection and data transfer is demonstrate,proved.
In order to ensure the integrality of data, it can also be that the control unit 12 generation includes the random number r1 and described
Random number r2 data encryption key Skey;Data Data is encrypted to obtain encryption data by the encryption key Skey
EData;Generation includes the random number r1 and the random number r2 all or part bytes sequence number Seqi and comprising described
Random number r1 and random number r2 Message Authentication Code MAC keys MKey;Generation comprising Message Authentication Code MAC keys MKey,
Sequence number Seqi and encryption data EData transmission data DataMAC;
By the bluetooth communication means 11 transmission data DataMAC is sent to be adapted to bluetooth equipment 2;Or receive institute
The transmission data DataMAC that bluetooth equipment 2 is sent is adapted to, the control unit 12 verifies the Message Authentication Code MAC, if checking
Not by then sending error message, disconnecting bluetooth connection, if being verified, decryption obtains transmitting data Data.
Further, control unit therein performs the method and step in embodiment 1 and embodiment 2, and detailed process is herein
Repeat no more.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the present invention.Any reference in claim should not be considered as to the involved claim of limitation.
Moreover, it will be appreciated that although the present specification is described in terms of embodiments, not each embodiment is only wrapped
Containing an independent technical scheme, this narrating mode of specification is only that those skilled in the art should for clarity
Using specification as an entirety, the technical solutions in the various embodiments may also be suitably combined, forms those skilled in the art
It is appreciated that other embodiment.
Claims (10)
1. a kind of Bluetooth link data guard method, including:Bluetooth equipment 1 establishes bluetooth connection with bluetooth equipment 2, and its feature exists
In also comprising the following steps:
The bluetooth equipment 1 produces link protection key a1, and sends the link protection key a1 to the bluetooth equipment 2;
The bluetooth equipment 2 produces link protection key a2, and to the bluetooth equipment 1 send the link protection key a2 and
The certificate of the bluetooth equipment 2;
The bluetooth equipment 1 verifies the certificate of the bluetooth equipment 2, and in the case where being verified, bluetooth equipment 1 randomly generates
Shared master key M1, and the shared master key M1 is encrypted to obtain E1;
The bluetooth equipment 1 sends the certificate of E1 and the bluetooth equipment 1 to the bluetooth equipment 2;The bluetooth equipment 2 is verified
The certificate of the bluetooth equipment 1, in the case where being verified, decryption E1 obtains the shared master key M1.
2. Bluetooth link data guard method according to claim 1, it is characterised in that wherein, link protection key a1
For random number r1, link protection key a2 is random number r2;The bluetooth equipment 1 is to the random number r1 and the random number r2
Signature obtains S1;
The bluetooth equipment 1 sends S1 to the bluetooth equipment 2;The bluetooth equipment 2 is tested in the certificate to the bluetooth equipment 1
In the case that card passes through, continue signature verification S1, in signature verification in the case of, decryption E1 obtains the shared master key
M1。
3. Bluetooth link data guard method according to claim 2, it is characterised in that obtained in decryption E1 described shared
After master key M1, the bluetooth equipment 2 generates the handshake information F2 for including the random number r1 and random number r2, and to institute
State bluetooth equipment 1 and send the handshake information F2;The bluetooth equipment 1 verifies the handshake information F2, in the feelings being verified
Under condition, the bluetooth equipment 1 generates the handshake information F1 for including the random number r1 and random number r2, and to the indigo plant
Tooth equipment 2 sends the handshake information F1;The bluetooth equipment 2 verifies the handshake information F1.
4. Bluetooth link data guard method according to claim 3, it is characterised in that verified in the bluetooth equipment 2
For the handshake information F1 in the case of, generation includes the random number r1 and random number r2 data encryption key
Skey;The bluetooth equipment 1 or the bluetooth equipment 2 are encrypted to obtain encryption number by the encryption key Skey to data Data
According to EData, the bluetooth equipment 1 and the transmitting encrypted data EData of the bluetooth equipment 2.
5. Bluetooth link data guard method according to claim 4, it is characterised in that also include:Set in the bluetooth
The handshake information F1 is in the case of for standby 2 checking, and the bluetooth equipment 1 or the bluetooth equipment 2 are also generated comprising described
The sequence number Seqi of random number r1 and the random number r2 all or part bytes and include the random number r1 or random number
R2 Message Authentication Code MAC keys MKey;Bluetooth equipment 1 or the bluetooth equipment 2 generation is close comprising Message Authentication Code MAC
Key MKey, sequence number Seqi and encryption data EData transmission data DataMAC;The bluetooth equipment 1 or the bluetooth equipment
2 send transmission data DataMAC to corresponding bluetooth equipment;Receive transmission data DataMAC bluetooth equipment checking institute
Message Authentication Code MAC is stated, in the case where being verified, decryption obtains transmitting data Data.
6. Bluetooth link data guard method according to claim 5, it is characterised in that the handshake information F1 and described
Handshake information F2 generation includes following sub-step:
The bluetooth equipment 1 carries out summary computing to the certificate of the bluetooth equipment 1 and obtains H2;The bluetooth equipment 2 is to described
The certificate of bluetooth equipment 2 carries out summary computing and obtains H3;The bluetooth equipment 2 is by the random number r1, the random number r2, institute
State H2, the H3, the S1 and obtain T1 after being connected with the E1;The bluetooth equipment 2 carries out summary computing to the T1 and obtained
H4;ASCII character BTMASTER is connected to obtain D2 by the bluetooth equipment 2 with the H4;The bluetooth equipment 2 uses described shared
Master key M1 obtains handshake information F2 to the D2 computings;
The bluetooth equipment 1 connects the random number r1, the random number r2, the H2, the H3, the S1 with the E1
After obtain T1;The bluetooth equipment 1 carries out summary computing to the T1 and obtains H4;The bluetooth equipment 1 is by ASCII character
BTBTSLAVE connects to obtain D1 with the H4;The bluetooth equipment 1 is obtained using the shared master key M1 to the D1 computings
Handshake information F1.
7. a kind of bluetooth equipment, it is characterised in that including such as lower component:
Bluetooth communication means, for the bluetooth devices with being adapted to;
Control unit, for producing link protection key a1;Sent out by the bluetooth communication means to the bluetooth equipment being adapted to
The link protection key a1 is sent, the link protection key a2 for being adapted to bluetooth equipment transmission is received and is adapted to bluetooth equipment
Certificate;
The control unit checking is adapted to the certificate of bluetooth equipment, and in the case where being verified, it is close to randomly generate shared master
Key M1, and the shared master key M1 is encrypted to obtain E1;
The bluetooth communication means send the E1 and certificate to be adapted to bluetooth equipment.
8. bluetooth equipment according to claim 7, it is characterised in that link protection key a1 is random number r1, and link is protected
It is random number r2 to protect key a2;
The control unit signs to obtain S1 to the random number r1 and the random number r2;
By the bluetooth communication means to be adapted to bluetooth equipment send S1, receive be adapted to bluetooth equipment send include institute
State random number r1 and the random number r2 handshake information F2;
The control unit verifies the handshake information F2, in the case where being verified, generation comprising the random number r1 and
The handshake information F1 of the random number r2;
By the bluetooth communication means handshake information F1 is sent to be adapted to bluetooth equipment.
9. bluetooth equipment according to claim 8, it is characterised in that the control unit generation includes the random number r1
Message Authentication Code with the data encryption key Skey of the random number r2 and comprising the random number r1 and the random number r2
MAC keys MKey;Data Data is encrypted by the encryption key Skey to obtain encryption data EData;Generation is comprising described
Random number r1 and the random number r2 all or part bytes sequence number Seqi;Generation includes Message Authentication Code MAC keys
MKey, sequence number Seqi and encryption data EData transmission data DataMAC;
By the bluetooth communication means transmission data DataMAC is sent to be adapted to bluetooth equipment;Or receive and be adapted to indigo plant
The transmission data DataMAC that tooth equipment is sent, the control unit verifies the Message Authentication Code MAC, in the feelings being verified
Under condition, decryption obtains transmitting data Data.
A kind of 10. protection system based on bluetooth equipment, it is characterised in that including:
Bluetooth equipment described in any one of claim 7 to 9, the bluetooth equipment at least two, one of bluetooth equipment
Bluetooth connection, and mutual data transmission are established with remaining bluetooth equipment being adapted to.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710689578.6A CN107454561A (en) | 2017-08-14 | 2017-08-14 | A kind of Bluetooth link data guard method and its protection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710689578.6A CN107454561A (en) | 2017-08-14 | 2017-08-14 | A kind of Bluetooth link data guard method and its protection system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107454561A true CN107454561A (en) | 2017-12-08 |
Family
ID=60491056
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710689578.6A Pending CN107454561A (en) | 2017-08-14 | 2017-08-14 | A kind of Bluetooth link data guard method and its protection system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107454561A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107786579A (en) * | 2017-12-12 | 2018-03-09 | 特斯联(北京)科技有限公司 | A kind of safety communicating method being used between bluetooth equipment |
CN108174370A (en) * | 2017-12-14 | 2018-06-15 | 北京明华联盟科技有限公司 | Bluetooth security connection method, device, terminal and computer readable storage medium |
CN110351929A (en) * | 2019-07-17 | 2019-10-18 | 苏州佩林网络科技有限公司 | A kind of wireless lamp control system based on Bluetooth technology |
CN110635901A (en) * | 2019-09-11 | 2019-12-31 | 北京方研矩行科技有限公司 | Local Bluetooth dynamic authentication method and system for Internet of things equipment |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101031939A (en) * | 2004-10-19 | 2007-09-05 | 英特尔公司 | Method and apparatus for securing communications between a smartcard and a terminal |
CN101083530A (en) * | 2007-07-13 | 2007-12-05 | 北京工业大学 | Method for realizing intra-mobile entity authentication and cipher key negotiation using short message |
CN101765996A (en) * | 2007-05-31 | 2010-06-30 | 威斯科数据安全国际有限公司 | Remote Authentication And Transaction Signatures |
CN102111192A (en) * | 2011-03-03 | 2011-06-29 | 中兴通讯股份有限公司 | Bluetooth connection method and system |
CN103067160A (en) * | 2013-01-14 | 2013-04-24 | 江苏智联天地科技有限公司 | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) |
CN104158567A (en) * | 2014-07-25 | 2014-11-19 | 天地融科技股份有限公司 | Pairing method and system and data interaction method and system for Bluetooth equipment |
CN104616148A (en) * | 2015-01-23 | 2015-05-13 | 恒银金融科技有限公司 | Payment terminal and paying method of wearable payment terminal |
CN105827655A (en) * | 2016-05-27 | 2016-08-03 | 飞天诚信科技股份有限公司 | Intelligent key equipment and work method thereof |
-
2017
- 2017-08-14 CN CN201710689578.6A patent/CN107454561A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101031939A (en) * | 2004-10-19 | 2007-09-05 | 英特尔公司 | Method and apparatus for securing communications between a smartcard and a terminal |
CN101765996A (en) * | 2007-05-31 | 2010-06-30 | 威斯科数据安全国际有限公司 | Remote Authentication And Transaction Signatures |
CN101083530A (en) * | 2007-07-13 | 2007-12-05 | 北京工业大学 | Method for realizing intra-mobile entity authentication and cipher key negotiation using short message |
CN102111192A (en) * | 2011-03-03 | 2011-06-29 | 中兴通讯股份有限公司 | Bluetooth connection method and system |
CN103067160A (en) * | 2013-01-14 | 2013-04-24 | 江苏智联天地科技有限公司 | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) |
CN104158567A (en) * | 2014-07-25 | 2014-11-19 | 天地融科技股份有限公司 | Pairing method and system and data interaction method and system for Bluetooth equipment |
CN104616148A (en) * | 2015-01-23 | 2015-05-13 | 恒银金融科技有限公司 | Payment terminal and paying method of wearable payment terminal |
CN105827655A (en) * | 2016-05-27 | 2016-08-03 | 飞天诚信科技股份有限公司 | Intelligent key equipment and work method thereof |
Non-Patent Citations (1)
Title |
---|
(美)梅 尔(MEYER,C.H.),(美)马脱耶斯(MATYAS,S.M.): "《密码学 计算机数据安全的一个新领域 安全系统设计和实施指南》", 31 July 1988 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107786579A (en) * | 2017-12-12 | 2018-03-09 | 特斯联(北京)科技有限公司 | A kind of safety communicating method being used between bluetooth equipment |
CN108174370A (en) * | 2017-12-14 | 2018-06-15 | 北京明华联盟科技有限公司 | Bluetooth security connection method, device, terminal and computer readable storage medium |
CN110351929A (en) * | 2019-07-17 | 2019-10-18 | 苏州佩林网络科技有限公司 | A kind of wireless lamp control system based on Bluetooth technology |
CN110635901A (en) * | 2019-09-11 | 2019-12-31 | 北京方研矩行科技有限公司 | Local Bluetooth dynamic authentication method and system for Internet of things equipment |
CN110635901B (en) * | 2019-09-11 | 2023-01-17 | 北京方研矩行科技有限公司 | Local Bluetooth dynamic authentication method and system for Internet of things equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103338215B (en) | The method setting up TLS passage based on the close algorithm of state | |
CN106789047B (en) | A kind of block chain identification system | |
CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
CN104158567B (en) | Matching method between bluetooth equipment and system, data interactive method and system | |
CN108780548A (en) | Using Elliptic Curve Cryptography for Personal Device Security to Share Secrets | |
CN107454561A (en) | A kind of Bluetooth link data guard method and its protection system | |
CN102724041B (en) | Steganography-based key transmission and key updating method | |
US8966265B2 (en) | Pairwise temporal key creation for secure networks | |
CN108599925A (en) | A kind of modified AKA identity authorization systems and method based on quantum communication network | |
CN107294937A (en) | Data transmission method, client and server based on network service | |
CN108809643A (en) | A kind of method, system and the equipment of equipment and high in the clouds arranging key | |
CN111769938B (en) | Key management system and data verification system of block chain sensor | |
CN106656510A (en) | Encryption key acquisition method and system | |
CN106060073B (en) | Channel key machinery of consultation | |
CN105897748B (en) | A kind of transmission method and equipment of symmetric key | |
CN105612728A (en) | Secured data channel authentication implying a shared secret | |
CN110022320A (en) | A kind of communication partner method and communication device | |
WO2018120938A1 (en) | Offline key transmission method, terminal and storage medium | |
CN109919609A (en) | Anti- quantum calculation block chain secure transactions method and system based on public key pond | |
CN115378587B (en) | Key acquisition method, device, equipment and readable storage medium | |
CN112653719A (en) | Automobile information safety storage method and device, electronic equipment and storage medium | |
CN108718237A (en) | A kind of modified AKA identity authorization systems and method based on pool of symmetric keys | |
CN109587149A (en) | A kind of safety communicating method and device of data | |
CN114598533A (en) | Block chain side chain cross-chain identity trusted authentication and data encryption transmission method | |
Diallo et al. | A secure authentication scheme for bluetooth connection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171208 |
|
RJ01 | Rejection of invention patent application after publication |