CN110224822A - A kind of cryptographic key negotiation method and system - Google Patents
A kind of cryptographic key negotiation method and system Download PDFInfo
- Publication number
- CN110224822A CN110224822A CN201910498185.6A CN201910498185A CN110224822A CN 110224822 A CN110224822 A CN 110224822A CN 201910498185 A CN201910498185 A CN 201910498185A CN 110224822 A CN110224822 A CN 110224822A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- ciphertext
- terminal
- intelligent appliance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2816—Controlling appliance services of a home automation network by calling their functionalities
- H04L12/282—Controlling appliance services of a home automation network by calling their functionalities based on user interaction within the home
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/283—Processing of data at an internetworking point of a home automation network
- H04L12/2834—Switching of information between an external network and a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Abstract
The invention discloses a kind of cryptographic key negotiation method and systems, cloud server generates random session key, second ciphertext and third ciphertext, the second ciphertext and third ciphertext are sent to terminal, the second cryptogram validation of terminal deciphering generates the 4th ciphertext after passing through, and third ciphertext and the 4th ciphertext are sent to by intelligent appliance by the point-to-point communication mode of non-network connection, intelligent appliance decrypts third ciphertext and the 4th ciphertext, terminal key is notified to negotiate successfully using the second obtained random session key as communication key after being verified and by the point-to-point communication mode of non-network connection;Intelligent appliance without interacting the verifying that cloud server can be realized to intelligent appliance safety with cloud server, suitable for no WiFi module low cost intelligent household electrical appliances and be not available the environment of WiFi, safety is higher.
Description
Technical field
The present invention relates to Smart Home technical field more particularly to a kind of cryptographic key negotiation method and systems.
Background technique
Smart home refers to using house as platform, using comprehensive wiring technology, network communication technology, security precautions technology,
Automatic control technology, audio and video technology integrate the related facility of home life, construct efficient housing facilities and family's schedule
The management system of affairs promotes house security, convenience, comfort, artistry, and realizes the living environment of environmental protection and energy saving.
In intelligent appliance-cloud server-terminal system, some intelligent appliances may without WiFi module or
It cannot be interacted with cloud server in the environment of no network, cloud server can not verify the safety of intelligent appliance, intelligent family
Electricity, which directly establishes the connection control authority that then whether terminal possesses intelligent appliance with terminal, can not ensure that there are certain safety winds
Danger.
Summary of the invention
The purpose of the invention is to overcome the deficiencies of the prior art and provide a kind of cryptographic key negotiation method and system.
The present invention provides a kind of cryptographic key negotiation methods, comprising:
Step S1: intelligent appliance and terminal establish connection, the intelligence by the point-to-point communication mode of non-network connection
Household electrical appliances encrypt device id to obtain the first ciphertext using the device keys of preservation, send first ciphertext to terminal;
Step S2: the terminal sends key application request and first ciphertext to cloud server;
Step S3: the cloud server judges whether the intelligent appliance is safe, is to then follow the steps S4, otherwise sends
Information warning gives the terminal;
Step S4: the cloud server judges whether the terminal possesses the control authority of intelligent appliance, is, executes
Otherwise step S5 returns to errored response to the terminal;
Step S5: the cloud server generates random session key, using the user key of preservation to described with chance
Words key and the key application request in device id and random number encryption obtain the second ciphertext, use the device keys of preservation
User ID in the random session key and key application request is encrypted to obtain third ciphertext, and close by described second
The literary and described third ciphertext is sent to the terminal;
Step S6: the terminal using the user key of preservation decrypts second ciphertext, and to obtain the first random session close
Key, the second device id and the first random number, judge save random number and first random number, preservation device id with it is described
Whether the second device id is all the same, is to be, encrypts to obtain the 4th to User ID using first random session key close
Text, and the third ciphertext and the 4th ciphertext are sent to by the intelligence by the point-to-point communication mode of non-network connection
Household electrical appliances execute step S7, and otherwise key agreement terminates;
Step S7: the intelligent appliance using the device keys of preservation decrypt the third ciphertext obtain the first User ID and
Second random session key decrypts the 4th ciphertext using second random session key and obtains second user ID, judges
Whether first User ID and the second user ID are identical, are then using second random session key as communication key
And notify the terminal key to negotiate successfully by the point-to-point communication mode of non-network connection, otherwise key agreement terminates.
The present invention also provides a kind of key agreement systems, comprising: intelligent appliance, terminal and cloud server;
The intelligent appliance includes:
First establishes link block, for establishing company by the point-to-point communication mode of non-network connection with the terminal
It connects;
First encryption sending module, encrypts device id for the device keys using preservation to obtain the first ciphertext, send
First ciphertext gives the terminal;
First receives judgment module, and the third ciphertext and the 4th ciphertext sent for receiving the terminal uses preservation
Device keys decrypt the third ciphertext and obtain the first User ID and the second random session key, use the described second random session
Key decrypts the 4th ciphertext and obtains second user ID, judge first User ID and the second user ID whether phase
It together, is to trigger the first sending module, otherwise key agreement terminates;
First sending module, for being established using the second random session key as communication key and by described first
Link block notifies the terminal key to negotiate successfully;
The terminal includes:
Second establishes link block, for being established with the intelligent appliance by the point-to-point communication mode of non-network connection
Connection;
First receives sending module, and first ciphertext sent for receiving the intelligent appliance sends key application
Request and first ciphertext are to cloud server;
Second receives judgment module, the second ciphertext and the third ciphertext sent for receiving the cloud server,
Second ciphertext, which is decrypted, using the user key of preservation obtains the first random session key, the second device id and first at random
Number judges whether the random number saved and first random number, the device id of preservation and second device id are all the same,
To be then triggering the second encryption sending module, otherwise key agreement terminates;
The second encryption sending module, for encrypting to obtain the 4th to User ID using first random session key
Ciphertext, and establish link block by described second and the third ciphertext and the 4th ciphertext are sent to the intelligent family
Electricity;
The cloud server includes:
Receiving module, for receiving the key application request and first ciphertext that the terminal is sent;
First judgment module, for judge intelligent appliance whether safety, be to trigger the second judgment module, otherwise trigger the
Two sending modules;
Second judgment module is then for judging whether the terminal possesses the control authority of the intelligent appliance
Triggering generates sending module, otherwise triggers second sending module;
Second sending module is also used to return errored response to described for sending information warning to the terminal
Terminal;
The generation sending module, for generating random session key, using the user key of preservation to described with chance
Words key and the key application request in device id and random number encryption obtain second ciphertext, use the equipment of preservation
User ID in random session key described in key pair and key application request encrypts to obtain the third ciphertext, and by institute
It states the second ciphertext and the third ciphertext is sent to the terminal.
Compared with prior art, the present invention having the advantage that
A kind of cryptographic key negotiation method and system that technical solution of the present invention provides, intelligent appliance be not necessarily to and cloud server into
Verifying of the cloud server to intelligent appliance safety can be realized in row interaction, the low cost intelligent man suitable for no WiFi module
Electricity and the environment for not being available WiFi, safety are higher.
Detailed description of the invention
Fig. 1 is a kind of flow chart for cryptographic key negotiation method that the embodiment of the present invention one provides;
Fig. 2 is the refined flow chart of step 103 in the embodiment of the present invention one;
Fig. 3 is a kind of flow chart of cryptographic key negotiation method provided by Embodiment 2 of the present invention;
Fig. 4 is the refined flow chart of step 303 in the embodiment of the present invention two;
Fig. 5 is a kind of block diagram for key agreement system that the embodiment of the present invention three provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those skilled in the art's every other implementation obtained without making creative work
Example, shall fall within the protection scope of the present invention.
Embodiment one
The embodiment of the present invention one provides a kind of cryptographic key negotiation method, as shown in Figure 1, including
Step 101: intelligent appliance and terminal establish connection by the point-to-point communication mode of non-network connection;
Specifically, the point-to-point communication mode of non-network connection is bluetooth or NFC;
Step 102: intelligent appliance encrypts device id to obtain the first ciphertext using the device keys of preservation, and it is close to send first
Text gives terminal;
Step 103: terminal receives the first ciphertext that intelligent appliance is sent, and sends key application request and the first ciphertext to cloud
Hold server;
Specifically, key application request in comprising application parameter, such as User ID, device id, generation random number;
Specifically, key application is 837000215000000000F3984E445AF69ED0DED34C9608A0F600D
E65D904384D88BCF3E6F66FD95DABD5;
In the present embodiment, step 103 is as shown in Fig. 2, specifically include:
Step 201: terminal receives the User ID of user's input, user password;
Step 202: terminal judges whether received User ID, user password and the User ID of preservation, user password are identical,
It is to then follow the steps 203, otherwise exits;
Step 203: user key is calculated by User ID and user password in terminal;
Specifically, user key is CCB41DCAB5A7B5CAAD8210E6D319C2A5D53447FB274B687014C
7B93592D09F91;
Step 204: terminal obtains device id;
Specifically, terminal can be by sending the instruction of acquisition device id, scanning intelligent appliance two dimensional code, using bluetooth discovery
It searches the modes such as the broadcast data of intelligent appliance and obtains device id;
Preferably, in the present embodiment, broadcast data of the intelligent appliance by Bluetooth broadcast comprising its device id;
Step 205: terminal generates random number and saves;
Step 206: terminal requests according to User ID, device id, generating random number key application, and key application is requested
Cloud server is sent to the first ciphertext;
Step 104: cloud server receives the key application request and the first ciphertext that terminal is sent, and uses the equipment of preservation
Key decrypts the first ciphertext and obtains the first device id;
Step 105: cloud server judges whether the device id in the first device id and key application request is identical, is then
Step 106 is executed, otherwise sends information warning to terminal;
Step 106: cloud server judges that the device id in key application request whether there is in linked list, is then
Step 107 is executed, it is no to then follow the steps 108;
Step 107: cloud server judges whether User ID is User ID associated with device id in linked list, is
109 are thened follow the steps, otherwise returns to errored response to terminal;
Step 108: device id and User ID are associated by cloud server, and record is stored in linked list,
Execute step 109;
Step 109: cloud server generates random session key;
Specifically, random session key is 7c1ed9e7d787d1a614fac7780b7fa1afc98f2897bc7ce4b
e3cabff85425dda62;
Step 110: cloud server is using the user key of preservation to setting in random session key, key application request
Standby ID and random number are encrypted to obtain the second ciphertext;
Specifically, the second ciphertext is 4A21668E99082F55CA2DA33D6EC98D7273F92631D8B20216CA4
5381BC7EFB5FA;
Step 111: cloud server is using the device keys saved in random session key and key application request
User ID is encrypted to obtain third ciphertext;
Specifically, device keys are 55E3192D096E62D4F9CD00E734A949DE2B8E55B13D9B85B1D2D
2999C9DB2E72C;
Specifically, third ciphertext is 94011EB9FA384EEF8BE6C7AA65B3491BC60756E3F67AF4FFF68
65B7F958B79A2B2;
Step 112: the second ciphertext and third ciphertext are sent to terminal by cloud server;
Step 113: terminal decrypts the second ciphertext using the user key saved, obtains the first random session key, second
Device id, the first random number;
Step 114: terminal judge save random number and the first random number, the device id of preservation and the second device id whether
It is all the same, it is to then follow the steps 115, otherwise key agreement terminates;
Step 115: terminal encrypts User ID using the first obtained random session key, obtains the 4th ciphertext;
Specifically, the 4th ciphertext is 97e19eb03b3d26772d15d510cfda40191a290c9765870e954bb
80c9474af0d95;
Step 116: third ciphertext and the 4th ciphertext are sent to by terminal by the point-to-point communication mode of non-network connection
Intelligent appliance;
Step 117: intelligent appliance using save device keys decrypt third ciphertext, obtain the first User ID and second with
Machine session key;
Step 118: intelligent appliance decrypts the 4th ciphertext using the second random session key, obtains second user ID,
Step 119: intelligent appliance judges whether the first User ID is identical as second user ID, is then by the second random session
Key notifies terminal key to negotiate successfully as communication key, and by the point-to-point communication mode of non-network connection;Otherwise close
Key negotiation terminates.
Embodiment two
Second embodiment of the present invention provides a kind of cryptographic key negotiation methods, as shown in figure 3, including
Step 301: intelligent appliance and terminal establish connection by the point-to-point communication mode of non-network connection;
Specifically, the point-to-point communication mode of non-network connection is bluetooth or NFC;
Step 302: intelligent appliance encrypts device id to obtain the first secret value using the device private of preservation, sends first
Secret value is to terminal;
Step 303: terminal receives the first secret value that intelligent appliance is sent, and sends key application request and the first secret value
To cloud server;
Specifically, key application request in comprising application parameter, such as User ID, device id, generation random number;
Specifically, key application is 837000215000000000F3984E445AF69ED0DED34C9608A0F6006
57A94D4F15695633005EC909AC565511;
In the present embodiment, step 303 is as shown in figure 4, specifically include:
Step 401: terminal receives the User ID of input, user password;
Step 402: terminal judges whether received User ID, user password and the User ID of preservation, user password are identical,
It is to then follow the steps 403, otherwise exits;
Step 403: terminal obtains device id;
Specifically, terminal can be by sending the instruction of acquisition device id, scanning intelligent appliance two dimensional code, using bluetooth discovery
It searches the modes such as the broadcast data of intelligent appliance and obtains device id;
Preferably, in the present embodiment, broadcast data of the intelligent appliance by Bluetooth broadcast comprising its device id;
Step 404: terminal generates random number and saves;
Step 405: terminal requests according to User ID, device id, generating random number key application, and key application is requested
Cloud server is sent to the first secret value.
Step 304: cloud server receives the key application request and the first secret value that terminal is sent, and uses setting for preservation
Standby the first secret value of public key decryptions obtains device id ';
Step 305: cloud server judges device id ' and key application request in device id it is whether identical, be to hold
Otherwise row step 306 sends information warning to terminal;
Step 306: cloud server judges that the device id in key application request whether there is in linked list, is then
Step 307 is executed, it is no to then follow the steps 308;
Step 307: cloud server judges whether User ID is User ID associated with device id in linked list, is
309 are thened follow the steps, otherwise returns to errored response to terminal;
Step 308: device id and User ID are associated by cloud server, and record is stored in linked list,
Execute step 309;
Step 309: cloud server generates random work key;
Specifically, random work key is 657A94D4F15695633005EC909AC5655111599BCD8278B75
D183B86FEEB778BFF;
Step 310: cloud server is using the client public key of preservation to setting in random work key, key application request
Standby ID and random number are encrypted to obtain the second secret value;
Specifically, client public key is B645775EC1FB27C1B45D798489F77EBE6C00A93A0AAA88BE9C4
FFA1E7E6C32545CAC5782D0CE1615CAECE919C33EC8B34BD98AF3AC9ADBB14CFD02F65220D9E
93BE644F30611BB7521073DDB6C8A6F0AD25852C46792332CF65DC3835D4730A2DDAEEC3A7D8
978A2BC752D5CA32B918B167A5CCFBDC91EAA5B40D232D7A8AC2EFBAD5ED6BD37AB53134D688
626030209187E01C0726BF91AEB8CABB2E946C64AF46B919B2649187EFAEA912103F3DB5AD03
6BAD0218CB3F7568390970983EFCD885F4D9BD4721B3AB52032FA4B7865C0D68F7B68B28D7FC
04F3B6EFA49902DA20598DAA211CF97D08B6E879738D81E8C3B81BAF25474521A4FC3DC269D2
D1C4B;
Specifically, the second secret value is 73C27CC2DCA1B31C6C510606689E804D0E76A158EAB332A69
20D2EA376A0AD8E9BDCBBA7ACFF6F0DD3A2AC3AD5FFEBF8CD5C4F279EB83B0B03FE32DCA1F0D
F962B08C8C844F0AF4F8F087E23B4A8D370942DEAC73B6003E689A1322F232BEF1E6E2252709
58C5DD5D02D3E00F6BAC6286D2DD9C5FAC7C3592E9A827332270C0A5082554D34E725618597D
966404889AA99C415FC3605762B6B4A4DD306E36E222881A9F65A6B3B43BB8793CF2EAC6A6EA
F413388FBF7DC7EA7F756FDBEA16D521C9A4B52F954CC8D4BE9A5C32E7355C6F073439A479E6
9EEBFC0E1EAB0F9AC9BBA11D276E164048DC03F366D254FEDDCEE079095AB3CB38C2BD92A442
57B174D;
Step 311: cloud server is using the equipment public key saved in random work key and key application request
User ID is encrypted to obtain third secret value;
Specifically, equipment public key is A83DAFFE93DB91C319A6C73CE713133FDB70AFE001DB7F0472E
22940F8BF003710060B3908AB7AB4B49A24B07A9DAD5E17C6E5C36F1B4AF8362D0751DD3D809
E6AB86D0BF665D14E76D44621FD85D060EF28255111F4F19EC92EE5C3A85C51D733147B99F6F
B7AB7746FBDC7E8BD8179D8A6F668786FC8E49B28D3AF9C08B3728F850863F3A20F463140F56
B1472F09255D12D0437243127D11E43A0128FFF22498C180753A6BB6F2E216B28A774E47D034
E70BCCCAF396DC704C29218B6FA1197EE3A8C624EA1564A56D8473BA600746B62254FFABDCCC
134ADE18BB05488B02964673480B7914E62FAF44CC521C224F7508483E2980564A072809E3D6
02F7F;
Specifically, third secret value is 2E136A766A6083A770D43B5DB0427CEC1D191B696335EBF30
72249683E570F5B82D0AC87AD4D274B106BE5842B9985FC3F095BA44655938353C8D6BCF38C3
3D40A675E5317C4DFB954419455E3038CC44D0D90768094D29BDDAF1389A12611FB19485984E
E4924FBA8D6C995491BF94638B23745E782D2BAB50331E1C009E989B999992B10C70766919CD
86D91871844A4301C20A58A50714CF90CE47FE8E23261B254A7EDE0023F1BC617C77A0195CB7
EA38483E00BEA2E68AC18725431A97E67A40DFFAA36853C55D8A15EE558DD493E4CFDEA1B779
0D2A2E3627F5A31991F91AD8C9675363E22A9FD512B874D5B8F67DC9D1F4C83F93CECDBE95C6
4957D99;
Step 312: the second secret value and third secret value are sent to terminal by cloud server;
Step 313: terminal decrypts the second secret value using the private key for user saved, obtains the first random work key, sets
Standby ID " and random number ';
Specifically, private key for user is
DB750DC524646DA0F749382E4ED44952E0331DFCF8C1860EBDB05EB94CF7D52587C4
D9109A1DC3CED0565800490D5AE339DC785BDB0B50FEE4E4DC4154EAA69855A1DFFA334AE55A
D050AEB0A3FF648B0D3E912D9D9CDC147A63F95B4859CB553EC59D2523E9A27EFB70C8721E1E
72E6BAFC53C22F1EF5DAA909ED3964FFB763CE175AE88EBB0CDDB795C60F24EA3FFD699AA042
7A098BDD7244E245DB9ACFF59A75274AFC77F836FE71858BA2E18E218E8CB630BD8C5B3FFA6D
D661BAFF0DC5C563E82B984A6223A469F85A9EDFB237C2B03EBF2668566CCB8D52045F10E56B
956A4A865B9777B965DE817C872B00A3F4D06F2DEA062F6D25F78B59FD1DF439012F76AD93EE
BEF0D9A5199A966E6B1EF97B0D346A9B90FFCF627E807DBBF0F8CCECF14737ADE57ADE8138E4
77808CF7213EE19F8D655840A837DC40B616B663A842C194F665F72B3068DF28B11A160EF239
5E4B62C8901FC4317A0D562CB5FE75E25760F5FAB318007FB1757C5829C2B94BD79FFAE52DEA
CA72F5471416958537F4BB681D28C84B82C715A992FA4F397CECD0CA7BDC0FAFA690F166CA43
746758F2AA227FFE0AD4D3ACFAF778D809012F75211A86BC8F2205DAC0B474533FE80CBA1D95
8899D99F97CA75F614E0E3C0A409BA5FA80BF83B3DE136FD9CDA379048573DB8D13184FE3F9C
7447DD635D9F269F59307C3405B87AF085537F981C71B2856B80603120426FA9D7C372E59064
0C46B350B46AF564ED42821E298EF3B4D0A24CBA84283F6D390E249D26DC5F3DD91BFF39D470
32ABA8132B66C717614736A2245ADC19C88617E1C15AB06F2B520E75E7733EBBDAAF5C0BFC9A
5CE1B0D99CDBDEA7B144E6C82533893A7B2920FAC6E35841580A4F29163D9C08DEE8BEE3;
Step 314: terminal compare the random number saved and random number ', the device id and device id that save " it is whether homogeneous
It together, is to then follow the steps 315, otherwise key agreement terminates;
Step 315: terminal is encrypted using the first obtained random work key pair User ID, obtains the 4th encryption
Value;
Specifically, the 4th secret value is ED4E1D4D3179B53D22A561E38B97522BB2C29FBC7957B0F1D
7BB03AE96760D7A;
Step 316: terminal is sent out third secret value and the 4th secret value by the point-to-point communication mode of non-network connection
Give intelligent appliance;
Step 317: intelligent appliance using save device private decrypt third secret value, obtain User ID ' and second with
Machine working key;
Specifically, device private is
FB5172EE60330B9E5D20A451DA66A22F81B93390528F93D8AE35FC121C38823FA4F2
AE3254C9E47A776D554E3B3E1DCBAFF77E7E096532AE8896992DABF42D31FDCCD8807DC4FA40
FFA492C93A117CE6E440B198CFA5C84E87793E784469A2007A50AEF1FA84DDED72C4E37F86A7
357E7E1EE93C4A0D0EB89A47613E93C35C5FFA40BA665FF67928F92BC6C9FD7AF759993D28E2
5603111F3DDA4185431C362376DC2BCF710A389BE7695DE63FFE988D647A376C2BC38B17FB75
54E7BD84F7DD210476E9C5E22230A7E638CEA6114C2BF740AC38D6401FC6CE7100D6DEB0C83F
F35B3E61F8B6AFE45320C2094C8CA120D037FD0C990143E7D983CE6FC93AF02DCCC2ABB57443
A2AFC0889BD8E4ECC22F9AADDE49343B2EE657EA3C1A354C0532FD9D8C380DC50096973F4945
9817200798B339284F575857C3898FFC1A21B3C10B5C1EF9717F4FB62D9354D506AEC0E90E07
77AB5D6361343A449A953A882629E57E5F4B602568FBD18A8120A2011220A17965E66D1EFE63
81AFAE9761A4C65929BE6A59716077CD71E2EF81FA1A6CF0313396824ABEB03879E4D2511C64
B4532E1C83E25284D5F48BA173DC58886B820A64A8A20E9ACBB4F0691E049A04782416C1DBE4
1AF221A9E417EF19E971B1371443617709A620A6D500DC96FB069A20B0C363A08C104D3ED4EE
FDEEF729EE26BF14D7CD2628A3DF24D56BB611E716F1EC070F506D2F9B00A15E9D118166F21D
647DDFE7CEF6D2DC03A41748F75BEF4C3C2CF60EFEA2A7CF54EE6114143F93830C68B9A8A694
CC29D38BF8E6746FACB808D38B382A58F61113ABC76E129701220EA2667784C4F700F21E9EB5
ECB0C88C970E6194EAE69A603D9D245B78BC7B5845A5B0977B220ADC34CDC4A6D09D7ED7;
Step 318: intelligent appliance decrypts the 4th secret value using the second random work key, obtains User ID ",
Step 319: intelligent appliance judge User ID ' and User ID " it is whether identical, be then by the second random work key make
For communication key, and terminal key is notified to negotiate successfully by the point-to-point communication mode of non-network connection;Otherwise key agreement
Terminate.
Embodiment three
The embodiment of the present invention three provides a kind of key agreement system, as shown in figure 5, including intelligent appliance, terminal and cloud
Server;
Intelligent appliance includes:
First establishes link block 11, for establishing connection by the point-to-point communication mode of non-network connection with terminal;
First encryption sending module 12, encrypts device id for the device keys using preservation to obtain the first ciphertext, send out
Send the first ciphertext to terminal;
First receives judgment module 13, for receiving the third ciphertext and the 4th ciphertext of terminal transmission, uses setting for preservation
Standby key decryption third ciphertext obtains the first User ID and the second random session key, uses the second random session key decryption the
Four ciphertexts obtain second user ID, judge whether the first User ID and second user ID are identical, are to trigger the first sending module
14, otherwise key agreement terminates;
First sending module 14, for establishing connection mould using the second random session key as communication key and by first
Block 11 notifies terminal key to negotiate successfully;
Terminal includes:
Second establishes link block 21, for establishing company by the point-to-point communication mode of non-network connection with intelligent appliance
It connects;
First receive sending module 22, for receive intelligent appliance transmission the first ciphertext, send key application request and
First ciphertext is to cloud server;
Second receives judgment module 23, for receiving the second ciphertext and third ciphertext of cloud server transmission, uses guarantor
The user key deposited decrypts the second ciphertext and obtains the first random session key, the second device id and the first random number, judges to save
Random number and the first random number, preservation device id it is whether all the same with the second device id, be then triggering second encryption
Sending module 24, otherwise key agreement terminates;
Second encryption sending module 24, obtains the 4th ciphertext for encrypting using the first random session key to User ID,
And link block 21 is established by second, third ciphertext and the 4th ciphertext are sent to intelligent appliance;
Cloud server includes:
Receiving module 31, for receiving the key application request and the first ciphertext of terminal transmission;
First judgment module 32, for judging whether intelligent appliance is safe, is to trigger the second judgment module 33, otherwise touches
Send out the second sending module 34;
Second judgment module 33 is to trigger generation hair for judging whether terminal possesses the control authority of intelligent appliance
Module 35 is sent, the second sending module 34 is otherwise triggered;
Second sending module 34 is also used to return errored response to terminal for sending information warning to terminal;
Sending module 35 is generated, for generating random session key, using the user key of preservation to random session key
With key application request in device id and random number encryption obtain the second ciphertext, using the device keys of preservation to random session
User ID in key and key application request encrypts to obtain third ciphertext, and the second ciphertext and third ciphertext are sent to end
End.
Optionally, in the present embodiment, the first reception sending module 22 includes:
First verifying submodule triggers operation if being verified and generates submodule, otherwise move back for verifying user identity
Out;
Operation generates submodule, and User ID and user password for being inputted according to user are calculated user key and protect
It deposits, obtain device id and saves, generate random number and save, triggering generates sending submodule;
Sending submodule is generated, for requesting according to User ID, device id, generating random number key application, sends key
Application request and the first ciphertext are to cloud server.
Optionally, in the present embodiment, the first verifying submodule includes:
First receives storage unit, for receiving the User ID of user's input, user password and saving;
First judging unit, for judge received User ID, user password and the User ID of preservation, user password whether
It is identical, it is to be, triggers operation and generate submodule, otherwise exit.
Optionally, in the present embodiment, first judgment module, it is close specifically for using the device keys of preservation to decrypt first
Text obtains the first device id, judges whether the device id in the first device id and key application request is identical, is then intelligent appliance
Safety triggers the second judgment module, otherwise triggers the second sending module.
Optionally, in the present embodiment, the second judgment module 33 includes:
First judging submodule, for judge key application request in device id whether there is in linked list, be
Second judgment submodule is then triggered, otherwise triggering association submodule;
Second judgment submodule, for judging whether the User ID in key application request is in linked list in device id
Associated User ID is to trigger generation sending module, otherwise triggers the second sending module;
It is associated with submodule, for closing the User ID in the device id and key application request in key application request
Connection, and record is stored in linked list, triggering generates sending module.
Example IV
The embodiment of the present invention four provides a kind of cryptographic key negotiation method, comprising:
Step S1: intelligent appliance and terminal establish connection, the intelligence by the point-to-point communication mode of non-network connection
Household electrical appliances encrypt device id to obtain the first ciphertext using the device keys of preservation, send first ciphertext to terminal;
Step S2: the terminal sends key application request and first ciphertext to cloud server;
Step S3: the cloud server judges whether the intelligent appliance is safe, is to then follow the steps S4, otherwise sends
Information warning gives the terminal;
Step S4: the cloud server judges whether the terminal possesses the control authority of intelligent appliance, is, executes
Otherwise step S5 returns to errored response to the terminal;
Step S5: the cloud server generates random session key, using the user key of preservation to described with chance
Words key and the key application request in device id and random number encryption obtain the second ciphertext, use the device keys of preservation
User ID in the random session key and key application request is encrypted to obtain third ciphertext, and close by described second
The literary and described third ciphertext is sent to the terminal;
Step S6: the terminal using the user key of preservation decrypts second ciphertext, and to obtain the first random session close
Key, the second device id and the first random number, judge save random number and first random number, preservation device id with it is described
Whether the second device id is all the same, is to be, encrypts to obtain the 4th to User ID using first random session key close
Text, and the third ciphertext and the 4th ciphertext are sent to by the intelligence by the point-to-point communication mode of non-network connection
Household electrical appliances execute step S7, and otherwise key agreement terminates;
Step S7: the intelligent appliance using the device keys of preservation decrypt the third ciphertext obtain the first User ID and
Second random session key decrypts the 4th ciphertext using second random session key and obtains second user ID, judges
Whether first User ID and the second user ID are identical, are then using second random session key as communication key
And notify the terminal key to negotiate successfully by the point-to-point communication mode of non-network connection, otherwise key agreement terminates.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
Anyone skilled in the art is in technical scope disclosed by the invention, and any changes or substitutions that can be easily thought of,
It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims
Subject to.
Claims (10)
1. a kind of cryptographic key negotiation method characterized by comprising
Step S1: intelligent appliance and terminal establish connection, the intelligent appliance by the point-to-point communication mode of non-network connection
Device id is encrypted to obtain the first ciphertext using the device keys of preservation, sends first ciphertext to terminal;
Step S2: the terminal sends key application request and first ciphertext to cloud server;
Step S3: the cloud server judges whether the intelligent appliance is safe, is to then follow the steps S4, otherwise sends warning
Information gives the terminal;
Step S4: the cloud server judges whether the terminal possesses the control authority of intelligent appliance, is to then follow the steps
Otherwise S5 returns to errored response to the terminal;
Step S5: the cloud server generates random session key, close to the random session using the user key of preservation
Key and the key application request in device id and random number encryption obtain the second ciphertext, using the device keys of preservation to institute
State the User ID in random session key and key application request and encrypt to obtain third ciphertext, and will second ciphertext with
The third ciphertext is sent to the terminal;
Step S6: the terminal decrypts second ciphertext using the user key of preservation and obtains the first random session key, the
Two device ids and the first random number judge the device id and described second of the random number saved and first random number, preservation
Whether device id is all the same, is to be, encrypts to obtain the 4th ciphertext to User ID using first random session key, and
The third ciphertext and the 4th ciphertext are sent to the intelligent appliance by the point-to-point communication mode of non-network connection,
Step S7 is executed, otherwise key agreement terminates;
Step S7: the intelligent appliance decrypts the third ciphertext using the device keys of preservation and obtains the first User ID and second
Random session key decrypts the 4th ciphertext using second random session key and obtains second user ID, described in judgement
Whether the first User ID and the second user ID are identical, are, second random session key as communication key and is led to
The point-to-point communication mode for crossing non-network connection notifies the terminal key to negotiate successfully, and otherwise key agreement terminates.
2. the method as described in claim 1, which is characterized in that the step S2 specifically:
Step A1: the terminal authentication user identity thens follow the steps A2 if being verified, otherwise exits;
Step A2: the User ID and user password that the terminal is inputted according to user are calculated the user key and save,
It obtains the device id and saves, generate the random number and save;
Step A3: terminal key application according to the User ID, the device id, generating random number request,
The key application request and first ciphertext are sent to the cloud server.
3. method according to claim 2, which is characterized in that the step A1 specifically:
Step A1-1: the terminal receives the User ID of user's input, user password;
Step A1-2: the terminal judge respectively received User ID, user password and the User ID of preservation, user password whether
Identical, being is to then follow the steps A2, is otherwise exited.
4. the method as described in claim 1, which is characterized in that the step S3 specifically:
The cloud server decrypts the first ciphertext using the device keys of preservation and obtains the first device id, judges that described first sets
Whether the device id in standby ID and key application request is identical, is that then otherwise intelligent appliance safety, execution step S4 are sent
Information warning gives the terminal.
5. the method as described in claim 1, which is characterized in that the step S4 specifically:
Step B1: the cloud server judges that the device id in the key application request whether there is in linked list,
It is to then follow the steps B2, it is no to then follow the steps B3;
Step B2: the cloud server judge the User ID in key application request whether be in the linked list with
The associated User ID of device id, is to then follow the steps S3, otherwise returns to errored response to the terminal;
Step B3: the cloud server by the key application request in device id and the key application request in use
Family ID is associated, and record is stored in the linked list, executes step S3.
6. a kind of key agreement system, which is characterized in that the system comprises intelligent appliance, terminal and cloud servers;
The intelligent appliance includes:
First establishes link block, for establishing connection by the point-to-point communication mode of non-network connection with the terminal;
First encryption sending module encrypts to obtain the first ciphertext to device id for the device keys using preservation, described in transmission
First ciphertext gives the terminal;
First receives judgment module, and the third ciphertext and the 4th ciphertext sent for receiving the terminal uses the equipment of preservation
Key decrypts the third ciphertext and obtains the first User ID and the second random session key, uses second random session key
It decrypts the 4th ciphertext and obtains second user ID, judge whether first User ID and the second user ID are identical, are
The first sending module is then triggered, otherwise key agreement terminates;
First sending module, for establishing connection using the second random session key as communication key and by described first
Module notifies the terminal key to negotiate successfully;
The terminal includes:
Second establishes link block, for establishing company by the point-to-point communication mode of non-network connection with the intelligent appliance
It connects;
First receives sending module, and first ciphertext sent for receiving the intelligent appliance sends key application request
With first ciphertext to cloud server;
Second receives judgment module, and the second ciphertext and the third ciphertext sent for receiving the cloud server uses
The user key of preservation decrypts second ciphertext and obtains the first random session key, the second device id and the first random number, sentences
Whether the disconnected random number saved and first random number, the device id of preservation and second device id are all the same, are to be
Then the second encryption of triggering sending module, otherwise key agreement terminates;
The second encryption sending module, it is close for encrypting to obtain the 4th to User ID using first random session key
Text, and establish link block by described second and the third ciphertext and the 4th ciphertext are sent to the intelligent appliance;
The cloud server includes:
Receiving module, for receiving the key application request and first ciphertext that the terminal is sent;
Otherwise first judgment module triggers the second hair for judging whether intelligent appliance is safe, is to trigger the second judgment module
Send module;
Second judgment module is to trigger for judging whether the terminal possesses the control authority of the intelligent appliance
Sending module is generated, second sending module is otherwise triggered;
Second sending module is also used to return errored response to the terminal for sending information warning to the terminal;
The generation sending module, it is close to the random session using the user key of preservation for generating random session key
Key and the key application request in device id and random number encryption obtain second ciphertext, use the device keys of preservation
Encrypt to obtain the third ciphertext to the User ID in the random session key and key application request, and by described the
Two ciphertexts and the third ciphertext are sent to the terminal.
7. key agreement system as claimed in claim 6, which is characterized in that described first, which receives sending module, includes:
First verifying submodule triggers operation if being verified and generates submodule, otherwise exit for verifying user identity;
The operation generates submodule, and the user key is calculated in User ID and user password for being inputted according to user
And save, obtain the device id and save, generate the random number and save, triggering generates sending submodule;
The generation sending submodule is used for the key Shen according to the User ID, the device id, the generating random number
It please request, send the key application request and first ciphertext to the cloud server.
8. key agreement system as claimed in claim 7, which is characterized in that described first, which verifies submodule, includes:
First receives storage unit, for receiving the User ID of user's input, user password and saving;
First judging unit, for judge the User ID of received User ID, user password and preservation, user password whether phase
Together, it is to be, triggers the operation and generate submodule, otherwise exit.
9. key agreement system as claimed in claim 6, which is characterized in that the first judgment module is specifically used for using
The device keys of preservation decrypt the first ciphertext and obtain the first device id, judge first device id and key application request
In device id it is whether identical, be then intelligent appliance safety, trigger the second judgment module, otherwise trigger the second sending module.
10. key agreement system as claimed in claim 6, which is characterized in that second judgment module includes:
First judging submodule is for judging that the device id in key application request whether there is in linked list
Second judgment submodule is then triggered, otherwise triggering association submodule;
The second judgment submodule, for judging whether the User ID in the key application request is in the linked list
In the associated User ID of the device id, it is to trigger the generation sending module, otherwise triggers the second sending module;
The association submodule, for the user in the device id and key application request in requesting the key application
ID is associated, and record is stored in the linked list, triggers the generation sending module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910498185.6A CN110224822B (en) | 2019-06-10 | 2019-06-10 | Key negotiation method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910498185.6A CN110224822B (en) | 2019-06-10 | 2019-06-10 | Key negotiation method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110224822A true CN110224822A (en) | 2019-09-10 |
CN110224822B CN110224822B (en) | 2022-03-18 |
Family
ID=67816173
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910498185.6A Active CN110224822B (en) | 2019-06-10 | 2019-06-10 | Key negotiation method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110224822B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111541550A (en) * | 2020-05-11 | 2020-08-14 | 卡瓦科尔牙科医疗器械(苏州)有限公司 | Secret key generation method of dental medical information system |
CN112511490A (en) * | 2020-10-29 | 2021-03-16 | 苏州达塔库自动化科技有限公司 | Smart power grid safety communication method based on combined password |
CN113132977A (en) * | 2019-12-31 | 2021-07-16 | 佛山市云米电器科技有限公司 | Network distribution method, network distribution system and computer readable storage medium |
CN115987583A (en) * | 2022-12-09 | 2023-04-18 | 北京纬百科技有限公司 | Binding control method for base of intelligent device, base, intelligent device and storage medium |
CN116887250A (en) * | 2023-09-07 | 2023-10-13 | 飞天诚信科技股份有限公司 | Network connection realization method and system of intelligent equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105516103A (en) * | 2015-11-30 | 2016-04-20 | 青岛海尔智能家电科技有限公司 | Method, device and system for binding intelligent household electrical appliances |
CN105959189A (en) * | 2016-06-08 | 2016-09-21 | 美的集团股份有限公司 | Home appliance equipment, communication system and method of cloud server and terminal, and terminal |
CN106130982A (en) * | 2016-06-28 | 2016-11-16 | 北京万协通信息技术有限公司 | Intelligent household appliance remote control method based on PKI system |
US20190089684A1 (en) * | 2014-03-11 | 2019-03-21 | Tencent Technology (Shenzhen) Company Limited | Method and system for encrypted communications |
-
2019
- 2019-06-10 CN CN201910498185.6A patent/CN110224822B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190089684A1 (en) * | 2014-03-11 | 2019-03-21 | Tencent Technology (Shenzhen) Company Limited | Method and system for encrypted communications |
CN105516103A (en) * | 2015-11-30 | 2016-04-20 | 青岛海尔智能家电科技有限公司 | Method, device and system for binding intelligent household electrical appliances |
CN105959189A (en) * | 2016-06-08 | 2016-09-21 | 美的集团股份有限公司 | Home appliance equipment, communication system and method of cloud server and terminal, and terminal |
CN106130982A (en) * | 2016-06-28 | 2016-11-16 | 北京万协通信息技术有限公司 | Intelligent household appliance remote control method based on PKI system |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113132977A (en) * | 2019-12-31 | 2021-07-16 | 佛山市云米电器科技有限公司 | Network distribution method, network distribution system and computer readable storage medium |
CN111541550A (en) * | 2020-05-11 | 2020-08-14 | 卡瓦科尔牙科医疗器械(苏州)有限公司 | Secret key generation method of dental medical information system |
CN112511490A (en) * | 2020-10-29 | 2021-03-16 | 苏州达塔库自动化科技有限公司 | Smart power grid safety communication method based on combined password |
CN115987583A (en) * | 2022-12-09 | 2023-04-18 | 北京纬百科技有限公司 | Binding control method for base of intelligent device, base, intelligent device and storage medium |
CN115987583B (en) * | 2022-12-09 | 2023-10-03 | 北京纬百科技有限公司 | Binding control method for base of intelligent device, base, intelligent device and storage medium |
CN116887250A (en) * | 2023-09-07 | 2023-10-13 | 飞天诚信科技股份有限公司 | Network connection realization method and system of intelligent equipment |
CN116887250B (en) * | 2023-09-07 | 2023-11-07 | 飞天诚信科技股份有限公司 | Network connection realization method and system of intelligent equipment |
Also Published As
Publication number | Publication date |
---|---|
CN110224822B (en) | 2022-03-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110224822A (en) | A kind of cryptographic key negotiation method and system | |
CN106101147B (en) | A kind of method and system for realizing smart machine and the communication of remote terminal dynamic encryption | |
CN106130982B (en) | Intelligent household appliance remote control method based on PKI system | |
CN105162772B (en) | A kind of internet of things equipment certifiede-mail protocol method and apparatus | |
CN101340443B (en) | Session key negotiating method, system and server in communication network | |
CN101510877B (en) | Single-point logging-on method and system, communication apparatus | |
TWI642288B (en) | Instant communication method and system | |
CN105871920A (en) | Communication system and method of terminal and cloud server as well as terminal and cloud server | |
CN105763559B (en) | A kind of intelligent home control system and method | |
CN105471974A (en) | Intelligent equipment capable of realizing remote control, terminal equipment and method | |
CN109462850A (en) | A kind of network collocating method and smart machine of smart machine | |
CN110198295A (en) | Safety certifying method and device and storage medium | |
US10133861B2 (en) | Method for controlling access to a production system of a computer system not connected to an information system of said computer system | |
CN101286849A (en) | Authentication system and method of a third party based on engagement arithmetic | |
CN106506479B (en) | Method, system and the client of cipher authentication, server and smart machine | |
CN107094138B (en) | A kind of smart home safe communication system and communication means | |
CN108377188A (en) | A kind of quantum cryptography system for extraordinary emergent self-organized network communication | |
CN109962781B (en) | Digital certificate distributing device | |
CN106357679A (en) | Method, system and client for password authentication, and server and intelligent equipment | |
CN101810017A (en) | Selective security termination in next generation mobile networks | |
CN105681253B (en) | Data encryption and transmission method, equipment, gateway in centralized network | |
CN111756530B (en) | Quantum service mobile engine system, network architecture and related equipment | |
CN113411187A (en) | Identity authentication method and system, storage medium and processor | |
Hassani Karbasi et al. | SINGLETON: A lightweight and secure end-to-end encryption protocol for the sensor networks in the Internet of Things based on cryptographic ratchets | |
CN103024599B (en) | Set top box communication method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |