CN107454561A - A kind of Bluetooth link data guard method and its protection system - Google Patents

A kind of Bluetooth link data guard method and its protection system Download PDF

Info

Publication number
CN107454561A
CN107454561A CN201710689578.6A CN201710689578A CN107454561A CN 107454561 A CN107454561 A CN 107454561A CN 201710689578 A CN201710689578 A CN 201710689578A CN 107454561 A CN107454561 A CN 107454561A
Authority
CN
China
Prior art keywords
bluetooth equipment
bluetooth
random number
data
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710689578.6A
Other languages
Chinese (zh)
Inventor
李娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengbao Co Ltd
Original Assignee
Hengbao Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengbao Co Ltd filed Critical Hengbao Co Ltd
Priority to CN201710689578.6A priority Critical patent/CN107454561A/en
Publication of CN107454561A publication Critical patent/CN107454561A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application is related to communication technical field, more particularly to a kind of Bluetooth link data guard method and its protection system, this method comprise the following steps:Bluetooth equipment 1 establishes bluetooth connection with bluetooth equipment 2;Bluetooth equipment 1 produces link protection key a1, and protects key a1 to the transmission link of bluetooth equipment 2;Bluetooth equipment 2 produces link protection key a2, and the certificate of key a2 and bluetooth equipment 2 is protected to the transmission link of bluetooth equipment 1;Bluetooth equipment 1 verifies the certificate of bluetooth equipment 2, and in the case where being verified, bluetooth equipment 1 randomly generates shared master key M1, and shared master key M1 is encrypted to obtain E1;Bluetooth equipment 1 sends the certificate of E1 and bluetooth equipment 1 to bluetooth equipment 2;Bluetooth equipment 2 verifies the certificate of the bluetooth equipment 1, and in the case where being verified, decryption E1 obtains shared master key M1.The application can effectively prevent loss of transmitted data or be stolen, and ensure bluetooth connection, the security of data transfer.

Description

A kind of Bluetooth link data guard method and its protection system
Technical field
The present invention relates to communication technical field, more particularly to a kind of Bluetooth link data guard method and its protection system.
Background technology
Data transfer is according to appropriate code, by one or more link, is transmitted between data source and data sink The process of data.Bluetooth transmission is as one kind in data transfer, because its low energy consumption, low cost, short-range feature are extensive Ground is used by people.It is trapped, steals to prevent from transmitting data, privacy of user, sensitive data in bluetooth equipment etc., can Effectively ensure that the safety of data transmission procedure is just particularly important.
At present, mainly it is attached between bluetooth equipment by the method matched, the method for pairing mainly includes:At once The matching method that the matching method of (justwork), the matching method of PIN code input and numeral compare is run, following is a brief introduction of The method once matched in the prior art between bluetooth equipment.
At once the matching method of (justwork) is run:
Step 1:Bluetooth equipment a sends broadcast message;
Step 2:Bluetooth equipment around bluetooth equipment b scannings;
Step 3:Bluetooth equipment a is selected from the list scanned;
Step 4:Bluetooth equipment a and bluetooth equipment b establish bluetooth connection;
Step 5:Carry out data transmission between bluetooth equipment a and bluetooth equipment b.
The matching method of PIN code input:
Step 1:Bluetooth equipment a sends broadcast message;
Step 2:Bluetooth equipment around bluetooth equipment b scannings;
Step 3:Bluetooth equipment a is selected from the list scanned;
Step 4:PIN code is inputted in bluetooth equipment a and bluetooth equipment b;
Step 5:Bluetooth equipment a and bluetooth equipment b establishes bluetooth connection;
Step 6:Carry out data transmission between bluetooth equipment a and bluetooth equipment b.
The matching method that numeral compares:
Step 1:Bluetooth equipment a sends broadcast message;
Step 2:Bluetooth equipment around bluetooth equipment b scannings;
Step 3:Bluetooth equipment a is selected from the list scanned;
Step 4:The comparison numeral that bluetooth equipment a display screens and bluetooth equipment b display screens are shown is compared, it is consistent to compare numeral Click on acknowledgement key;
Step 5:Bluetooth equipment a and bluetooth equipment b establishes bluetooth connection:
Step 6:Carry out data transmission between bluetooth equipment a and bluetooth equipment b.
From the pairing connection between above-mentioned bluetooth equipment and the process of data transfer, run at once (justwork) Matching method matches and data transfer does not need user to participate in, and security is low;The matching method pairing of PIN code input and data pass If defeated third party disabled user disguise as connects bluetooth equipment, and PIN code corresponding to input, bluetooth connection will be established, The leakage of significant data is will result in, the method security of this kind of bluetooth connection is relatively low, and it also requires completing input, choosing The step such as select, confirm, operation is also more complicated;The matching method pairing and data transfer that numeral compares need requirement bluetooth equipment equal Function with numerical monitor, use range is limited, and be also required to complete the steps such as input, selection, confirmation, operation is same Also it is complex.
Therefore, bluetooth connection, the security of data transfer how are improved, is that those skilled in the art need to solve at present Technical problem.
In addition, how to simplify the operating procedure of bluetooth connection, and those skilled in the art need the technology that solves at present Problem.
The content of the invention
This application provides a kind of Bluetooth link data guard method and its protection system, to improve bluetooth connection, data The security of transmission.
In order to solve the above technical problems, the application provides following technical scheme:
A kind of Bluetooth link data guard method, including:Bluetooth equipment 1 establishes bluetooth connection with bluetooth equipment 2, its feature It is, also comprises the following steps:
The bluetooth equipment 1 produces link protection key a1, and sends the link protection key to the bluetooth equipment 2 a1;
The bluetooth equipment 2 produces link protection key a2, and sends the link protection key to the bluetooth equipment 1 A2 and the bluetooth equipment 2 certificate;
The bluetooth equipment 1 verifies the certificate of the bluetooth equipment 2, and in the case where being verified, bluetooth equipment 1 is random Shared master key M1 is produced, and the shared master key M1 is encrypted to obtain E1;
The bluetooth equipment 1 sends the certificate of E1 and the bluetooth equipment 1 to the bluetooth equipment 2;The bluetooth equipment 2 The certificate of the bluetooth equipment 1 is verified, in the case where being verified, decryption E1 obtains the shared master key M1.
Bluetooth link data guard method as described above, these, it is preferred to, wherein, link protection key a1 be with Machine number r1, link protection key a2 are random number r2;The bluetooth equipment 1 is signed to the random number r1 and random number r2 Obtain S1;
The bluetooth equipment 1 sends S1 to the bluetooth equipment 2;The bluetooth equipment 2 is in the card to the bluetooth equipment 1 In the case that book is verified, continue signature verification S1, in signature verification in the case of, decryption E1 obtains the shared master Key M1.
Bluetooth link data guard method as described above, these, it is preferred to, it is close to obtain the shared master in decryption E1 After key M1, the bluetooth equipment 2 generates the handshake information F2 for including the random number r1 and random number r2, and to the indigo plant Tooth equipment 1 sends the handshake information F2;The bluetooth equipment 1 verifies the handshake information F2, in the case where being verified, The bluetooth equipment 1 generates the handshake information F1 for including the random number r1 and random number r2, and is set to the bluetooth Standby 2 send the handshake information F1;The bluetooth equipment 2 verifies the handshake information F1.
Bluetooth link data guard method as described above, these, it is preferred to, verified in the bluetooth equipment 2 described For handshake information F1 in the case of, generation includes the random number r1 and random number r2 data encryption key Skey; The bluetooth equipment 1 or the bluetooth equipment 2 are encrypted to obtain encryption data by the encryption key Skey to data Data EData, the bluetooth equipment 1 and the transmitting encrypted data EData of the bluetooth equipment 2.
Bluetooth link data guard method as described above, these, it is preferred to, in addition to:Tested in the bluetooth equipment 2 The handshake information F1 is demonstrate,proved in the case of, the bluetooth equipment 1 or the bluetooth equipment 2, which also generate, includes the random number The sequence number Seqi and disappearing comprising the random number r1 or random number r2 of r1 and the random number r2 all or part bytes Cease identifying code MAC keys MKey;Bluetooth equipment 1 or the bluetooth equipment 2 generation includes Message Authentication Code MAC keys MKey, sequence number Seqi and encryption data EData transmission data DataMAC;The bluetooth equipment 1 or the bluetooth equipment 2 Transmission data DataMAC is sent to corresponding bluetooth equipment;Receive described in transmission data DataMAC bluetooth equipment checking Message Authentication Code MAC, in the case where being verified, decryption obtains transmitting data Data.
Bluetooth link data guard method as described above, these, it is preferred to, the handshake information F1 and described shake hands Message F2 generation includes following sub-step:
The bluetooth equipment 1 carries out summary computing to the certificate of the bluetooth equipment 1 and obtains H2;The bluetooth equipment 2 is right The certificate of the bluetooth equipment 2 carries out summary computing and obtains H3;The bluetooth equipment 2 is by the random number r1, the random number R2, the H2, the H3, the S1 obtain T1 after being connected with the E1;The bluetooth equipment 2 carries out summary computing to the T1 Obtain H4;ASCII character BTMASTER is connected to obtain D2 by the bluetooth equipment 2 with the H4;Described in the use of bluetooth equipment 2 Shared master key M1 obtains handshake information F2 to the D2 computings;
The bluetooth equipment 1 is by the random number r1, the random number r2, the H2, the H3, the S1 and the E1 T1 is obtained after connection;The bluetooth equipment 1 carries out summary computing to the T1 and obtains H4;The bluetooth equipment 1 is by ASCII character BTBTSLAVE connects to obtain D1 with the H4;The bluetooth equipment 1 is obtained using the shared master key M1 to the D1 computings Handshake information F1.
A kind of bluetooth equipment, including such as lower component:
Bluetooth communication means, for the bluetooth devices with being adapted to;
Control unit, for producing link protection key a1;Set by the bluetooth communication means to the bluetooth being adapted to Preparation send the link protection key a1, and reception is adapted to the link protection key a2 of bluetooth equipment transmission and is adapted to bluetooth and sets Standby certificate;
The control unit checking is adapted to the certificate of bluetooth equipment, in the case where being verified, randomly generates shared Master key M1, and the shared master key M1 is encrypted to obtain E1;
The bluetooth communication means send the E1 and certificate to be adapted to bluetooth equipment.
Bluetooth equipment as described above, these, it is preferred to, link protection key a1 is random number r1, and link protection is close Key a2 is random number r2;
The control unit signs to obtain S1 to the random number r1 and the random number r2;
S1 is sent to be adapted to bluetooth equipment by the bluetooth communication means, receives the bag for being adapted to bluetooth equipment transmission Handshake information F2 containing the random number r1 and the random number r2;
The control unit verifies the handshake information F2, and in the case where being verified, generation includes the random number R1 and the random number r2 handshake information F1;
By the bluetooth communication means handshake information F1 is sent to be adapted to bluetooth equipment.
Bluetooth equipment as described above, these, it is preferred to, the control unit generation includes the random number r1 and institute State random number r2 data encryption key Skey and Message Authentication Code MAC comprising the random number r1 and the random number r2 is close Key MKey;Data Data is encrypted by the encryption key Skey to obtain encryption data EData;Generation includes the random number R1 and the random number r2 all or part bytes sequence number Seqi;Generation includes Message Authentication Code MAC keys MKey, sequence Number Seqi and encryption data EData transmission data DataMAC;
By the bluetooth communication means transmission data DataMAC is sent to be adapted to bluetooth equipment;Or receive and fit The transmission data DataMAC sent with bluetooth equipment, the control unit are verified the Message Authentication Code MAC, are being verified In the case of, decryption obtains transmitting data Data.
A kind of protection system based on bluetooth equipment, including:
Bluetooth equipment as described above, the bluetooth equipment at least two, one of bluetooth equipment is with being adapted to Remaining bluetooth equipment establish bluetooth connection, and mutual data transmission.
Relatively above-mentioned background technology, Bluetooth link data guard method provided by the present invention pass through bluetooth equipment 1 and indigo plant Its certificate is mutually authenticated between tooth equipment 2, if verified not by the way that bluetooth connection can be terminated, only in situation about being verified It is lower just to carry out next step operation, it also just can just continue bluetooth connection, data transfer, thus be effectively guaranteed bluetooth Connection, the security of data transfer;And on the premise of data transmission security is effectively guaranteed, using running at once (justwork) matching method carries out the operating procedure that bluetooth connection also simplifies bluetooth connection.
Further, bluetooth equipment 2 also needs to the S1 that signature verification bluetooth equipment 1 is generated, and passes through in signature authentication In the case of, next step can be just carried out, otherwise bluetooth connection disconnects, and so more improves the security of data transfer;Also Because S1 is to sign to obtain by random number r1 and random number r2, the uncertain of random number also further increases data transfer Security.
Further, by the checking to handshake information F1 and handshake information F2, the security of data transfer is also increased.
Further, data Data is encrypted by generating data encryption key Skey, adds the safety of data transfer Property;By the processing to encryption data EData obtain transmit data DataMAC, receive transmission data after, it is necessary to verify message Identifying code MAC, being verified can just decrypt to obtain transmission data Data, and otherwise bluetooth connection disconnects, and then effectively ensures The integrality of transmission data so that data transfer increase is safe and accurate.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments described in invention, for those of ordinary skill in the art, other can also be obtained according to these accompanying drawings Accompanying drawing.
Fig. 1 is the workflow schematic diagram of the embodiment 1 of Bluetooth link data guard method provided in an embodiment of the present invention;
Fig. 2 is the workflow schematic diagram of the embodiment 2 of Bluetooth link data guard method provided in an embodiment of the present invention;
Fig. 3 is bluetooth equipment provided in an embodiment of the present invention and its work system.
Description of reference numerals:
1-bluetooth equipment, 1 2-bluetooth equipment, 2 11-bluetooth communication means, 12-control unit
Embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Embodiment 1
As shown in figure 1, this application provides a kind of Bluetooth link data guard method, including as shown in the figure the step of, its Middle bluetooth equipment 1 initially sets up bluetooth connection with bluetooth equipment 2, connects as bluetooth is established between bluetooth equipment 1 and bluetooth equipment 2 The method connect can use matching method, the matching method of PIN code input of the prior art for running (justwork) at once The matching method compared with numeral, of course for simple to operate, present invention preferably uses the pairing for running (justwork) at once Method carries out bluetooth connection to bluetooth equipment 1 and bluetooth equipment 2.Further, in addition to:
Step S1, establish the bluetooth equipment 1 after bluetooth connection and produce link protection key a1, and to the bluetooth equipment 2 send the link protection key a1.
Step S2, described bluetooth equipment 2 produces link protection key a2, and sends the link to the bluetooth equipment 1 Protect the certificate of key a2 and the bluetooth equipment 2.
Step S3, described bluetooth equipment 1 verifies the certificate of the bluetooth equipment 2, if checking is not by bluetooth equipment 1 Error message is sent, bluetooth equipment 1, bluetooth equipment 2 disconnect bluetooth connection, do not allow subsequent operation, if the verification passes, bluetooth Equipment 1 randomly generates shared master key M1, and the shared master key M1 is encrypted to obtain E1.
Wherein for share master key M1 form, those skilled in the art can according to circumstances depending on, be not limited to one Kind, the preferably shared master key M1 of the application is 48 byte random numbers, for encrypted form can also according to circumstances depending on, the application Preferably, the public key in the certificate of bluetooth equipment 2 is encrypted using asymmetric arithmetic;
Step S4, described bluetooth equipment 1 sends the certificate of E1 and the bluetooth equipment 1 to the bluetooth equipment 2;
Step S5, described bluetooth equipment 2 verifies the certificate of the bluetooth equipment 1, if checking is not by bluetooth equipment 2 Error message is sent, bluetooth equipment 1, bluetooth equipment 2 disconnect bluetooth connection, do not allow subsequent operation, if the verification passes, bluetooth Equipment 2 decrypts E1 and obtains the shared master key M1.
From the foregoing, it will be observed that Bluetooth link data guard method provided herein by bluetooth equipment 1 and bluetooth equipment 2 it Between its certificate is mutually authenticated, if checking not by i.e. can terminate bluetooth connection, can just enter only in the case where being verified Row operates in next step, also just can just continue bluetooth connection, data transfer, thus be effectively guaranteed bluetooth connection, number According to the security of transmission.
Embodiment 2
As shown in Fig. 2 show the application further embodiment, wherein it is identical with the method and step shown in Fig. 1 it Place repeats no more.The link protection key a1 in embodiment 1 is wherein set to random number r1, link protection key a2 is set to random Number r2, naturally it is also possible to it is other data, such as time factor etc., as long as the technology to be reached of the embodiment of the present invention can be met Effect;The bluetooth equipment 1 signs to obtain S1 to the random number r1 and the random number r2, as obtaining S1 computing It is to obtain random number r3 after random number r1 connects with random number r2 in process the embodiment of the present application, bluetooth equipment 1 is to random number r3 The computing that make a summary obtains H1, then reuses the computing that to H1 sign of the private key of bluetooth equipment 1 and obtains S1, naturally it is also possible to It is other operation methods, as long as identical technique effect can be reached;The bluetooth equipment 1 is sent out to the bluetooth equipment 2 Send S1;The bluetooth equipment 2 in the case of, signature verification S1, is verified obstructed in the certification authentication to the bluetooth equipment 1 Cross, bluetooth equipment 2, which is then sent, sends error message, and bluetooth connection disconnects, and in signature verification in the case of, decryption E1 is obtained The shared master key M1.Due to increasing the checking to S1, next step can just be carried out by being verified, so as to further It ensure that bluetooth connection, the security of data transfer.
In addition, on this basis, for more efficient, safe bluetooth connection, carrying out data transmission, can also be further added by Checking to handshake information, can be specifically:
After decryption E1 obtains the shared master key M1, the generation of bluetooth equipment 2 includes the random number r1 and institute Random number r2 handshake information F2 is stated, and the handshake information F2 is sent to the bluetooth equipment 1;The bluetooth equipment 1 is verified The handshake information F2, if checking is not by sending error message, disconnecting bluetooth connection, otherwise be verified, the bluetooth Equipment 1 then generates the handshake information F1 for including the random number r1 and random number r2, and is sent to the bluetooth equipment 2 The handshake information F1;The bluetooth equipment 2 verifies the handshake information F1, if checking is not by sending error message, breaking Bluetooth connection is opened, otherwise is verified, then carries out next step.
Generation for above-mentioned handshake information F1 and handshake information F2, as long as comprising random number r1 and random number r2, Safer of course for transmission data, the embodiment of the present application preferably generates handshake information F1 and handshake information as follows F2:
The bluetooth equipment 1 carries out summary computing to the certificate of the bluetooth equipment 1 and obtains H2;The bluetooth equipment 2 is right The certificate of the bluetooth equipment 2 carries out summary computing and obtains H3;The bluetooth equipment 2 is by the random number r1, the random number R2, the H2, the H3, the S1 obtain T1 after being connected with the E1;The bluetooth equipment 2 carries out summary computing to the T1 Obtain H4;ASCII character BTSLAVE is connected to obtain D2 by the bluetooth equipment 2 with the H4;Described in the use of bluetooth equipment 2 Shared master key M1 obtains handshake information F2 to the D2 computings.
The bluetooth equipment 1 is by the random number r1, the random number r2, the H2, the H3, the S1 and the E1 T1 is obtained after connection;The bluetooth equipment 1 carries out summary computing to the T1 and obtains H4;The bluetooth equipment 1 is by ASCII character BTMASTER connects to obtain D1 with the H4;The bluetooth equipment 1 is obtained using the shared master key M1 to the D1 computings Handshake information F1.
In addition, verifying the handshake information F1 in the case of in the bluetooth equipment 2, generation includes the random number R1 and the random number r2 data encryption key Skey;The bluetooth equipment 1 or the bluetooth equipment 2 are close by the encryption Key Skey encrypts to obtain encryption data EData, bluetooth equipment 1 and the bluetooth equipment 2 transmission the encryption number to data Data According to EData, the data of transmission are further encrypted again, have also further ensured that the security of data transfer.
In order to ensure the integrality in data transmission procedure, it is unlikely to lack, can also be the bluetooth equipment 1 or described Sequence number Seqi of the generation of bluetooth equipment 2 comprising the random number r1 and the random number r2 all or part bytes, wherein often Send or receive a frame information, sequence number Seqi will add 1, and bluetooth equipment 1 and bluetooth equipment 2 will keep sending and receiving order row number Synchronization;The message of bluetooth equipment 1 or the bluetooth equipment 2 generation comprising the random number r1 and random number r2 is tested Demonstrate,prove code MAC keys MKey;Bluetooth equipment 1 or the bluetooth equipment 2 generation includes Message Authentication Code MAC keys MKey, sequence Row number Seqi and encryption data EData transmission data DataMAC, i.e. DataMAC=MAC (MKey, Seqi | | EData);Institute State bluetooth equipment 1 or the bluetooth equipment 2 and send transmission data DataMAC to corresponding bluetooth equipment;Receive transmission number The Message Authentication Code MAC is verified according to DataMAC bluetooth equipment, the verification process is to receive transmission data DataMAC Bluetooth equipment DataMAC=MAC (MKey, Seqi | | EData) will be used to calculate DataMAC, if result of calculation is different, institute Message Authentication Code mac authentication is stated not by then sending error message, disconnection bluetooth connection is described to disappear if result of calculation is identical Identifying code mac authentication is ceased by the way that decryption obtains transmitting data Data, completes data transfer.
Above-mentioned MAC is the Hash functions of (Message Authentication Codes) with privacy key:Message dissipates Train value is controlled by there was only privacy key K that communicating pair is known.Now hash value is referred to as MAC.Message Authentication Code has two kinds of meters Calculation mode:One kind is to utilize existing AES, and directly digest value is encrypted by such as DES;Another kind is to use Special MAC algorithms.HMAC, it is based on MD5 or SHA-1, when calculating hashed value using key and data simultaneously as inputting, And the mode of secondary hash iteration is employed, actual computational methods are as follows:
HMAC (K, M)=H (K ⊕ opad ∣ H (K ⊕ ipad ∣ M))
Wherein K is key, and length should be 64 bytes, if being less than the length, is mended automatically behind key with " 0 " filling Foot.M is message;H is hash function;The character string that opad and Ipad is made up of several 0x5c and 0x36 respectively;⊕ is represented XOR , ∣ represent attended operation.
For above-mentioned Seqi, its initial value is Seq0, can be Seq0=Random1 | | Random, wherein, Random1 Can be random number r2 preceding 8 bytes, Random2 can be random number r1 preceding 8 bytes.
Wherein, MKey and Skey calculation comprises the following steps:
Step P1, X is obtained after connecting M1, r1, r2;
X=M1 | | r1 | | r2 formula (1)
It is convenient in order to what is calculated and transmit, it can use M1 16 bytes therein and participate in computing.
Step P2, Hash operation is carried out to X, obtains Y;
Y=HMAC (X) formula (2)
Step P3, MAC keys MKey and data encryption key Skey is calculated using Hash operation result.
Hash operation result Y a part of byte is taken respectively as MKey and Skey, such as makes Y1Y2 ... that Y20 is respectively Y The 1st to the 20th byte, it is data encryption key Skey to take wherein 16 bytes, and it is MAC keys MKey separately to take 16 bytes.Example Such as:Encryption key SKey is:SKey=Y1Y2 ... Y16, MAC keys MKey is:MKey=Y5Y6 ... Y20;Due to random number r1 With random number r2 participation, disconnect bluetooth connection after, if if carrying out bluetooth connection again between bluetooth equipment, can also weigh New random generation random number, this guarantees bluetooth connection each time to be different from, after disconnection all be attached again again, institute With this also with regard to the security that ensure that bluetooth connection and data transfer of high degree.
As shown in figure 3, present invention also offers a kind of Bluetooth link to protect system, including multiple bluetooth equipments, the indigo plant Tooth equipment at least two, one of bluetooth equipment establishes bluetooth connection with remaining bluetooth equipment being adapted to, and mutually passes Transmission of data.Two bluetooth equipments are schematically drawn in Fig. 3, wherein each bluetooth equipment includes such as lower component:
Bluetooth communication means 11, for being communicated be adapted to bluetooth equipment 2;
Control unit 12, produce link protection key a1;
The link protection key a1 is sent to be adapted to bluetooth equipment 2 by the bluetooth communication means 11, receives institute The link protection key a2 that adaptation bluetooth equipment 2 is sent and the certificate for being adapted to bluetooth equipment 2;
The control unit 12 verifies the certificate for being adapted to bluetooth equipment 2, if verify not by, send error message, Bluetooth connection is disconnected, if being verified, randomly generates shared master key M1, and the shared master key M1 is encrypted to obtain E1;
By the bluetooth communication means 11 E1 and certificate are sent to be adapted to bluetooth equipment 2.
From the foregoing, it will be observed that bluetooth equipment 1 provided by the present invention with other bluetooth equipments carry out bluetooth connection after, it is necessary to phase Its certificate is mutually verified, if verified not by the way that bluetooth connection can be terminated, only in the case where can just be carried out in the case of being verified Single stepping, also just can just continue bluetooth connection, data transfer, thus effectively prevent loss of transmitted data or It is stolen, is also just effectively guaranteed bluetooth connection, the security of data transfer;And it is being effectively guaranteed data transmission security Property on the premise of, using at once run (justwork) matching method carry out bluetooth connection also simplify bluetooth connection operation walk Suddenly.
It is provided by the invention in order to which bluetooth connection and data transfer are more safe and reliable on the basis of above-described embodiment For bluetooth equipment 1 it is also possible that link protection key a1 is random number r1, link protection key a2 is random number r2;The control Part 12 signs to obtain S1 to the random number r1 and the random number r2;By the bluetooth communication means 11 to being adapted to indigo plant Tooth equipment 2 sends S1, receives and is adapted to disappearing comprising the random number r1 and the shaking hands for random number r2 for the transmission of bluetooth equipment 2 Cease F2;The control unit 12 verifies the handshake information F2, if checking not by, send error message, if being verified, Then generation includes the random number r1 and random number r2 handshake information F1;By the bluetooth communication means 11 to fitting The handshake information F1 is sent with bluetooth equipment 2.Due to adding the checking to S1, it more ensure that bluetooth connection, data pass Defeated security, in addition due also to random number r1 and random number r2 use, after this bluetooth connection disconnection, bluetooth next time Need to regenerate random number during connection, this just further prevents loss of data or is stolen, and is also increased by effectively protecting The security of bluetooth connection and data transfer is demonstrate,proved.
In order to ensure the integrality of data, it can also be that the control unit 12 generation includes the random number r1 and described Random number r2 data encryption key Skey;Data Data is encrypted to obtain encryption data by the encryption key Skey EData;Generation includes the random number r1 and the random number r2 all or part bytes sequence number Seqi and comprising described Random number r1 and random number r2 Message Authentication Code MAC keys MKey;Generation comprising Message Authentication Code MAC keys MKey, Sequence number Seqi and encryption data EData transmission data DataMAC;
By the bluetooth communication means 11 transmission data DataMAC is sent to be adapted to bluetooth equipment 2;Or receive institute The transmission data DataMAC that bluetooth equipment 2 is sent is adapted to, the control unit 12 verifies the Message Authentication Code MAC, if checking Not by then sending error message, disconnecting bluetooth connection, if being verified, decryption obtains transmitting data Data.
Further, control unit therein performs the method and step in embodiment 1 and embodiment 2, and detailed process is herein Repeat no more.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling Change is included in the present invention.Any reference in claim should not be considered as to the involved claim of limitation.
Moreover, it will be appreciated that although the present specification is described in terms of embodiments, not each embodiment is only wrapped Containing an independent technical scheme, this narrating mode of specification is only that those skilled in the art should for clarity Using specification as an entirety, the technical solutions in the various embodiments may also be suitably combined, forms those skilled in the art It is appreciated that other embodiment.

Claims (10)

1. a kind of Bluetooth link data guard method, including:Bluetooth equipment 1 establishes bluetooth connection with bluetooth equipment 2, and its feature exists In also comprising the following steps:
The bluetooth equipment 1 produces link protection key a1, and sends the link protection key a1 to the bluetooth equipment 2;
The bluetooth equipment 2 produces link protection key a2, and to the bluetooth equipment 1 send the link protection key a2 and The certificate of the bluetooth equipment 2;
The bluetooth equipment 1 verifies the certificate of the bluetooth equipment 2, and in the case where being verified, bluetooth equipment 1 randomly generates Shared master key M1, and the shared master key M1 is encrypted to obtain E1;
The bluetooth equipment 1 sends the certificate of E1 and the bluetooth equipment 1 to the bluetooth equipment 2;The bluetooth equipment 2 is verified The certificate of the bluetooth equipment 1, in the case where being verified, decryption E1 obtains the shared master key M1.
2. Bluetooth link data guard method according to claim 1, it is characterised in that wherein, link protection key a1 For random number r1, link protection key a2 is random number r2;The bluetooth equipment 1 is to the random number r1 and the random number r2 Signature obtains S1;
The bluetooth equipment 1 sends S1 to the bluetooth equipment 2;The bluetooth equipment 2 is tested in the certificate to the bluetooth equipment 1 In the case that card passes through, continue signature verification S1, in signature verification in the case of, decryption E1 obtains the shared master key M1。
3. Bluetooth link data guard method according to claim 2, it is characterised in that obtained in decryption E1 described shared After master key M1, the bluetooth equipment 2 generates the handshake information F2 for including the random number r1 and random number r2, and to institute State bluetooth equipment 1 and send the handshake information F2;The bluetooth equipment 1 verifies the handshake information F2, in the feelings being verified Under condition, the bluetooth equipment 1 generates the handshake information F1 for including the random number r1 and random number r2, and to the indigo plant Tooth equipment 2 sends the handshake information F1;The bluetooth equipment 2 verifies the handshake information F1.
4. Bluetooth link data guard method according to claim 3, it is characterised in that verified in the bluetooth equipment 2 For the handshake information F1 in the case of, generation includes the random number r1 and random number r2 data encryption key Skey;The bluetooth equipment 1 or the bluetooth equipment 2 are encrypted to obtain encryption number by the encryption key Skey to data Data According to EData, the bluetooth equipment 1 and the transmitting encrypted data EData of the bluetooth equipment 2.
5. Bluetooth link data guard method according to claim 4, it is characterised in that also include:Set in the bluetooth The handshake information F1 is in the case of for standby 2 checking, and the bluetooth equipment 1 or the bluetooth equipment 2 are also generated comprising described The sequence number Seqi of random number r1 and the random number r2 all or part bytes and include the random number r1 or random number R2 Message Authentication Code MAC keys MKey;Bluetooth equipment 1 or the bluetooth equipment 2 generation is close comprising Message Authentication Code MAC Key MKey, sequence number Seqi and encryption data EData transmission data DataMAC;The bluetooth equipment 1 or the bluetooth equipment 2 send transmission data DataMAC to corresponding bluetooth equipment;Receive transmission data DataMAC bluetooth equipment checking institute Message Authentication Code MAC is stated, in the case where being verified, decryption obtains transmitting data Data.
6. Bluetooth link data guard method according to claim 5, it is characterised in that the handshake information F1 and described Handshake information F2 generation includes following sub-step:
The bluetooth equipment 1 carries out summary computing to the certificate of the bluetooth equipment 1 and obtains H2;The bluetooth equipment 2 is to described The certificate of bluetooth equipment 2 carries out summary computing and obtains H3;The bluetooth equipment 2 is by the random number r1, the random number r2, institute State H2, the H3, the S1 and obtain T1 after being connected with the E1;The bluetooth equipment 2 carries out summary computing to the T1 and obtained H4;ASCII character BTMASTER is connected to obtain D2 by the bluetooth equipment 2 with the H4;The bluetooth equipment 2 uses described shared Master key M1 obtains handshake information F2 to the D2 computings;
The bluetooth equipment 1 connects the random number r1, the random number r2, the H2, the H3, the S1 with the E1 After obtain T1;The bluetooth equipment 1 carries out summary computing to the T1 and obtains H4;The bluetooth equipment 1 is by ASCII character BTBTSLAVE connects to obtain D1 with the H4;The bluetooth equipment 1 is obtained using the shared master key M1 to the D1 computings Handshake information F1.
7. a kind of bluetooth equipment, it is characterised in that including such as lower component:
Bluetooth communication means, for the bluetooth devices with being adapted to;
Control unit, for producing link protection key a1;Sent out by the bluetooth communication means to the bluetooth equipment being adapted to The link protection key a1 is sent, the link protection key a2 for being adapted to bluetooth equipment transmission is received and is adapted to bluetooth equipment Certificate;
The control unit checking is adapted to the certificate of bluetooth equipment, and in the case where being verified, it is close to randomly generate shared master Key M1, and the shared master key M1 is encrypted to obtain E1;
The bluetooth communication means send the E1 and certificate to be adapted to bluetooth equipment.
8. bluetooth equipment according to claim 7, it is characterised in that link protection key a1 is random number r1, and link is protected It is random number r2 to protect key a2;
The control unit signs to obtain S1 to the random number r1 and the random number r2;
By the bluetooth communication means to be adapted to bluetooth equipment send S1, receive be adapted to bluetooth equipment send include institute State random number r1 and the random number r2 handshake information F2;
The control unit verifies the handshake information F2, in the case where being verified, generation comprising the random number r1 and The handshake information F1 of the random number r2;
By the bluetooth communication means handshake information F1 is sent to be adapted to bluetooth equipment.
9. bluetooth equipment according to claim 8, it is characterised in that the control unit generation includes the random number r1 Message Authentication Code with the data encryption key Skey of the random number r2 and comprising the random number r1 and the random number r2 MAC keys MKey;Data Data is encrypted by the encryption key Skey to obtain encryption data EData;Generation is comprising described Random number r1 and the random number r2 all or part bytes sequence number Seqi;Generation includes Message Authentication Code MAC keys MKey, sequence number Seqi and encryption data EData transmission data DataMAC;
By the bluetooth communication means transmission data DataMAC is sent to be adapted to bluetooth equipment;Or receive and be adapted to indigo plant The transmission data DataMAC that tooth equipment is sent, the control unit verifies the Message Authentication Code MAC, in the feelings being verified Under condition, decryption obtains transmitting data Data.
A kind of 10. protection system based on bluetooth equipment, it is characterised in that including:
Bluetooth equipment described in any one of claim 7 to 9, the bluetooth equipment at least two, one of bluetooth equipment Bluetooth connection, and mutual data transmission are established with remaining bluetooth equipment being adapted to.
CN201710689578.6A 2017-08-14 2017-08-14 A kind of Bluetooth link data guard method and its protection system Pending CN107454561A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710689578.6A CN107454561A (en) 2017-08-14 2017-08-14 A kind of Bluetooth link data guard method and its protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710689578.6A CN107454561A (en) 2017-08-14 2017-08-14 A kind of Bluetooth link data guard method and its protection system

Publications (1)

Publication Number Publication Date
CN107454561A true CN107454561A (en) 2017-12-08

Family

ID=60491056

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710689578.6A Pending CN107454561A (en) 2017-08-14 2017-08-14 A kind of Bluetooth link data guard method and its protection system

Country Status (1)

Country Link
CN (1) CN107454561A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107786579A (en) * 2017-12-12 2018-03-09 特斯联(北京)科技有限公司 A kind of safety communicating method being used between bluetooth equipment
CN108174370A (en) * 2017-12-14 2018-06-15 北京明华联盟科技有限公司 Bluetooth security connection method, device, terminal and computer readable storage medium
CN110351929A (en) * 2019-07-17 2019-10-18 苏州佩林网络科技有限公司 A kind of wireless lamp control system based on Bluetooth technology
CN110635901A (en) * 2019-09-11 2019-12-31 北京方研矩行科技有限公司 Local Bluetooth dynamic authentication method and system for Internet of things equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101031939A (en) * 2004-10-19 2007-09-05 英特尔公司 Method and apparatus for securing communications between a smartcard and a terminal
CN101083530A (en) * 2007-07-13 2007-12-05 北京工业大学 Method for realizing intra-mobile entity authentication and cipher key negotiation using short message
CN101765996A (en) * 2007-05-31 2010-06-30 威斯科数据安全国际有限公司 Remote Authentication And Transaction Signatures
CN102111192A (en) * 2011-03-03 2011-06-29 中兴通讯股份有限公司 Bluetooth connection method and system
CN103067160A (en) * 2013-01-14 2013-04-24 江苏智联天地科技有限公司 Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD)
CN104158567A (en) * 2014-07-25 2014-11-19 天地融科技股份有限公司 Pairing method and system and data interaction method and system for Bluetooth equipment
CN104616148A (en) * 2015-01-23 2015-05-13 恒银金融科技有限公司 Payment terminal and paying method of wearable payment terminal
CN105827655A (en) * 2016-05-27 2016-08-03 飞天诚信科技股份有限公司 Intelligent key equipment and work method thereof

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101031939A (en) * 2004-10-19 2007-09-05 英特尔公司 Method and apparatus for securing communications between a smartcard and a terminal
CN101765996A (en) * 2007-05-31 2010-06-30 威斯科数据安全国际有限公司 Remote Authentication And Transaction Signatures
CN101083530A (en) * 2007-07-13 2007-12-05 北京工业大学 Method for realizing intra-mobile entity authentication and cipher key negotiation using short message
CN102111192A (en) * 2011-03-03 2011-06-29 中兴通讯股份有限公司 Bluetooth connection method and system
CN103067160A (en) * 2013-01-14 2013-04-24 江苏智联天地科技有限公司 Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD)
CN104158567A (en) * 2014-07-25 2014-11-19 天地融科技股份有限公司 Pairing method and system and data interaction method and system for Bluetooth equipment
CN104616148A (en) * 2015-01-23 2015-05-13 恒银金融科技有限公司 Payment terminal and paying method of wearable payment terminal
CN105827655A (en) * 2016-05-27 2016-08-03 飞天诚信科技股份有限公司 Intelligent key equipment and work method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
(美)梅 尔(MEYER,C.H.),(美)马脱耶斯(MATYAS,S.M.): "《密码学 计算机数据安全的一个新领域 安全系统设计和实施指南》", 31 July 1988 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107786579A (en) * 2017-12-12 2018-03-09 特斯联(北京)科技有限公司 A kind of safety communicating method being used between bluetooth equipment
CN108174370A (en) * 2017-12-14 2018-06-15 北京明华联盟科技有限公司 Bluetooth security connection method, device, terminal and computer readable storage medium
CN110351929A (en) * 2019-07-17 2019-10-18 苏州佩林网络科技有限公司 A kind of wireless lamp control system based on Bluetooth technology
CN110635901A (en) * 2019-09-11 2019-12-31 北京方研矩行科技有限公司 Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN110635901B (en) * 2019-09-11 2023-01-17 北京方研矩行科技有限公司 Local Bluetooth dynamic authentication method and system for Internet of things equipment

Similar Documents

Publication Publication Date Title
CN103338215B (en) The method setting up TLS passage based on the close algorithm of state
CN106789047B (en) A kind of block chain identification system
CN103118027B (en) The method of TLS passage is set up based on the close algorithm of state
CN104158567B (en) Matching method between bluetooth equipment and system, data interactive method and system
CN108780548A (en) Using Elliptic Curve Cryptography for Personal Device Security to Share Secrets
CN107454561A (en) A kind of Bluetooth link data guard method and its protection system
CN102724041B (en) Steganography-based key transmission and key updating method
US8966265B2 (en) Pairwise temporal key creation for secure networks
CN108599925A (en) A kind of modified AKA identity authorization systems and method based on quantum communication network
CN107294937A (en) Data transmission method, client and server based on network service
CN108809643A (en) A kind of method, system and the equipment of equipment and high in the clouds arranging key
CN111769938B (en) Key management system and data verification system of block chain sensor
CN106656510A (en) Encryption key acquisition method and system
CN106060073B (en) Channel key machinery of consultation
CN105897748B (en) A kind of transmission method and equipment of symmetric key
CN105612728A (en) Secured data channel authentication implying a shared secret
CN110022320A (en) A kind of communication partner method and communication device
WO2018120938A1 (en) Offline key transmission method, terminal and storage medium
CN109919609A (en) Anti- quantum calculation block chain secure transactions method and system based on public key pond
CN115378587B (en) Key acquisition method, device, equipment and readable storage medium
CN112653719A (en) Automobile information safety storage method and device, electronic equipment and storage medium
CN108718237A (en) A kind of modified AKA identity authorization systems and method based on pool of symmetric keys
CN109587149A (en) A kind of safety communicating method and device of data
CN114598533A (en) Block chain side chain cross-chain identity trusted authentication and data encryption transmission method
Diallo et al. A secure authentication scheme for bluetooth connection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171208

RJ01 Rejection of invention patent application after publication