CN110224822A - A kind of cryptographic key negotiation method and system - Google Patents

A kind of cryptographic key negotiation method and system Download PDF

Info

Publication number
CN110224822A
CN110224822A CN201910498185.6A CN201910498185A CN110224822A CN 110224822 A CN110224822 A CN 110224822A CN 201910498185 A CN201910498185 A CN 201910498185A CN 110224822 A CN110224822 A CN 110224822A
Authority
CN
China
Prior art keywords
key
user
ciphertext
terminal
intelligent appliance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910498185.6A
Other languages
Chinese (zh)
Other versions
CN110224822B (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201910498185.6A priority Critical patent/CN110224822B/en
Publication of CN110224822A publication Critical patent/CN110224822A/en
Application granted granted Critical
Publication of CN110224822B publication Critical patent/CN110224822B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • H04L12/282Controlling appliance services of a home automation network by calling their functionalities based on user interaction within the home
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/283Processing of data at an internetworking point of a home automation network
    • H04L12/2834Switching of information between an external network and a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Abstract

The invention discloses a kind of cryptographic key negotiation method and systems, cloud server generates random session key, second ciphertext and third ciphertext, the second ciphertext and third ciphertext are sent to terminal, the second cryptogram validation of terminal deciphering generates the 4th ciphertext after passing through, and third ciphertext and the 4th ciphertext are sent to by intelligent appliance by the point-to-point communication mode of non-network connection, intelligent appliance decrypts third ciphertext and the 4th ciphertext, terminal key is notified to negotiate successfully using the second obtained random session key as communication key after being verified and by the point-to-point communication mode of non-network connection;Intelligent appliance without interacting the verifying that cloud server can be realized to intelligent appliance safety with cloud server, suitable for no WiFi module low cost intelligent household electrical appliances and be not available the environment of WiFi, safety is higher.

Description

A kind of cryptographic key negotiation method and system
Technical field
The present invention relates to Smart Home technical field more particularly to a kind of cryptographic key negotiation method and systems.
Background technique
Smart home refers to using house as platform, using comprehensive wiring technology, network communication technology, security precautions technology, Automatic control technology, audio and video technology integrate the related facility of home life, construct efficient housing facilities and family's schedule The management system of affairs promotes house security, convenience, comfort, artistry, and realizes the living environment of environmental protection and energy saving.
In intelligent appliance-cloud server-terminal system, some intelligent appliances may without WiFi module or It cannot be interacted with cloud server in the environment of no network, cloud server can not verify the safety of intelligent appliance, intelligent family Electricity, which directly establishes the connection control authority that then whether terminal possesses intelligent appliance with terminal, can not ensure that there are certain safety winds Danger.
Summary of the invention
The purpose of the invention is to overcome the deficiencies of the prior art and provide a kind of cryptographic key negotiation method and system.
The present invention provides a kind of cryptographic key negotiation methods, comprising:
Step S1: intelligent appliance and terminal establish connection, the intelligence by the point-to-point communication mode of non-network connection Household electrical appliances encrypt device id to obtain the first ciphertext using the device keys of preservation, send first ciphertext to terminal;
Step S2: the terminal sends key application request and first ciphertext to cloud server;
Step S3: the cloud server judges whether the intelligent appliance is safe, is to then follow the steps S4, otherwise sends Information warning gives the terminal;
Step S4: the cloud server judges whether the terminal possesses the control authority of intelligent appliance, is, executes Otherwise step S5 returns to errored response to the terminal;
Step S5: the cloud server generates random session key, using the user key of preservation to described with chance Words key and the key application request in device id and random number encryption obtain the second ciphertext, use the device keys of preservation User ID in the random session key and key application request is encrypted to obtain third ciphertext, and close by described second The literary and described third ciphertext is sent to the terminal;
Step S6: the terminal using the user key of preservation decrypts second ciphertext, and to obtain the first random session close Key, the second device id and the first random number, judge save random number and first random number, preservation device id with it is described Whether the second device id is all the same, is to be, encrypts to obtain the 4th to User ID using first random session key close Text, and the third ciphertext and the 4th ciphertext are sent to by the intelligence by the point-to-point communication mode of non-network connection Household electrical appliances execute step S7, and otherwise key agreement terminates;
Step S7: the intelligent appliance using the device keys of preservation decrypt the third ciphertext obtain the first User ID and Second random session key decrypts the 4th ciphertext using second random session key and obtains second user ID, judges Whether first User ID and the second user ID are identical, are then using second random session key as communication key And notify the terminal key to negotiate successfully by the point-to-point communication mode of non-network connection, otherwise key agreement terminates.
The present invention also provides a kind of key agreement systems, comprising: intelligent appliance, terminal and cloud server;
The intelligent appliance includes:
First establishes link block, for establishing company by the point-to-point communication mode of non-network connection with the terminal It connects;
First encryption sending module, encrypts device id for the device keys using preservation to obtain the first ciphertext, send First ciphertext gives the terminal;
First receives judgment module, and the third ciphertext and the 4th ciphertext sent for receiving the terminal uses preservation Device keys decrypt the third ciphertext and obtain the first User ID and the second random session key, use the described second random session Key decrypts the 4th ciphertext and obtains second user ID, judge first User ID and the second user ID whether phase It together, is to trigger the first sending module, otherwise key agreement terminates;
First sending module, for being established using the second random session key as communication key and by described first Link block notifies the terminal key to negotiate successfully;
The terminal includes:
Second establishes link block, for being established with the intelligent appliance by the point-to-point communication mode of non-network connection Connection;
First receives sending module, and first ciphertext sent for receiving the intelligent appliance sends key application Request and first ciphertext are to cloud server;
Second receives judgment module, the second ciphertext and the third ciphertext sent for receiving the cloud server, Second ciphertext, which is decrypted, using the user key of preservation obtains the first random session key, the second device id and first at random Number judges whether the random number saved and first random number, the device id of preservation and second device id are all the same, To be then triggering the second encryption sending module, otherwise key agreement terminates;
The second encryption sending module, for encrypting to obtain the 4th to User ID using first random session key Ciphertext, and establish link block by described second and the third ciphertext and the 4th ciphertext are sent to the intelligent family Electricity;
The cloud server includes:
Receiving module, for receiving the key application request and first ciphertext that the terminal is sent;
First judgment module, for judge intelligent appliance whether safety, be to trigger the second judgment module, otherwise trigger the Two sending modules;
Second judgment module is then for judging whether the terminal possesses the control authority of the intelligent appliance Triggering generates sending module, otherwise triggers second sending module;
Second sending module is also used to return errored response to described for sending information warning to the terminal Terminal;
The generation sending module, for generating random session key, using the user key of preservation to described with chance Words key and the key application request in device id and random number encryption obtain second ciphertext, use the equipment of preservation User ID in random session key described in key pair and key application request encrypts to obtain the third ciphertext, and by institute It states the second ciphertext and the third ciphertext is sent to the terminal.
Compared with prior art, the present invention having the advantage that
A kind of cryptographic key negotiation method and system that technical solution of the present invention provides, intelligent appliance be not necessarily to and cloud server into Verifying of the cloud server to intelligent appliance safety can be realized in row interaction, the low cost intelligent man suitable for no WiFi module Electricity and the environment for not being available WiFi, safety are higher.
Detailed description of the invention
Fig. 1 is a kind of flow chart for cryptographic key negotiation method that the embodiment of the present invention one provides;
Fig. 2 is the refined flow chart of step 103 in the embodiment of the present invention one;
Fig. 3 is a kind of flow chart of cryptographic key negotiation method provided by Embodiment 2 of the present invention;
Fig. 4 is the refined flow chart of step 303 in the embodiment of the present invention two;
Fig. 5 is a kind of block diagram for key agreement system that the embodiment of the present invention three provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those skilled in the art's every other implementation obtained without making creative work Example, shall fall within the protection scope of the present invention.
Embodiment one
The embodiment of the present invention one provides a kind of cryptographic key negotiation method, as shown in Figure 1, including
Step 101: intelligent appliance and terminal establish connection by the point-to-point communication mode of non-network connection;
Specifically, the point-to-point communication mode of non-network connection is bluetooth or NFC;
Step 102: intelligent appliance encrypts device id to obtain the first ciphertext using the device keys of preservation, and it is close to send first Text gives terminal;
Step 103: terminal receives the first ciphertext that intelligent appliance is sent, and sends key application request and the first ciphertext to cloud Hold server;
Specifically, key application request in comprising application parameter, such as User ID, device id, generation random number;
Specifically, key application is 837000215000000000F3984E445AF69ED0DED34C9608A0F600D E65D904384D88BCF3E6F66FD95DABD5;
In the present embodiment, step 103 is as shown in Fig. 2, specifically include:
Step 201: terminal receives the User ID of user's input, user password;
Step 202: terminal judges whether received User ID, user password and the User ID of preservation, user password are identical, It is to then follow the steps 203, otherwise exits;
Step 203: user key is calculated by User ID and user password in terminal;
Specifically, user key is CCB41DCAB5A7B5CAAD8210E6D319C2A5D53447FB274B687014C 7B93592D09F91;
Step 204: terminal obtains device id;
Specifically, terminal can be by sending the instruction of acquisition device id, scanning intelligent appliance two dimensional code, using bluetooth discovery It searches the modes such as the broadcast data of intelligent appliance and obtains device id;
Preferably, in the present embodiment, broadcast data of the intelligent appliance by Bluetooth broadcast comprising its device id;
Step 205: terminal generates random number and saves;
Step 206: terminal requests according to User ID, device id, generating random number key application, and key application is requested Cloud server is sent to the first ciphertext;
Step 104: cloud server receives the key application request and the first ciphertext that terminal is sent, and uses the equipment of preservation Key decrypts the first ciphertext and obtains the first device id;
Step 105: cloud server judges whether the device id in the first device id and key application request is identical, is then Step 106 is executed, otherwise sends information warning to terminal;
Step 106: cloud server judges that the device id in key application request whether there is in linked list, is then Step 107 is executed, it is no to then follow the steps 108;
Step 107: cloud server judges whether User ID is User ID associated with device id in linked list, is 109 are thened follow the steps, otherwise returns to errored response to terminal;
Step 108: device id and User ID are associated by cloud server, and record is stored in linked list, Execute step 109;
Step 109: cloud server generates random session key;
Specifically, random session key is 7c1ed9e7d787d1a614fac7780b7fa1afc98f2897bc7ce4b e3cabff85425dda62;
Step 110: cloud server is using the user key of preservation to setting in random session key, key application request Standby ID and random number are encrypted to obtain the second ciphertext;
Specifically, the second ciphertext is 4A21668E99082F55CA2DA33D6EC98D7273F92631D8B20216CA4 5381BC7EFB5FA;
Step 111: cloud server is using the device keys saved in random session key and key application request User ID is encrypted to obtain third ciphertext;
Specifically, device keys are 55E3192D096E62D4F9CD00E734A949DE2B8E55B13D9B85B1D2D 2999C9DB2E72C;
Specifically, third ciphertext is 94011EB9FA384EEF8BE6C7AA65B3491BC60756E3F67AF4FFF68 65B7F958B79A2B2;
Step 112: the second ciphertext and third ciphertext are sent to terminal by cloud server;
Step 113: terminal decrypts the second ciphertext using the user key saved, obtains the first random session key, second Device id, the first random number;
Step 114: terminal judge save random number and the first random number, the device id of preservation and the second device id whether It is all the same, it is to then follow the steps 115, otherwise key agreement terminates;
Step 115: terminal encrypts User ID using the first obtained random session key, obtains the 4th ciphertext;
Specifically, the 4th ciphertext is 97e19eb03b3d26772d15d510cfda40191a290c9765870e954bb 80c9474af0d95;
Step 116: third ciphertext and the 4th ciphertext are sent to by terminal by the point-to-point communication mode of non-network connection Intelligent appliance;
Step 117: intelligent appliance using save device keys decrypt third ciphertext, obtain the first User ID and second with Machine session key;
Step 118: intelligent appliance decrypts the 4th ciphertext using the second random session key, obtains second user ID,
Step 119: intelligent appliance judges whether the first User ID is identical as second user ID, is then by the second random session Key notifies terminal key to negotiate successfully as communication key, and by the point-to-point communication mode of non-network connection;Otherwise close Key negotiation terminates.
Embodiment two
Second embodiment of the present invention provides a kind of cryptographic key negotiation methods, as shown in figure 3, including
Step 301: intelligent appliance and terminal establish connection by the point-to-point communication mode of non-network connection;
Specifically, the point-to-point communication mode of non-network connection is bluetooth or NFC;
Step 302: intelligent appliance encrypts device id to obtain the first secret value using the device private of preservation, sends first Secret value is to terminal;
Step 303: terminal receives the first secret value that intelligent appliance is sent, and sends key application request and the first secret value To cloud server;
Specifically, key application request in comprising application parameter, such as User ID, device id, generation random number;
Specifically, key application is 837000215000000000F3984E445AF69ED0DED34C9608A0F6006 57A94D4F15695633005EC909AC565511;
In the present embodiment, step 303 is as shown in figure 4, specifically include:
Step 401: terminal receives the User ID of input, user password;
Step 402: terminal judges whether received User ID, user password and the User ID of preservation, user password are identical, It is to then follow the steps 403, otherwise exits;
Step 403: terminal obtains device id;
Specifically, terminal can be by sending the instruction of acquisition device id, scanning intelligent appliance two dimensional code, using bluetooth discovery It searches the modes such as the broadcast data of intelligent appliance and obtains device id;
Preferably, in the present embodiment, broadcast data of the intelligent appliance by Bluetooth broadcast comprising its device id;
Step 404: terminal generates random number and saves;
Step 405: terminal requests according to User ID, device id, generating random number key application, and key application is requested Cloud server is sent to the first secret value.
Step 304: cloud server receives the key application request and the first secret value that terminal is sent, and uses setting for preservation Standby the first secret value of public key decryptions obtains device id ';
Step 305: cloud server judges device id ' and key application request in device id it is whether identical, be to hold Otherwise row step 306 sends information warning to terminal;
Step 306: cloud server judges that the device id in key application request whether there is in linked list, is then Step 307 is executed, it is no to then follow the steps 308;
Step 307: cloud server judges whether User ID is User ID associated with device id in linked list, is 309 are thened follow the steps, otherwise returns to errored response to terminal;
Step 308: device id and User ID are associated by cloud server, and record is stored in linked list, Execute step 309;
Step 309: cloud server generates random work key;
Specifically, random work key is 657A94D4F15695633005EC909AC5655111599BCD8278B75 D183B86FEEB778BFF;
Step 310: cloud server is using the client public key of preservation to setting in random work key, key application request Standby ID and random number are encrypted to obtain the second secret value;
Specifically, client public key is B645775EC1FB27C1B45D798489F77EBE6C00A93A0AAA88BE9C4 FFA1E7E6C32545CAC5782D0CE1615CAECE919C33EC8B34BD98AF3AC9ADBB14CFD02F65220D9E 93BE644F30611BB7521073DDB6C8A6F0AD25852C46792332CF65DC3835D4730A2DDAEEC3A7D8 978A2BC752D5CA32B918B167A5CCFBDC91EAA5B40D232D7A8AC2EFBAD5ED6BD37AB53134D688 626030209187E01C0726BF91AEB8CABB2E946C64AF46B919B2649187EFAEA912103F3DB5AD03 6BAD0218CB3F7568390970983EFCD885F4D9BD4721B3AB52032FA4B7865C0D68F7B68B28D7FC 04F3B6EFA49902DA20598DAA211CF97D08B6E879738D81E8C3B81BAF25474521A4FC3DC269D2 D1C4B;
Specifically, the second secret value is 73C27CC2DCA1B31C6C510606689E804D0E76A158EAB332A69 20D2EA376A0AD8E9BDCBBA7ACFF6F0DD3A2AC3AD5FFEBF8CD5C4F279EB83B0B03FE32DCA1F0D F962B08C8C844F0AF4F8F087E23B4A8D370942DEAC73B6003E689A1322F232BEF1E6E2252709 58C5DD5D02D3E00F6BAC6286D2DD9C5FAC7C3592E9A827332270C0A5082554D34E725618597D 966404889AA99C415FC3605762B6B4A4DD306E36E222881A9F65A6B3B43BB8793CF2EAC6A6EA F413388FBF7DC7EA7F756FDBEA16D521C9A4B52F954CC8D4BE9A5C32E7355C6F073439A479E6 9EEBFC0E1EAB0F9AC9BBA11D276E164048DC03F366D254FEDDCEE079095AB3CB38C2BD92A442 57B174D;
Step 311: cloud server is using the equipment public key saved in random work key and key application request User ID is encrypted to obtain third secret value;
Specifically, equipment public key is A83DAFFE93DB91C319A6C73CE713133FDB70AFE001DB7F0472E 22940F8BF003710060B3908AB7AB4B49A24B07A9DAD5E17C6E5C36F1B4AF8362D0751DD3D809 E6AB86D0BF665D14E76D44621FD85D060EF28255111F4F19EC92EE5C3A85C51D733147B99F6F B7AB7746FBDC7E8BD8179D8A6F668786FC8E49B28D3AF9C08B3728F850863F3A20F463140F56 B1472F09255D12D0437243127D11E43A0128FFF22498C180753A6BB6F2E216B28A774E47D034 E70BCCCAF396DC704C29218B6FA1197EE3A8C624EA1564A56D8473BA600746B62254FFABDCCC 134ADE18BB05488B02964673480B7914E62FAF44CC521C224F7508483E2980564A072809E3D6 02F7F;
Specifically, third secret value is 2E136A766A6083A770D43B5DB0427CEC1D191B696335EBF30 72249683E570F5B82D0AC87AD4D274B106BE5842B9985FC3F095BA44655938353C8D6BCF38C3 3D40A675E5317C4DFB954419455E3038CC44D0D90768094D29BDDAF1389A12611FB19485984E E4924FBA8D6C995491BF94638B23745E782D2BAB50331E1C009E989B999992B10C70766919CD 86D91871844A4301C20A58A50714CF90CE47FE8E23261B254A7EDE0023F1BC617C77A0195CB7 EA38483E00BEA2E68AC18725431A97E67A40DFFAA36853C55D8A15EE558DD493E4CFDEA1B779 0D2A2E3627F5A31991F91AD8C9675363E22A9FD512B874D5B8F67DC9D1F4C83F93CECDBE95C6 4957D99;
Step 312: the second secret value and third secret value are sent to terminal by cloud server;
Step 313: terminal decrypts the second secret value using the private key for user saved, obtains the first random work key, sets Standby ID " and random number ';
Specifically, private key for user is
DB750DC524646DA0F749382E4ED44952E0331DFCF8C1860EBDB05EB94CF7D52587C4 D9109A1DC3CED0565800490D5AE339DC785BDB0B50FEE4E4DC4154EAA69855A1DFFA334AE55A D050AEB0A3FF648B0D3E912D9D9CDC147A63F95B4859CB553EC59D2523E9A27EFB70C8721E1E 72E6BAFC53C22F1EF5DAA909ED3964FFB763CE175AE88EBB0CDDB795C60F24EA3FFD699AA042 7A098BDD7244E245DB9ACFF59A75274AFC77F836FE71858BA2E18E218E8CB630BD8C5B3FFA6D D661BAFF0DC5C563E82B984A6223A469F85A9EDFB237C2B03EBF2668566CCB8D52045F10E56B 956A4A865B9777B965DE817C872B00A3F4D06F2DEA062F6D25F78B59FD1DF439012F76AD93EE BEF0D9A5199A966E6B1EF97B0D346A9B90FFCF627E807DBBF0F8CCECF14737ADE57ADE8138E4 77808CF7213EE19F8D655840A837DC40B616B663A842C194F665F72B3068DF28B11A160EF239 5E4B62C8901FC4317A0D562CB5FE75E25760F5FAB318007FB1757C5829C2B94BD79FFAE52DEA CA72F5471416958537F4BB681D28C84B82C715A992FA4F397CECD0CA7BDC0FAFA690F166CA43 746758F2AA227FFE0AD4D3ACFAF778D809012F75211A86BC8F2205DAC0B474533FE80CBA1D95 8899D99F97CA75F614E0E3C0A409BA5FA80BF83B3DE136FD9CDA379048573DB8D13184FE3F9C 7447DD635D9F269F59307C3405B87AF085537F981C71B2856B80603120426FA9D7C372E59064 0C46B350B46AF564ED42821E298EF3B4D0A24CBA84283F6D390E249D26DC5F3DD91BFF39D470 32ABA8132B66C717614736A2245ADC19C88617E1C15AB06F2B520E75E7733EBBDAAF5C0BFC9A 5CE1B0D99CDBDEA7B144E6C82533893A7B2920FAC6E35841580A4F29163D9C08DEE8BEE3;
Step 314: terminal compare the random number saved and random number ', the device id and device id that save " it is whether homogeneous It together, is to then follow the steps 315, otherwise key agreement terminates;
Step 315: terminal is encrypted using the first obtained random work key pair User ID, obtains the 4th encryption Value;
Specifically, the 4th secret value is ED4E1D4D3179B53D22A561E38B97522BB2C29FBC7957B0F1D 7BB03AE96760D7A;
Step 316: terminal is sent out third secret value and the 4th secret value by the point-to-point communication mode of non-network connection Give intelligent appliance;
Step 317: intelligent appliance using save device private decrypt third secret value, obtain User ID ' and second with Machine working key;
Specifically, device private is
FB5172EE60330B9E5D20A451DA66A22F81B93390528F93D8AE35FC121C38823FA4F2 AE3254C9E47A776D554E3B3E1DCBAFF77E7E096532AE8896992DABF42D31FDCCD8807DC4FA40 FFA492C93A117CE6E440B198CFA5C84E87793E784469A2007A50AEF1FA84DDED72C4E37F86A7 357E7E1EE93C4A0D0EB89A47613E93C35C5FFA40BA665FF67928F92BC6C9FD7AF759993D28E2 5603111F3DDA4185431C362376DC2BCF710A389BE7695DE63FFE988D647A376C2BC38B17FB75 54E7BD84F7DD210476E9C5E22230A7E638CEA6114C2BF740AC38D6401FC6CE7100D6DEB0C83F F35B3E61F8B6AFE45320C2094C8CA120D037FD0C990143E7D983CE6FC93AF02DCCC2ABB57443 A2AFC0889BD8E4ECC22F9AADDE49343B2EE657EA3C1A354C0532FD9D8C380DC50096973F4945 9817200798B339284F575857C3898FFC1A21B3C10B5C1EF9717F4FB62D9354D506AEC0E90E07 77AB5D6361343A449A953A882629E57E5F4B602568FBD18A8120A2011220A17965E66D1EFE63 81AFAE9761A4C65929BE6A59716077CD71E2EF81FA1A6CF0313396824ABEB03879E4D2511C64 B4532E1C83E25284D5F48BA173DC58886B820A64A8A20E9ACBB4F0691E049A04782416C1DBE4 1AF221A9E417EF19E971B1371443617709A620A6D500DC96FB069A20B0C363A08C104D3ED4EE FDEEF729EE26BF14D7CD2628A3DF24D56BB611E716F1EC070F506D2F9B00A15E9D118166F21D 647DDFE7CEF6D2DC03A41748F75BEF4C3C2CF60EFEA2A7CF54EE6114143F93830C68B9A8A694 CC29D38BF8E6746FACB808D38B382A58F61113ABC76E129701220EA2667784C4F700F21E9EB5 ECB0C88C970E6194EAE69A603D9D245B78BC7B5845A5B0977B220ADC34CDC4A6D09D7ED7;
Step 318: intelligent appliance decrypts the 4th secret value using the second random work key, obtains User ID ",
Step 319: intelligent appliance judge User ID ' and User ID " it is whether identical, be then by the second random work key make For communication key, and terminal key is notified to negotiate successfully by the point-to-point communication mode of non-network connection;Otherwise key agreement Terminate.
Embodiment three
The embodiment of the present invention three provides a kind of key agreement system, as shown in figure 5, including intelligent appliance, terminal and cloud Server;
Intelligent appliance includes:
First establishes link block 11, for establishing connection by the point-to-point communication mode of non-network connection with terminal;
First encryption sending module 12, encrypts device id for the device keys using preservation to obtain the first ciphertext, send out Send the first ciphertext to terminal;
First receives judgment module 13, for receiving the third ciphertext and the 4th ciphertext of terminal transmission, uses setting for preservation Standby key decryption third ciphertext obtains the first User ID and the second random session key, uses the second random session key decryption the Four ciphertexts obtain second user ID, judge whether the first User ID and second user ID are identical, are to trigger the first sending module 14, otherwise key agreement terminates;
First sending module 14, for establishing connection mould using the second random session key as communication key and by first Block 11 notifies terminal key to negotiate successfully;
Terminal includes:
Second establishes link block 21, for establishing company by the point-to-point communication mode of non-network connection with intelligent appliance It connects;
First receive sending module 22, for receive intelligent appliance transmission the first ciphertext, send key application request and First ciphertext is to cloud server;
Second receives judgment module 23, for receiving the second ciphertext and third ciphertext of cloud server transmission, uses guarantor The user key deposited decrypts the second ciphertext and obtains the first random session key, the second device id and the first random number, judges to save Random number and the first random number, preservation device id it is whether all the same with the second device id, be then triggering second encryption Sending module 24, otherwise key agreement terminates;
Second encryption sending module 24, obtains the 4th ciphertext for encrypting using the first random session key to User ID, And link block 21 is established by second, third ciphertext and the 4th ciphertext are sent to intelligent appliance;
Cloud server includes:
Receiving module 31, for receiving the key application request and the first ciphertext of terminal transmission;
First judgment module 32, for judging whether intelligent appliance is safe, is to trigger the second judgment module 33, otherwise touches Send out the second sending module 34;
Second judgment module 33 is to trigger generation hair for judging whether terminal possesses the control authority of intelligent appliance Module 35 is sent, the second sending module 34 is otherwise triggered;
Second sending module 34 is also used to return errored response to terminal for sending information warning to terminal;
Sending module 35 is generated, for generating random session key, using the user key of preservation to random session key With key application request in device id and random number encryption obtain the second ciphertext, using the device keys of preservation to random session User ID in key and key application request encrypts to obtain third ciphertext, and the second ciphertext and third ciphertext are sent to end End.
Optionally, in the present embodiment, the first reception sending module 22 includes:
First verifying submodule triggers operation if being verified and generates submodule, otherwise move back for verifying user identity Out;
Operation generates submodule, and User ID and user password for being inputted according to user are calculated user key and protect It deposits, obtain device id and saves, generate random number and save, triggering generates sending submodule;
Sending submodule is generated, for requesting according to User ID, device id, generating random number key application, sends key Application request and the first ciphertext are to cloud server.
Optionally, in the present embodiment, the first verifying submodule includes:
First receives storage unit, for receiving the User ID of user's input, user password and saving;
First judging unit, for judge received User ID, user password and the User ID of preservation, user password whether It is identical, it is to be, triggers operation and generate submodule, otherwise exit.
Optionally, in the present embodiment, first judgment module, it is close specifically for using the device keys of preservation to decrypt first Text obtains the first device id, judges whether the device id in the first device id and key application request is identical, is then intelligent appliance Safety triggers the second judgment module, otherwise triggers the second sending module.
Optionally, in the present embodiment, the second judgment module 33 includes:
First judging submodule, for judge key application request in device id whether there is in linked list, be Second judgment submodule is then triggered, otherwise triggering association submodule;
Second judgment submodule, for judging whether the User ID in key application request is in linked list in device id Associated User ID is to trigger generation sending module, otherwise triggers the second sending module;
It is associated with submodule, for closing the User ID in the device id and key application request in key application request Connection, and record is stored in linked list, triggering generates sending module.
Example IV
The embodiment of the present invention four provides a kind of cryptographic key negotiation method, comprising:
Step S1: intelligent appliance and terminal establish connection, the intelligence by the point-to-point communication mode of non-network connection Household electrical appliances encrypt device id to obtain the first ciphertext using the device keys of preservation, send first ciphertext to terminal;
Step S2: the terminal sends key application request and first ciphertext to cloud server;
Step S3: the cloud server judges whether the intelligent appliance is safe, is to then follow the steps S4, otherwise sends Information warning gives the terminal;
Step S4: the cloud server judges whether the terminal possesses the control authority of intelligent appliance, is, executes Otherwise step S5 returns to errored response to the terminal;
Step S5: the cloud server generates random session key, using the user key of preservation to described with chance Words key and the key application request in device id and random number encryption obtain the second ciphertext, use the device keys of preservation User ID in the random session key and key application request is encrypted to obtain third ciphertext, and close by described second The literary and described third ciphertext is sent to the terminal;
Step S6: the terminal using the user key of preservation decrypts second ciphertext, and to obtain the first random session close Key, the second device id and the first random number, judge save random number and first random number, preservation device id with it is described Whether the second device id is all the same, is to be, encrypts to obtain the 4th to User ID using first random session key close Text, and the third ciphertext and the 4th ciphertext are sent to by the intelligence by the point-to-point communication mode of non-network connection Household electrical appliances execute step S7, and otherwise key agreement terminates;
Step S7: the intelligent appliance using the device keys of preservation decrypt the third ciphertext obtain the first User ID and Second random session key decrypts the 4th ciphertext using second random session key and obtains second user ID, judges Whether first User ID and the second user ID are identical, are then using second random session key as communication key And notify the terminal key to negotiate successfully by the point-to-point communication mode of non-network connection, otherwise key agreement terminates.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, Anyone skilled in the art is in technical scope disclosed by the invention, and any changes or substitutions that can be easily thought of, It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims Subject to.

Claims (10)

1. a kind of cryptographic key negotiation method characterized by comprising
Step S1: intelligent appliance and terminal establish connection, the intelligent appliance by the point-to-point communication mode of non-network connection Device id is encrypted to obtain the first ciphertext using the device keys of preservation, sends first ciphertext to terminal;
Step S2: the terminal sends key application request and first ciphertext to cloud server;
Step S3: the cloud server judges whether the intelligent appliance is safe, is to then follow the steps S4, otherwise sends warning Information gives the terminal;
Step S4: the cloud server judges whether the terminal possesses the control authority of intelligent appliance, is to then follow the steps Otherwise S5 returns to errored response to the terminal;
Step S5: the cloud server generates random session key, close to the random session using the user key of preservation Key and the key application request in device id and random number encryption obtain the second ciphertext, using the device keys of preservation to institute State the User ID in random session key and key application request and encrypt to obtain third ciphertext, and will second ciphertext with The third ciphertext is sent to the terminal;
Step S6: the terminal decrypts second ciphertext using the user key of preservation and obtains the first random session key, the Two device ids and the first random number judge the device id and described second of the random number saved and first random number, preservation Whether device id is all the same, is to be, encrypts to obtain the 4th ciphertext to User ID using first random session key, and The third ciphertext and the 4th ciphertext are sent to the intelligent appliance by the point-to-point communication mode of non-network connection, Step S7 is executed, otherwise key agreement terminates;
Step S7: the intelligent appliance decrypts the third ciphertext using the device keys of preservation and obtains the first User ID and second Random session key decrypts the 4th ciphertext using second random session key and obtains second user ID, described in judgement Whether the first User ID and the second user ID are identical, are, second random session key as communication key and is led to The point-to-point communication mode for crossing non-network connection notifies the terminal key to negotiate successfully, and otherwise key agreement terminates.
2. the method as described in claim 1, which is characterized in that the step S2 specifically:
Step A1: the terminal authentication user identity thens follow the steps A2 if being verified, otherwise exits;
Step A2: the User ID and user password that the terminal is inputted according to user are calculated the user key and save, It obtains the device id and saves, generate the random number and save;
Step A3: terminal key application according to the User ID, the device id, generating random number request, The key application request and first ciphertext are sent to the cloud server.
3. method according to claim 2, which is characterized in that the step A1 specifically:
Step A1-1: the terminal receives the User ID of user's input, user password;
Step A1-2: the terminal judge respectively received User ID, user password and the User ID of preservation, user password whether Identical, being is to then follow the steps A2, is otherwise exited.
4. the method as described in claim 1, which is characterized in that the step S3 specifically:
The cloud server decrypts the first ciphertext using the device keys of preservation and obtains the first device id, judges that described first sets Whether the device id in standby ID and key application request is identical, is that then otherwise intelligent appliance safety, execution step S4 are sent Information warning gives the terminal.
5. the method as described in claim 1, which is characterized in that the step S4 specifically:
Step B1: the cloud server judges that the device id in the key application request whether there is in linked list, It is to then follow the steps B2, it is no to then follow the steps B3;
Step B2: the cloud server judge the User ID in key application request whether be in the linked list with The associated User ID of device id, is to then follow the steps S3, otherwise returns to errored response to the terminal;
Step B3: the cloud server by the key application request in device id and the key application request in use Family ID is associated, and record is stored in the linked list, executes step S3.
6. a kind of key agreement system, which is characterized in that the system comprises intelligent appliance, terminal and cloud servers;
The intelligent appliance includes:
First establishes link block, for establishing connection by the point-to-point communication mode of non-network connection with the terminal;
First encryption sending module encrypts to obtain the first ciphertext to device id for the device keys using preservation, described in transmission First ciphertext gives the terminal;
First receives judgment module, and the third ciphertext and the 4th ciphertext sent for receiving the terminal uses the equipment of preservation Key decrypts the third ciphertext and obtains the first User ID and the second random session key, uses second random session key It decrypts the 4th ciphertext and obtains second user ID, judge whether first User ID and the second user ID are identical, are The first sending module is then triggered, otherwise key agreement terminates;
First sending module, for establishing connection using the second random session key as communication key and by described first Module notifies the terminal key to negotiate successfully;
The terminal includes:
Second establishes link block, for establishing company by the point-to-point communication mode of non-network connection with the intelligent appliance It connects;
First receives sending module, and first ciphertext sent for receiving the intelligent appliance sends key application request With first ciphertext to cloud server;
Second receives judgment module, and the second ciphertext and the third ciphertext sent for receiving the cloud server uses The user key of preservation decrypts second ciphertext and obtains the first random session key, the second device id and the first random number, sentences Whether the disconnected random number saved and first random number, the device id of preservation and second device id are all the same, are to be Then the second encryption of triggering sending module, otherwise key agreement terminates;
The second encryption sending module, it is close for encrypting to obtain the 4th to User ID using first random session key Text, and establish link block by described second and the third ciphertext and the 4th ciphertext are sent to the intelligent appliance;
The cloud server includes:
Receiving module, for receiving the key application request and first ciphertext that the terminal is sent;
Otherwise first judgment module triggers the second hair for judging whether intelligent appliance is safe, is to trigger the second judgment module Send module;
Second judgment module is to trigger for judging whether the terminal possesses the control authority of the intelligent appliance Sending module is generated, second sending module is otherwise triggered;
Second sending module is also used to return errored response to the terminal for sending information warning to the terminal;
The generation sending module, it is close to the random session using the user key of preservation for generating random session key Key and the key application request in device id and random number encryption obtain second ciphertext, use the device keys of preservation Encrypt to obtain the third ciphertext to the User ID in the random session key and key application request, and by described the Two ciphertexts and the third ciphertext are sent to the terminal.
7. key agreement system as claimed in claim 6, which is characterized in that described first, which receives sending module, includes:
First verifying submodule triggers operation if being verified and generates submodule, otherwise exit for verifying user identity;
The operation generates submodule, and the user key is calculated in User ID and user password for being inputted according to user And save, obtain the device id and save, generate the random number and save, triggering generates sending submodule;
The generation sending submodule is used for the key Shen according to the User ID, the device id, the generating random number It please request, send the key application request and first ciphertext to the cloud server.
8. key agreement system as claimed in claim 7, which is characterized in that described first, which verifies submodule, includes:
First receives storage unit, for receiving the User ID of user's input, user password and saving;
First judging unit, for judge the User ID of received User ID, user password and preservation, user password whether phase Together, it is to be, triggers the operation and generate submodule, otherwise exit.
9. key agreement system as claimed in claim 6, which is characterized in that the first judgment module is specifically used for using The device keys of preservation decrypt the first ciphertext and obtain the first device id, judge first device id and key application request In device id it is whether identical, be then intelligent appliance safety, trigger the second judgment module, otherwise trigger the second sending module.
10. key agreement system as claimed in claim 6, which is characterized in that second judgment module includes:
First judging submodule is for judging that the device id in key application request whether there is in linked list Second judgment submodule is then triggered, otherwise triggering association submodule;
The second judgment submodule, for judging whether the User ID in the key application request is in the linked list In the associated User ID of the device id, it is to trigger the generation sending module, otherwise triggers the second sending module;
The association submodule, for the user in the device id and key application request in requesting the key application ID is associated, and record is stored in the linked list, triggers the generation sending module.
CN201910498185.6A 2019-06-10 2019-06-10 Key negotiation method and system Active CN110224822B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910498185.6A CN110224822B (en) 2019-06-10 2019-06-10 Key negotiation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910498185.6A CN110224822B (en) 2019-06-10 2019-06-10 Key negotiation method and system

Publications (2)

Publication Number Publication Date
CN110224822A true CN110224822A (en) 2019-09-10
CN110224822B CN110224822B (en) 2022-03-18

Family

ID=67816173

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910498185.6A Active CN110224822B (en) 2019-06-10 2019-06-10 Key negotiation method and system

Country Status (1)

Country Link
CN (1) CN110224822B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541550A (en) * 2020-05-11 2020-08-14 卡瓦科尔牙科医疗器械(苏州)有限公司 Secret key generation method of dental medical information system
CN112511490A (en) * 2020-10-29 2021-03-16 苏州达塔库自动化科技有限公司 Smart power grid safety communication method based on combined password
CN113132977A (en) * 2019-12-31 2021-07-16 佛山市云米电器科技有限公司 Network distribution method, network distribution system and computer readable storage medium
CN115987583A (en) * 2022-12-09 2023-04-18 北京纬百科技有限公司 Binding control method for base of intelligent device, base, intelligent device and storage medium
CN116887250A (en) * 2023-09-07 2023-10-13 飞天诚信科技股份有限公司 Network connection realization method and system of intelligent equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516103A (en) * 2015-11-30 2016-04-20 青岛海尔智能家电科技有限公司 Method, device and system for binding intelligent household electrical appliances
CN105959189A (en) * 2016-06-08 2016-09-21 美的集团股份有限公司 Home appliance equipment, communication system and method of cloud server and terminal, and terminal
CN106130982A (en) * 2016-06-28 2016-11-16 北京万协通信息技术有限公司 Intelligent household appliance remote control method based on PKI system
US20190089684A1 (en) * 2014-03-11 2019-03-21 Tencent Technology (Shenzhen) Company Limited Method and system for encrypted communications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190089684A1 (en) * 2014-03-11 2019-03-21 Tencent Technology (Shenzhen) Company Limited Method and system for encrypted communications
CN105516103A (en) * 2015-11-30 2016-04-20 青岛海尔智能家电科技有限公司 Method, device and system for binding intelligent household electrical appliances
CN105959189A (en) * 2016-06-08 2016-09-21 美的集团股份有限公司 Home appliance equipment, communication system and method of cloud server and terminal, and terminal
CN106130982A (en) * 2016-06-28 2016-11-16 北京万协通信息技术有限公司 Intelligent household appliance remote control method based on PKI system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132977A (en) * 2019-12-31 2021-07-16 佛山市云米电器科技有限公司 Network distribution method, network distribution system and computer readable storage medium
CN111541550A (en) * 2020-05-11 2020-08-14 卡瓦科尔牙科医疗器械(苏州)有限公司 Secret key generation method of dental medical information system
CN112511490A (en) * 2020-10-29 2021-03-16 苏州达塔库自动化科技有限公司 Smart power grid safety communication method based on combined password
CN115987583A (en) * 2022-12-09 2023-04-18 北京纬百科技有限公司 Binding control method for base of intelligent device, base, intelligent device and storage medium
CN115987583B (en) * 2022-12-09 2023-10-03 北京纬百科技有限公司 Binding control method for base of intelligent device, base, intelligent device and storage medium
CN116887250A (en) * 2023-09-07 2023-10-13 飞天诚信科技股份有限公司 Network connection realization method and system of intelligent equipment
CN116887250B (en) * 2023-09-07 2023-11-07 飞天诚信科技股份有限公司 Network connection realization method and system of intelligent equipment

Also Published As

Publication number Publication date
CN110224822B (en) 2022-03-18

Similar Documents

Publication Publication Date Title
CN110224822A (en) A kind of cryptographic key negotiation method and system
CN106101147B (en) A kind of method and system for realizing smart machine and the communication of remote terminal dynamic encryption
CN106130982B (en) Intelligent household appliance remote control method based on PKI system
CN105162772B (en) A kind of internet of things equipment certifiede-mail protocol method and apparatus
CN101340443B (en) Session key negotiating method, system and server in communication network
CN101510877B (en) Single-point logging-on method and system, communication apparatus
TWI642288B (en) Instant communication method and system
CN105871920A (en) Communication system and method of terminal and cloud server as well as terminal and cloud server
CN105763559B (en) A kind of intelligent home control system and method
CN105471974A (en) Intelligent equipment capable of realizing remote control, terminal equipment and method
CN109462850A (en) A kind of network collocating method and smart machine of smart machine
CN110198295A (en) Safety certifying method and device and storage medium
US10133861B2 (en) Method for controlling access to a production system of a computer system not connected to an information system of said computer system
CN101286849A (en) Authentication system and method of a third party based on engagement arithmetic
CN106506479B (en) Method, system and the client of cipher authentication, server and smart machine
CN107094138B (en) A kind of smart home safe communication system and communication means
CN108377188A (en) A kind of quantum cryptography system for extraordinary emergent self-organized network communication
CN109962781B (en) Digital certificate distributing device
CN106357679A (en) Method, system and client for password authentication, and server and intelligent equipment
CN101810017A (en) Selective security termination in next generation mobile networks
CN105681253B (en) Data encryption and transmission method, equipment, gateway in centralized network
CN111756530B (en) Quantum service mobile engine system, network architecture and related equipment
CN113411187A (en) Identity authentication method and system, storage medium and processor
Hassani Karbasi et al. SINGLETON: A lightweight and secure end-to-end encryption protocol for the sensor networks in the Internet of Things based on cryptographic ratchets
CN103024599B (en) Set top box communication method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant