CN111385793B - Instruction sending method, system, electronic equipment and storage medium - Google Patents

Instruction sending method, system, electronic equipment and storage medium Download PDF

Info

Publication number
CN111385793B
CN111385793B CN201811645677.5A CN201811645677A CN111385793B CN 111385793 B CN111385793 B CN 111385793B CN 201811645677 A CN201811645677 A CN 201811645677A CN 111385793 B CN111385793 B CN 111385793B
Authority
CN
China
Prior art keywords
data
key
command
count value
factor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811645677.5A
Other languages
Chinese (zh)
Other versions
CN111385793A (en
Inventor
吕晓建
仇兆峰
韩毅
单宏寅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ingeek Information Security Consulting Associates Co ltd
Original Assignee
Ingeek Information Security Consulting Associates Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ingeek Information Security Consulting Associates Co ltd filed Critical Ingeek Information Security Consulting Associates Co ltd
Priority to CN201811645677.5A priority Critical patent/CN111385793B/en
Publication of CN111385793A publication Critical patent/CN111385793A/en
Application granted granted Critical
Publication of CN111385793B publication Critical patent/CN111385793B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Abstract

The invention relates to a method, a system, an electronic device and a storage medium for sending instructions, wherein the method for sending the instructions is used for the interactive access process with first electronic device and comprises the following steps: acquiring a first key; acquiring first writing data sent by first electronic equipment; acquiring a current count value; decrypting at least the encrypted command ID according to the first key and the current count value by a preset algorithm to obtain a plaintext command ID; if the command matched with the command ID of the plaintext exists in the pre-stored command library, the command ID of the plaintext and the command execution result corresponding to the command ID are encrypted by the current count value and the first key to generate first notification data, the first notification data is sent to the first electronic equipment, and the iteration update of the preset algorithm is carried out on the current count value. The invention improves the safety and accuracy of synchronous verification of the interactive command.

Description

Instruction sending method, system, electronic equipment and storage medium
Technical Field
The present invention relates to the field of instruction sending, and in particular, to an instruction sending method, system, electronic device, and storage medium.
Background
In the process of sending the command of interactive access between electronic devices, the command may be tampered, intercepted, stolen, missed, etc., the situation that whether the sending process of the command is legal or not may not be determined, and the situation that the sending of the command cannot be further extracted may also occur, so that a receiving method of the command is needed, so that the safety and accuracy of synchronous verification of the command interacted by the electronic devices at two ends are improved.
Some conventional bluetooth communication means include: based on bluetooth Serial Port Protocol (SPP), bidirectional streaming is realized, and some security protocols of an open system interconnection reference model are directly carried over, for example, the identity of the opposite terminal is verified through a simple Challenge Handshake Authentication Protocol (CHAP), and after the identity is verified, at least the identity is used for authentication, but the security of a transmission data command is not strongly ensured, how to generate an interaction key of bluetooth for synchronous verification, so as to verify the identity of the two terminals and improve the synchronous verification security of the bluetooth command is a problem to be solved.
Disclosure of Invention
The technical problem solved by the invention is to verify the identities of the two ends and simultaneously improve the safety and accuracy of synchronous verification of the command interacted by the electronic equipment.
In order to solve the technical problems, an embodiment of the present invention provides a method for sending an instruction, which is used in an interactive access process, and includes the following steps:
acquiring a first key;
acquiring first writing data sent by the first electronic equipment, wherein the first writing data at least comprises an encrypted command ID;
acquiring a current count value, wherein if the first writing data is acquired for the first time, the current count value is an initial count value, and if the first writing data is acquired for the non-first time, the current count value is a previous count value, and the obtained current count value is iteratively updated according to a preset algorithm;
decrypting at least the encrypted command ID according to the first key and the current count value by a preset algorithm to obtain the plaintext command ID;
if the command matched with the plaintext command ID exists in the prestored command library, the command ID of the plaintext and a command execution result corresponding to the command ID are encrypted by a current count value and the first key through a preset algorithm to generate first notification data, the first notification data are sent to the first electronic equipment, and the current count value is subjected to iterative updating of the preset algorithm.
In order to solve the technical problems, the embodiment of the invention also discloses a method for sending the instruction, which comprises the following steps:
acquiring a current count value, wherein the current count value is an initial count value or a count value obtained by iterative updating of a last count value;
acquiring a first key;
encrypting the command ID according to the current count value and the first key by a preset algorithm to obtain first writing data;
transmitting the first write data to the second electronic device for matching execution instructions;
and carrying out iterative updating of a preset algorithm on the current count value according to the generation of the first writing data so as to be used for participating in the encryption of the next generation of the first writing data.
In order to solve the technical problem, the embodiment of the invention also discloses an instruction sending system, which is used for the interactive access process and comprises the following steps: the method is used for the interactive access process and comprises the following steps:
the first count value calculation unit is used for calculating a preset algorithm of the first initial count factor and the second initial count factor to obtain a current count value;
the first acquisition module is used for acquiring a first key;
the writing data acquisition module is used for acquiring first writing data sent by the first electronic equipment, wherein the first writing data at least comprises an encrypted command ID;
The decryption module is used for decrypting at least the encrypted command ID according to the first key and the current count value by a preset algorithm to obtain the plaintext command ID;
the counting value acquisition module is used for acquiring a current counting value, wherein if the first writing data is acquired for the first time, the current counting value is an initial counting value, and if the first writing data is acquired for the non-first time, the current counting value is a previous counting value, and the acquired current counting value is updated iteratively according to a preset algorithm;
and the notification data generation module is used for determining that if a command matched with the plaintext command ID and the prestored command library exists in the prestored command library, executing a corresponding command according to the obtained plaintext command ID, generating first notification data by encrypting the current count value and the first key through a command execution result corresponding to the plaintext command ID and the command ID, and transmitting the first notification data to the first electronic equipment, wherein the count value is iteratively updated through the preset algorithm after the current count value is preset according to the first notification data.
In order to solve the technical problems, the invention relates to an instruction sending system, which is used in the interactive access process and comprises the following steps:
The counting value acquisition module is used for acquiring a current counting value which is an initial counting value or a counting value obtained by iterative updating of a last counting value;
the first key acquisition module is used for acquiring a first key;
the write-in data generation module is used for encrypting the command ID according to the current count value and the first key by a preset algorithm to obtain first write-in data;
and the matching instruction module is used for carrying out iterative updating of a preset algorithm on the current count value according to the generation of the first writing data so as to be used for participating in the encryption of the next generation of the first writing data.
In order to solve the technical problem, the embodiment of the invention also discloses a Bluetooth electronic device, which comprises a memory and a processor, wherein the memory stores computer instructions capable of running on the processor, and the processor executes the steps of any instruction sending method when running the computer instructions.
In order to solve the technical problems, the embodiment of the invention also discloses a computer storage medium, on which computer instructions are stored, wherein the computer instructions execute the steps of the instruction sending method when running.
Compared with the prior art, the technical scheme of the embodiment of the invention has the following beneficial effects:
According to the technical scheme, after the command ID is encrypted through the first key and the current count value and is sent to the second electronic equipment for matching an execution instruction, the current count value is iteratively updated for participating in the next generation of encryption of the first writing data, and after the encrypted command ID of the first writing data sent by the first electronic equipment is decrypted through the current count value and the first key and is matched with the pre-stored command ID, the current count value is iteratively updated for participating in the next decryption of the first writing data, wherein the initial count value of the current count value is obtained by the first electronic equipment and the second electronic equipment through the joint negotiation calculation update, and the safety and the accuracy of synchronous verification of sending the interaction command are improved.
Drawings
FIG. 1 is a flow chart of a first embodiment of a method for sending commands according to the present invention;
FIG. 2 is a flow chart of a second embodiment of a method for sending commands according to the present invention;
FIG. 3 is a flowchart illustrating a method for sending commands according to a third embodiment of the present invention;
FIG. 4 is a flowchart showing a method for sending commands according to a second embodiment of the present invention;
FIG. 5 is a flowchart illustrating a second method for sending an instruction according to another embodiment of the present invention;
FIG. 6 is a schematic diagram II of a first embodiment of another method for sending commands according to the present invention;
FIG. 7 is a schematic diagram of a first embodiment of an instruction issue system according to the present invention;
FIG. 8 is a schematic diagram of a first embodiment of another instruction issue system;
fig. 9 is a schematic diagram of a second embodiment of another instruction issue system.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a flowchart of a first embodiment of an instruction sending method provided by the present invention.
In order to make the above objects, features and advantages of the present invention more comprehensible, a method for transmitting instructions as shown in fig. 1 is described in detail below with reference to the accompanying drawings.
Fig. 1 is a flowchart of a method for sending an instruction, which is used in an interactive access process, and the steps may be implemented by a second electronic device.
Step S101, acquiring a first key.
Step S102, first writing data sent by the first electronic equipment is obtained, wherein the first writing data at least comprises an encrypted command ID.
Step 103, obtaining a current count value, wherein if the first writing data is first obtained, the current count value is an initial count value, and if the first writing data is non-first obtained, the current count value is a previous count value, and the obtained current count value is iteratively updated according to a preset algorithm.
And step S104, decrypting at least the encrypted command ID according to the first key and the current count value by a preset algorithm to obtain the plaintext command ID.
Step 105, if it is determined that the command library is stored in advance and the command ID is matched with the command ID of the plaintext, the command ID of the plaintext and the command execution result corresponding to the command ID are encrypted by the current count value and the first key to generate first notification data, the first notification data is sent to the first electronic device, and the current count value is iteratively updated by the preset algorithm.
Further, as shown in fig. 2, the method further includes: after step S104, step S106 is further included, where if it is determined that the plaintext command ID does not match the commands in the pre-stored command library, the execution of the commands is terminated, and the current count value is unchanged.
Further, as shown in fig. 3, in step S103, if the current count value is an initial count value, the method further includes:
s131, acquiring a first initial count factor of the first electronic device.
And S132, generating a second initial counting factor, and transmitting the second initial counting factor to the first electronic equipment for the first electronic equipment to calculate and generate an initial counting value by using the first initial counting factor to cooperate with a preset algorithm.
Specifically, the first electronic device may perform calculation of a preset algorithm according to the first initial count factor and the acquired second initial count factor to obtain an initial count value, encrypt the command ID according to the initial count value, generate encrypted first write data, and send the encrypted first write data to the second electronic device.
S133, calculating a preset algorithm for the first initial counting factor and the second initial counting factor to obtain an initial counting value. Wherein the initial count value may be a constant.
If the fact that the command matched with the plaintext command ID exists in the prestored command library is determined, executing the corresponding command according to the obtained plaintext command ID, and generating first notification data.
According to the method, the device and the system, through setting the generation process of the current count value, the first electronic device and the second electronic device can obtain the current count value through the same calculation mode of the random numbers respectively generated by the first electronic device and the second electronic device, if the current count value obtained by the first electronic device and the second electronic device is the same, the safety of data transmission can be improved, the encryption process of command data transmission is participated according to the current count value, the current count value is used as a parameter of the encryption process, concealment is difficult to obtain, malicious tampering of a third party is prevented, the second electronic device verifies the received command, iteration of the current count value is performed after the first notification data is generated, the order accuracy of command receiving by the second electronic device is guaranteed, and command missing or repeated receiving is prevented.
Preferably, after step S105, further comprising: if the plaintext command ID is not matched with the commands in the pre-stored command library, the command execution is terminated, and the current count value is unchanged.
In this case, the obtained plaintext command ID may be inaccurate due to the fact that the current count value involved in encryption and the current count value involved in decryption are inconsistent; the command matching is considered to be failed due to the fact that the data is tampered or maliciously attacked by a third party in the transmission process, the current count value is not changed, and the command in the interaction process is considered to be not correctly sent to the second electronic device.
As shown in fig. 4, in a second embodiment of an instruction sending method of the present invention, S101 in the first embodiment is specifically executed by S211 to S215 to acquire a first key, and the method includes the following steps:
step S211, a reading request sent by the first electronic device is obtained, second notification data at least comprising an identity ID and a challenge code is generated, and the second notification data is sent to the first electronic device. Specifically, the challenge code may be a random number.
Step S212, obtaining second writing data sent by the first electronic equipment, wherein the second writing data at least comprises the second key factor corresponding to the identity ID; performing preset algorithm calculation according to the second key factor and a pre-stored second key to generate a third key; wherein the second key factor is a parameter used to calculate the third key.
The second key factor corresponding to the identity ID of the second electronic equipment is obtained from the first electronic equipment, and finally, a third key is obtained by carrying out preset algorithm calculation according to the pre-stored first key, so that the obtained third key is obtained by participating in the first electronic equipment, and the third key is used as an encryption key for subsequent interaction, so that the negotiation with the first electronic equipment is realized, and the security foundation of data exchange at two ends is realized.
As a preferred embodiment, the first electronic device also stores therein a second key factor corresponding to the ID, and the first electronic device also stores therein a long-term key (i.e., a second key) or the first electronic device can obtain the long-term key corresponding to the ID (i.e., the second key) through the ID. And a third key and a second key factor generated according to a second key corresponding to the identity ID through a preset algorithm may be, for example, the first electronic device may send the acquired identity ID to a third terminal device, the third terminal device obtains the second key corresponding to the identity ID, and generates the third key and the second key factor in the third terminal device according to the preset algorithm, and then sends the third key and the second key factor to the first electronic device, and the first electronic device generates the second key factor to generate the first write data, where the second key factor is a parameter used for calculating the third key.
Preferably, the long-term key is updated once in a preset first period, and the third key is updated once in a second period, and since the security of the third key is based on the security of the second key, the second period is generally shorter than the first period to ensure the higher security of the third key, and since the first electronic device and the second electronic device are both according to the same preset algorithm.
And the first electronic equipment also calculates a third key according to the acquired second key factor and the pre-stored first key through a preset algorithm, or at least stores the second key factor for generating the third key in the first electronic equipment. Therefore, the third secret key is stored at the first electronic equipment end and the second electronic equipment end; and the third keys at the two ends are generated according to the matching of the identity IDs, the second keys and the corresponding preset algorithm, so that the same third keys are obtained by calculation at the two ends and used for subsequent calculation, and the safety foundation of data exchange at the two ends is realized.
Step S213, obtaining third write-in data sent by the first electronic device, wherein the third write-in data at least comprises encrypted data of first negotiation data and encrypted data of challenge code authentication data generated by the first electronic device.
Step S214, at least carrying out preset algorithm decryption on the encrypted data of the first negotiation data and the challenge code authentication data in the third write-in data through the third key, and confirming that the decrypted challenge code authentication data and the challenge code authentication pass, and generating the first key according to the decrypted first negotiation data and the locally generated second negotiation data.
The first negotiation data at least comprises a third random number and first electronic equipment characteristic data; the second negotiation data at least comprises a fourth random number and local characteristic data.
The encrypted first negotiation data and the challenge code authentication data are obtained by encrypting the second key obtained by calculation in the step S214 as a key, so that the basic data interaction security is ensured. And generating a negotiation key, namely a first key, according to the first negotiation data of the first electronic equipment and the second negotiation data of the second electronic equipment, wherein the first key is used as a key for the subsequent data interaction of the two electronic equipment, so that the further safety of the data interaction is ensured, and the first key can be only used as a key for the next interaction.
Preferably, after step S214, step S215 is further included: third notification data which is encrypted by the second negotiation data according to a preset algorithm of the third key is generated, and the third notification data is sent to the first electronic device so as to be used for the first electronic device to generate the first key.
The first electronic device also generates a first key through a preset algorithm according to the first negotiation data and the second negotiation data.
Preferably, in step S103, after the third write data sent by the first electronic device is obtained in step S213, the third write data further includes encrypted data of a first initial count factor, and step S216 further includes decrypting the encrypted data of the first initial count factor by a preset algorithm through the third key to obtain the first initial count factor.
Further, in S213, the sending the second initial count factor to the first electronic device for the first electronic device to calculate and generate the current count value thereof specifically includes: generating third notification data which is encrypted by a second initial counting factor and second negotiation data according to a preset algorithm of the third secret key, and sending the third notification data to the first electronic equipment.
S202 (not shown in the figure) acquires first write data sent by the first electronic device, where the first write data includes at least an encrypted command ID.
S203 (not shown in the figure) acquires a current count value, wherein if the first writing data is acquired for the first time, the current count value is an initial count value, and if the first writing data is acquired for the second time, the current count value is a previous count value, and the current count value is obtained by iterative updating according to a preset algorithm. S204 (not shown in the figure) obtaining first writing data sent by the first electronic device, wherein the first writing data at least comprises an encrypted command ID, and decrypting at least the encrypted command ID according to the first key and the current count value by a preset algorithm to obtain the plaintext command ID.
S205 (not shown in the figure), if the command of which the command ID of the plaintext is matched with that in a pre-stored command library is determined, the command ID of the plaintext and the command execution result corresponding to the command ID are encrypted by a preset algorithm through a current count value and the first key to generate first notification data, and the first notification data is sent to the first electronic equipment; and the current count value is iteratively updated by a preset algorithm.
The implementation and the beneficial effects of steps S202 to S205 may refer to S102 to S105 in the first embodiment of the instruction sending method, which are not described herein again.
Preferably, step S205 is followed by step S206 (not shown):
third notification data which is encrypted by the second negotiation data according to a preset algorithm of the third key is generated, and the third notification data is sent to the first electronic device so as to be used for the first electronic device to generate the first key.
Therefore, the first electronic device and the second electronic device obtain the first key as the negotiation key of the instruction interaction through the same parameters and algorithms.
Preferably, step S131 in the first embodiment follows step S213, and the third write data further includes encrypted data of the first initial count factor, where step S131 specifically includes:
And decrypting a preset algorithm through the second key according to the encrypted data of the first initial counting factor to obtain the first initial counting factor.
Because the first initial counting factor uses the encrypted data of the pre-stored second key and adopts the pre-stored second key to decrypt, the transmission process of the first initial counting factor can be more stable, and the transmission process is simplified by transmitting the third written data together.
Preferably, step S132 after step S212, the step S132 of transmitting the second initial count factor to the first electronic device specifically includes: third notification data which is encrypted by a preset algorithm according to the third key generated in the step S212 and is generated by the second initial counting factor and the second negotiation data is sent to the first electronic equipment.
Preferably, in step S132, the sending the second initial count factor to the first electronic device after step S212 specifically includes: after the second negotiation data is generated, third notification data which is encrypted by a preset algorithm according to the third key generated in the step S212 and is generated by the second initial count factor and the second negotiation data is sent to the first electronic device.
Preferably, the second writing data further includes identity authentication data of a public terminal to prove that the second key factor is authenticated by the public terminal, and the step S212 of performing preset algorithm calculation according to the second key factor and a pre-stored second key to generate a third key specifically includes:
and carrying out public terminal identity authentication according to the public terminal identity authentication data in the first writing data and a locally stored public terminal key, and if authentication is successful, carrying out preset algorithm calculation according to the second key factor and a pre-stored first key to generate a third key.
Preferably, the second writing data further includes public identity authentication data to prove that the second key factor is authenticated by the public terminal, preferably an asymmetric signature algorithm is adopted, and the second electronic device stores a public signature key of the public terminal. The step of generating a third key by performing preset algorithm calculation according to the second key factor and a pre-stored second key specifically includes:
and carrying out public terminal identity authentication according to public terminal identity authentication data in the first writing data and a locally stored public terminal key, and if authentication is successful, carrying out preset algorithm calculation according to the second key factor and a pre-stored first key to generate a third key. The identity authentication data can be a private key signature, namely, the identity authentication can be performed in an asymmetric encryption mode.
After the plaintext command ID is obtained, the method further comprises:
step S207, determining that the number of times that the plaintext command ID is not matched with the commands in the pre-stored command library exceeds the preset number of times, terminating the execution of the commands, wherein the initial count value is unchanged, and the state value of the current state characteristic value jumps to the last state value or the first state value in the preset state value matrix.
The state characteristic value may be a characteristic value set in the bluetooth GATT protocol, a jump sequence and a jump direction between the state values are specified in a state value matrix, and conditions to be met by a current state value are jumped, and the current state characteristic value specifies operations that can be received and executed by the current state, including a command and a command ID corresponding to the state value matrix. For example, the state value matrix will record that when the current state value is the first state value, only the command corresponding to the specific command ID can be satisfied, and only the command corresponding to the specific command ID is executed, the first state value can be skipped to the second state value.
Further, if the operation attribute is matched, executing the operation corresponding to the operation attribute according to the preset first operation data, and jumping the state value of the state characteristic value to the related state value in the preset operation state value matrix.
After the first state value is skipped, the state value of the skipped state feature value may be notified to the bluetooth service electronic device through bluetooth.
Fig. 5 is a flowchart of a first embodiment of another method of sending instructions according to the present invention.
The instruction sending method shown in fig. 5, which is used in the interactive access process, may be implemented by the first electronic device, and includes the following steps:
s301, acquiring a current count value, wherein the current count value is an initial count value or a count value obtained by iterative updating of a last count value.
S302, acquiring a first key.
S303, encrypting the command ID according to the current count value and the first key by a preset algorithm to obtain first writing data.
And S304, the first writing data is sent to the second electronic equipment for matching execution instructions, and the current count value is subjected to iterative updating of a preset algorithm according to the generation of the first writing data and is used for participating in the encryption of the next generation of the first writing data.
As shown in FIG. 6, S305-S308 are preferably also included after S304.
And S305, acquiring first notification data sent by the second electronic equipment.
S306, acquiring a current count value, wherein the current count value is the count value obtained by the last count value iteration update, namely the current count value is not the initial count value. I.e. the current count value in this step is the count value iteratively updated in step S304.
S307, decrypting the first notification data through the current count value and the first key to obtain plaintext.
And S308, determining that the plaintext is consistent with the command ID and the execution result corresponding to the preset command ID, determining that the command is executed successfully, and carrying out iterative calculation and updating through a preset iterative algorithm to obtain a new current count value.
Preferably, in S301, if the current count value is an initial count value, the method further includes:
s311, acquiring a second initial count factor sent by the second electronic device.
S312 generates a first initial count factor and transmits the first initial count factor to the second electronic device for the second electronic device to generate its initial count value.
S313, calculating a preset algorithm by the second initial counting factor and the first initial counting factor to obtain an initial counting value.
Specifically, the second electronic device may perform calculation of a preset algorithm according to the first initial count factor and the acquired second initial count factor to obtain an initial count value, and decrypt the first notification data according to the initial count value to obtain a plaintext to match the command ID and the preset command ID.
Preferably, step S302 further includes:
Step S321 (not shown in the figure) is to send a read request to the second electronic device, and obtain second notification data sent by the second electronic device, where the second notification data at least includes an identity ID and a challenge code.
Step S322 (not shown in the figure) obtains the corresponding third key and the second key factor for calculating the third key from the identity ID, and sends second write data including at least the second key factor for calculating the third key to the second electronic device.
Step S323 (not shown in the figure) is to generate and store the first negotiation data locally, encrypt at least the challenge code and the first negotiation data according to the third key to obtain third write-in data, and send the third write-in data to the second electronic device.
Step S324 (not shown in the drawing) is to decrypt the second negotiation data with the third key by using the third obtained third notification data sent by the second electronic device, where the third notification data includes the encrypted second negotiation data, and generate a first key by using the second negotiation data of the plaintext and the first negotiation data through a preset algorithm, the second negotiation data includes a fourth random number and second electronic device feature data, and the first negotiation data includes a third random number and local feature data.
And finally, a third key is obtained by carrying out preset algorithm calculation according to the pre-stored first key, so that the obtained third key is participated in the second electronic equipment, and the third key is used as an encryption key for subsequent interaction, so that the negotiation with the second electronic equipment is realized, and the safety foundation of data exchange at two ends is realized.
Preferred S311 includes:
and sending the acquired third notification data to the second electronic device, wherein the third notification data comprises the encrypted second notification data and the encrypted second initial count factor. The convenience of transmission is improved, and meanwhile safety is guaranteed.
Preferably, in S312, the sending the first initial count factor to the second electronic device includes:
and encrypting at least the second initial counting factor, the challenge code and the first negotiation data according to the third key to obtain third writing data, and sending the third writing data to the second electronic equipment.
Preferably, in step S322, obtaining the corresponding third key and the second key factor for calculating the third key according to the identity ID includes:
and sending the identity ID to a third terminal, and acquiring a second key corresponding to the identity ID and a second key factor for calculating the third key from the third terminal, and identity authentication data (private key signature) of the third terminal to prove that the second key factor is authenticated by the third terminal.
Preferably, S315 is further included; the identity ID is sent to a cloud server, and identity authentication data generated by the cloud server through a preset asymmetric algorithm according to a pre-stored private key is obtained;
the first writing data further comprises identity authentication data acquired from a cloud server.
Fig. 7 is a schematic structural diagram of a first embodiment of an instruction sending system of the present invention.
An instruction sending system 40, for use in an interactive access process, comprising: a first count value calculation unit 41, a first acquisition module 42, a write data acquisition module 43, a decryption module 44, a first count value acquisition module 45, and a notification data generation module 46. The instruction sending system 40 may be implemented using an electronic device with a bluetooth communication means.
The first count value calculating unit 41 is configured to perform calculation of a preset algorithm on the first initial count factor and the second initial count factor to obtain a current count value.
A first obtaining module 42 is configured to obtain the first key.
The write data obtaining module 43 is configured to obtain first write data sent by the first electronic device, where the first write data includes at least an encrypted command ID.
And the decryption module 44 is configured to decrypt at least the encrypted command ID according to the first key and the current count value by using a preset algorithm, so as to obtain the plaintext command ID.
The first count value obtaining module 45 is configured to obtain a current count value, where if the first write data is first obtained, the current count value is an initial count value, and if the first write data is not first obtained, the current count value is a previous count value, and the current count value is obtained by iteratively updating the previous count value according to a preset algorithm.
And the notification data generating module 46 is configured to determine that if it is determined that a command matching the plaintext command ID and the pre-stored command library exists in the pre-stored command library, execute a corresponding command according to the obtained plaintext command ID, encrypt the plaintext command ID and a command execution result corresponding to the command ID by using a current count value and the first key to generate first notification data, and send the first notification data to the first electronic device, where the count value is iteratively updated according to the preset algorithm after the current count value is preset according to the first notification data.
Preferably, the command terminating module is connected to the connection decrypting module 44, and is configured to terminate the execution of the command if it is determined that the plaintext command ID does not match the commands in the pre-stored command library, and the current count value is unchanged.
If the current count value is the initial count value, the first count value calculation module 41 includes: then it includes:
the first initial counting factor acquisition unit is used for acquiring a first initial counting factor of the first electronic equipment;
the second initial counting factor generation unit is used for generating a second initial counting factor, and sending the second initial counting factor to the first electronic equipment so as to be used for the first electronic equipment to perform preset algorithm calculation by using the first initial counting factor to generate an initial counting value;
the first initial calculation value unit is used for calculating the first initial counting factor and the second initial counting factor by a preset algorithm to obtain an initial counting value.
Preferably, the first obtaining module 42 includes:
the reading unit is used for acquiring a reading request sent by the first electronic equipment, generating second notification data at least comprising an identity ID and a challenge code, and sending the second notification data to the first electronic equipment;
a third key generation unit, configured to obtain second write data sent by the first electronic device, where the second write data includes at least the second key factor corresponding to the identity ID; performing preset algorithm calculation according to the second key factor and a pre-stored second key to generate a third key;
A third writing number obtaining unit, configured to obtain third writing data sent by the first electronic device, where the third writing data includes at least encrypted data of first negotiation data and encrypted data of challenge code authentication data generated by the first electronic device;
a first key generating unit, configured to decrypt, by using the third key, at least the encrypted data of the first negotiation data and the challenge code authentication data in the third write data, and confirm that the challenge code authentication data obtained by decryption and the challenge code authentication pass, and generate the first key according to the first negotiation data obtained by decryption and locally generated second negotiation data;
the first negotiation data at least comprises a third random number and first electronic equipment characteristic data; the second negotiation data at least comprises a fourth random number and local characteristic data;
further comprises: a third data sending module, configured to:
third notification data which is encrypted by the second negotiation data according to a preset algorithm of the third key is generated, and the third notification data is sent to the first electronic device so as to be used for the first electronic device to generate the first key.
Preferably, the third writing data further includes encrypted data of the first initial count factor, including:
and decrypting the encrypted data of the first initial counting factor through the third key by a preset algorithm to obtain the first initial counting factor.
Preferably, in the second initial count factor generating unit, the sending the second initial count factor to the first electronic device includes:
generating third notification data which is encrypted by a second initial counting factor and second negotiation data according to a preset algorithm of the third secret key, and sending the third notification data to the first electronic equipment.
Preferably, the second writing data further includes identity authentication data of a public terminal to prove that the second key factor is authenticated by the public terminal, and in the third key generating unit, the third key generating unit performs preset algorithm calculation according to the second key factor and a pre-stored second key to generate a third key, and specifically includes:
and carrying out public terminal identity authentication according to the public terminal identity authentication data in the first writing data and a locally stored public terminal key, and if authentication is successful, carrying out preset algorithm calculation according to the second key factor and a pre-stored first key to generate a third key.
The command termination module is also used for: and if the number of times that the plaintext command ID is not matched with the commands in the pre-stored command library exceeds the preset number of times, the command execution is terminated, the initial count value is unchanged, and the state value of the current state characteristic value jumps to the last state value or the first state value in the preset state value matrix.
The specific implementation manner and beneficial effect of the instruction sending system can be seen from the descriptions of the first embodiment and the second embodiment of the instruction sending method, and the description is omitted herein.
FIG. 8 is a first embodiment of another instruction issue system of the present invention, including
An instruction sending system 50 shown in fig. 8, for use in an interactive access process, may include: a second count value acquisition module 51, a first key acquisition module 52, a write data generation module 53, and a matching instruction module 54.
The second count value obtaining module 51 is configured to obtain a current count value, where the current count value is an initial count value or a count value obtained by iteratively updating a last count value;
a first key acquisition module 52 for acquiring a first key;
the write data generating module 53 is configured to encrypt the command ID according to the current count value and the first key by using a preset algorithm to obtain first write data;
And the matching instruction module 54 is used for performing iterative updating of a preset algorithm according to the generation of the first writing data by the current count value so as to participate in the encryption of the next generation of the first writing data.
Preferably, the system further comprises:
the first notification data acquisition module is used for acquiring first notification data sent by the second electronic equipment;
the third count value acquisition module is used for acquiring a current count value, wherein the current count value is a count value obtained by iterative updating of the last count value; decrypting the first notification data through the current count value and the first key to obtain a plaintext;
and the execution command updating module is used for determining that the plaintext is consistent with the command ID and the preset execution result corresponding to the command ID, determining that the command is executed successfully, and carrying out iterative calculation and updating through a preset iterative algorithm to obtain a new current count value.
If the current count value is the initial count value, the second count value obtaining module 51 further includes:
a second initial count factor obtaining unit, configured to obtain a second initial count factor sent by the second electronic device;
a first initial count factor generating unit, configured to generate a first initial count factor, and send the first initial count factor to the second electronic device, so that the second electronic device generates an initial count value thereof;
And the second initial count value calculation unit is used for calculating a preset algorithm of the second initial count factor and the first initial count factor to obtain an initial count value.
The first key acquisition module further includes:
a second notification data sending unit, configured to send a read request to the second electronic device, and obtain second notification data sent by the second electronic device, where the second notification data includes at least an identity ID and a challenge code;
a second write data transmitting unit, configured to obtain a corresponding third key and a second key factor for calculating the third key according to the identity ID, and transmit second write data including at least the second key factor for calculating the third key to the second electronic device;
the third write-in data sending unit is used for locally generating and storing first negotiation data, encrypting at least the challenge code and the first negotiation data according to the third secret key to obtain third write-in data, and sending the third write-in data to the second electronic equipment;
the key generation unit is used for generating a first key from the acquired third negotiation data sent by the second electronic device, wherein the third negotiation data comprises encrypted second negotiation data, the third key is used for decrypting the second negotiation data, and the second negotiation data of a plaintext and the first negotiation data are generated through a preset algorithm, and the second negotiation data comprises a fourth random number and second electronic device characteristic data; the first negotiation data comprises a third random number and local characteristic data.
Preferably, the second initial count factor obtaining unit specifically includes:
and sending the acquired third notification data to the second electronic device, wherein the third notification data comprises the encrypted second notification data and the encrypted second initial count factor.
Preferably, in the second count value obtaining module, the sending the first initial count factor to the second electronic device includes:
and encrypting at least the second initial counting factor, the challenge code and the first negotiation data according to the third key to obtain third writing data, and sending the third writing data to the second electronic equipment.
Preferably, in the second write data sending unit, the obtaining the corresponding third key and the second key factor for calculating the third key according to the identity ID includes:
and sending the identity ID to a third terminal, and acquiring a second key corresponding to the identity ID and a second key factor for calculating the third key from the third terminal, and identity authentication data (private key signature) of the third terminal to prove that the second key factor is authenticated by the third terminal.
The writing data generating module further comprises the steps of sending the identity ID to a cloud server, and obtaining identity authentication data generated by the cloud server according to a pre-stored private key through a preset asymmetric algorithm;
The first writing data further comprises identity authentication data acquired from the cloud server.
The specific implementation and beneficial effects of the instruction sending system 50 can be seen from the description of the first embodiment of another instruction sending method, which is not described herein.
As shown in fig. 9, another second embodiment of the instruction sending system includes an instruction sending system 40 and an instruction sending system 50, the instruction sending system 40 includes: a first count value calculation unit 41, a first acquisition module 42, a write data acquisition module 43, a decryption module 44, a first count value acquisition module 45, and a notification data generation module 46. The instruction transmitting system 50 includes a second count value acquisition module 51, a first key acquisition module 52, a write data generation module 53, and a matching instruction module 54.
The embodiment of the invention also provides an electronic device, which comprises a memory and a processor, wherein the memory stores computer instructions capable of being executed on the processor, and the processor executes the steps in an instruction sending method described in any embodiment. The electronic device may be a mobile terminal, a vehicle-mounted device, or the like, and is not limited.
The embodiment of the invention also provides a computer storage medium, on which computer instructions are stored, which when executed perform the steps of an instruction sending method as described in any of the previous embodiments. The computer storage medium may be any tangible medium, such as floppy diskettes, CD-ROMs, DVDs, hard drives, even network media, etc.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of the above embodiments may be implemented by a program to instruct related hardware, the program may be stored in a computer readable storage medium, and the storage medium may include: ROM, RAM, magnetic or optical disks, etc.
It should be understood that while one form of implementation of the embodiments of the present invention has been described above as a computer program product, the method or apparatus of embodiments of the present invention may be implemented in software, hardware, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or special purpose design hardware. Those of ordinary skill in the art will appreciate that the methods and apparatus described above may be implemented using computer executable instructions and/or embodied in processor control code, such as provided on a carrier medium such as a magnetic disk, CD or DVD-ROM, a programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The methods and apparatus of the present invention may be implemented by hardware circuitry, such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, etc., or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., as software executed by various types of processors, or by a combination of the above hardware circuitry and software, such as firmware.
It should be understood that while several modules or units of apparatus are mentioned in the detailed description above, such partitioning is merely exemplary and not mandatory. Indeed, according to exemplary embodiments of the invention, the features and functions of two or more modules/units described above may be implemented in one module/unit, whereas the features and functions of one module/unit described above may be further divided into a plurality of modules/units. Furthermore, certain modules/units described above may be omitted in certain application scenarios.
It should be understood that the description is only intended to describe some key, not necessarily essential, techniques and features in order not to obscure the embodiments of the invention, and may not be illustrative of some features that may be implemented by those skilled in the art.
The foregoing is only illustrative of the present invention and is not to be construed as limiting thereof, but rather as presently claimed, and is intended to cover all modifications, alternatives, and equivalents falling within the spirit and scope of the invention.
Although the present invention is disclosed above, the present invention is not limited thereto. Various changes and modifications may be made by one skilled in the art without departing from the spirit and scope of the invention, and the scope of the invention should be assessed accordingly to that of the appended claims.

Claims (10)

1. The instruction sending method is characterized by comprising the following steps of:
acquiring a first key;
acquiring first writing data sent by the first electronic equipment, wherein the first writing data at least comprises an encrypted command ID;
acquiring a current count value, wherein if the first writing data is acquired for the first time, the current count value is an initial count value, and if the first writing data is acquired for the non-first time, the current count value is a previous count value, and the obtained current count value is iteratively updated according to a preset algorithm;
decrypting at least the encrypted command ID according to the first key and the current count value by a preset algorithm to obtain a plaintext command ID;
if a command matched with the plaintext command ID exists in a pre-stored command library, encrypting the command ID of the plaintext and a command execution result corresponding to the command ID through a current count value and the first key to generate first notification data, transmitting the first notification data to the first electronic equipment, and carrying out iterative updating of the preset algorithm on the current count value;
after the plaintext command ID is obtained, the method further comprises:
And if the number of times that the plaintext command ID is not matched with the commands in the pre-stored command library exceeds the preset number of times, the command execution is terminated, the initial count value is unchanged, and the state value of the current state characteristic value jumps to the last state value or the first state value in the preset state value matrix.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
after the plaintext command ID is obtained, the method further comprises:
if the plaintext command ID is not matched with the commands in the pre-stored command library, the command execution is terminated, and the current count value is unchanged.
3. The method according to claim 1, wherein the obtaining the current count value, if the current count value is an initial count value, includes:
acquiring a first initial count factor of a first electronic device;
generating a second initial counting factor, and transmitting the second initial counting factor to the first electronic equipment for the first electronic equipment to perform preset algorithm calculation by using the first initial counting factor to generate an initial counting value;
and calculating the first initial counting factor and the second initial counting factor by a preset algorithm to obtain an initial counting value.
4. The method of claim 3, wherein the obtaining the first key further comprises:
acquiring a reading request sent by first electronic equipment, generating second notification data at least comprising an identity ID and a challenge code, and sending the second notification data to the first electronic equipment;
acquiring second writing data sent by the first electronic device, wherein the second writing data at least comprises a second key factor corresponding to the identity ID; performing preset algorithm calculation according to the second key factor and a pre-stored second key to generate a third key;
acquiring third write-in data sent by the first electronic equipment, wherein the third write-in data at least comprises encrypted data of first negotiation data and encrypted data of challenge code authentication data generated by the first electronic equipment;
decrypting at least the encrypted data of the first negotiation data and the challenge code authentication data in the third write-in data through the third key by a preset algorithm, and confirming that the challenge code authentication data obtained by decryption and the challenge code authentication pass, generating the first key according to the first negotiation data obtained by decryption and locally generated second negotiation data;
The first negotiation data at least comprises a third random number and first electronic equipment characteristic data; the second negotiation data at least comprises a fourth random number and local characteristic data;
after the first key is obtained, the method further comprises:
third notification data which is encrypted by the second negotiation data according to a preset algorithm of the third key is generated, and the third notification data is sent to the first electronic device so as to be used for the first electronic device to generate the first key.
5. The method of claim 4, wherein the obtaining the first initial count factor for the first electronic device, after obtaining third write data sent by the first electronic device, the third write data further includes encrypted data for the first initial count factor, includes:
and decrypting the encrypted data of the first initial counting factor through the third key by a preset algorithm to obtain the first initial counting factor.
6. The method of claim 5, wherein the transmitting the second initial count factor to the first electronic device comprises:
generating third notification data which is encrypted by a second initial counting factor and second negotiation data according to a preset algorithm of the third secret key, and sending the third notification data to the first electronic equipment.
7. The method of claim 4, wherein the step of determining the position of the first electrode is performed,
the second writing data further includes identity authentication data of a public terminal to prove that the second key factor is authenticated by the public terminal, and a third key is generated by performing preset algorithm calculation according to the second key factor and a pre-stored second key, specifically including:
and carrying out public terminal identity authentication according to the public terminal identity authentication data in the first writing data and a locally stored public terminal key, and if authentication is successful, carrying out preset algorithm calculation according to the second key factor and a pre-stored first key to generate a third key.
8. An instruction sending system, for use in an interactive access process, comprising:
the first count value calculation unit is used for calculating a preset algorithm of the first initial count factor and the second initial count factor to obtain a current count value;
the first acquisition module is used for acquiring a first key;
the writing data acquisition module is used for acquiring first writing data sent by the first electronic equipment, wherein the first writing data at least comprises an encrypted command ID;
the decryption module is used for decrypting at least the encrypted command ID according to the first key and the current count value by a preset algorithm to obtain a plaintext command ID;
The first count value acquisition module is used for acquiring a current count value, wherein if the first writing data is acquired for the first time, the current count value is an initial count value, and if the first writing data is acquired for the non-first time, the current count value is a current count value obtained by iteratively updating the last count value according to a preset algorithm;
the notification data generation module is used for determining that if a command matched with the plaintext command ID and the prestored command library exists in the prestored command library, executing a corresponding command according to the obtained plaintext command ID, generating first notification data by encrypting a current count value and a first key according to the command ID of the plaintext and a command execution result corresponding to the command ID, and transmitting the first notification data to the first electronic equipment, wherein the count value is iteratively updated according to the preset algorithm after the current count value is preset according to the first notification data;
and the command termination module is used for determining that the number of times that the plaintext command ID is not matched with the commands in the pre-stored command library exceeds the preset number of times, terminating the command execution, wherein the initial count value is unchanged, and the state value of the current state characteristic value jumps to the last state value or the first state value in the preset state value matrix.
9. An electronic device comprising a memory and a processor, the memory having stored thereon computer instructions executable on the processor, the processor executing the steps of the instruction transmission method of any of claims 1 to 7 when the computer instructions are executed.
10. A computer storage medium having stored thereon computer instructions which, when run, perform the steps of the instruction sending method of any of claims 1 to 7.
CN201811645677.5A 2018-12-30 2018-12-30 Instruction sending method, system, electronic equipment and storage medium Active CN111385793B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811645677.5A CN111385793B (en) 2018-12-30 2018-12-30 Instruction sending method, system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811645677.5A CN111385793B (en) 2018-12-30 2018-12-30 Instruction sending method, system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111385793A CN111385793A (en) 2020-07-07
CN111385793B true CN111385793B (en) 2023-06-09

Family

ID=71218287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811645677.5A Active CN111385793B (en) 2018-12-30 2018-12-30 Instruction sending method, system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111385793B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008030184A1 (en) * 2006-07-04 2008-03-13 Khee Seng Chua Improved authentication system
US8745408B2 (en) * 2011-04-08 2014-06-03 Infineon Technologies Ag Instruction encryption/decryption arrangement and method with iterative encryption/decryption key update
CN102223364B (en) * 2011-05-09 2014-06-04 飞天诚信科技股份有限公司 Method and system for accessing e-book data
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device

Also Published As

Publication number Publication date
CN111385793A (en) 2020-07-07

Similar Documents

Publication Publication Date Title
CN109889589B (en) System and method for realizing embedded hardware OTA (over the air) upgrading based on block chain
US11258792B2 (en) Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium
US10868801B2 (en) Method and system for establishing connection
JP4638912B2 (en) Method for transmitting a direct proof private key in a signed group to a device using a distribution CD
WO2017032263A1 (en) Identity authentication method and apparatus
US8555069B2 (en) Fast-reconnection of negotiable authentication network clients
CN103888436A (en) User authentication method and device
CN111541542B (en) Request sending and verifying method, device and equipment
US20180167674A1 (en) System and method for trusted presentation of information on untrusted user devices
CN111405016B (en) User information acquisition method and related equipment
CN114513345A (en) Information transmission system, user device and information security hardware module
CN113127844A (en) Variable access method, device, system, equipment and medium
CN111177676B (en) Verification system, verification method, and non-transitory computer-readable recording medium
CN111385793B (en) Instruction sending method, system, electronic equipment and storage medium
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN111356132B (en) Bluetooth access control method, system, electronic equipment and storage medium
CN111356118B (en) Interactive key generation method, system, bluetooth electronic device and storage medium
US11968305B2 (en) Four-factor authentication
CN114692124A (en) Data reading and writing method and device and electronic equipment
CN114117388A (en) Device registration method, device registration apparatus, electronic device, and storage medium
CN109684852B (en) Guiding device and method for data exchange
CN112579998A (en) Webpage access method, management system and electronic equipment in information interaction platform
KR20170008514A (en) Method and system for reproducing contents by secure acquiring decryption key for encrypted contents
CN112350920A (en) Instant communication system based on block chain
JP2008004065A (en) Semiconductor device, electronic equipment, equipment authentication program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant