CN113301537A - Method, apparatus, electronic device and storage medium for establishing communication connection - Google Patents

Method, apparatus, electronic device and storage medium for establishing communication connection Download PDF

Info

Publication number
CN113301537A
CN113301537A CN202110546984.3A CN202110546984A CN113301537A CN 113301537 A CN113301537 A CN 113301537A CN 202110546984 A CN202110546984 A CN 202110546984A CN 113301537 A CN113301537 A CN 113301537A
Authority
CN
China
Prior art keywords
equipment
connection
key
communication connection
timestamp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110546984.3A
Other languages
Chinese (zh)
Other versions
CN113301537B (en
Inventor
张志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shining Reality Wuxi Technology Co Ltd
Original Assignee
Shining Reality Wuxi Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shining Reality Wuxi Technology Co Ltd filed Critical Shining Reality Wuxi Technology Co Ltd
Priority to CN202110546984.3A priority Critical patent/CN113301537B/en
Publication of CN113301537A publication Critical patent/CN113301537A/en
Application granted granted Critical
Publication of CN113301537B publication Critical patent/CN113301537B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a method, a device, an electronic device and a storage medium for establishing communication connection. The specific implementation scheme is as follows: the method comprises the steps that first equipment receives a first secret key sent by second equipment, wherein the first secret key carries a first timestamp corresponding to first secret key generation time; the first equipment generates a second secret key, and matches the first secret key with the second secret key based on the first timestamp and a second timestamp carried by the second secret key so as to authenticate the second equipment, wherein the second timestamp is used for representing the time when the first equipment receives the first secret key; in response to determining that the authentication of the second device is successful, the first device sends the connection information to the second device, so that the second device sends the connection information to the third device after the authentication of the second device of the third device is successful; the first device responds to a connection establishment request sent by the third device, and establishes communication connection with the third device.

Description

Method, apparatus, electronic device and storage medium for establishing communication connection
Technical Field
The present application relates to the field of wireless communications, and in particular, to a method, an apparatus, an electronic device, and a storage medium for establishing a communication connection.
Background
With the development of smart homes and smart wearable devices and the rise of internet of things technology, users can access the internet or communicate with each other for data transmission by using smart terminal devices such as mobile phones, PCs and tablets in daily life. Besides, various smart homes, smart household appliances, wearable equipment and the like can also communicate with one another in an interconnected mode through technologies such as short-distance wireless communication, even the internet can be accessed directly through a gateway, the interconnection of everything is really realized, and great convenience is brought to the daily life of a user.
Disclosure of Invention
Embodiments of the present disclosure propose a method, an apparatus, an electronic device, and a storage medium for establishing a communication connection.
In a first aspect, an embodiment of the present disclosure provides a method for establishing a communication connection, where the method includes: the method comprises the steps that first equipment receives a first key sent by second equipment based on established communication connection, wherein the first key carries a first timestamp corresponding to first key generation time; the first equipment generates a second secret key, and matches the first secret key with the second secret key based on a first time stamp and a second time stamp carried by the second secret key so as to authenticate the second equipment, wherein the second time stamp is used for representing the time when the first equipment receives the first secret key; in response to determining that the authentication of the second device is successful, the first device sends connection information to the second device, so that the second device sends the connection information to the third device after the authentication of the third device to the second device is successful, wherein the connection information is used for establishing communication connection between the third device and the first device; the first device responds to a connection establishment request sent by the third device, and establishes communication connection with the third device, wherein the connection establishment request is a request generated by the third device based on the connection information.
In a second aspect, an embodiment of the present disclosure provides an apparatus for establishing a communication connection, the apparatus including: a receiving unit configured to receive a first key transmitted by a second device based on an established communication connection; the first key carries a first time stamp corresponding to the first key generation time; the authentication unit is configured to generate a second key, and match the first key and the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time when the first device receives the first key; the sending unit is configured to send the connection information to the second equipment in response to the determination that the authentication of the second equipment is successful, so that the second equipment sends the connection information to the third equipment after the authentication of the third equipment to the second equipment is successful, wherein the connection information is used for establishing communication connection between the third equipment and the first equipment; and a connection establishing unit configured to establish a communication connection with the third device in response to a connection establishing request sent by the third device, wherein the connection establishing request is a request generated by the third device based on the connection information.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including:
one or more processors; a storage device having one or more programs stored thereon that, when executed by the one or more processors, cause the one or more processors to perform: receiving a first key sent by second equipment based on the established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time; generating a second key, and matching the first key and the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time of receiving the first key; in response to determining that the authentication of the second device is successful, sending connection information to the second device, so that the second device sends the connection information to the third device after the authentication of the third device to the second device is successful, wherein the connection information is used for establishing communication connection between the third device and the first device; and responding to a connection establishment request sent by the third equipment, and establishing communication connection with the third equipment, wherein the connection establishment request is a request generated by the third equipment based on the connection information.
In a fourth aspect, embodiments of the present disclosure provide a non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform: receiving a first key sent by second equipment based on the established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time; generating a second key, and matching the first key and the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time of receiving the first key; in response to determining that the authentication of the second device is successful, sending connection information to the second device, so that the second device sends the connection information to the third device after the authentication of the third device to the second device is successful, wherein the connection information is used for establishing communication connection between the third device and the first device; and responding to a connection establishment request sent by the third equipment, and establishing communication connection with the third equipment, wherein the connection establishment request is a request generated by the third equipment based on the connection information.
Drawings
Other features, objects and advantages of the disclosure will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture diagram in which one embodiment of the present application may be applied;
fig. 2 is a specific flowchart of a method for establishing a communication connection according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an apparatus for establishing a communication connection according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device for establishing a communication connection according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that, in the present disclosure, the embodiments and features of the embodiments may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 shows an exemplary system architecture to which embodiments of the method for establishing a communication connection or web page generation apparatus of the present application may be applied.
As shown in fig. 1, a system architecture may include a first device, a second device, and a third device. The second device may be used as an intermediary between the first device and the third device, and is used to assist the first device and the third device in establishing a communication connection.
The first device, the second device, and the third device may be electronic devices having various devices that can be connected to other devices, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III), laptop portable computers, desktop computers, servers, home appliances, and the like.
The method and the device provided by the embodiment of the application can be suitable for various fields, such as the field of smart home. As an example, in the field of smart home, when communication connections between different home appliances are established, a situation may occur that the smart home is bulky, inconvenient to move, or has no display panel (for example, a communication connection between a smart air conditioner and a smart refrigerator needs to be established), and at this time, the communication connection between the smart air conditioner and the smart refrigerator may not be established in a direct connection manner.
It should be noted that the method for establishing a communication connection provided in the embodiments of the present application may be generally performed by the first device described above, and accordingly, the apparatus for establishing a communication connection is generally disposed in the first device. The method for establishing the communication connection is used for solving the problems that when the related communication connection establishing method is adopted, connection operation is complex and the safety of the communication connection cannot be guaranteed when equipment is in communication connection.
As shown in fig. 2, a specific implementation flow diagram of the method for establishing a communication connection mainly includes the following steps:
in step 110, the first device receives a first key sent by the second device based on the established communication connection.
Wherein the first device may have established a communication connection with the second device by means of short-range wireless communication or the like. It is understood that the first device may generally establish a connection with the second device through a wireless Communication technology such as Near Field Communication (NFC), Radio Frequency Identification (RFID), and bluetooth (bluetooth).
In general, in order to ensure that a first device and a second device can establish a communication connection, the first device and the second device may comprise the same communication connection component. For example, the first device may establish a communication connection with the second device through an NFC manner, and then an NFC apparatus for establishing an NFC connection may be included on the first device and the second device (the NFC apparatus may include a chip and a circuit that support an NFC protocol, and the like). When the first device needs to establish communication connection with the second device, the communication connection between the first device and the second device can be established only by enabling the second device to be close to the first device.
In this embodiment, in order to ensure the security of the first device and the second device sending information through the established communication connection, the first device may authenticate the reliability of the second device before transmitting data to the second device. In order to facilitate the authentication of the second device by the first device, the second device may generate a key and transmit the generated key to the first device if it establishes a communication connection with the first device, so that the second device may be authenticated by the first device through the key. And under the condition of authentication by using the secret key generated by the fixed character string, the secret key has the risk of leakage (or decoding), and the security is lower. In order to solve the problem, in the embodiment of the present application, an authentication manner of a timestamp is introduced to perform authentication by adding the timestamp into a secret key, so that the accuracy of an authentication result can be improved, and the security of communication connection is further improved.
In this embodiment of the application, the key generated by the second device and used by the first device for authenticating the second device may be a first key, and the first key may carry a first timestamp. The first timestamp may represent a time of generation of the first key. The first device may perform timestamp authentication on the second device according to the first timestamp carried in the first key. The detailed authentication process of the first device to the second device is described in the following, and is not described herein again.
It is understood that the first key may carry not only the first timestamp, but also a seed file. The seed file may include a character string satisfying a preset length and format. The second device may process the first timestamp and the seed file by using a Time-based on-Time passed algorithm (TOTP) or the like, so as to generate the first key. Alternatively, in the embodiment of the present application, the timestamp and the seed file may be processed by using a similar algorithm such as HOTP (HMAC-based One-Time Password) to generate the key, which is not limited herein. In general, the second device may continuously generate the key in the case that the second device assists the first device and the third device to establish the communication connection as an intermediary between the first device and the third device. In this case, when the first device needs to authenticate the second device, the most recently generated key may be acquired from the second device as the first key. Or, when the second device is used as an intermediary between the first device and the third device to assist the first device and the third device to establish a communication connection, the second device starts to generate a key when receiving a notification that the first device needs to authenticate the second device, so that the first device authenticates the second device using the generated key as the first key.
And step 120, the first device generates a second key, and matches the first key and the second key based on the first timestamp and a second timestamp carried by the second key, so as to authenticate the second device.
In this embodiment, to ensure that the first device can authenticate the second device based on the timestamp, the first device may determine the second timestamp according to the time when the first key is received. The second timestamp may characterize a time at which the first key was received by the first device. The first device may match the first key with a second key generated by the first device itself based on the first key received in step 110, so that the first device authenticates the second device. It is to be understood that, similar to the second device, the first device may also generate the second key by using the seed file and the timestamp, which is not described herein again.
In general, the first device may generate the key in real time, and acquire the key generated at the latest time as the second key in the case of receiving the first key. Alternatively, the first device may start generating the key after establishing the communication connection with the second device, and acquire the key generated at the latest time as the second key when receiving the first key. In this embodiment, the first device and the second device may include an encryption and decryption module, so as to generate a key through the encryption and decryption module and perform authentication.
Thus, the first device may authenticate the second device by: the first device obtains a first secret key sent by the second device, determines to receive a second time stamp corresponding to the first secret key, generates a second secret key by encrypting the second time stamp and the seed file, further matches the obtained first secret key with a second secret key generated by the first device by using the encryption and decryption module, and if the obtained first secret key and the second secret key are matched, the authentication is passed, and if the obtained first secret key and the second secret key are not matched, the authentication is failed. It should be noted here that, the matching of the two keys may be understood as that the key obtained by the first device from the second device and the self-generated key are composed of the same timestamp and seed file.
Step 130, in response to determining that the authentication of the second device is successful, the first device sends the connection information to the second device, so that the second device sends the connection information to the third device after the authentication of the third device to the second device is successful.
When the second device is used as an intermediary to assist the first device and the third device in establishing a communication connection, not only the first device needs to authenticate the second device, but also the third device needs to authenticate the second device.
In this embodiment, when the first device passes the authentication of the second device, the connection information may be sent to the second device. The connection information may be used to establish a communication connection between the third device and the first device, and the connection information may include various information related to the communication connection, for example, whether the first device supports wireless communication functions such as wifi and bluetooth, an SN address, a bt name, a bt address, a bt dual-mode single-mode device type, and whether the first device is connectable. Then, in case that the third device authenticates the second device, the second device may transmit the received connection information to the third device. It will be appreciated that the first device, the second device and the third device may support a same wireless communication protocol such that the first device and the third device may establish a communication connection. For example, the first device, the second device, and the third device all establish a communication connection through NFC, and the first device, the second device, and the third device all need to support an NFC communication protocol and may include at least an NFC apparatus for establishing an NFC connection.
Generally, in a situation where a first device and a third device have a need to establish a wireless communication connection, if the first device and the third device have problems of inconvenience in movement, long distance between the first device and the third device during use, and the like, the first device and the third device cannot be in communication connection with each other, and at this time, the first device and the third device can be assisted in communication connection through a second device (such as a mobile phone) as a medium.
In step 140, the first device responds to the connection establishment request sent by the third device to establish a communication connection with the third device.
In this embodiment, when the third device receives the connection information of the first device from the second device, the third device may analyze the received connection information. Then, the third device may send a connection establishment request to the first device based on the analysis result. The connection establishment request may be a request generated by the third device based on the connection information sent by the first device, and used for requesting to establish a connection relationship between the third device and the first device. The first device may respond to the connection establishment request, so that the first device and the third device may establish a communication connection. Of course, the first device may not respond to the connection request, and at this time, the first device may not establish a communication connection with the third device.
By adopting the method for establishing communication connection provided by the embodiment of the application, the first device can send the connection information to the second device through the established communication connection, and the connection information is forwarded to the third device through the second device as a medium, so that the third device can send a connection request to the first device according to the received connection information, and then the first device responds to the connection establishment request sent by the third device, so that the communication connection with the third device can be established, and the establishment of the communication connection between the first device and the third device can be completed very conveniently under the conditions that the first device and the third device are inconvenient to move, do not have a display panel and the like. Meanwhile, before the first device and the third device transmit information through the second device as a medium, the first device and the third device authenticate the second device respectively, so that the safety of communication connection between the first device and the third device which are used as media is ensured, and the safety of communication connection between the first device and the third device which are established through the second device as a medium is further ensured.
In some optional embodiments, in order to ensure information security of the first device and the second device, when the first device and the second device perform information transfer, encryption technologies such as asymmetric encryption may be used to encrypt information to be transferred, so as to implement encrypted communication between the first device and the second device, and ensure information security of the first device and the second device.
As an example, the first device and the second device may encrypt information transmitted therebetween using an asymmetric encryption algorithm (e.g., an RSA encryption algorithm, an elliptic curve encryption algorithm, an ElGamal encryption algorithm, etc.). In this case, the step 130 may further include the following specific processing procedures of sub-steps 1310 to 1320.
In sub-step 1310, the first device receives a second device public key.
The basic idea of asymmetric encryption is generally as follows: "public key encryption, private key decryption". Therefore, when asymmetric encryption is performed, first, public keys need to be exchanged between the two parties, and after the first device successfully authenticates the second device, the first device may send its own public key to the second device through the communication connection established between the first device and the second device (or may carry its own public key in sending encryption information to the second device and send it to the second device together), and receive the public key of the second device.
In substep 1320, the first device encrypts the connection information by using the second device public key through an asymmetric encryption algorithm to obtain encrypted information, and sends the encrypted information and the first device public key to the second device, so that the second device decrypts the encrypted information by using the second device private key to obtain the connection information.
When the first device needs to send connection information to the second device, the first device may encrypt the connection information using a public key of the second device, and send the encrypted information to the second device. After receiving the encrypted information, the second device can decrypt the encrypted information through a private key thereof, and then obtains the connection information sent by the first device. Similarly, when the second device needs to send information to the first device, the second device may encrypt the information using the public key of the first device and send the encrypted information to the first device, and after receiving the encrypted information, the first device may decrypt the encrypted information using its own private key, thereby obtaining the information sent by the second device.
It is understood that, in step 130, in addition to the asymmetric Encryption algorithm, the first device and the second device may encrypt information in various manners, such as encrypting by using one or more of Data Encryption Standard (DES), 3DES algorithm (Triple DES), TDEA algorithm, Blowfish algorithm, RC5 algorithm, and IDEA algorithm. The method of encrypting information between the first device and the second device using the encryption algorithm belongs to a conventional technical means in the field of data encryption technology, and is not described herein again.
In some optional embodiments, when the first device authenticates the second device, there may be a time difference in information transfer, and the time difference may be a difference between the time when the first device receives the first key sent by the second device and the time when the second device generates the first key, which may result in a failure of the authentication of the second device by the first device. For example, the second device is the first key generated and sent to the first device at "12: 39: 59", and the time when the first device receives the first key is: "12: 40: 00", then the first timestamp carried in the first key in this case is: "12: 39", and the second timestamp carried in the second key is: 12:40, when the first device authenticates the second device, the first timestamp "12: 39" does not match the second timestamp "12: 40", which results in the failure of the authentication of the first device on the second device, and affects the subsequent data transfer between the first device and the second device.
In order to avoid the above problem, in this embodiment, the first device may authenticate the second device through two or more key matches, and as long as one authentication succeeds, it may be determined that the authentication of the second device succeeds.
As an example, after the authentication of the first device to the second device fails, the first device may send an authentication failure notification to the second device, and then the second device sends, in response to the authentication failure notification, the key carrying the new timestamp to the first device again, so that the first device may re-authenticate the second device based on the key. In this case, the step 120 may further include a specific process of the sub-steps 1210 to 1220 described below.
Sub-step 1210, in response to determining that the first key does not match the second key, the first device fails to authenticate the second device, and the first device sends an authentication failure notification to the second device.
After the authentication of the first device to the second device fails, the first device may send an authentication failure notification to the second device, and the second device may generate a new key, that is, a fifth key, again according to the current timestamp in response to the authentication failure notification, and send the newly generated fifth key to the first device.
In sub-step 1220, the second device is authenticated in response to the first device receiving the fifth key sent by the second device. Wherein the fifth key is generated by the second device in response to the authentication failure notification.
It is understood that there may be two cases when the second device receives the authentication failure notification sent by the first device. In the first case, the second device itself has reliability issues, and thus the first device fails to authenticate the second device. In the second case, the second device itself is a reliable device, but the first timestamp and the second timestamp fail to authenticate due to the occurrence of a problem of adjacent time hopping, which is a misjudgment. In order to further improve the accuracy of authentication and avoid the problem of erroneous judgment, the second device may request the first device to authenticate the second device again after receiving the notification of authentication failure. In particular, the second device may send the fifth key to the first device, so that the first device authenticates the first device based on the fifth key in an authentication manner similar to that provided in the above-described embodiment. The fifth key may be generated by the second device based on the current time in response to receiving the notification of authentication failure, and the fifth key may include a timestamp for generating the fifth key, so that the first device may authenticate the second device again based on the timestamp. It will be appreciated that if the second device fails to authenticate based on the second condition, the first device authenticates it again so that the second device can pass the authentication. Therefore, the probability of authentication failure is reduced, and the accuracy of authentication is improved. It can be understood that, for the problem of the authentication failure of the second device caused by the second case, in some optional implementations of this embodiment, the following scheme may also be used to perform the following processing:
the first device may obtain a previous key from a self-generated key (the previous key may be a key generated before the second key in the above embodiment is generated, and no other key exists between the previous key and the second key), update the second key, and determine the previous key as the second key again. The first device may authenticate the second device by using the updated second key. Here, the first device may authenticate the second device using a method similar to the above-described embodiment. By adopting the scheme, the problem of authentication failure of the second equipment caused by timestamp skipping can be avoided, and after the authentication fails for the first time, the transmission of the authentication failure message between the first equipment and the second equipment is not needed, so that the authentication efficiency of the first equipment on the second equipment is further improved.
In this embodiment, in order to ensure the security of the communication connection established between the first device and the third device, when the first device establishes the communication connection with the third device, the first device may perform identity authentication on the third device, and establish the communication connection with the third device only after determining that the identity of the third device is legal.
As an example, after the first device receives the connection establishment request sent by the third device, the first device may authenticate the third device according to the unique identification information of the third device and/or the key of the third device, and determine whether a communication connection may be established with the third device according to the authentication result, in this case, the step 140 may further include the following specific processing procedures of sub-steps 1410-1440.
In sub-step 1410, the first device receives a connection establishment request sent by the third device.
The connection establishment request may carry unique identification information of the third device, where the unique identification information may be, for example, an id or a device number of the third device.
In sub-step 1420, the first device determines whether the third device is a trusted device according to the unique identification information of the third device.
In this embodiment, if the third device has already established communication connection with the first device for multiple times, it may indicate that the third device is generally safe, and further, the devices whose cumulative connection times with the first device exceed the threshold number may be used as trusted devices of the first device, and further, the first device may store unique identification information corresponding to the trusted device, so that the subsequent first device may determine whether the device to be established communication connection is a trusted device directly according to the unique identification information, thereby improving the efficiency of establishing communication connection with the third device. Wherein, the threshold value can be set according to actual needs, and the threshold value is usually at least 1.
In sub-step 1430, if the third device is determined to be a trusted device, the first device establishes a communication connection with the third device.
In order to avoid the waste of device computing resources and the reduction of the efficiency of establishing the communication connection, which are caused by the fact that the first device needs to perform identity authentication on the device sending the connection establishment request before establishing the communication connection each time, in the embodiment of the present application, an identity authentication exempting mechanism may be set for the trusted device of the first device, and when it is determined that the device sending the connection establishment request is the trusted device of the first device, the first device may directly establish the communication connection with the trusted device without performing identity authentication on the trusted device, so that not only is the computing resources of the first device saved, but also the efficiency of establishing the communication connection between the first device and the trusted device is improved.
In sub-step 1440, if it is determined that the third device is an untrusted device, the first device performs identity authentication on the third device according to the third key obtained from the third device, and establishes a communication connection with the third device after determining that the identity of the third device is legal. The third key carries a third timestamp, and the third timestamp is used for representing the time when the third device generates the connection establishment request.
The first device may indicate that the third device is the first establishment of the communication connection with the first device, when determining that the third device is the untrusted device. In this case, in order to ensure the information security of the first device and the security of the communication connection established between the first device and the second device, the first device generally needs to perform identity authentication on the third device, and determine that the communication connection is established with the third device when the identity authentication of the third device passes. The embodiment can avoid the first equipment from establishing connection with the third equipment with illegal identity, and ensures the safety of the first equipment.
Optionally, the first device may authenticate the third device by verifying a key carrying a timestamp. For example, after the first device determines that the third device is an untrusted device, the first device may obtain a third key from the third device (or the third key may also be directly carried in a connection establishment request sent by the third device to the first device, where the obtaining manner and obtaining time of the third key are not limited in the embodiment of the present application), and perform identity authentication on the third device based on the third key. In this case, the sub-step 1440 may further include the following specific processing procedures of sub-steps 1441 to 1444.
In sub-step 1441, the first device may determine a fourth timestamp.
Wherein the fourth timestamp may be used to characterize a time at which the first device received the connection establishment request.
Sub-step 1442, the first device generates a fourth key. Wherein the fourth key may carry a fourth timestamp.
The first device may encrypt the fourth timestamp using an encryption algorithm (e.g., a TOTP algorithm, an RSA encryption algorithm, an elliptic curve encryption algorithm, an ElGamal encryption algorithm, etc.) to generate a fourth key.
Sub-step 1443, the first device determines whether the third key and the fourth key match based on the third timestamp and the fourth timestamp.
The first device may decrypt the acquired third key and a fourth key generated by the first device by using the encryption and decryption module to obtain a third timestamp carried by the third key and a fourth timestamp carried by the fourth key, and then the first device may determine whether the third key and the fourth key are matched by determining whether the third timestamp and the fourth timestamp are the same, and further determine whether the third device identity is legal according to a matching result.
In sub-step 1444, in response to determining that the third key matches the fourth key, the first device determines that the third device identity is legitimate.
In addition, when the first device performs identity authentication on the third device, the time when the first device receives the connection establishment request sent by the third device and the time when the third device generates the connection establishment request may also change due to the time difference of information transmission, thereby causing the problem that the identity authentication of the first device on the third device is not passed. In order to avoid the above problem, for the key generated near the critical point of timestamp change, the first device may also perform identity authentication on the third device through two or more key matches, and as long as there is one match, it may be determined that the identity of the third device is legal. By adopting the scheme, the problem that the authentication of the third equipment fails due to time change can be avoided, so that the efficiency of establishing communication connection between the third equipment and the first equipment is improved. Specifically, the first device may use the same processing scheme as that for the authentication failure problem of the second device caused by the change of the timestamp to process the authentication failure problem of the third device, and the specific scheme is described above in detail and is not described here again.
After the communication connection between the first device and the third device is established, the first device may store device information (such as a device ID or a device number) of the third device, and record the cumulative connection times with the third device, and then, after the first device receives a new connection establishment request, the first device may determine, according to the stored information and a connection time threshold, whether the device sent to the connection establishment request is a trusted device, and determine, based on a determination result, whether identity authentication needs to be performed on the device.
In some optional embodiments, whether the first device is capable of establishing a communication connection with the third device or not, in addition to determining that the identity of the third device is legal, it is further required to ensure that a current connection state of the first device is in a normal state, but not in an abnormal state (the abnormal state indicates that the first device is currently incapable of establishing a communication connection, and the abnormal state may be caused by a problem that the number of devices currently connected to the first device reaches an upper limit, or a current wireless communication module of the first device fails, and the like), so that after the identity authentication of the third device is legal, the first device is capable of smoothly establishing a communication connection with the third device, and therefore in this embodiment, before the first device establishes a communication connection with the third device, it is further required to determine the current connection state of the first device.
Optionally, the first device may determine the current connection state of the first device according to the number of devices currently connected. In this case, the first device may determine its current connection state by: the method comprises the steps that a first device obtains the current device connection number; in response to the fact that the connection number of the current equipment is larger than or equal to the connection threshold value, the first equipment determines that the current connection state is an abnormal state; and in response to the current device connection number being less than the connection threshold, the first device determines that the current connection state is a normal state.
When the first device determines that the current connection state is a normal state and the identity of the third device is legal (or the third device is a trusted device), the first device may establish a communication connection with the third device.
In this embodiment, when the first device determines that the current connection state is the abnormal state, the first device may determine, according to whether the third device is a trusted device, a subsequent processing manner for the connection establishment request of the third device, so that the communication connection establishment efficiency is ensured, and the security of the established communication connection is ensured. It is to be understood that the subsequent processing manner for the third device connection establishment request may also be determined by other manners, and is not limited herein. As an example, even if the first device determines that the current connection state is an abnormal state, the user may still need to establish a communication connection between the first device and the third device due to usage needs at this time. In this example, the user may release the abnormal state of the first device by a manual operation or the like, and perform the above-described steps 110 to 140 again to establish the communication connection between the first device and the third device.
As an example, when the first device determines that the current connection state is the abnormal state, the following processing may be respectively performed for the trusted device and the untrusted device:
firstly, aiming at the condition that the third equipment is a trusted equipment:
if the first device determines that the current connection state is the abnormal state, the first device may interrupt the communication connection established with the other device, and establish the communication connection with the third device.
By the scheme, the first equipment can be guaranteed to be preferentially connected with the trusted equipment in communication, information safety of the first equipment is guaranteed, and meanwhile communication connection establishing efficiency aiming at the trusted equipment is improved.
Secondly, aiming at the condition that the third equipment is the non-trusted equipment:
if the first device determines that the current connection state is the abnormal state, the first device may send an abnormal notification to the third device, and stop establishing the communication connection with the third device.
Through the scheme, the stability of the established communication connection of the first equipment is ensured, and the potential safety hazard caused by the direct establishment of the communication connection with the untrusted equipment is avoided.
In some alternative embodiments, when the distance between the first device and the third device is too far, the first device cannot establish a connection with the third device even through the second device as an intermediary. Or, even after the first device establishes a communication connection with the third device through the second device as a medium, there may be a link instability that affects the normal use of the device.
In order to avoid the foregoing problem, in some optional embodiments, the distance between the first device and the third device may be determined by the second device, and only when the distance between the first device and the third device is smaller than the preset distance, the second device may establish a communication connection with the first device, and further, the second device serves as a medium to assist the first device and the third device to establish a communication connection. As an example, the second device may establish a communication connection with the first device in the following way: the second device acquires the distance between the first device and the third device, and establishes communication connection with the first device when the distance is smaller than a preset distance.
By adopting the scheme, when the distance between the first equipment and the third equipment is overlarge, the second equipment can refuse to establish communication connection with the first equipment, so that the problems that under the condition, the first equipment takes the second equipment as a medium, processing resources are consumed in the process of establishing communication connection with the third equipment, and even after the first equipment is connected with the third equipment, a communication connection link is unstable, and the first equipment cannot be normally used are solved.
Generally, the distance between two electronic devices when establishing a communication connection cannot exceed the communication distance of the wireless technology itself, and therefore, when the distance between the first device and the third device exceeds the distance, a good communication connection cannot be established between the two devices. In order to solve the problem that the first device and the second device cannot be connected due to the long distance, in some optional embodiments, the second device may also be used as a relay to implement the communication connection between the first device and the third device, which are long in distance.
In this embodiment, when the second device assists the first device and the third device to establish a communication connection as an intermediary, the second device may determine whether to enable the wireless relay function according to an actually measured distance between the first device and the third device. The second device may set the maximum communication distance between the first device and the third device to be not more than 2 times of the communication distance of the wireless technology (for example, the WIFI communication distance is generally about 30 meters, and then the second device may set the maximum communication distance between the first device and the third device to be 60 meters according to the actual communication distance of the current WIFI device). As an example, the second device may calculate the distance between the first device and the third device, and accordingly determine whether the wireless relay function needs to be activated:
the second equipment is firstly connected with the first equipment, then the second equipment is moved to a third equipment needing to be connected with the first equipment in a suggested communication mode, and at the moment, the second equipment calculates the distance between the first equipment and the third equipment; then the second device can judge whether the wireless relay function needs to be started according to whether the distance between the first device and the third device exceeds the preset maximum communication distance; if the second device determines that the wireless relay function needs to be started, the second device may prompt the user to place the second device at an intermediate position between the first device and the third device; after the placement is completed, the second device may be used as a wireless repeater, and at this time, the third device may send a connection request to the second device, so that the second device may send the received second device to the first device; the first device responds to the connection establishment request of the third device, and then can establish communication connection with the third device through the second device. In this case, when the first device and the third device perform signal transmission, both the first device and the third device will send the communication signal to the second device, and perform signal forwarding through the second device to assist the first device and the third device to perform signal transmission therebetween, and after the wireless signal between the first device and the third device is stable, the wireless relay function of the second device can be considered to be started and completed.
Optionally, for differences in wireless communication technologies used when establishing communication connection between devices, specifically, the second device may be used as a wireless relay in the following two ways to implement establishment of communication connection between the first device and the third device:
(1) the first equipment, the second equipment and the third equipment are connected by using the same wireless technology;
supposing that the first device, the second device and the third device all use wifi for wireless communication, when the second device is used as a wireless relay, the second device can establish wireless connection with the first device and the second device through wifi respectively, when data transmission is performed, the first device firstly sends information to the second device, the information is forwarded to the third device by the second device, and reverse transmission is the same.
(2) The first equipment, the second equipment and the third equipment are connected by using different wireless technologies;
supposing that the first device and the third device use bluetooth for wireless communication, and the second device uses wifi for wireless communication, when the second device is used as a wireless relay, the second device can respectively establish wireless connection with the first device and the second device through wifi, when data transmission is performed, the first device firstly sends information to the second device, the second device forwards the information to the third device, and reverse transmission is the same.
In some optional embodiments, before assisting the establishment of the previous communication connection between the first device and the third device as the intermediate device, the second device may determine whether connection information of the fourth device received from the fourth device has been stored therein. If the connection information of the fourth device is already stored in the second device, the connection information of the fourth device may be deleted, and the communication connection between the first device and the third device may be established as an auxiliary device after the connection information of the fourth device is deleted. For example, there may be four devices, which are a first device, a third device, a fourth device, and a second device as a medium, where the devices that need to establish connection are the first device and the third device, and at this time, the user uses the second device to mistakenly touch the fourth device, and in order to ensure that the second device can assist the establishment of the communication connection between the first device and the third device later, the second device may clear connection information of the fourth device according to the operation of the user, and so on.
Optionally, after the second device receives the connection information of the fourth device, the second device may automatically clear the connection information of the fourth device if the preset time period is exceeded. The implementation manner can be convenient for the second device to be used as a medium continuously to assist other devices in communication connection.
By adopting the method for establishing communication connection provided by the embodiment of the application, the first device can send the connection information to the second device through the established communication connection, and the connection information is forwarded to the third device through the second device as a medium, so that the third device can send a connection request to the first device according to the received connection information, and then the first device responds to the connection establishment request sent by the third device, so that the communication connection with the third device can be established, and the establishment of the communication connection between the first device and the third device can be completed very conveniently under the conditions that the first device and the third device are inconvenient to move, do not have a display panel and the like. Meanwhile, before the first device and the third device transmit information through the second device as a medium, the first device and the third device can authenticate the second device respectively, so that the safety of communication connection between the first device and the third device which are respectively used as media is ensured, and the safety of communication connection between the first device and the third device which are established through the second device as a medium is further ensured.
In addition, an apparatus for establishing a communication connection is further provided in an embodiment of the present application, so as to solve the problems that when a related communication connection establishment method is used, a connection operation is complex and security of a communication connection cannot be guaranteed when a device is in communication connection. Fig. 2 shows a specific structural diagram of the apparatus for establishing communication connection, which includes: a receiving unit 21, an authentication unit 22, a sending unit 23 and a connection establishing unit 24. Wherein, the receiving unit 21 is configured to receive a first key sent by the second device based on the established communication connection; the first key carries a first time stamp corresponding to the first key generation time; the authentication unit 22 is configured to generate a second key, and match the first key and the second key based on the first timestamp and a second timestamp carried by the second key, so as to authenticate the second device, where the second timestamp is used to characterize a time when the first device receives the first key; a sending unit 23, configured to send, in response to determining that the authentication of the second device is successful, connection information to the second device, so that the second device sends the connection information to the third device after the authentication of the third device to the second device is successful, where the connection information is used to establish a communication connection between the third device and the first device; a connection establishing unit 24 configured to establish a communication connection with the third device in response to a connection establishing request sent by the third device, wherein the connection establishing request is a request generated by the third device based on the connection information.
In an embodiment, the connection establishing unit 24 is further configured to: receiving a connection establishment request sent by third equipment, wherein the connection establishment request carries unique identification information of the third equipment; judging whether the third equipment is trusted equipment or not according to the unique identification information of the third equipment, wherein the trusted equipment represents equipment which establishes communication connection for more than threshold times; if so, establishing communication connection with third equipment; and if not, performing identity authentication on the third equipment according to a third secret key acquired from the third equipment, and establishing communication connection with the third equipment after determining that the identity of the third equipment is legal, wherein the third secret key carries a third timestamp, and the third timestamp is used for representing the time for generating the connection establishment request by the third equipment.
In an embodiment, the connection establishing unit 24 is further configured to: determining a fourth timestamp, wherein the fourth timestamp is used for representing the time when the connection establishment request is received; generating a fourth key, wherein the fourth key carries a fourth timestamp; determining whether the third key and the fourth key match based on the third timestamp and the fourth timestamp; in response to determining that the third key matches the fourth key, determining that the third device identity is legitimate.
In one embodiment, the sending unit 23 is further configured to: receiving a second device public key; and encrypting the connection information by using the second equipment public key through an asymmetric encryption algorithm to obtain encrypted information, and sending the encrypted information and the first equipment public key to the second equipment so that the second equipment decrypts the encrypted information by using a second equipment private key to obtain the connection information.
In an embodiment, the connection establishing unit 24 is further configured to: determining a current connection state; if the current connection state is a normal state, establishing communication connection with third equipment; and if the current connection state is the abnormal state, interrupting the communication connection established with other equipment, and establishing the communication connection with third equipment.
In an embodiment, the connection establishing unit 24 is further configured to: determining a current connection state; if the current connection state is a normal state, establishing communication connection with third equipment; and if the current connection state is an abnormal state, the first device sends an abnormal notification to the third device and stops establishing communication connection with the third device.
In an embodiment, the connection establishing unit 24 is further configured to: acquiring the current equipment connection number; determining that the current connection state is an abnormal state in response to the current equipment connection number being greater than or equal to the connection threshold; and determining that the current connection state is a normal state in response to the current device connection number being less than the connection threshold.
In an embodiment, the connection establishing unit 24 is further configured to: and saving the device information of the third device and the accumulated connection times with the third device.
In one embodiment, the authentication unit 22 is further configured to: in response to determining that the first key does not match the second key, failing to authenticate the second device; sending an authentication failure notification to the second device; and authenticating the second equipment in response to receiving a fifth secret key sent by the second equipment, wherein the fifth secret key is generated by the second equipment in response to the authentication failure notice.
In one embodiment, the receiving unit 21 is further configured to: and acquiring the distance between the first device and the third device, and establishing communication connection with the first device under the condition that the distance is smaller than the preset distance.
By adopting the apparatus for establishing a communication connection provided in the embodiment of the application, the first device may send the connection information to the second device through the established communication connection, and forward the connection information to the third device through the second device as a medium, so that the third device may send a connection request to the first device according to the received connection information, and then the first device may respond to the connection establishment request sent by the third device, and may establish a communication connection with the third device, thereby achieving the purpose of extremely conveniently completing establishment of a communication connection between the first device and the third device under the condition that the first device and the third device are inconvenient to move and do not have a display panel. Meanwhile, before the first device and the third device transmit information through the second device as a medium, the first device and the third device authenticate the second device respectively, so that the safety of communication connection between the first device and the third device which are used as media is ensured, and the safety of communication connection between the first device and the third device which are established through the second device as a medium is further ensured.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 3, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 3, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code including computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the data synchronization device on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations: receiving a first key sent by second equipment based on the established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time; generating a second key, and matching the first key and the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time of receiving the first key; in response to determining that the authentication of the second device is successful, sending connection information to the second device, so that the second device sends the connection information to the third device after the authentication of the third device to the second device is successful, wherein the connection information is used for establishing communication connection with the third device; and responding to a connection establishment request sent by the third equipment, and establishing communication connection with the third equipment, wherein the connection establishment request is a request generated by the third equipment based on the connection information.
The method performed by the electronic device for establishing a communication connection as disclosed in the embodiment of fig. 3 of the present application may be applied to or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
Of course, besides the software implementation, the electronic device of the present application does not exclude other implementations, such as a logic device or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or a logic device.
Embodiments of the present application also provide a computer-readable storage medium storing one or more programs, where the one or more programs include instructions, which when executed by a portable electronic device including a plurality of application programs, enable the portable electronic device to perform the method of the embodiment shown in fig. 1, and are specifically configured to: receiving a first key sent by second equipment based on the established communication connection, wherein the first key carries a first timestamp corresponding to the first key generation time; generating a second key, and matching the first key and the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time of receiving the first key; in response to determining that the authentication of the second device is successful, sending connection information to the second device, so that the second device sends the connection information to the third device after the authentication of the third device to the second device is successful, wherein the connection information is used for establishing communication connection with the third device; and responding to a connection establishment request sent by the third equipment, and establishing communication connection with the third equipment, wherein the connection establishment request is a request generated by the third equipment based on the connection information.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is made without departing from the inventive concept as defined above. For example, the above features and (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (16)

1. A method for establishing a communication connection, comprising:
the method comprises the steps that first equipment receives a first secret key sent by second equipment based on established communication connection, wherein the first secret key carries a first timestamp corresponding to first secret key generation time;
the first device generates a second key, and matches the first key and the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, wherein the second timestamp is used for representing the time when the first device receives the first key;
in response to determining that the authentication of the second device is successful, the first device sends connection information to the second device, so that the second device sends the connection information to a third device after the authentication of the third device on the second device is successful, wherein the connection information is used for establishing communication connection between the third device and the first device;
and the first equipment responds to a connection establishment request sent by the third equipment and establishes communication connection with the third equipment, wherein the connection establishment request is a request generated by the third equipment based on the connection information.
2. The method of claim 1, wherein the first device establishing a communication connection with the third device in response to the connection establishment request sent by the third device comprises:
the first device receives a connection establishment request sent by the third device, wherein the connection establishment request carries unique identification information of the third device;
the first equipment judges whether the third equipment is trusted equipment or not according to the unique identification information of the third equipment, wherein the trusted equipment represents equipment which establishes communication connection with the first equipment for more than threshold times;
if so, the first equipment establishes communication connection with the third equipment;
and if not, the first device performs identity authentication on the third device according to a third secret key acquired from the third device, and establishes communication connection with the third device after determining that the identity of the third device is legal, wherein the third secret key carries a third timestamp, and the third timestamp is used for representing the time when the third device generates the connection establishment request.
3. The method of claim 2, wherein the first device authenticating the third device according to a third key comprises:
the first device determines a fourth timestamp, wherein the fourth timestamp is used for representing the time when the first device receives the connection establishment request;
the first device generates a fourth key, wherein the fourth key carries the fourth timestamp;
the first device determining whether the third key and the fourth key match based on the third timestamp and the fourth timestamp;
and in response to determining that the third key matches the fourth key, the first device determines that the third device identity is legitimate.
4. The method of claim 1, wherein the sending connection information to the second device comprises:
the first device receives a second device public key;
and the first equipment encrypts the connection information by using the second equipment public key through an asymmetric encryption algorithm to obtain encrypted information, and sends the encrypted information and the first equipment public key to the second equipment, so that the second equipment decrypts the encrypted information by using the second equipment private key to obtain the connection information.
5. The method of claim 2, wherein the first device establishes a communication connection with the third device, further comprising:
the first device determines a current connection state;
if the current connection state is a normal state, the first equipment establishes communication connection with the third equipment;
and if the current connection state is an abnormal state, the first equipment interrupts the communication connection established with other equipment and establishes communication connection with the third equipment.
6. The method of claim 2, wherein after the first device performs identity authentication on the third device according to a third key carried in the connection establishment request, and after determining that the identity of the third device is legal, the method further comprises:
the first device determines a current connection state;
if the current connection state is a normal state, the first equipment establishes communication connection with the third equipment;
and if the current connection state is an abnormal state, the first equipment sends an abnormal notification to the third equipment and stops establishing communication connection with the third equipment.
7. The method of any of claims 5 or 6, wherein the first device determining a current connection state comprises:
the first equipment acquires the current equipment connection number;
in response to the current device connection number being greater than or equal to a connection threshold, the first device determining that the current connection state is an abnormal state;
and in response to the current device connection number being less than the connection threshold, the first device determines that the current connection state is a normal state.
8. The method of claim 1, wherein after establishing the communication connection with the third device, the method further comprises:
and the first equipment stores the equipment information of the third equipment and the accumulated connection times of the third equipment.
9. The method of claim 1, wherein prior to the first device transmitting connection information to the second device in response to determining that the second device was successfully authenticated, the method further comprises:
in response to determining that the first key does not match the second key, the first device fails to authenticate the second device;
the first equipment sends an authentication failure notice to the second equipment;
and in response to the first device receiving a fifth key sent by a second device, authenticating the second device, wherein the fifth key is generated by the second device in response to the authentication failure notification.
10. The method of claim 1, wherein prior to the first device receiving the first key transmitted by the second device based on the established communication connection, the method further comprises:
the second device obtains the distance between the first device and the third device, and establishes communication connection with the first device when the distance is smaller than a preset distance.
11. An apparatus for establishing a communication connection, disposed at a first device, the apparatus comprising:
a receiving unit, configured to receive a first key sent by a second device based on an established communication connection, where the first key carries a first timestamp corresponding to a first key generation time;
the authentication unit is configured to generate a second key, and match the first key and the second key based on the first timestamp and a second timestamp carried by the second key to authenticate the second device, where the second timestamp is used for representing a time when the first device receives the first key;
a sending unit, configured to send, in response to determining that the authentication of the second device is successful, connection information to the second device, so that the second device sends the connection information to a third device after the authentication of the third device on the second device is successful, where the connection information is used to establish a communication connection between the third device and the first device;
a connection establishing unit configured to establish a communication connection with the third device in response to a connection establishing request sent by the third device, where the connection establishing request is a request generated by the third device based on the connection information.
12. The apparatus of claim 11, wherein the connection establishing unit is further configured to:
receiving a connection establishment request sent by the third device, wherein the connection establishment request carries unique identification information of the third device;
judging whether the third equipment is trusted equipment or not according to the unique identification information of the third equipment, wherein the trusted equipment represents equipment which establishes communication connection with the first equipment for more than threshold times;
if so, establishing communication connection with the third equipment;
and if not, performing identity authentication on the third equipment according to a third secret key acquired from the third equipment, and establishing communication connection with the third equipment after determining that the identity of the third equipment is legal, wherein the third secret key carries a third timestamp, and the third timestamp is used for representing the time for generating the connection establishment request by the third equipment.
13. The apparatus of claim 12, the connection establishing unit configured to:
determining a current connection state;
when the current connection state is a normal state, establishing communication connection with the third equipment;
and when the current connection state is an abnormal state, interrupting the communication connection established with other equipment, and establishing communication connection with the third equipment.
14. The apparatus of claim 12, the connection establishing unit configured to:
determining a current connection state;
when the current connection state is a normal state, establishing communication connection with the third equipment;
and when the current connection state is an abnormal state, sending an abnormal notification to the third equipment, and stopping establishing communication connection with the third equipment.
15. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-10.
16. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-10.
CN202110546984.3A 2021-05-19 2021-05-19 Method, device, electronic equipment and storage medium for establishing communication connection Active CN113301537B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110546984.3A CN113301537B (en) 2021-05-19 2021-05-19 Method, device, electronic equipment and storage medium for establishing communication connection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110546984.3A CN113301537B (en) 2021-05-19 2021-05-19 Method, device, electronic equipment and storage medium for establishing communication connection

Publications (2)

Publication Number Publication Date
CN113301537A true CN113301537A (en) 2021-08-24
CN113301537B CN113301537B (en) 2023-09-15

Family

ID=77322816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110546984.3A Active CN113301537B (en) 2021-05-19 2021-05-19 Method, device, electronic equipment and storage medium for establishing communication connection

Country Status (1)

Country Link
CN (1) CN113301537B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242390A (en) * 2022-09-26 2022-10-25 杭州思拓瑞吉科技有限公司 Energy storage control data packet transmission method and assembly based on timestamp
WO2023202131A1 (en) * 2022-04-20 2023-10-26 Oppo广东移动通信有限公司 Device interconnection method and apparatus, electronic device, and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108702605A (en) * 2017-06-30 2018-10-23 华为技术有限公司 A kind of method and apparatus that wireless communication connection is established
CN109510798A (en) * 2017-09-14 2019-03-22 深圳光峰科技股份有限公司 Method for authenticating and control equipment, middle control service equipment
CN110611905A (en) * 2019-08-09 2019-12-24 华为技术有限公司 Information sharing method, terminal device, storage medium, and computer program product
CN111629012A (en) * 2020-07-28 2020-09-04 杭州海康威视数字技术股份有限公司 Communication method, communication device, access control system, access control equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108702605A (en) * 2017-06-30 2018-10-23 华为技术有限公司 A kind of method and apparatus that wireless communication connection is established
CN109510798A (en) * 2017-09-14 2019-03-22 深圳光峰科技股份有限公司 Method for authenticating and control equipment, middle control service equipment
CN110611905A (en) * 2019-08-09 2019-12-24 华为技术有限公司 Information sharing method, terminal device, storage medium, and computer program product
CN111629012A (en) * 2020-07-28 2020-09-04 杭州海康威视数字技术股份有限公司 Communication method, communication device, access control system, access control equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023202131A1 (en) * 2022-04-20 2023-10-26 Oppo广东移动通信有限公司 Device interconnection method and apparatus, electronic device, and storage medium
CN115242390A (en) * 2022-09-26 2022-10-25 杭州思拓瑞吉科技有限公司 Energy storage control data packet transmission method and assembly based on timestamp
CN115242390B (en) * 2022-09-26 2023-01-06 杭州思拓瑞吉科技有限公司 Energy storage control data packet transmission method and assembly based on timestamp

Also Published As

Publication number Publication date
CN113301537B (en) 2023-09-15

Similar Documents

Publication Publication Date Title
US11509485B2 (en) Identity authentication method and system, and computing device
US11258792B2 (en) Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium
US9825941B2 (en) Method, system, and device for generating, storing, using, and validating tags and data
TWI792284B (en) Methods for validating online access to secure device functionality
US10419409B2 (en) Method and apparatus for secure network communications
US20200090169A1 (en) Method and apparatus for facilitating electronic payments using a wearable device
US9621540B2 (en) Secure provisioning of computing devices for enterprise connectivity
CN113055867A (en) Method and device for auxiliary network distribution of terminal and electronic equipment
CN111355684B (en) Internet of things data transmission method, device and system, electronic equipment and medium
RU2582863C2 (en) Security mechanism for external code
CN105450269A (en) Method and device for realizing safe interaction and pairing authentication between Bluetooth devices
TWI636373B (en) Method and device for authorizing between devices
KR102372571B1 (en) Mobile payment methods, devices and systems
CN109862560B (en) Bluetooth authentication method, device, equipment and medium
CN108763917B (en) Data encryption and decryption method and device
CN113301537B (en) Method, device, electronic equipment and storage medium for establishing communication connection
KR20150011377A (en) Electronic authentication client system and processing method, and electronic authentication system and method
WO2014194793A1 (en) Method for using shared device in apparatus capable of operating two operating systems
US9049012B2 (en) Secured cryptographic communication system
US20230075275A1 (en) Secure pairing and pairing lock for accessory devices
KR102434275B1 (en) Remote resetting to factory default settings, a method and a device
CN111770488B (en) EHPLMN updating method, related equipment and storage medium
CN112118210B (en) Authentication key configuration method, device, system and storage medium
CN115334480A (en) Bluetooth peripheral and central equipment and verification method
KR102575351B1 (en) Mobile Using NFC Function Conducting Certification and Method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant